U.S. Code of Federal Regulations
Regulations most recently checked for updates: Mar 29, 2020
(a) Systems managers shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
(b) Personnel information contained in both manual and automated systems of records shall be protected by implementing the following safeguards:
(1) Official personnel folders, authorized personnel operating or work folders and other records of personnel actions effected during an employee's Federal service or affecting the employee's status and service, including information on experience, education, training, special qualification, and skills, performance appraisals, and conduct, shall be stored in a lockable metal filing cabinet when not in use by an authorized person. A system manager may employ an alternative storage system providing that it furnished an equivalent degree of physical security as storage in a lockable metal filing cabinet.
(2) System managers, at their discretion, may designate additional records of unusual sensitivity which require safeguards similar to those described in paragraph (a) of this section.
(3) A system manager shall permit access to and use of automated or manual personnel records only to persons whose official duties require such access, or to a subject individual or his or her representative as provided by this part.