dark overlay
nav button USDA Logo

FSIS

Web Content Viewer (JSR 286)

Actions
Loading...

Web Content Viewer (JSR 286)

Actions
Loading...

Web Content Viewer (JSR 286)

Actions
Loading...

Web Content Viewer (JSR 286)

Actions
Loading...

Web Content Viewer (JSR 286)

Actions
Loading...

Privacy 101: Basic Privacy Questions


FSIS Privacy Program | FSIS Privacy Policy | Privacy Councils | Privacy Acts, OMB Guidance and Circulars | NIST Privacy Standards | Privacy Reports by GAO | FSIS and USDA Privacy Documents | Privacy 101: Basic Privacy Questions | Contact Information  


What is the Privacy Act?

The Privacy Act of 1974 (5 U.S.C. 552a) is a code of fair information practices which mandates how federal agencies, such as the FSIS, maintain records about individuals. The Privacy Act requires that agencies:​

  • collect only information that is relevant and necessary to carry out an agency function;
  • maintain no secret records on individuals;
  • explain at the time the information is being collected, why it is needed and how it will be used;
  • ensure that the records are used only for the reasons given, or seek the person's permission when another purpose for the records' use is considered necessary or desirable;
  • provide adequate safeguards to protect the records from unauthorized access and disclosure; and
  • allow people to see the records kept on them and provide them with the opportunity to correct inaccuracies in their records.

[Top of Page]

Does the Privacy Act apply to all FSIS records?

No. The Privacy Act only applies to FSIS records that:​

  • contain information on individuals,
  • are maintained by the FSIS in a “system of records,” and are retrievable by a personal identifier (such as by name, Social Security or employee number, or any unique identifier linked to an individual).

[Top of Page]

What is a “System of Records”?

A System of Records is a group of any records under the control of any agency from which information is retrievable by the name of the individual or by some unique identifying number, symbol, or other identifier assigned to an individual.

[Top of Page]

Does the Privacy Act apply to all records in the “system of records”?

No. The Privacy Act applies only to living U.S. citizens or lawful permanent resident aliens and FSIS records that meet the Privacy Act requirements.

[Top of Page]

How does FSIS inform the public about record systems covered by the Privacy Act?

The FSIS informs the public about its record systems covered by the Privacy Act by publishing notices in the Federal Register. The record systems are referred to as Privacy Act systems of records (SOR) and the notices (SORN) provide a description of a particular system of records. Click here for a list of USDA/FSIS SORNs. The Office of Personnel Management (OPM) also publishes SORNS that cover some of FSIS’ record systems.

[Top of Page]

How would I get a copy of records in a records system maintained by FSIS?

To obtain a copy of records in a records system maintained by FSIS (or any records in its custody or control), follow the instructions on the FSIS FOIA page.

[Top of Page]

Who would I contact if I have a work-related privacy question?

If you believe you have been involved in a work-related paper or electronic privacy breach/incident, call: Hotline Number: 1-877-744-2968 or 1-888-926-2373 (24 hrs). If the breach or incident involves FSIS-issued equipment (e.g., laptop, cell phone), please also immediately notify the FSIS Service Desk at 1-800-473-9135. For additional follow-up questions on the breach/incident that you reported, you can write to: Privacy Office, 1400 Independence Ave, S.W., Room 2164, South Bldg., Washington, DC 20250 or e-mail Anne.Sylvester@fsis.usda.gov or Mark.Brook@fsis.usda.gov or fax: (202) 690-3023. Do not include any personal information in e-mails.

For other than privacy breach/incident reporting, individual questions or concerns about privacy issues at FSIS should be directed to your supervisor. The Privacy Office generally is involved only in agency- or program-wide privacy issues.

If you wish to contest or amend information in an FSIS system, e-mail privacy@usda.gov with your contact information and a brief, general description of the type of record you are seeking to contest or amend (e.g., FSIS form no. 1234 or beneficiary form). Do not include any personal data in your e-mail. The privacy mailbox will forward your e-mail to the manager of the system holding the type of record you describe.

[Top of Page]

What is the difference between the Freedom of Information Act (FOIA) and the Privacy Act?

The FOIA and Privacy Act both provide procedural rights to requesters seeking records created by an Agency or under the custody and control of an Agency. The Privacy Act, however, provides only U.S. citizens and permanent resident aliens (or to their representatives with the individual’s written consent) the right of access to their own records. Privacy Act exemptions to access apply to all of the records in a particular system of records. The FOIA provides a general right of access to all requesters seeking agency records, including to non-citizen and business requesters. FOIA exemptions may apply to particular records or to portions of particular records, and not to all records in a system. See FOIA page for how to make a FOIA request.

[Top of Page]

Can I use FSIS email to send documents containing PII?

The body of the emails themselves, while internally encrypted, are only secure during transit. There are potential risks once the email has landed in your inbox, or, if the email was sent to the wrong addressee. Attachments are not internally encrypted.

Therefore, password protect and/or encrypt all documents and data storage devices containing sensitive PII. “Sensitive PII” is personally identifiable information which, when disclosed, could result in harm to the individual whose name or identity is linked to the information. Such information includes, but is not limited to: Social Security Numbers, employee identification numbers, health or medical information or condition, employee performance, allegations of misconduct made by or against the employee, and non-business contact information. Encryption and/or password protection should be applied for sensitive PII placed in the body of the emails or in attachments, and whether you are transmitting internally or externally. The password should be provided separately from the attachment.See FSIS Directive 1306.14, Rev. 2 (Media Protection) (9/15/16) and FSIS Directive 1306.21 (Privacy Controls For FSIS Information Systems) (5/24/17), especially, Sec. V(B), p. 3 for the roles and responsibilities of all personnel concerning the electronic transmission of documents containing PII..

If you are sending hard copies of documents containing PII, be sure they are “double-wrapped” by placing the documents in an envelope within an outside envelope.

[Top of Page]

How do I password protect/encrypt records?

See the Password Protection and Encryption Guide (PDF Only) available on InsideFSIS (Level 2 eAuthentication required). Instructional assistance is available 24/7 at FSIS Security Operations Center, at (202) 708-8755, or email ociosecurityoperationscenter@fsis.usda.gov

[Top of Page]

Can I store, transmit or view PII on a mobile device?

All sensitive information stored, transmitted or viewed on mobile devices and removable media shall be protected and encrypted in accordance with DR 3440-002, “Control and Protection of Sensitive Security Information,” DM 3550-002, Chapter 10, Part 2, “Sensitive But Unclassified (SBU) Information Protection,” and DR 3170-001, “End User Workstation Standards,” Appendix B, Section 16.0, “Portal and Mobile Devices.” See also, USDA DR 3580-003. (The storage, transmission or viewing should only be done on an FSIS-issued device, not on your private device.)

[Top of Page]

How can I learn more about PII?

AgLearn PII “Lite” Training is available at: https://aglearn.usda.gov/learning/user/deeplink_redirect.jsp?linkId=ITEM_DETAILS&componentID=USDA-PII-Lite&componentTypeID=Web+Based&revisionDate=1382536500000

The external link does not require e-Authentication: http://aglearn.usda.gov/customcontent/OCIO/USDA-PII-Lite-Web/index.html.

For technical difficulties with the PII “Lite” Training, please refer to: http://usda.custhelp.com/

[Top of Page]

The information on this Website is provided for general informational purposes only and should not be considered as individual guidance or legal advice.

Last Modified Jun 08, 2017