Privacy Act


On December 31, 1974, Public Law 93-579, entitled, "Government Organization and Employees" was enacted. Codified as Title 5 of the U.S. Code, it introduced Section 552a, which has come to be known as the "Privacy Act of 1974".

What is the purpose of the Privacy Act?

The purpose of this law is to balance the government's need to maintain information about individuals against unwarranted invasion of the individuals' personal privacy.

What are Privacy Act records?

Privacy Act records are those records collected, maintained and used by agencies in the executive branch of the federal government that contain personally identifiable information, i.e., are retrieved by an individual's name or other personal identifier.

Who may request Privacy Act records?

Only U.S. citizens and aliens admitted for permanent legal residence are permitted to obtain records under this statute. The Privacy Act does not apply to (i) state and local governments, unless such entities are involved in a computer matching program with the federal government, or (ii) private companies or organizations, unless these entities are under contract with the agency to maintain an agency-approved Privacy Act system of records.

What types of Department of Energy (DOE) records are considered Privacy Act records?

The records are categorized in DOE's systems of records. See Publication of Compilation of DOE's Privacy Act Systems of Records (Adobe PDF file).

What are the obligations of Federal agencies in maintaining Privacy Act records?

Agencies are required to:

1. inform individuals why the information is being collected and how it will be used

2. publish in the Federal Register a notice completely describing each Privacy Act system of records when it is established or amended, thus preventing secret record systems. The notice addresses how the government maintains a system of records on individuals, specifically
    • System Number, Name and Location
    • Category of Individuals on Whom Records are Maintained
    • Categories of Records Maintained
    • Authority for Maintenance of System
    • Purpose
    • Routine Uses
    • Storage
    • Retrievability
    • Safeguards
    • Retention and Disposal
    • Name and Address of the System Manager
    • Notification Procedures
    • Record Access Procedures
    • Contesting Record Procedures
    • Record Source Categories
    • Exemptions Claimed for the System;
3. ensure that the information is accurate, relevant, complete and up-to-date;

4. allow individuals access to records about themselves (most systems of records are releasable; although rarely used, the law provides that an entire system of records can be withheld from disclosure pursuant to any of the seven exemptions, such as national security or law enforcement);

5. allow individuals to find out what records have been disclosed (the law provides conditions of disclosure with no written consent prior to disclosure); and

6. provide individuals with the opportunity to correct inaccuracies in their records.

How can I request my Privacy Act records?

A Privacy Act request must be in writing, cite the Privacy Act, include the name, address and signature of the requester, satisfy requester identification requirements, and be as specific as possible to identify or describe the type of record(s) being sought. Refer to Guidance for Requesting Privacy Act Records of DOE-CH (Adobe PDF file) for additional information and methods for which requests can be filed.

Are there fees for Privacy Act records?

Reproduction fees may be assessed; however, except in unusual circumstances, an individual generally will receive a copy of the requested records at no charge.

When can I expect a response to my Privacy Act request?

Federal agencies are required to acknowledge receipt of a Privacy Act request within 10 business days and respond within 30 business days.

DOE regulations provide that every effort will be made to respond to a request within 10 working days from the date of receipt. DOE-CH will acknowledge each request and notify requester with an anticipated response date. If the response date cannot be met, the requester will be contacted to secure a reasonable time extension.

What are the consequences if an individual requests Privacy Act records under false pretenses?

Individuals should take notice of the following penalties imposed on any person who knowingly, willingly, falsely, or fraudulently requests or obtains records concerning another individual from a Federal agency under the Privacy Act:
    • shall be guilty of a misdemeanor and fined not more than $5,000; and
    • may be subject to prosecution under other criminal statutes.

Home            FOIA/Reading Room            Privacy Act
Security and Privacy Notices