NASA Privacy Program
NASA’s Privacy Program ensures the Agency’s privacy compliance per the Privacy Act of 1974, Section 208 of the e-Government Act of 2002 as well as, Office of Management and Budget (OMB) and NASA directives.
At the Station
Strategically placed within the Cybersecurity and Privacy Division (CSPD) of NASA’s Office of the Chief Information Officer (CIO), the Privacy Program seamlessly integrates privacy protections into cybersecurity across NASA. Finally, NASA’s Privacy Program ensures the protection of Personally Identifiable Information (PII) collected, used, maintained, and disseminated in furtherance of NASA programs and missions.
NASA Privacy Program Goals
NASA Privacy Program aligns itself with the Fair Information Practice Principles found in OMB Circular A-130, Managing Information as a Strategic Resource. Summarized below are guiding principles of the privacy program.
- To ensure that NASA only collects privacy information that is necessary for the proper performance of a NASA function and has a practical utility (as defined in NPR 1382.1, and ITS-HBK-1382.03-01, Privacy—Collections, PTAs, and PIAs.
- To align NASA privacy policy, procedural requirements, and handbooks with Federal requirements.
- To conduct annual reviews of collections of privacy information and reduce or eliminate unnecessary collections.
- To maintain and publish NASA’s Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), and an accurate and current web privacy policy.
- To maintain and publish privacy notices.
- To provide the public with an opportunity to comment on NASA’s privacy policies, to state complaints, and to seek redress.
- To notify members of the public and NASA users of any breach of their personal information collected, maintained, or stored by NASA (regardless of the data format).
- To ensure that Agency Privacy Managers (APMs), Information System Owners (ISOs), information owners, and NASA users are provided with appropriate guidance and support.
Other Links
- NASA Privacy Impact Assessments (PIAs) Click here.
- To request a NASA Record and for Privacy Act Regulations Click here (14 CFR 1212).
- NASA Systems of Records Notices (SORNs) Click here.
- COMING SOON! The ability to electronically request NASA Privacy Act records on yourself. Meanwhile, such requests may also be made via a Freedom of Information Act request.
- For Privacy concerns not related to Systems of Record Notices (SORNs) or NASA Privacy Act, please email a description of your concern along with a preferred return email address to NASA-Privacy
- Controlled Unclassified Information (CUI) and Why It Matters Click here.
Privacy Act
The Privacy Act of 1974 requires federal agencies to publish a System of Records Notice (SORN) in the Federal Register describing a new or modified system of record (SOR).
As defined by the Privacy Act, a SOR is a collection of records on individuals maintained by NASA from which information is routinely retrieved by the name of the individual or other personal identifier. A SOR is not necessarily an IT system; it can be a collection of paper records too.
Per federal requirement and NASA policy, SORNs are published in the Federal Register for any electronic or non-electronic SORs that contains information on individuals that is routinely retrieved by personal identifiers.
Resource Center
NASA Freedom of Information Act (FOIA) • NASA Computer Matching Agreements
Controlled Unclassified Information • Privacy Policies and Reports
SSN Fraud Prevention Act • Helpful Links