| NODIS Library | Organization and Administration(1000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 1382.1A
Effective Date: July 10, 2013
Expiration Date: July 10, 2018
COMPLIANCE IS MANDATORY
Printable Format (PDF)

(NASA Only)

Subject: NASA Privacy Procedural Requirements

Responsible Office: Office of the Chief Information Officer


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppedixD | AppendixE | ALL |

Chapter 7 - Privacy Awareness and Training

7.1 Privacy Awareness and Training Overview

7.1.1 The Privacy Awareness and Training chapter relates to NASA's initiatives to ensure that all NASA Users are aware of and trained on their roles and responsibilities related to PII. Several OMB documents outline the privacy training requirements, including OMB Circular A-130, OMB Memorandum M-05-08, and OMB Memorandum M-07-16. Specifically, OMB Memorandum M-07-16 provides that every NASA user is responsible for receiving training prior to gaining access to NASA information and information systems, with an annual requirement for refresher training thereafter. Additionally, advanced training may be required depending on the privacy-related responsibilities of the NASA user.

7.1.2 NASA Privacy Training and Awareness procedures are governed by ITS-HBK-1382.07, Privacy Awareness and Training, and ITS-HBK-2810.06, Security Awareness and Training.

7.2 Privacy Training and Awareness Policy

7.2.1 The SAOP shall:

a. Ensure NASA users receive appropriate training and education on their privacy responsibilities, including acceptable rules of behavior, when and how to report privacy related incidents, and consequences for violating this NPR.

b. Oversee the mandatory annual privacy training program.

c. Oversee a privacy awareness program.

7.2.2 The NASA Privacy Program Manager shall:

a. Review and approve all privacy awareness and training materials.

b. Develop privacy awareness and training materials.

c. Work with the Information Technology Security Awareness and Training Center (ITSATC) to ensure privacy awareness and training materials meet information security training requirements.

d. Ensure the ensuing training:

(1) For the NASA user explains the policies and procedures for safeguarding PII collected and maintained at NASA.

(2) For the NASA user explains the privacy rules of behavior and consequences.

(3) For the NASA user with access to NASA data, explains that willful disclosure of information to individuals not entitled to Privacy Act records or sensitive privacy information in any form is strictly prohibited.

(4) For persons involved in the design, development, operation, or maintenance of any Privacy Act SOR, or in the maintenance of any record within any SOR, explains the requirements regarding the protection, use, and release of the Privacy Act records.

(5) For persons involved in the design, development, operation, or maintenance of any PII collection, explains the requirements regarding the protection, use, and release of the records.

e. Determine the annual training requirements for CPMs.

7.2.3 The CPM shall:

a. Participate in privacy role-based training, as required.

b. Ensure awareness and training programs are conducted at the Center level.

7.2.4 The ISO shall:

a. Ensure that all NASA users who have access to the data or who develop or supervise procedures for handling PII are trained and are compliant with policies and procedures for safeguarding PII collected and maintained at NASA.

b. Ensure that persons involved in the design, development, operation, or maintenance of any Privacy Act SOR, or in the maintenance of any record in any SOR, are trained in the requirements regarding the protection, use, and release of the Privacy Act records.

c. Ensure that persons involved in the design, development, operation, or maintenance of any PII collection are trained in the requirements regarding the protection, use, and release of the records.

7.2.5 The NASA user shall:

a. Participate in mandatory privacy training prior to gaining access to NASA information and information systems, and yearly thereafter.

b. Participate in privacy role-based training, as required.

7.2.6 The Center BRT members shall participate in annual BRT training and exercises.



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppedixD | AppendixE | ALL |
 
| NODIS Library | Organization and Administration(1000s) | Search |

DISTRIBUTION:
NODIS


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov