![[NASA Logo]](../Images/nasaball.gif) |
NASA Procedures and Guidelines |
||||
This Document is Obsolete and Is No Longer Used.
|
|||||
|
|
|||||
|
|
||||
| | TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppedixD | AppendixE | ALL | | |||||
9.1.1 The Privacy Rules of Behavior and Consequences chapter summarizes privacy responsibilities outlined within this NPR and identifies consequences for violating the NPR. Consequences are impacted by an individual's level of responsibility and the type of PII involved in the matter.
9.1.2 NASA Privacy Rules of Behavior and Consequences procedures are governed by ITS-HBK-1382.09, Privacy Rules of Behavior and Consequences.
9.2.1 Privacy Rules of Behavior
Privacy Rules of Behavior include the NASA user responsibilities outlined within the chapters of this NPR and the related handbooks. Specific information on Rules of Behavior is governed by ITS-HBK-1382.09, Privacy Rules of Behavior and Consequences.
9.2.1.1 The SAOP shall:
a. Develop Rules of Behavior for privacy outlined within this NPR and in the associated handbook, as appropriate.
b. Ensure that awareness and training materials include information on privacy Rules of Behavior.
9.2.2 Privacy Consequences
NASA may impose penalties on a NASA user who violates this NPR for privacy related violations. A consequence may range from reprimand to suspension or removal. Specifically, the consequences for violating the privacy-related provisions of this NPR are defined in the Privacy Act, OMB memoranda (e.g., OMB Memorandum M-07-16) and the associated handbook. The consequences available under the Privacy Act range from administrative to criminal sanctions. Specific information on consequences is governed by ITS-HBK-1382.09, Privacy Rules of Behavior and Consequences.
9.2.2.1 The SAOP shall outline the consequences and penalty guidelines related to privacy violations.
9.2.2.2 The NASA Privacy Program Manager shall:
a. Advise the SAOP on appropriate consequences for violating this NPR.
b. Advise the CPM on consequences for violating this NPR at the Center level.
c. Establish requirements and procedures for reporting known, suspected, or likely violations of the privacy requirements of this NPR.
9.2.2.3 The CPM shall provide support to the Privacy Program Manager to ensure adherence to the requirements of this NPR at the Center level.
9.2.2.4 The ISO shall:
a. Meet publication requirements for Privacy Act SOR. Any official who willfully maintains a Privacy Act SOR without meeting the publication requirements is subject to possible criminal penalties or administrative sanctions, or both.
b. Be held accountable for privacy violations of this NPR; penalties range from criminal to administrative.
9.2.2.5 The NASA user shall be held accountable for violations of this NPR and related handbooks. Penalties may include reprimand, suspension, removal, or other appropriate administrative action, fines, additional privacy training or other actions in accordance with applicable laws and Agency disciplinary policy.
9.2.2.6 NASA Users may:
a. Be subject to written reprimand, suspension, removal, or other appropriate administrative action under the following situations:
(1) Knowingly failing to implement and maintain information security controls required by this NPR for the protection of PII regardless of whether or not such action results in the loss of control or unauthorized disclosure of PII.
(2) Failing to report any known or suspected loss of control or unauthorized disclosure of PII.
(3) For managers, failing to adequately instruct, train, or supervise employees in their privacy responsibilities.
b. Be subject to criminal penalties for willful and intentional violations of the Privacy Act.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppedixD | AppendixE | ALL | |
| | NODIS Library | Organization and Administration(1000s) | Search | |