The Act (5 U.S.C. 552a) regulates the collection, maintenance, use, and dissemination of records about individuals that are retrieved by a personal identifier and collected, used or disseminated by agencies and departments of the executive branch, including APHIS. To ensure compliance with the Federal requirements, APHIS must foster an environment conducive to the protection of personal privacy.
The Privacy Act of 1974 (5 U.S.C. 552a),as amended, is one of the key legislative acts governing the protection of records maintained on individuals. The Act establishes safeguards for the protection of records that the federal government collects and maintains on United States citizens and aliens lawfully admitted for permanent residence.
The Privacy Act allows individuals to:
The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The ACT also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency record-keeping requirements.
A privacy threshold analysis is a questionnaire used to determine if a system contains personally identifiable information (PII), whether a Privacy Impact Analysis is required and whether a System of Records Notice (SORN) is required.
A PTA should be completed when proposing a new information technology system through the budget process that will collect, store, or process identifiable information or when starting to develop or significantly modify such a system, or when a new electronic collection of identifiable information is being proposed. A PTA will determine if a PIA is required.
A Privacy Impact Assessment (PIA) is analysis of how information in identifiable form is collected, maintained, stored, and disseminated, in addition to examining and evaluating the privacy risks and the protections and processes for handling information to mitigate those privacy risks.
PIAs must be made publicly available, unless the agency determines not to make the PIA publicly available if such publication would raise security concerns, reveal classified (i.e., national security), or reveal sensitive information (e.g., potentially damaging to a national interest, law enforcement effort, or competitive business interest).
A PIA must be conducted before:
Pursuant to OMB……. PIA must be updated to reflect changed information collection authorities, business processes, or other factors affecting the collection and handling of information in identifiable form, in addition to where a system change creates new privacy risks, such as:
Sample PIA template (insert link)
What is a SORN?
APHIS informs the public about its record systems covered by the Privacy Act by publishing “Notices” in the Federal Register. The record systems are referred to as Privacy Act systems of records (SOR) and the notices (SORN) provide a description of a particular system of records.
SORNs have the following purposes:
The following system of record notices (SORN’s) have been published in the Federal Register by APHIS:
The United States Department of Agriculture (USDA) published SORNS can be found here. (add link)
Privacy Act Officer, SAOP
Send Questions, Comments or Complaints on the APHIS’ Privacy program to …usda.gov
How to Submit a PA Request
Records Disposition Schedules — All records disposition schedules are available here. (insert pdf link)
Exemptions — A system is marked as “exempted” if the CFTC has exempted it from access, amendment and other provisions of the Privacy Act of 1974 pursuant to 5 U.S.C. § 552a(k)(2) because the system contains investigatory material compiled for law enforcement purposes.
Disclosures — The CFTC may release records as stated in an applicable SORN and also under its blanket “routine uses” of records, as authorized by the Privacy Act, 5 U.S.C. § 552a(b)(3). The CFTC’s complete list of blanket routine uses is available here. (insert link)