Definitions
Control
Records are considered to be under the control of an agency if they are maintained by or on behalf of the agency. (Source: 5 U.S.C. 552a(e).) The control requirement establishes accountability for the Privacy Act provisions and OMB Privacy Act Implementation Guidelines and Responsibilities. (Source: 40 FR 28952.)
Back to the TopFederal Register
Official daily publication for rules, proposed rules, notices of Federal agencies and organizations, and Executive orders and other presidential documents.
Back to the TopIndividual
A citizen of the United States or an alien lawfully admitted for permanent residence. (Source: 5 U.S.C. 552a(a)(2).)
Back to the TopMaintain
Includes maintain, collect, use, or disseminate a record. (Source: 5 U.S.C. 552a(a)(3).)
This term maintains the two ways in the Privacy Act.
1. Used to connote the various record keeping functions to which the requirements of the Act apply.
2. Used to connote control over and therefore responsibility and accountability for systems of records.
Back to the TopNonsignificant Alteration
Minor administrative changes or revisions (also known as amendments) to an existing system of records that are not classified as significant alterations.
Back to the TopPersonally Identifiable Information (PII)
Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. (OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information)
Back to the TopPrivacy Impact Assessment (PIA)
Analysis of how information is handled to:
1. Ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy.
2. Determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system.
3. Examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
(Source: OMB Memorandum 03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, September 26, 2003.)
Record
Any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history that contains his name, or other identifying particular assigned to the individual” (address, fingerprint, voice print, or photograph). (Source: 5 U.S.C. 552a(a)(4).)
Back to the TopRoutine Use
This term is unique to the Privacy Act and means the disclosure of a record for a reason that is compatible with the purpose for which it was collected. A routine use is one that is relatable and necessary to a purpose for collecting the record. To be effective, a routine use must be properly published in the Federal Register. (Source: 5 U.S.C. 552a(a)(7).)
Back to the TopSignificant Alteration
Any change that is made to the system of records requiring an amendment to an existing system of records. Occurs when the manner in which the records are organized changes, the manner in which records are retrieved changes, or the scope of the records changes. (Source: OMB Circular A-130, Federal Agency Responsibilities for Maintaining Records About Individuals.)
Back to the TopSystem of Records
Group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual (a personal identifier). (Source: 5 U.S.C. 552a(a)(5).)
Back to the TopSystem of Records Notice (SORN)
Statement providing to the public notice of the existence and character of a group of records under the control of any agency, from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. (Source: OMB Circular A-130, Federal Agency Responsibilities for Maintaining Records About Individuals.)
Back to the TopSystem Owner
The system owner/manager is the individual responsible for one or more information systems supporting his/her assigned functions.
Back to the Top