In compliance with the Privacy Act and in accordance with the requirements and procedures of this regulation, NASA has an obligation to:

(a) Advise individuals, when requested, as to whether any specific system of records maintained by NASA contains records pertaining to them;

(b) Prevent records being maintained by NASA in a system of records for a specific purpose from being used or made available for another purpose without the individual's consent; and,

(c) Permit individuals to have access to information about themselves in a NASA system of records, to have a copy made, and, if appropriate under subpart 1212.3 of this part, to amend the records.

(a) In maintaining systems of records, NASA shall:

(1) Maintain any record in a system of records for necessary and lawful purposes only, assure that the information is current and accurate for its intended use, and provide adequate safeguards to prevent misuse of the information.

(2) Maintain only information about an individual relevant and necessary to accomplish a purpose or to carry out a function of NASA authorized by law or by Executive order of the President.

(3) Maintain records used by NASA officials in making any determination about any individual with such accuracy, relevance, timeliness, and completeness reasonably necessary to assure fairness to the individual in making the determination.

(4) Maintain no record describing how an individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute, by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity.

(5) Maintain and provide access to records of other agencies under NASA's control consistent with the regulations of this part.

(b) Any system of records maintained by NASA which is in addition to or substantially different from a Governmentwide systems of records described in a systems notice published by another agency shall be regarded as a NASA system of records subject to the requirements of this part.

(c) NASA shall provide adequate advance notice to Congress and OMB of any proposal to establish a new system of records or alter any existing system of records as prescribed by OMB Circular No. A-130, appendix I.

[57 FR 4928, Feb. 11, 1992, as amended at 77 FR 60621, Oct. 4, 2012]

In collecting information for systems of records, the following requirements shall be met:

(a) Information shall be collected to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs. Exceptions to this policy may be made under certain circumstances, such as one of the following:

(1) There is a need to verify the accuracy of the information supplied by an individual.

(2) The information can only be obtained from a third party.

(3) There is no risk that information collected from third parties, if inaccurate, could result in an adverse determination to the individual concerned.

(4) Provisions are made to verify with the individual information collected from a third party.

(b) Each individual who is asked to supply information shall be informed of the following:

(1) The authority (whether granted by statute, or by Executive order of the President) for requesting the information;

(2) Whether disclosure is mandatory or voluntary;

(3) The intended official use of the information;

(4) The routine uses which may be made of the information, as published in the system notices;

(5) The effects, if any, on the individual of not providing all or any part of the requested information.

NASA will not sell, rent, or otherwise disclose an individual's name and address to anyone, unless otherwise specifically authorized by law. This is not to be construed to require the withholding of names and addresses otherwise permitted to be made public.

[57 FR 4928, Feb. 11, 1992, as amended at 77 FR 60621, Oct. 4, 2012]

(a) It is unlawful for NASA to deny to individuals any rights, benefits, or privileges provided by law because of the individuals' refusal to disclose their social security numbers, except where:

(1) The disclosure is required by law; or

(2) The disclosure is from a system of records in existence and operating before January 1, 1975, and was required under statute or regulation adopted before that date to verify the identity of the individual(s).

(b) Any time individuals are requested to disclose their social security numbers, NASA shall indicate whether that disclosure is mandatory or voluntary, by what authority the numbers are requested, and what uses will be made of them.

(c) When sending physical mail, NASA will adhere to the following:

(1) Social Security account numbers shall not be visible on the outside of any package sent by mail.

(2) A document sent by mail may only include the Social Security account number of an individual if it is determined by the Administrator that the inclusion of a Social Security account number is necessary.

(3) The inclusion of a Social Security account number of an individual on a document sent by mail is necessary when—

(i) Required by law; or

(ii) Necessary to identify a specific individual and no adequate substitute is available.

(4) Social Security account numbers must be partially redacted in documents sent by mail whenever feasible.

[57 FR 4928, Feb. 11, 1992, as amended at 87 FR 71240, Nov. 22, 2022]

(a) Safeguards appropriate for a NASA system of records shall be developed by the system manager in a written plan approved by the Center Security Officer or Center Information Technology Security Officer for electronic records maintained in automated systems. Safeguards must insure the security and confidentiality of records and protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

(b) When records or copies of records are distributed within NASA they shall be prominently identified as records protected under the Privacy Act and shall be subject to the same safeguard, retention, and disposition requirements applicable to the system of records.

(c) When records or copies of records are distributed to other Federal agencies, other than those having custody of the systems of records, they shall be prominently identified as records protected under the Privacy Act.

(d) Records that are otherwise required by law to be released to the public need not be safeguarded or identified as Privacy Act records.

[57 FR 4928, Feb. 11, 1992, as amended at 77 FR 60621, Oct. 4, 2012]

(a) NASA officials may maintain and use, for official purposes, duplicate copies of records or portions of records from a system of records maintained by their own organizational unit. This practice should occur only where there are justifiable organizational needs for it, e.g., where geographic distances make use of the system of records time consuming or inconvenient. These duplicate copies shall not be considered a separate NASA system of records. For example, an office head or designee may keep duplicate copies of personnel, training, or similar records on employees within the organization for administrative convenience purposes.

(b) No disclosure shall be made from duplicate copies outside of the organizational unit. Any outside request for disclosure shall be referred to the appropriate system manager for response.

(c) Duplicate copies are subject to the same safeguard requirements applicable to the system of records.