NIST Privacy System-of-Records

NIST-1

June 5, 2012

SYSTEM TITLE:

NIST Associates

SYSTEM LOCATION¹:

• Domestic Guest Researcher (DGR) Records-NIST Technology Partnerships Office (TPO), Gaithersburg, MD 20899

• Foreign Guest Researcher (FGR) Records-NIST International and Academic Affairs Office (IAAO), Gaithersburg, MD 20899

• NIST Research Experience for Teachers (RET) Records – NIST International and Academic Affairs Office (IAAO), Gaithersburg, MD 20899

• Facility User (FU) Records-NIST Center for Neutron research, Gaithersburg, MD 20899

• Research Associates (RA) Records as listed on Cooperative Research and Development Agreements (CRADA)-NIST Technology Partnerships Office, Gaithersburg, MD 20899

• Sole Proprietorship Contractors (SPC)-NIST Acquisition and Logistics Division, Gaithersburg, MD 20899

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals not employed by NIST but having access to NIST facilities under various cooperative, collaborative, and contractual agreements. These include but in the future may not be limited to Foreign and Domestic Guest Researchers, Research Associates, Facility Users, Contractor Employee Personnel, Sole Proprietorship Contractors, Employees of Other Government Agencies, Student Program Participants, and other Collaborators.

CATEGORIES OF RECORDS IN THE SYSTEM:

Agreements between NIST and NIST Associates (NAs). Typical data include but are not limited to name, address, date of birth, social security number, personal contact information, e-mail address, telephone numbers, other names, education, visa and passport information, work location, financial and pay data, project descriptions, etc.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

27 Stat. 395 and 31 Stat. 1039, and all existing, applicable NIST and Department of Commerce (DOC) policies, regulations and directives concerning the tracking, security processing, and support of NAs during their tenure at NIST.

PURPOSE:

The purpose is to facilitate the processing, tracking, management, planning, control, support of and reporting about NAs during their tenure at NIST.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

See routine use paragraphs 1-10 and 13 in the Prefatory Statement, also:

1. Facilitate the processing and approval of NAs.

2. Facilitate tracking of NAs throughout their tenure at NIST.

3. Support processing of security-related documents and issuing of badges by DOC/NIST Security Office.

4. Provide aggregate statistical data for NIST budgeting, management, and planning.

5. Facilitate stipend and travel payments to foreign guest researchers.

6. Support processing of visas and other Immigration and Naturalization Service actions for foreign NAs.

7. Generation of reports in response to queries from NIST, DOC, Congress, and other external parties as may be required from time to time.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, RETAINING, AND DISPOSING OF RECORDS IN THE NAIS:

Storage:

Records stored in both paper and electronic formats.

Retrievability:

Records are retrieved by name and/or social security number.

Safeguards:

1. Privacy Act data, i.e., data defined by and protected under the Privacy Act of 1974

(5 U.S.C.552a), is maintained in NAIS as distinct and separate from non-Privacy Act data in that it cannot be accessed or retrieved except by authorized personnel with a mission-related need-to- know.

2. Access to the NIST Associate Information System (NAIS) Privacy Act data by NIST staff must be authorized by the NAIS System-of-Records Manager on a mission-related, need-to-know basis.

3. Levels of access to NAIS Privacy Act data as well as access itself are controlled by the NAIS privacy/security/system access architecture that is implemented through “report writer” software.

4. Levels of access to NAIS Privacy Act data are granted to individuals based on NA processing roles and responsibilities that define specific mission-related needs-to-know. Included in these roles and responsibilities are the following:

1. Initiators-those creating and inputting new data records.

2. Approving Officials-those signing off on NA agreements.

3. Reviewing Officials-those reviewing NA agreements but not signing off.

4. Records Updators- those directed to update or correct information NA records.

5. Physical security and IT security of the NAIS IT assets is assured by all relevant NIST policies and procedures that are applicable to the e-Approval infrastructure of which NAIS is an IT application.

RETENTION AND DISPOSAL

Current NIST and DOC policies and regulations concerning the retention and disposition of Privacy Act data apply.

SYSTEM MANAGER(S) AND ADDRESSE(S):

• For Domestic Guest Researchers and Research Associates the System Manager will be appointed by the Director, NIST Technology Partnerships Office (TPO) from TPO staff. Domestic Guest Researcher agreements (NIST-1296) are maintained by the Office of Workforce Management’s Onboarding Office.

• For Foreign Guest Researchers and all other foreign NAs, the System Manager will be appointed by the Director, NIST International and Academic Affairs Office (IAAO) from IAAO staff.

• For all Contractor Employees and Sole Proprietorship Contractors, the Associate Director for Management Resources (ADMR) is the System Manager; the ADMR may delegate this duty to a staff member.

• For Employees of Other Government Agencies, the System Manager is the Chief Human Capital Officer, Office of Workforce Management.

• For Student Program Participants, depending upon the program, the System Manager is the Chief Human Capital Officer, Office of Workforce Management.

• For Research Experience for Teachers (RET) Records, the System Manager is NIST International and Academic Affairs Office (IAAO), Gaithersburg, MD 20899

NOTIFICATION PROCEDURE:

Information may be obtained from: Director, Management and Organization Office

National Institute of Standards and Technology

100 Bureau Drive-Stop 3220

Gaithersburg, MD 20899-3220

RECORD ACCESS PROCEDURE:

Requests from individuals should be addressed to the same address provided in the Notification Procedure above.

CONTESTING RECORD PROCEDURE

The Department’s rules for access, for contesting contents, and for appealing initial determinations by the individuals concerned appear in 15 CFR part 4b. Use same address provided in the Notification Procedure above.

RECORD SOURCE CATEGORIES

Subject individual and those authorized by individual to furnish information.