Privacy Act and GSA Employees
Note: This page informs the public of GSA's privacy policies and practices as they apply to GSA employees, contractors, and clients.
- Purpose of the Privacy Act Program
- How this Program Applies to You (Some Frequently Asked Questions or "FAQs")
- The Kinds of Personal Information GSA Maintains
- How GSA Protects Personal Information
- Who Has Access to Personal Information
- Your Responsibilities Under the Program
GSA's Privacy Act Program ensures that GSA fulfills the requirements of the Privacy Act which, broadly stated, was enacted to balance a person's right to privacy with the Federal Government's need for information to carry out its responsibilities.
The Act is designed to protect the individual's privacy from unwarranted invasion, to make sure that personal information in possession of Federal agencies is properly used, and to prevent any potential misuse of personal information in the possession of the Federal government. GSA's program establishes the processes and procedures, and assigns responsibilities, for fulfilling the Privacy Act's mandate.
Why does GSA need your personal information?
As your employer, GSA needs certain personal information on you to carry out its managerial and administrative obligations. GSA uses this information to provide you with many essential services, such as the management of your pay, leave, medical benefits, training, and retirement.
Where is this personal information kept?
GSA maintains this information in "systems of records," as required by law. A system of records is a group of records from which information is retrieved by a personal identifier, such as your name, your Social Security Number, or by some other number or symbol assigned to you for identification purposes. Examples of systems of records are your personnel files and GSA payroll systems. The systems are managed by the appropriate program offices and are generally located in those offices.
How does GSA get your personal information?
The information in these systems of records is generally provided by you or by persons authorized by you. From the time you first applied for a job with GSA, you have been providing personal information. Now, whenever you fill out a form for a particular service (such as an application for a transit pass or a child care subsidy), you are furnishing information for inclusion in a system of records. In each case, a Privacy Act Statement on the form explains why the information is being collected, the uses that will be made of it, and the laws or regulations that authorize its collection.
There are some types of information that are obtained from sources other than you personally. These deal with law enforcement, criminal investigations, and security matters. These systems of records have a different set of rules for access and disclosure.
Are there safeguards for your personal information?
Because of the sensitivity of the information, GSA must protect it from improper disclosure and use. GSA has put in place policies and procedures that do that. The policies and procedures are based on the Privacy Act of 1974 and guidelines established by OMB and the Department of Justice. The GSA rules spell out, among other things, how you can find out what information exists on you, how you can access it and correct it, who else has access to it, and the sources of the information.
Does GSA have personal information on persons not affiliated with GSA?
GSA also maintains personal information in systems of records on the clients who take advantage of the services that GSA offers to the business community and the public in general, such as public auctions of surplus Federal equipment, vehicles, and real estate. This information is used to manage the financial transactions between the public and the Federal government and is, therefore, protected under the law.
Is there personal information that is not covered by privacy laws?
- Public record information includes basic employee information such as name, grade, salary, title and duty station are generally releasable to the public.
- FOIA information that may be released to a requester under FOIA includes the following:
- Information relating to qualifications for Federal employment
- Position descriptions, critical elements, and performance standards
- Postgraduate or technical training relating to the current profession
- Earlier employment experience in a State or Federal Government position
- Earlier employment experience (but not salary) in the private sector where related to current duties
- Membership in professional groups
- Awards, honors, and letters of commendation from professional associations and colleges
What information is not releasable under FOIA?
- In general, GSA withholds information that relates to personal life and family status, including:
- Age, marital status, race, home address, home phone number, and Social Security Number
- Medical records
- Performance appraisals
- Employment history that does not relate to the current job
- Allegations of misconduct and arrests, complaints, grievances, and performance based actions
- Payroll deductions
On GSA employees: Here's a representative list of the kinds of personal information GSA has on employees in its various systems of records:
- Social Security Number (SSN)
- Date of birth
- Marital status
- Home and emergency addresses and telephone numbers
- Telephone call detail records
- Personnel actions
- Professional registrations
- Congressional employees relief bills
- Medical history
- Employment history
- Awards and other recognition
- Warnings, reprimands, arrests, grievances, appeals, and conduct
- Pay and payroll deductions
- Work assignments
- Performance appraisals and assessments
- Permit and pass applications
- Indebtedness complaints
- Outside employment
On non-GSA individuals: Information on individuals other than GSA employees (such as those who do business with GSA or use GSA services) is limited to what is needed to perform a transaction or service. This information may include:
- Telephone number
- Home or business address
- Social Security Number
- Credit card number of other banking information
- Contract information, including whether payment was received, the form of the payment, notices of default, and contract claim information
- Technical and physical protection. Each system of records manager must set up technical, administrative, and physical security measures for processing, storing, transmitting, and disposing of information in the system. All employees who work with a system's information as part of their job must follow these measures. Security measures for paper records include storage in secure cabinets or rooms, with access limited to authorized personnel. Electronic records are protected by passwords, firewalls, and other technical and physical security measures determined to be necessary by the system manager and program officials.
- Standards of conductAll employees who design, develop, operate, or maintain systems of records are subject to the standards of conduct established by law.
- Limited access All personal information must be used only for the purpose for which it's collected and only by the individuals who are authorized to access and use it. Otherwise, no information is allowed to be disclosed to anyone other than you, the individual of record, without your written consent.
- Managers and supervisors have access to their employees' records. Managers and supervisors may use their employees' personal information to carry out their supervisory and managerial duties, such as:
- Develop requests for personnel actions
- Plan and schedule training
- Counsel employees on their performance
- Propose recommendations for disciplinary actions
- Carry out general personnel management responsibilities
- Other employees may access and use system information in the performance of their official duties.
- Law enforcement officials. In general, upon written request, personal information may be provided to law enforcement officials or by court order in civil and criminal proceedings.
- Provide accurate, up-to-date information
You are asked to provide personal information on a continuing basis as part of your employment. In most cases, you will either fill out a paper form or send in the information electronically. It's your responsibility to make sure that the information is complete, accurate, and up-to-date.
- Know who uses the information and how
You should determine the legitimacy of requests for information before providing it. For example, you should know what the purpose is for collecting the information; what it will be used for; the legal or regulatory authority that authorizes its collection; the effect on you if you don't provide it; and the circumstances under which the information may be disclosed to others, such as law enforcement officials, other agencies (OPM, GAO, etc.), and in court proceedings. This information will generally be included in a Privacy Act Statement on the collection form or electronic site. If you don't see a Privacy Act Statement on an information collection instrument, you should inform the GSA Privacy Act Officer .
- Safeguard your personal information
- Never give out personal information under suspicious circumstances.
- Be on the alert for any unethical or illegal use of personal information.
- Report any suspicious activity to the GSA Inspector General's Office of Investigations.