U.S. Code
- Title 1 General Provisions
- Title 2 The Congress
- Title 3 The President
- Title 4 Flag and Seal, Seat Of Government,and the States
- Title 5 Government Organization and Employees
- Appendix to Title 5
- Title 6 Domestic Security
- Title 7 Agriculture
- Title 8 Aliens and Nationality
- Title 9 Arbitration
- Title 10 Armed Forces
- Appendix to Title 10 (Rules of Court of Appeals for the Armed Forces)
- Title 11 Bankruptcy
- Appendix to Title 11
- Title 12 Banks and Banking
- Title 13 Census
- Title 14 Coast Guard
- Title 15 Commerce and Trade
- Title 16 Conservation
- Title 17 Copyrights
- Title 18 Crimes and Criminal Procedure
- Appendix to Title 18
- Title 19 Customs Duties
- Title 20 Education
- Title 21 Food and Drugs
- Title 22 Foreign Relations and Intercourse
- Title 23 Highways
- Title 24 Hospitals and Asylums
- Title 25 Indians
- Title 26 Internal Revenue Code
- Appendix to Title 26
- Title 27 Intoxicating Liquors
- Title 28 Judiciary and Judicial Procedure
- Appendix to Title 28
- Title 29 Labor
- Title 30 Mineral Lands and Mining
- Title 31 Money and Finance
- Title 32 National Guard
- Title 33 Navigation and Navigable Waters
- Title 34 Navy (repealed)
- Title 35 Patents
- Title 36 Patriotic Societies and Observances
- Title 37 Pay and Allowances Of the Uniformed Services
- Title 38 Veterans' Benefits
- Appendix to Title 38 (Rules of Court of Appeals for Veterans Claims()
- Title 39 Postal Service
- Title 40 Public Buildings, Property, and Works
- Title 41 Public Contracts
- Title 42 The Public Health and Welfare
- Title 43 Public Lands
- Title 44 Public Printing and Documents
- Title 45 Railroads
- Title 46 Shipping
- Appendix to Title 46
- Title 47 Telegraphs, Telephones, and Radiotelegraphs
- Title 48 Territories and Insular Possessions
- Title 49 Transportation
- Title 50 War and National Defense
- Appendix to Title 50
§ 2000ee-2. Privacy and data protection policies and procedures
(a)
Privacy Officer
Each agency shall have a Chief Privacy Officer to assume primary responsibility for privacy and data protection policy, including—
(1)
assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of information in an identifiable form;
(2)
assuring that technologies used to collect, use, store, and disclose information in identifiable form allow for continuous auditing of compliance with stated privacy policies and practices governing the collection, use and distribution of information in the operation of the program;
(3)
assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as defined in the Privacy Act of 1974 [5 U.S.C. 552a];
(4)
evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
(5)
conducting a privacy impact assessment of proposed rules of the Department on the privacy of information in an identifiable form, including the type of personally identifiable information collected and the number of people affected;
(6)
preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of section
552a of title
5, 11 [1] internal controls, and other relevant matters;
(7)
ensuring that the Department protects information in an identifiable form and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction;
(b)
Establishing privacy and data protection procedures and policies
(1)
3 In general
Within 12 months of December 8, 2004, each agency shall establish and implement comprehensive privacy and data protection procedures governing the agency’s collection, use, sharing, disclosure, transfer, storage and security of information in an identifiable form relating to the agency employees and the public. Such procedures shall be consistent with legal and regulatory guidance, including OMB regulations, the Privacy Act of 1974 [5 U.S.C. 552a], and section 208 of the E-Government Act of 2002.
(c)
Recording
Each agency shall prepare a written report of its use of information in an identifiable form, along with its privacy and data protection policies and procedures and record it with the Inspector General of the agency to serve as a benchmark for the agency. Each report shall be signed by the agency privacy officer to verify that the agency intends to comply with the procedures in the report. By signing the report the privacy officer also verifies that the agency is only using information in identifiable form as detailed in the report.
(d)
Inspector General review
The Inspector General of each agency shall periodically conduct a review of the agency’s implementation of this section and shall report the results of its review to the Committees on Appropriations of the House of Representatives and the Senate, the House Committee on Oversight and Government Reform, and the Senate Committee on Homeland Security and Governmental Affairs. The report required by this review may be incorporated into a related report to Congress otherwise required by law including, but not limited to, section
3545 of title
44, the Federal Information Security Management Act of 2002. The Inspector General may contract with an independent, third party organization to conduct the review.
(e)
Report
(1)
In general
Upon completion of a review, the Inspector General of an agency shall submit to the head of that agency a detailed report on the review, including recommendations for improvements or enhancements to management of information in identifiable form, and the privacy and data protection procedures of the agency.
(f)
Definition
In this section, the definition of “identifiable form” is consistent with Public Law 107–347, the E-Government Act of 2002, and means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
[1] So in original.
[2] So in original. Probably should be “Department’s”.
[3] So in original. No par. (2) has been enacted.
Tips