ML17285A218: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 3: | Line 3: | ||
| issue date = 03/05/2018 | | issue date = 03/05/2018 | ||
| title = Regulatory Information Conference System (Rics) - Privacy Impact Assessment - March 2018 | | title = Regulatory Information Conference System (Rics) - Privacy Impact Assessment - March 2018 | ||
| author name = | | author name = Mcgowan A | ||
| author affiliation = NRC/OCIO | | author affiliation = NRC/OCIO | ||
| addressee name = | | addressee name = | ||
| Line 9: | Line 9: | ||
| docket = | | docket = | ||
| license number = | | license number = | ||
| contact person = Benjumea O | | contact person = Benjumea O, NRR/DMPS, 415-5233 | ||
| document type = Privacy Impact Assessment | | document type = Privacy Impact Assessment | ||
| page count = 13 | | page count = 13 | ||
Revision as of 23:35, 18 June 2019
| ML17285A218 | |
| Person / Time | |
|---|---|
| Issue date: | 03/05/2018 |
| From: | Anna Mcgowan NRC/OCIO |
| To: | |
| Benjumea O, NRR/DMPS, 415-5233 | |
| References | |
| Download: ML17285A218 (13) | |
Text
Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.
These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.
These questions will identify the use of the information and the accuracy of the data being used.**
controlsretrieved
The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.
- If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses ar e inserted in th eir contracts.
- FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
- PII clause, "Contractor Responsibility for Protecting Personally Identifiable Information" (June 2009), in all cont racts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.
(For Use by OCIO/GEMS/ISB Staff)
OMB guidelines explain that a system of records exists if: (1) there is an "indexing or retrieval capability using identifying particulars [that is] built into the system"; and (2) the agency "does, in fact, retrieve records about individuals by reference to some personal identifier." In the context of computerize information, OMB guidelines make it clear that it is not sufficient that an agency has the capability to retrieve information indexed under a person's name, but the agency must in fact retrieve records in this way in order for a system of records to exist."
Copies of this PIA will be provided to:
Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO) Governance & Enterprise Management Services Division Office of the Chief Information Officer