Suggested Searches

Banner image with OCIO logo on it

NASA Privacy Program

NASA’s Privacy Program ensures the Agency’s privacy compliance per the Privacy Act of 1974, Section 208 of the e-Government Act of 2002 as well as, Office of Management and Budget (OMB) and NASA directives.

about NASA Privacy Program

Strategically placed within the Cybersecurity and Privacy Division (CSPD) of NASA’s Office of the Chief Information Officer (CIO), the Privacy Program seamlessly integrates privacy protections into cybersecurity across NASA. Finally, NASA’s Privacy Program ensures the protection of Personally Identifiable Information (PII) collected, used, maintained, and disseminated in furtherance of NASA programs and missions.

NASA Privacy Program Goals

NASA Privacy Program aligns itself with the Fair Information Practice Principles found in OMB Circular A-130, Managing Information as a Strategic Resource. Summarized below are guiding principles of the privacy program.

  1. To ensure that NASA only collects privacy information that is necessary for the proper performance of a NASA function and has a practical utility (as defined in NPR 1382.1, and ITS-HBK-1382.03-01, Privacy—Collections, PTAs, and PIAs.
  2. To align NASA privacy policy, procedural requirements, and handbooks with Federal requirements.
  3. To conduct annual reviews of collections of privacy information and reduce or eliminate unnecessary collections.
  4. To maintain and publish NASA’s Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), and an accurate and current web privacy policy.
  5. To maintain and publish privacy notices.
  6. To provide the public with an opportunity to comment on NASA’s privacy policies, to state complaints, and to seek redress.
  7. To notify members of the public and NASA users of any breach of their personal information collected, maintained, or stored by NASA (regardless of the data format).
  8. To ensure that Agency Privacy Managers (APMs), Information System Owners (ISOs), information owners, and NASA users are provided with appropriate guidance and support.

Privacy Act

The Privacy Act of 1974 requires federal agencies to publish a System of Records Notice (SORN) in the Federal Register describing a new or modified system of record (SOR).

As defined by the Privacy Act, a SOR is a collection of records on individuals maintained by NASA from which information is routinely retrieved by the name of the individual or other personal identifier. A SOR is not necessarily an IT system; it can be a collection of paper records too.

Per federal requirement and NASA policy, SORNs are published in the Federal Register for any electronic or non-electronic SORs that contains information on individuals that is routinely retrieved by personal identifiers.

Resource Center

NASA Freedom of Information Act (FOIA) • NASA Computer Matching Agreements
Controlled Unclassified Information • Privacy Policies and Reports
SSN Fraud Prevention Act • Helpful Links