Employees who handle information on individuals should become familiar with the Corporate guidelines on the Privacy Act and privacy protection. Below are some situations which may require knowledge of Privacy Act procedures. If you have questions, contact the Privacy Program Manager.
Safeguarding Privacy Act Records
- Consider how you handle the information you work with, and what measures you need to take to safeguard the personal information that you have about others
- If you are creating a new system of records, developing or enhancing a application system or collecting a database containing information on individuals, contact the Privacy System of Records Clearance Officer to discuss how the information can be protected
- The Corporation has Privacy Act Rules and Regulations to assist you in safeguarding Privacy Act records.
- Safeguarding requirements cover (1) physical security measures, (2) information management practices, and (3) computer system/network security
Disclosing Privacy Act Information to Others
- Be careful that personal information is not disclosed to anyone unless that individual has received prior permission to see the information from the subject of the record, or disclosures of the record is authorized by law
- Only employees who have a legitimate need for the record in the performance of their duties have legal access to specific personal information
- Contact your Chief Privacy Officer or his designee if you have questions on appropriate disclosure procedures. You should also reference FDIC Privacy Act Rules and Regulations
- Even if you may have legitimate access, sharing information on individuals to others who do not have a legitimate need for the information or who would not have access to this information otherwise is a violation of the law
Collecting Personal Information
Note: The notification described above is required for both paper and electronic forms; something to think about if you are posting Web forms on the Internet. Contact the Privacy System of Records Clearance Officer.
- Employees must collect only that personal information from an individual that is relevant and necessary to accomplish an authorized corporate function
- When personal information is collected you must inform the individual in writing of the:
- Legal authority
- Purpose for collecting it
- What related uses will be made of the information
- Whether a response is mandatory or voluntary, and
- What will be the effect if they refuse to respond
The information above is usually provided on a form given to the person providing the information.
Access to Records, and Amendment Requests
When the subject of information in a Privacy Act System of Records makes a request to inspect or receive a copy of the information, there are certain procedures which must be followed. Contact the system manager of the file or database, or the Privacy System of Records Clearance Officer.
There are also specific procedures when an individual requests to amend their file. Contact the system manager of the file or database, or the Privacy System of Records Clearance Officer.
- For further information, refer to FDIC Privacy Act Rules and Regulations
- Not all information in a Privacy Act System of Records is made available to the subject of information in the system. There are Privacy Act exempted records which are listed in the FDIC Privacy Act Rules and Regulations.