Privacy Act System of Records Notice Format and Instructions
This purpose of this page is to provide guidance for GSA officials and associates on preparing a Privacy Act system of records notice for publication in the Federal Register. The notice format is based on Federal Register standards and should be used for a new or revised system of records.
The Privacy Act requires that a notice describing each system of records proposed for establishment or significant revision by a Federal agency be published in the Federal Register for review and comment by the public and other interested parties as part of the prescribed review and approval process.
Whenever a GSA organization proposes to establish a new system of records or significantly revise an existing one, the program manager should notify the GSA Privacy Act Officer who will provide assistance in preparing a System of Records (SOR) notice using the prescribed format, coordinate its review and approval within GSA, and submit it for evaluation by OMB and Congress and for publication in the Federal Register.
Once the notice is published, interested parties may submit comments on the proposed system for a period of 30 calendar days after its publication. If no changes are required as a result of any comments, the system of records becomes official after the 30 day comment period. If changes are needed based on comments received, GSA program officials will either accommodate the changes in a revision to the original notice or resolve any issues that may have been raised.
This is the standard format for a Privacy Act Systems of Records Notice. Additional information may be provided in the notice as needed to ensure clarity and comprehensiveness:
GENERAL SERVICES ADMINISTRATION (GSA)
NOTICE OF PROPOSAL TO ESTABLISH/REVISE A
SYSTEM OF RECORDS UNDER THE PRIVACY ACT OF 1974
General Services Administration
Privacy Act of 1974; System of Records
AGENCY: General Services Administration
ACTION: Notice of a [New/Modified] System of Records.
SUMMARY: [A plain-language description of the system].
DATES: [The deadline to submit comments on the proposal and the date on which any routine uses will be effective].
ADDRESSES: [Instructions for submitting comments on the proposal, including an email address or a website where comments can be submitted electronically].
FOR FURTHER INFORMATION CONTACT: [Instructions for submitting general questions about the system].
SUPPLEMENTARY INFORMATION: [Background information about the proposal, including a description of any changes being made to the system and the purpose(s) of the changes].
SYSTEM NAME AND NUMBER: [A name for the system that is unambiguous and clearly identifies the purpose or character of the system, and the number of the system].
SECURITY CLASSIFICATION: [An indication of whether any information in the system is classified].
SYSTEM LOCATION: [The address of the agency and/or component responsible for the system, as well as the address of any third-party service provider].
SYSTEM MANAGER(S): [The title, business address, and contact information of the agency official who is responsible for the system].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: [The specific authority that authorizes the maintenance of the records in the system].
PURPOSE(S) OF THE SYSTEM: [A description of the agency’s purpose(s) for maintaining the system].
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: [The categories of individuals on whom records are maintained in the system].
CATEGORIES OF RECORDS IN THE SYSTEM: [The categories of records maintained in the system and, if practicable and useful for public notice, specific data elements].
RECORD SOURCE CATEGORIES: [The categories of sources of records in the system].
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: [Each routine use of the records contained in the system, including the categories of users and the purpose of such use].
POLICIES AND PRACTICES FOR STORAGE OF RECORDS: [The policies and practices of the agency regarding the storage of records].
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: [The policies and practices of the agency regarding retrieval of records].
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: [The policies and practices of the agency regarding retention and disposal of records].
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: [A description of the administrative, technical, and physical safeguards to which the system is subject].
RECORD ACCESS PROCEDURES: [The agency procedures whereby an individual can be notified at his or her request how he or she can gain access to any record pertaining to him or her in the system].
CONTESTING RECORD PROCEDURES: [The agency procedures whereby an individual can be notified at his or her request how he or she can contest the content of any record pertaining to him or her in the system].
NOTIFICATION PROCEDURES: [The agency procedures whereby an individual can be notified at his or her request if the system contains a record pertaining to him or her].
EXEMPTIONS PROMULGATED FOR THE SYSTEM: [Any Privacy Act exemptions promulgated for the system].
HISTORY: [Citation(s) to the last full Federal Register notice that includes all of the elements that are required to be in a SORN, as well as any subsequent notices of revision].