Systems of Records - Privacy Act

The Privacy Act requires federal agencies to publish a notice in the Federal Register for each system of records that an agency maintains. A system of records contains information that is retrieved by an individual's name or other unique identifier. The notice ensures that privacy considerations have been addressed in implementing the system. GSA issues two types of notices for internal GSA systems of records and for systems of records maintained by other agencies for which GSA has program responsibility.

Explanation of Terms

Systems of records Under the Privacy Act, a system of records is a group of records from which information is retrieved by the name of an individual, or by any number, symbol, or other unique identifier assigned to that individual. GSA is responsible for two types of Privacy Act systems of records -- those that are internal to GSA and those that are government-wide and include other agencies' systems as well as GSA's, generally at an agency's discretion.

  • GSA's internal systems of records: This type of system contains information that is collected and used to carry out GSA's functions and associated tasks. It includes personal information of GSA employees and employees of organizations, such as small agencies, committees, and commissions, for which GSA performs agreed on support activities. GSA also collects and maintains personal information on private individuals in providing services to the public, and his type of system also is considered internal to GSA.
  • GSA's government-wide systems of records: This type of system consists of record collections maintained by Federal agencies that pertain to GSA government-wide programs for which GSA has responsibility in overseeing and directing the program or service. Examples include the Federal charge card program and the Access Certificates for Electronic Services (ACES) project.

Privacy Act systems of records notices (SORNs) The Privacy Act requires that a notice describing each system of records proposed for establishment by a Federal agency be published in the Federal Register for review and comment by the public and other interested parties. The notice allows questions to be raised and resolved before the system is put into effect and ensures that privacy considerations have been addressed.

Back to top


  • Office of responsibility for systems of records: Responsible for identifying systems covered by the Privacy Act and ensuring that the system meets all information privacy and security requirements.
  • System/program manager: Responsible for the content of the systems of records notice that is published in the Federal Register and for ensuring that the information in the notice is accurate and up-to-date.
  • GSA Privacy Act Officer: Responsible for coordinating the publication of the Privacy Act notice.

Back to top

Last Reviewed: 2022-02-11