The right item, right place, right time. Privacy Act 101 Privacy Awareness Training AUDIENCE: DLA Workforce Annually (Civilian employees, Military members,

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Mandatory training for all Users who have access to Privacy Act Data
Protection of privacy for all Students!
Overview of the Privacy Act
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
HIPAA Health Insurance Portability and Accountability Act.
NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
FAR P ART 24. This part prescribes policies and procedures that apply requirements of the Privacy Act of 1974 (5 U.S.C. 552a) (the Act) and OMB Circular.
Privacy Act 101 Privacy Awareness Training
ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.
PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,
PA/FOIA INTERFACE OSD/JS Privacy Office (703)
 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
FERPA: Family Educational Rights and Privacy Act.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
PRIVACY ACT Federal Workers’ Compensation Conference 2014 Department of Labor.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Privacy Act 101 Orientation training for all Military Members, Civilian Employees, and Contractor Personnel.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.
DATA PRIVACY PERSONNEL FILES “P-FILE”. Wisconsin Public Records Wisconsin Statue – Wisconsin Statue – Wisconsin Statue 230 Wisconsin.
PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HOOVER CITY SCHOOLS In-Service Training: Annual Review of.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Confidentiality A Training Without the Video. Laws FERPA (1976) or the Buckley Amendment (1994) IDEA (1991) KY Safe Schools (1998)
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
PRIVACY ACT EXEMPTIONS presented by Samuel P. Jenkins, Director, for Privacy Defense Privacy and Civil Liberties Office (DPCLO) May 2010.
Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Freedom Of Information Act/Privacy Act Interface Freedom Of Information.
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Data Practices in Minnesota December Outline for this presentation Minnesota data practices laws Classification of government data Government entity.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Privacy Act United States Army (Managerial Training)
Flowers Hospital General Compliance Training-Students 2013.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
Miners Rights Rights & Responsibilities Under the Mine Safety & Health Act of 1977 NC DOL Mine & Quarry Bureau Mine Safety & Health Training Revised 2010.
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.
HIPAA Privacy Rule Training
Nassau Association of School Technologists
Tomball Independent School District Annual Confidentiality Training
HIPAA CONFIDENTIALITY
Wyoming Statutes §§ through
HIPAA Administrative Simplification
Obligations of Educational Agencies: Parents’ Bill of Rights
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act
The Privacy Act of 1974: An Introduction September 2010
Export Controls – Export Provisions in Research Agreements
Presentation transcript:

The right item, right place, right time. Privacy Act 101 Privacy Awareness Training AUDIENCE: DLA Workforce Annually (Civilian employees, Military members, and DLA Contractors)

2 Topics to be Addressed What is the Privacy Act? Rights Granted Individuals DLA’s Responsibilities Individuals Covered Records Subject to the Act System of Record Notice Privacy Act Statement P E N A L T I E SP E N A L T I E S Accessing Your Records Privacy Act Exemptions What Else Should You Know? “Rules of Conduct” “Code of Fair Information Principles” Summary & Questions Available Privacy Training For More Info, Contact... Certificate

3 What is the Privacy Act? The Privacy Act (5 U.S.C. 552a), passed by Congress in 1974, establishes certain controls over what personal information is collected and maintained by the Executive Branch of the federal government, and how the information is used. The Act grants certain rights to an individual on whom records are maintained, and assigns responsibilities to an agency which maintains the information.

4 Who is Subject to the Privacy Act provisions? The entire DLA Workforce (civilian employees, military members, and DLA contractors) is subject to the Privacy Act and must comply with all of its provisions. Non-compliance with the Privacy Act carries criminal and civil penalties.

5 What Rights Are Granted Individuals Under the Privacy Act? Under the Act, individuals are granted the right to: Determine what records about them are being collected, maintained, used, or disseminated by DLA; Prevent records pertaining to them from being used or made available for another purpose without their consent; Gain access to records about oneself, subject to Privacy Act exemptions; Amend a record if it is inaccurate, irrelevant, untimely, or incomplete; and Sue the government for violations of the statute, such as permitting unauthorized individuals access to your records.

6 What Are DLA’s Responsibilities under the Privacy Act? DLA’s responsibilities include: Maintaining only such information that is both relevant and necessary to accomplish a purpose of the agency required to be accomplished by Federal statute or by Executive Order; Collecting information to the greatest extent practicable directly from the subject individual; Informing each individual whom it asks to supply information with a Privacy Act Statement; Publishing the existence of a system of records (and subsequent changes thereto), i.e., system of records notice; Maintaining all records used by the agency about an individual with such accuracy, relevance, timeliness, and completeness to assure fairness to the individual;

7 What Are DLA’s Responsibilities Under the Privacy Act? (cont’d) DLA’s responsibilities include: Maintaining no record describing how any individual exercises their First Amendment rights, unless authorized by law. Establishing “rules of conduct” for persons involved in the design, development, operation, or maintenance of any system of records; and the consequences of non-compliance. DLA’s Privacy “rules of conduct” are provided later in this module. Establishing appropriate physical, technical, and administrative safeguards for the security and accuracy of records to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. Safeguarding Privacy Act Data is further addressed in Privacy Act 103 training module.

8 What Individuals are Covered by the Privacy Act? The Privacy Act applies only to records collected and maintained on living individuals* who are: U.S. citizens or lawfully admitted aliens whose records are filed in a “system of records” where those records are retrieved by a personal identifier. * Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not “individuals.”

9 What Records are Subject to the Privacy Act? Records subject to the Privacy Act are those about an individual collected and maintained in a “system of records.” A system of records is a group of records that: Contains a personal identifier (such as a name, date of birth, Social Security Number, Employee Number, fingerprint, etc.); Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and The data about the subject individual IS retrieved by their personal identifier(s). The Privacy Act DOES NOT apply to information about individuals in records that are filed under other subjects, such as organizations or events, unless the agency also indexes and retrieves the information by an individual’s name or other personal identifier.

10 What is a Privacy Act “System of Records Notice” DLA is required by the Privacy Act to publish the existence of a system of records in the Federal Register; this is called a “system of records notice” also known as SORN. The notice: Informs the general public what data is being collected, the purpose of the collection, and the authority for doing so; and Sets the rules that DLA will follow in collecting and maintaining the personal data. DLA has published approximately 80 Privacy Act systems of records notices which are available at DOD, as a whole, has published approximately 1200 systems of records notices which are available at

11 Additional Systems of Records Notices DLA also maintains records on individuals under government- wide systems of records notices. As the name indicates, these are systems of records notices published by other federal agencies which have responsibility for records which are applicable government-wide. These systems of records notices are available at Federal agencies which have published these types of systems of records notices include: Office of Personnel Management Equal Employment Opportunity Commission General Services Administration Merit Systems Protection Board Department of Labor Federal Emergency Management Agency Office of Government Ethics All Federal agency Privacy Act systems of records notices can be found at

12 System of Records Notice (SORN) Elements Elements of a Privacy Act system of records notice: Safeguards: Retention and disposal: System manager(s) and address: Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system: Storage: Retrievability: Safeguards: Retention and disposal: System manager(s) and address: Notification procedure: Record access procedures: Contesting record procedures: Record source categories: Exemptions claimed for the system: System identifier: System name: System location: Categories of individuals covered by the system: Categories of records in the system: Authority for maintenance of the system: Purpose(s): Routine uses of records maintained in the system, including categories of users and the purposes of such uses: Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system: Storage: Retrievability: Contact your local Privacy Act Officer for assistance in drafting your SORN.Privacy Act Officer

13 What is a Privacy Act Statement? When an individual is requested to furnish personal information about themselves for inclusion in a Privacy Act system of records, the individual must be provided a Privacy Act Statement (PAS). The PAS enables the individual to make an informed decision whether to provide the requested information, and the consequences if they choose not to provide the information. The elements of a PAS are: Privacy Act Statement Authority: Identifies the specific Federal statute or Executive Order that authorizes the collection of information; Purpose(s): Identifies the internal DLA / DOD uses made of the information; Routine Uses: Identifies the entities outside DLA / DOD who will have access to the data, and the uses made of the information; Disclosure: Is the information provided voluntary or mandatory, and the effects on the individual if they choose not to provide the requested information; Rules of Use: DLA added this element to its PAS to identify for the individual the applicable Privacy Act system of records notice.

14 Are there Penalties for Violating the Privacy Act? Criminal and civil penalties are addressed in the Privacy Act for non-compliance. You personally may be liable if you knowingly and willfully: Obtaining or requesting records under false pretenses. Disclosing privacy data to any person not entitled to access. Maintaining a system of records without meeting public notice requirements. PENALTY: Misdemeanor criminal charge and a fine of up to $5000 (for each offense) and/or administrative sanctions.

15 Penalties (cont’d) Courts may also award civil penalties against DLA for: Improperly / unlawfully refusing to amend a record. Improperly / unlawfully refusing to grant access to a record. Failure to maintain accurate, relevant, timely, and complete information. Failure to comply with any Privacy Act provision or agency rule that results in an adverse effect on the subject of the record. Penalties for these violations include: Actual damages Payment of reasonable attorney’s fees Removal from employment

16 How Do I Access My Records Contained in a System of Records? Requests for information about you contained in a DLA Privacy Act system of records must: Be in writing and signed. Be addressed to the appropriate DLA activity you believe is maintaining the information about you. Identify the applicable DLA Privacy Act system of records notice that might contain the information you are seeking, and your relationship with DLA and the time period of that relationship. DLA Privacy Act systems of records notices are found at Provide any other documentation as listed under the Notification or Access elements within the Privacy Act system of records notice. When in doubt, contact your local Privacy Act Officer.

17 Privacy Act Exemptions Under the Privacy Act, there are 10 exemptions under which DLA can withhold certain kinds of information from you. Examples of exempt records are those containing classified information on national security and those concerning criminal investigations. The 10 exemptions DLA may claim are provided below. 5 U.S.C. 552a(c)(3) - covers release to the record subject of certain accountings of disclosure. This exemption is a self-executing. 5 U.S.C. 552a(d)(5) - information compiled in reasonable anticipation of a civil action or proceeding. This exemption is self-executing.

18 Privacy Act Exemptions (cont’d) 5 U.S.C. 552a(j)(2) - selected records maintained by an agency or component whose principal function is any activity pertaining to the criminal law enforcement. DLA may not claim this exemption. 5 U.S.C. 552a(k)(1) - records systems containing information properly classified in the interest of national defense or foreign policy. 5 U.S.C. 552a(k)(2) - investigatory material compiled for law enforcement purposes other than material covered by 5 U.S.C. 552a(j)(2). 5 U.S.C. 552a(k)(3) - records systems maintained in connection with providing protective services to the President of the United States or other individuals who received protection from the Secret Service.

19 Privacy Act Exemptions (cont’d) 5 U.S.C. 552a(k)(4) - records systems required by statute to be maintained and used solely as statistical records. 5 U.S.C. 552a(k)(5) - investigatory material compiled solely to determine suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information. 5 U.S.C. 552a(k)(6) - records systems that contain testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal, but only when disclosure would compromise the objectivity or fairness of the testing or examination process. 5 U.S.C. 552a(k)(7) - evaluation material used to determine potential for promotion in the armed services.

20 Is This All I Need to Know About the Privacy Act? That depends on what your job entails. Privacy Officers, Web/Database Developers, IT System Managers, Privacy Act system managers, as well as those individuals who work with Privacy Act data should seek additional training. Contact your local Privacy Act Officer and/or access additional training modules on the DLA eFOIA webpage.DLA eFOIA webpage As a member of the DLA workforce, you should also be familiar with: The DLA Privacy “Rules of Conduct” The DLA “Code of Fair Information Principles”

21 What are the DLA Privacy “Rules of Conduct?” The Privacy Act requires each agency to establish “rules of conduct” for all persons involved in the design, development, operation, and maintenance of a Privacy Act system of records, and the penalties for non-compliance. As a member of the DLA Workforce, YOU play an important role in assuring that DLA complies with the provisions of the Privacy Act.

22 DLA Privacy Rules of Conduct (cont’d) Ensure that personal information contained in a system of records, to which they have access to or are using incident to the conduct of official business, shall be protected so that the security and confidentiality of the information shall be preserved. Not disclose any personal information contained in any system of records except as authorized. Personnel willfully making such a disclosure when knowing that disclosure is prohibited are subject to possible criminal penalties and/or administrative sanctions. Report any unauthorized disclosures of personal information from a system of records or the maintenance of any system of records that are not authorized to your local Privacy Act Officer or to your supervisor. The DLA Workforce shall:

23 DLA Privacy Rules of Conduct (cont’d) Ensure that all personnel who either shall have access to the system of records or who shall develop or supervise procedures for handling records in the system of records shall be aware of their responsibilities for protecting personal information being collected and maintained under the DLA Privacy Program. Prepare promptly any required new, amended, or altered systems notices for the system of records and submit them through the DLA HQ Privacy Officer for publication in the Federal Register. Not maintain any official files on individuals that are retrieved by name or other personal identifier without first ensuring that a Privacy Act system of records notice has been published in the Federal Register. Any official who willfully maintains a system of records without meeting the publication requirements of the Privacy Act is subject to possible criminal penalties and/or administrative sanctions. DLA Privacy Act System Managers shall:

24 Rules of Conduct Helpful Hints Mark Privacy Act protected records appropriately. “For Official Use Only – Privacy Act Data” Report any unauthorized disclosures of personal information from a system of records to your Privacy Act Officer. Collect the minimum amount of personally identifiable information necessary for the proper performance of a documented agency function. REMINDER: Privacy Act non-compliance carries penalties. Helpful Hints:

25 Rules of Conduct Helpful Hints (cont’d) Do not collect personal information without proper authorization. Do not place Privacy Act protected information on shared drives, multi-access calendars, the Intranet (eWorkplace), or the Internet. Challenge ANYONE who asks to see Privacy Act information for which you are responsible. Do not commingle / mix information about different individuals in the same file within a system of records. Do not maintain records longer than permitted OR destroy records before disposal requirements are met. Helpful Hints:

26 Rules of Conduct Helpful Hints (cont’d) Do not use interoffice or translucent envelopes to mail Privacy Act protected data. Instead, use sealable opaque solid white or Kraft envelopes. Be sure to mark the envelope to the person’s attention. Do not distribute or release personal information to other employees unless you are convinced that the release is authorized / proper. Do not create a “system of records” on your computer, or in your files without first contacting your local Privacy Act Officer. Do not place unauthorized documents in systems of records. Helpful Hints:

27 “Code of Fair Information Principles” In order to assure that any personal information submitted to DLA is properly protected, DLA has devised a list of principles to be applied when handling personal information. This is referred to as the “Code of Fair Information Principles.” The Code is set forth in a list of 10 policies that the DLA Workforce will follow when handling personal information. Any member of the DLA Workforce who handles the personal information of others must abide by the principles set forth by the Code.

28 “Code of Fair Information Principles” (cont’d) 1.The Principle of Openness: When we collect personal data from you, we will inform you of the intended uses of the data, the disclosures that will be made, the authorities for the collection, and whether the collection is mandatory or voluntary. We will collect no data subject to the Privacy Act unless a Privacy Act system of records notice has been published in the Federal Register. 2.The Principle of Individual Participation: Unless an exemption has been claimed from the Privacy Act, we will, upon request, grant you access to your records; provide you a list of disclosures made outside the DOD; and make corrections to your file, once shown to be in error. 3.The Principle of Limited Collection: DLA will collect only those personal data elements required to fulfill an official function or mission grounded in law. Those collections are conducted by lawful and fair means.

29 “Code of Fair Information Principles” (cont’d) 4.The Principle of Limited Retention: DLA will retain your personal information only as long as necessary to fulfill the purposes for which it is collected, and then destroy it. 5.The Principle of Data Quality: DLA strives to maintain only accurate, relevant, timely, and complete data about you. 6.The Principle of Limited Internal Use: DLA will use your personal data only for lawful purposes, and limit access to those individuals with an official need for access. 7.The Principle of Disclosure: The DLA Workforce will zealously guard your personal data to ensure that all disclosures are made with your written permission or are made in strict accordance with the Privacy Act.

30 “Code of Fair Information Principles” (cont’d) 8.The Principle of Security: Your personal data is protected by appropriate physical, administrative, and technical safeguards to ensure security and confidentiality. 9.The Principle of Accountability: DLA and the DLA Workforce are subject to civil and criminal penalties for certain breaches of Privacy. DLA is diligent in sanctioning individuals who violate the Privacy Act. 10. The Principle of Challenging Compliance: You may challenge DLA if you believe that DLA has failed to comply with these principles, the Privacy Act, or the system of records notice.

31 Summary Each and every member of the DLA Workforce needs to be aware of their responsibilities under the Privacy Act to protect the security of personal information; ensure its accuracy, relevance, timeliness, and completeness; avoid unauthorized disclosures either orally or in writing; and ensure that no system of records retrieved by personal identifier is maintained without prior public notice in the Federal Register. Through increased awareness DLA can effectively balance openness with protection of individual privacy and remain responsive to the public’s interest in Government.

32 QUESTION The Privacy Act applies to all personal data collected and maintained by the Federal Government. FALSETRUE

33 ANSWER FALSE. The Privacy Act applies only to personal data collected and maintained by the Executive branch of the Federal Government, about U.S. citizens and lawfully admitted aliens, and only if the records are maintained in a “system of records.”

34 QUESTION Penalties associated with violating the Privacy Act can only be imposed against the agency; nothing will happen to me personally. FALSETRUE

35 ANSWER FALSE. The Privacy Act carries penalties that can be levied against YOU, i.e., a misdemeanor criminal charge and a fine of up to $5000 (for each offense), and/or removal from employment.

36 QUESTION Safeguarding Privacy Act data is the job of each and every member of the DLA Workforce. FALSETRUE

37 ANSWER TRUE. The DLA Workforce are stewards of information. We have an affirmative responsibility to ensure that Privacy Act information is collected, maintained, used, and disseminated only as authorized by law and regulation and that the information is continually safeguarded.

38 Available Privacy Training Additional information about the Privacy Act can be obtained by visiting the DLA eFOIA/Privacy Act Office webpage at

39 For More Information, Contact DLA Headquarters Privacy Act Officer Ms. Jody Sinkler Headquarters, Defense Logistics Agency, ATTN: DP 8725 John J. Kingman Road, Stop 2533 Fort Belvoir, VA COM DSN FAX

40 Certificate of Completion Congratulation on the completion of Privacy Act 101 Privacy Awareness Training Mandatory Annual training for the DLA Workforce (Civilian employees, Military members, and DLA Contractors) The printed page is a record that you have completed the Privacy Act 101 course.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.