Text

October 7, 2021 MEMORANDUM TO: Shalanda Young, Director Office of Management and Budget Signed by Flanders, Scott FROM: Scott C. Flanders on 10/07/21 Senior Agency Official for Privacy

SUBJECT:

THE U.S. NUCLEAR REGULATORY COMMISSIONS FISCAL YEAR 2021 PRIVACY ACT PROGRAM MEMORANDUM Pursuant to the U.S. Nuclear Regulatory Commissions (NRCs) Management Directive (MD) 3.2, Privacy Act, dated July 10, 2014, the Chief Information Officer has delegated the authorities and responsibilities of the Senior Agency Official for Privacy (SAOP) to the Deputy Director of the Office of the Chief Information Officer (OCIO). As SAOP, the Deputy Director of OCIO has the overall responsibility and accountability for ensuring the agencys implementation of information privacy protections, including the agencys full compliance with Federal laws, regulations, and policies relating to information privacy. The SAOP designates the Privacy Act Officer, the official responsible for implementing and administering the Privacy Act program, in accordance with NRC regulations.

The NRC continues to maintain an effective Privacy Act program and to work actively to enhance the program by developing and implementing measures to ensure that the proper use and protection of personal identifiable information is accomplished in accordance with statutory mandates and to properly safeguard the privacy of individuals.

This fiscal year, the NRC focused on enhancing the agencys privacy training program.

Specifically, the NRC developed role-based privacy training for information system security officers and administrators, which has been included as part of the NRCs cybersecurity training courses. This training is in addition to the annual privacy training course the agency requires all employees and contractors to complete.

The following lists the names and titles of all NRC staff currently supporting the Privacy Act program, accounting for the organizational changes for the fiscal year 2020 SAOP reporting metrics under the Federal Information Security Modernization Act:

OCIO, Deputy Director, SAOP, Scott Flanders OCIO, Governance and Enterprise Management Services Division, Director, John Moses OCIO, Governance and Enterprise Management Services Division, Deputy Director, Barbara Sanford

2 OCIO, Governance and Enterprise Management Services Division, Cybersecurity Branch, Branch Chief, Garo Nalabandian OCIO, Governance and Enterprise Management Services Division, Cybersecurity Branch, Privacy Officer, Sally A. Hardy OCIO, Chief Information Security Officer, Jon Feibus OCIO, Information Technology Services Development and Operations Division, Network and Security Operations Branch, Branch Chief, Michael Williams OCIO, Information Technology Services Development and Operations Division, Network and Security Operations Branch, Information Technology Specialist, Charles Watkins

Memo ML21279A042 OFFICE OCIO/GEMSD/CSB OCIO/DD NAME SHardy SH SFlanders SF DATE Oct 7, 2021 Oct 7, 2021