Responsible Office: JA

Subject: Privacy Act - Internal NASA Direction in Furtherance of NASA Regulation

1. POLICY

a.  NASA regulations implementing the Privacy Act are published at 14 CFR
Part 1212.

b.  NASA will fully comply with the requirements of the Privacy Act 
of 1974, as amended, including the Computer Matching and Privacy Protection
Act of 1988, and guidance from the Office of Management and Budget (OMB).

c.  NASA personnel, including appropriate contractor personnel, will not
disclose any record that is contained in a system of records to any other 
Federal or non-Federal person or agency without proper authorization by 
the NASA Privacy Act Officer.

d.  If NASA is requested to participate in a computer matching program, 
permission to participate will be sought by the Center Privacy Act Manager
or the appropriate Systems Manager from the NASA Privacy Act Officer.  A 
matching program is the comparison of records using a computer.  The 
records must themselves exist in automated form in order to perform the
match.  For example, manual comparisons of printouts of two automated
data bases are not included.  A matching program covers not only the 
actual computerized comparison, but the investigative followup and 
ultimate action, if any.

e.  The NASA Data Integrity Board will be convened to review the request 
and, if appropriate, initiate a written agreement between NASA and the 
other agency.  Decisions made by the Board will be provided in writing to 
all interested parties.

2. APPLICABILITY

This NPD applies to NASA Headquarters and NASA Centers, including Component
Facilities, and NASA contractors that create and/or maintain Privacy Act
records or systems of records for, or on behalf of, NASA.

3. AUTHORITY

a.  The National Aeronautics and Space Act of 1958, as amended, 42 U.S.C. 2451,
et seg.

b.  The Privacy Act of 1974, as amended, 5 U.S.C. 552a.

c.  Public Law 100-503, Computer Matching and Privacy Protection Act of 
1988, as amended (See 5 U.S.C. 552a, notes thereunder).

d.  OMB Circular A-130, "Management of Federal Information Resources."

4. REFERENCES

a.  14 CFR Part 1212, NASA Privacy Act Regulations.

5. RESPONSIBILITY

a.  The Chief Information Officer (CIO) is responsible for the overall
function of Privacy Act implementation and compliance with the Computer
Matching and Privacy Protection Act.  The CIO may designate a NASA Privacy
Officer, delegating any implementation or oversight responsibilities as
necessary.  

b.  The following senior NASA officials will serve as members on
the Data Integrity Board: (1) Inspector General; (2) Director, Personnel 
Division; (3) Associate Administrator for Management Systems and Facilities; 
(4) Chief Medical Officer, whenever medical records, including occupational 
health records and medical research data bases, are being considered; and 
(5) NASA Privacy Officer (who will serve as the Executive Secretary to the 
Board).  The Data Integrity Board is responsible for review, approval/dis-
approval, and maintenance of agreements for computer matching to ensure 
compliance with relevant statutes, regulations, and guidance.  The Board 
will act as clearinghouse for receiving and providing information and 
compiling reports for the NASA Administrator, OMB, Congress, and the public 
upon request.

c.  Officials-in-Charge of Headquarters Offices, NASA Center Directors, 
the NASA Privacy Officer, Center Privacy Act Managers, and System and 
Subsystem Managers for NASA`s Privacy Act Systems of Records, and all other
NASA officials and employees are responsible for complying with the 
regulations set forth in 14 CFR Part 1212 and for ensuring that proper 
notification and authorization are given with regard to computer
matching programs.

6. DELEGATION OF AUTHORITY

None. 

7. MEASUREMENTS

In assessing whether NASA is in compliance with current regulations,
the Agency will do the following:

a.  Collect data biennially on the implementation of the Privacy Act, 
including information required by Sec. 552a (c) "Accounting of Certain 
Disclosures" of the Privacy Act of 1974, as amended, for reporting to 
OMB and Congress.

b.  Collect exception data on all Privacy Act requests that are not in 
compliance with the NASA regulations at 14 CFR Part 1212.

8. CANCELLATION

NMI 1382.17D, dated April 16, 1993, and NMI 1382.18A, dated December 13,1991.

---

/s/ Daniel S. Goldin
Administrator

ATTACHMENT A: (TEXT)

None. 

(URL for Graphic)

None. 

DISTRIBUTION:
NODIS