Strategically placed within the Cybersecurity and Privacy Division (CSPD) of NASA’s Office of the Chief Information Officer (CIO), the Privacy Program seamlessly integrates privacy protections into cybersecurity across NASA. Finally, NASA’s Privacy Program ensures the protection of Personally Identifiable Information (PII) collected, used, maintained, and disseminated in furtherance of NASA programs and missions.
NASA Privacy Program Goals
NASA Privacy Program aligns itself with the Fair Information Practice Principles found in OMB Circular A-130, Managing Information as a Strategic Resource. Summarized below are guiding principles of the privacy program.
- To ensure that NASA only collects privacy information that is necessary for the proper performance of a NASA function and has a practical utility (as defined in NPR 1382.1, and ITS-HBK-1382.03-01, Privacy—Collections, PTAs, and PIAs.
- To conduct annual reviews of collections of privacy information and reduce or eliminate unnecessary collections.
- To maintain and publish privacy notices.
- To provide the public with an opportunity to comment on NASA’s privacy policies, to state complaints, and to seek redress.
- To notify members of the public and NASA users of any breach of their personal information collected, maintained, or stored by NASA (regardless of the data format).
- To ensure that Agency Privacy Managers (APMs), Information System Owners (ISOs), information owners, and NASA users are provided with appropriate guidance and support.
The Privacy Act of 1974 requires federal agencies to publish a System of Records Notice (SORN) in the Federal Register describing a new or modified system of record (SOR).
As defined by the Privacy Act, a SOR is a collection of records on individuals maintained by NASA from which information is routinely retrieved by the name of the individual or other personal identifier. A SOR is not necessarily an IT system; it can be a collection of paper records too.
Per federal requirement and NASA policy, SORNs are published in the Federal Register for any electronic or non-electronic SORs that contains information on individuals that is routinely retrieved by personal identifiers.