Employee Privacy Act Responsibilities
Employees who handle information on individuals should become familiar with the Privacy Act. Below are some situations which may require knowledge of Privacy Act procedures. Remember when in doubt contact the Privacy Program Manager.
Safeguarding Privacy Act Records
- Consider how you handle the information you work with, and what measures you need to take to safeguard the personal information that you have about others
- If you are creating new records systems or databases, privacy plans and procedures must be included. Contact your Privacy Program Manager to discuss how the information can be protected, starting with the collection and ending with disposal
- The FDIC has Privacy Act Rules and Regulations
- Safeguarding requirements cover (1) physical security measures, (2) information management practices, and (3) computer system/network security
Disclosing Privacy Act Information to Others
- Be careful that personal information is not disclosed to anyone unless that individual has received prior permission to see the information from the subject of the record, or disclosures of the record are authorized by law
- Contact your Privacy Program Manager for questions on appropriate disclosure procedures
- Under the law, only employees who have a legitimate need in the performance of their duties may have access to the information
- Even if you may have legitimate access, sharing information on individuals to others who do not have a legitimate need to know the information and would not have access to this information otherwise is a violation of the law
Collecting Personal Information
- Employees must collect only personal information from an individual that is relevant and necessary to accomplish an authorized corporate function
- When personal information is collected you must inform the individual in writing of the:
The information above is usually provided on a form given to the person providing the information.
- Legal authority
- Purpose for collecting it
- What related uses will be made of this information
- Whether a response is mandatory or voluntary, and
- The effect if they refuse to respond
Note: These requirements apply to both paper and electronic forms – Something to think about if you are posting Web forms on the Internet. Contact your Information Collection Clearance Officer, Privacy System of Records Clearance Officer or Privacy Program Manager.
Access to Records, and Amendment Requests
- When the subject of the file requests to inspect or obtain information that is in a Privacy Act System of Records there are certain procedures which must be followed by authorized employees. Contact the system manager of the file or database, or the System of Records Clearance Officer and refer to the FDIC Rules and Regulations on the Privacy Act.
- Not all information in a Privacy Act System of Records is made available to the subject of information in the system. There are Privacy Act exempted records which are listed in the FDIC Privacy Act Rules and Regulations.
- There are also specific procedures for someone requesting to amend their file. Contact the system manager of the file or database, or the System of Records Clearance Officer. Instructions on amendment of records requests are in the Privacy Act Rules and Regulations.