View all text of Chapter 21 E [§ 2000ee - § 2000ee-3]

§ 2000ee–2. Privacy and data protection policies and procedures
(a) Privacy Officer
Each agency shall have a Chief Privacy Officer to assume primary responsibility for privacy and data protection policy, including—
(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of information in an identifiable form;
(2) assuring that technologies used to collect, use, store, and disclose information in identifiable form allow for continuous auditing of compliance with stated privacy policies and practices governing the collection, use and distribution of information in the operation of the program;
(3) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as defined in the Privacy Act of 1974 [5 U.S.C. 552a];
(4) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
(5) conducting a privacy impact assessment of proposed rules of the Department on the privacy of information in an identifiable form, including the type of personally identifiable information collected and the number of people affected;
(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of section 552a of title 5, 11 1
1 So in original.
internal controls, and other relevant matters;
(7) ensuring that the Department protects information in an identifiable form and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction;
(8) training and educating employees on privacy and data protection policies to promote awareness of and compliance with established privacy and data protection policies; and
(9) ensuring compliance with the Departments 2
2 So in original. Probably should be “Department’s”.
established privacy and data protection policies.
(b) Establishing privacy and data protection procedures and policies
(1)3
3 So in original. No par. (2) has been enacted.
In general
(c) Recording
(d) Inspector General review
(e) Report
(1) In general
(2) Internet availability
(f) Definition
(Pub. L. 108–447, div. H, title V, § 522, Dec. 8, 2004, 118 Stat. 3268; Pub. L. 110–161, div. D, title VII, § 742(b), Dec. 26, 2007, 121 Stat. 2032.)