ML17285A218

From kanterella
Revision as of 16:44, 15 September 2018 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Regulatory Information Conference System (Rics) - Privacy Impact Assessment - March 2018
ML17285A218
Person / Time
Issue date: 03/05/2018
From: McGowan A T
NRC/OCIO
To:
Benjumea O L, NRR/DMPS, 415-5233
References
Download: ML17285A218 (13)


Text

Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

These questions will identify the use of the information and the accuracy of the data being used.**

controlsretrieved

The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.

  • If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses ar e inserted in th eir contracts.
  • FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
  • PII clause, "Contractor Responsibility for Protecting Personally Identifiable Information" (June 2009), in all cont racts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.

(For Use by OCIO/GEMS/ISB Staff)

OMB guidelines explain that a system of records exists if: (1) there is an "indexing or retrieval capability using identifying particulars [that is] built into the system"; and (2) the agency "does, in fact, retrieve records about individuals by reference to some personal identifier." In the context of computerize information, OMB guidelines make it clear that it is not sufficient that an agency has the capability to retrieve information indexed under a person's name, but the agency must in fact retrieve records in this way in order for a system of records to exist."

Copies of this PIA will be provided to:

Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO) Governance & Enterprise Management Services Division Office of the Chief Information Officer