![]() |
NASA Procedural Requirements |
NPR 1382.1B Effective Date: July 26, 2022 Expiration Date: July 26, 2027 |
| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL | |
a. The purpose of this directive is to set forth the procedural requirements for safeguarding individual privacy through the protection of personally identifiable information (PII). PII which is collected, used, maintained, and disseminated by the National Aeronautics and Space Administration (NASA) will be protected regardless of format.
b. This NASA Procedural Requirement (NPR) is based on Federal requirements as listed in Section P.4, Applicable Documents and Forms.
a. This NPR is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers.
b. For the purposes of this NPR, NASA Headquarters is regarded as a Center. Further, all stipulated Center requirements apply to NASA Headquarters.
c. This directive applies to contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the contracts, grants, or agreements. This directive is applicable to the Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), only to the extent specified in the NASA/Caltech Prime Contract.
d. This directive applies to PII collected, stored, used, processed, disclosed, or disseminated in any format for use by or on behalf of NASA and includes PII collections that are maintained externally through a contract, outsourced to, or operated by:
(1) Government-owned, contractor operated (GOCO) facilities;
(2) Partners under the National Aeronautics and Space Act; 51 United States Code (U.S.C.) § 20101, et seq;
(3) Partners under the Commercial Space Launch Act, as amended, 51 U.S.C. § 50913;
(4) Partners under cooperative agreements; or
(5) Commercial or university facilities.
e. External collections that are not gathered on behalf of NASA or are merely incidental to a contract (e.g., PII in a contractor's payroll and personnel management system) are excluded from this NPR and are considered non-NASA data.
f. This NPR does not apply to PII collected or maintained by NASA employees and contractors for personal use (e.g., contact information for family, relatives, and doctors), as allowed under NASA Policy Directive (NPD) 2540.1, Acceptable Use of Government Furnished Information Technology Equipment, Services, and Resources.
g. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
h. In this directive all document citations are assumed to be the latest version unless otherwise noted. Documents cited as authority, applicable, or reference documents may be cited as a different categorization, which characterizes its function in relation to the specific context.
i. In this directive, the citation "Privacy Act of 1974, 5 U.S.C. § 552a" will be referred to as "Privacy Act" throughout.
a. National Aeronautics and Space Act, 51 U.S.C., § 20101 et seq.
b. The E-Government Act of 2002, 44 U.S.C. § 3604 et seq.
c. Privacy Act of 1974, 5 U.S.C. § 552a.
d. NASA Policy Directive (NPD) 1382.7, NASA Privacy Policy.
e. NPR 2810.1, Security of Information and Information Systems.
f. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev.5, Security and Privacy Controls for Information Systems and Organizations.
a. Creating Advanced Streamlined Electronic Services for Constituents Act of 2019, 5 U.S.C. § 101.
b. Plain Writing Act of 2010, 5 U.S.C. § 301.
c. Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501-6506.
d. Paperwork Reduction Act (PRA), 44 U.S.C. § 3501 et seq.
e. Federal Information Security Modernization Act of 2014, 44 U.S.C. § 3551 et seq.
f. Social Security Number Fraud Prevention Act of 2017, 10 Code of Federal Regulations CFR Part (pt.) 9.301.
g. Privacy Act-NASA Regulations, 14 CFR pt. 1212.
h. Protection of Privacy and Freedom of Information, 48 CFR pt. 24.
i. Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource (7/28/2016).
j. OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (09/30/2003). as amended by OMB Memorandum M-10-22.
k. OMB Memorandum M-07-12, Preparing for and Responding to a Breach of Personally Identifiable Information (01/03/2017).
l. OMB Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (06/25/ 2010).
m. OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications (06/25/2010).
n. NASA FAR Supplement 1824.1, Protection of Individual Privacy (09/2015).
o. NPD 2540.1, Acceptable Use of Government Furnished Information Technology Equipment, Services and Resources.
p. NPR 1600.1, NASA Security Program Procedural Requirements
q. NPR 2810.7, Controlled Unclassified Information.
r. NRRS 1441.1, NASA Records Retention Schedules.
a. Measurement for this policy is determined by Federal regulatory and NASA privacy requirements. These measurements are based upon NASA's privacy goals and the objectives outlined by the Senior Agency Official for Privacy (SAOP).
b. The SAOP provides assessments and evaluations that consist of periodic reporting from the Centers and collecting information for the satisfaction of OMB and Federal Information Security Modernization Act of 2014, 44 U.S.C. § 3551 reporting requirements.
c. All entities in P.2 of this policy are subject to privacy compliance reviews and evaluations by NASA.
NPR 1382.1A, NASA Privacy Procedural Requirements, July 10, 2016.
| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL | |
| NODIS Library | Organization and Administration(1000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.