Privacy Act Overview Training
SORN managers should keep SORNs up to date by reviewing them at least every
2 years
Criminal penalties applicable to the agency include:
A misdemeanor charge // Maximum fine of $5,000
Records should be disposed:
According to established schedules in the SORN // According to procedures established by NARA
Ensuring that every recipient of PII has need-to-know is what type of safeguard?
Administrative
The Privacy Act of 1974 does which of the following?
Balances the government's need to maintain information with the right of individuals to be protected against unwarranted invasion of their privacy. // Limits the unnecessary collection of information about individuals
Which of the following are exceptions to the "No disclosure to Third Parties w/out consent" rule
Civil or criminal law enforcement under US control // Pursuant to a court order // To either house of Congress // For circumstances affecting the health or safety of an individual
Civil Penalties applicable to the agency include:
Costs and reasonable attorney's fees // The cost of actual damages suffered ($1,000 minimum)
If the need-to-know has not been or cannot be established, the following actions should be taken:
Do not share the information in question // Notify your manager of any breaches
Emails containing PII should be
Encrypted
It is the responsibility of the individual to protect PII against loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
False
It's OK to store PII on personal equipment
False
It's OK to use flash (thumb) drives for transporting PII
False
The Army restricts individual access to the PII data collected
False
The Privacy Act applies to which of the following groups?
Federal agencies // Legal aliens lawfully admitted for permanent residence // Living US citizens
What is PII?
Information which can be used to distinguish or trace an individual's identity
Using locks to secure to secure PII when stored is what type of safeguard?
Physical
Which of the following is not a case when need-to-know may be established?
Record correction
The main objectives of the Privacy Act is/are to
Restrict dissemination of information and records maintained by agencies // Correct individuals inaccurate records maintained on themselves // Grants individuals increased rights of access to agency records maintained on themselves
Using only DoD-approved software on your computer is what type of safeguard?
Technical
Agencies can disclose a record in a system of records to:
The individual to whom the record pertains, with a written request // Another person or agency with prior written consent of the individual to who the record pertains.
Army personnel and contractors must be accountable for complying with the Code of Fair and Info Practice principles
True
Individuals should avoid sending faxes containing PII
True
Only accurate, complete, relevant, and timely information should be collected, used, maintained, and disseminated.
True
The Army will only collect PII that is directly relevant to the specified purpose and only retain the PII for as long as is necessary
True
The Army will state who is permitted to collect PII as well as the purposes for which the PII is used
True
You should always consult your Component Privacy Officer before collecting PII
True
12 Exceptions to the "No Disclosure Without Consent" Rule
a) Need to know within the Army b. Required for FOIA disclosure c) Routine uses d) Bureau of the Census e) Statistical research f) National archives g) Law enforcement request h) Health or safety of an individual i) Congress j) General Accountability Office (Comptroller) k) Court order l) Debt Collection Act m) The above exceptions to the "no disclosure without consent" rules have direct applicability to the Army Privacy Program. These exceptions are based on circumstances and a valid need to know.
The _____ of any Privacy Act provisions will result in criminal penalties.
willful violation
