Home > For Small Business > Privacy and Data Security > 42 USC 2000ee-1 - Privacy and civil liberties officers

Privacy and Data Security

For this topic:

Search the U.S. Code

42 USC 2000ee-1 - Privacy and civil liberties officers

U.S. Code > Title 42 > Chapter 21E > § 2000ee-1 - Privacy and civil liberties officers

^{Current as of: January 2009}

^{Check for updates}

(a) Privacy Officer
  Each agency shall have a Chief Privacy Officer to assume primary
responsibility for privacy and data protection policy, including - 
    (1) assuring that the use of technologies sustain, and do not
  erode, privacy protections relating to the use, collection, and
  disclosure of information in an identifiable form;
    (2) assuring that technologies used to collect, use, store, and
  disclose information in identifiable form allow for continuous
  auditing of compliance with stated privacy policies and practices
  governing the collection, use and distribution of information in
  the operation of the program;
    (3) assuring that personal information contained in Privacy Act
  systems of records is handled in full compliance with fair
  information practices as defined in the Privacy Act of 1974 [5
  U.S.C. 552a];
    (4) evaluating legislative and regulatory proposals involving
  collection, use, and disclosure of personal information by the
  Federal Government;
    (5) conducting a privacy impact assessment of proposed rules of
  the Department on the privacy of information in an identifiable
  form, including the type of personally identifiable information
  collected and the number of people affected;
    (6) preparing a report to Congress on an annual basis on
  activities of the Department that affect privacy, including
  complaints of privacy violations, implementation of section 552a
  of title 5, 11 (!1) internal controls, and other relevant
  matters;

    (7) ensuring that the Department protects information in an
  identifiable form and information systems from unauthorized
  access, use, disclosure, disruption, modification, or
  destruction;
    (8) training and educating employees on privacy and data
  protection policies to promote awareness of and compliance with
  established privacy and data protection policies; and
    (9) ensuring compliance with the Departments (!2) established
  privacy and data protection policies.

(b) Establishing privacy and data protection procedures and
  policies
  (1) (!3) In general

    Within 12 months of December 8, 2004, each agency shall
  establish and implement comprehensive privacy and data protection
  procedures governing the agency's collection, use, sharing,
  disclosure, transfer, storage and security of information in an
  identifiable form relating to the agency employees and the
  public. Such procedures shall be consistent with legal and
  regulatory guidance, including OMB regulations, the Privacy Act
  of 1974 [5 U.S.C. 552a], and section 208 of the E-Government Act
  of 2002.
(c) Recording
  Each agency shall prepare a written report of its use of
information in an identifiable form, along with its privacy and
data protection policies and procedures and record it with the
Inspector General of the agency to serve as a benchmark for the
agency. Each report shall be signed by the agency privacy officer
to verify that the agency intends to comply with the procedures in
the report. By signing the report the privacy officer also verifies
that the agency is only using information in identifiable form as
detailed in the report.
(d) Inspector General review
  The Inspector General of each agency shall periodically conduct a
review of the agency's implementation of this section and shall
report the results of its review to the Committees on
Appropriations of the House of Representatives and the Senate, the
House Committee on Oversight and Government Reform, and the Senate
Committee on Homeland Security and Governmental Affairs. The report
required by this review may be incorporated into a related report
to Congress otherwise required by law including, but not limited
to, section 3545 of title 44, the Federal Information Security
Management Act of 2002. The Inspector General may contract with an
independent, third party organization to conduct the review.
(e) Report
  (1) In general
    Upon completion of a review, the Inspector General of an agency
  shall submit to the head of that agency a detailed report on the
  review, including recommendations for improvements or
  enhancements to management of information in identifiable form,
  and the privacy and data protection procedures of the agency.
  (2) Internet availability
    Each agency shall make each independent third party review, and
  each report of the Inspector General relating to that review
  available to the public.
(f) Definition
  In this section, the definition of "identifiable form" is
consistent with Public Law 107-347, the E-Government Act of 2002,
and means any representation of information that permits the
identity of an individual to whom the information applies to be
reasonably inferred by either direct or indirect means.

Legislative History


Previous section	Chapter 21E Table of Contents	Next section

________________________________________________________________________

Questions & Answers: Privacy and Data Security

Friend asked me to put cameras up inside and outside of home. Is there anything wrong with or illegal with putting up the system in the living room, dining room/ kitchen, and the l...

The Michigan Gaming Board made me surrender my occupational license because of an ad I placed on dating web site, stating it was a suitability issue. My employer had to fire me. Th...

Thomas, You certainly have a right to privacy, but an ad you place on the Internet is not private. You should be able to request a hearing on the loss of your license. See here fo...

Dear LawServer , Steve Daily Thanks for the response. More specifically on the license issue. Can The Gaming board review my license and make me surrender my license based on an a...

Thomas, They can, but whether their decision was justified or wrongful really depends on the ad. Something about it must have set off an alarm. If you can't get your license back a...

Does this also apply to videotaping conversations? Must both parties consent to the recording of video? I am in NH...

U.S. Code Provisions: Privacy and Data Security

U.S. Code > Title 15 > Chapter 94 - Privacy

U.S. Code > Title 42 > Chapter 21A - Privacy Protection

U.S. Code > Title 42 > Chapter 21E - Privacy And Civil Liberties Protection And Oversight

State Laws: Privacy and Data Security

Alaska	Alaska Statutes Chapter 45.48 - Personal Information Protection Act
Arizona	Arizona Laws > Title 12 > Chapter 6 > Article 16 - Right of Publicity
	Arizona Laws > Title 32 > Chapter 38 - Privacy Rights
	Arizona Laws > Title 44 > Chapter 9 > Article 17 - Confidentiality of Personal Identifying Information
Connecticut	Connecticut General Statutes > Title 42 > Chapter 743dd - Protection of Social Security Numbers and Personal Information
	Connecticut General Statutes > Title 53 > Chapter 949f - Videotape Rental and Privacy
Florida	Florida Regulations > Division 71A - Office of Information Security
	Florida Regulations Chapter 69J-128 - Privacy of Consumer Financial and Health Information
	Florida Regulations Chapter 69O-128 - Privacy of Consumer Financial and Health Information
Hawaii	Hawaii Revised Statutes > Chapter 482P - Publicity Rights
Indiana	Indiana Code > Title 5 > Article 26.5 - Address Confidentiality Program
	Indiana Code > Title 32 > Article 36 - Publicity
Kansas	Kansas Statutes > Chapter 50 > Article 7a - Protection Of Consumer Information
Michigan	Michigan Laws > Chapter 37 > Act 1 of 2000 - Disclosure Of Personal Information On Documents
	Michigan Laws > Chapter 445 > Act 378 of 1988 - Preservation Of Personal Privacy
Minnesota	Minnesota Statutes - Data Practices
	Minnesota Statutes Chapter 325M - Internet Privacy
Nevada	Nevada Revised Statutes > Chapter 603A - Security of Personal Information
New Hampshire	New Hampshire Revised Statutes > Chapter 351-A - Videotape Rental And Sales Records
	New Hampshire Revised Statutes > Chapter 359-C - Right To Privacy
New Mexico	New Mexico Statutes Chapter 30 > Article 12 - Abuse of Privacy
	New Mexico Statutes Chapter 57 > Article 12B - Privacy Protection
New York	New York Laws - General Business > Article 32 - Video Consumer Privacy Act
	New York Laws - General Business > Article 32 - Wheelchair Warranties
	New York Laws - State Technology > Article 2 - Internet Security and Privacy Act
New York	New York Laws > General Business > Article 32 - Video Consumer Privacy Act
	New York Laws > State Technology > Article 2 - Internet Security And Privacy Act
North Carolina	North Carolina General Statutes Chapter 143 > Article 3F - State Privacy Act
North Dakota	North Dakota Code > Chapter 39-33 - Driver and Motor Vehicle Record Privacy
	North Dakota Code > Chapter 51-22 - Data Processing Information Confidentiality
Ohio	Ohio Code > Title 13 > Chapter 1347 - Personal Information Systems
Rhode Island	Rhode Island General Laws > Chapter 6-52. Safe Destruction of Documents Containing Personal Information
South Dakota	South Dakota Laws > Title 22 > Chapter 21 - Invasions Of Privacy
Texas	Texas Business And Commerce Code > Title 11 - Personal Identity Information
Utah	Utah Code > Title 13 > Chapter 37 - Notice of Intent to Sell Nonpublic Personal Information Act
	Utah Code > Title 13 > Chapter 44 - Protection of Personal Information Act
	Utah Code > Title 45 > Chapter 3 - Abuse of Personal Identity Act
	Utah Code > Title 63D > Chapter 2 - Governmental Internet Information Privacy Act
Vermont	Vermont Statutes > Title 9 > Chapter 62 - Protection of Personal Information
Virginia	Virginia Code Title 59.1 > Chapter 35 - Personal Information Privacy Act
Wisconsin	Wisconsin Statutes > Chapter 19 > Subchapter IV - Personal Information Practices

Bookmark

Comments (0) add comment