Download:
pdf |
pdf2/7/2019
HOME
ABOUT
Privacy Act, Office of Privacy and Open Government, U.S. Department of Commerce
PRIVACY
OPEN GOVERNMENT
FOIA
PRIVACY ACT
FACA
DIRECTIVES
CONTACT US
System of Records Notices
Effective Date: May 23, 2016
COMMERCE/NIST-1
SYSTEM NAME:
NIST Associates.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATIONS:
Locations where the primary records are maintained:
Domestic Guest Researcher (DGR) Records-NIST Technology Partnerships Office (TPO),
100 Bureau Drive, Gaithersburg, MD 20899.
Foreign Guest Researcher (FGR) Records-NIST International and Academic Affairs Office
(IAAO), 100 Bureau Drive, Gaithersburg, MD 20899.
NIST Research Experience for Teachers (RET) Records-NIST International and Academic
Affairs Office (IAAO), 100 Bureau Drive, Gaithersburg, MD 20899.
Facility User (FU) Records-NIST Center for Neutron research, 100 Bureau Drive,
Gaithersburg, MD 20899.
Research Associates (RA) Records as listed on Cooperative Research and Development
Agreements (CRADA)-NIST Technology Partnerships Office, 100 Bureau Drive,
Gaithersburg, MD 20899.
Sole Proprietorship Contractors (SPC)-NIST Office of Acquisition Agreements Management,
100 Bureau Drive, Gaithersburg, MD 20899.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals not employed by NIST but having access to NIST facilities under various cooperative, collaborative,
and contractual agreements. These include but in the future may not be limited to Foreign and Domestic Guest
Researchers, Research Associates, Facility Users, Contractor Employee Personnel, Sole Proprietorship
Contractors, Employees of Other Government Agencies, Student Program Participants, and other Collaborators.
CATEGORIES OF RECORDS IN THE SYSTEM:
Agreements between NIST and NAs. Typical data also includes but is not limited to name, address, date of birth,
social security number, personal contact information, email address, telephone numbers, other names, education,
visa and passport information, work location, financial and pay data, project descriptions, etc.
http://www.osec.doc.gov/opog/PrivacyAct/SORNs/nist-1.html
1/5
2/7/2019
Privacy Act, Office of Privacy and Open Government, U.S. Department of Commerce
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
27 Stat. 395 and 31 Stat. 1039, and all existing, applicable NIST and Department policies, regulations and
directives concerning the tracking, security processing, and support of NAs during their tenure at NIST.
PURPOSES:
The purpose is to facilitate the processing, tracking, management, planning, control, support of and reporting
about NAs during their tenure at NIST.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM,
INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of
the records or information contained in this system may be disclosed to authorized entities, as is determined to
be relevant and necessary, outside the Department as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. In the event that a system of records maintained by the Department to carry out its functions indicates a
violation or potential violation of law or contract, whether civil, criminal or regulatory in nature, and whether
arising by general statute or particular program statute or contract, or rule, regulation, or order issued pursuant
thereto, or the necessity to protect an interest of the Department, the relevant records in the system of records
may be referred, as a routine use, to the appropriate agency, whether federal, state, local or foreign, charged with
the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the
statute or contract, or rule, regulation or order issued pursuant thereto, or protecting the interest of the
Department.
2. A record from this system of records may be disclosed, as a routine use, to a federal, state or local agency
maintaining civil, criminal or other relevant enforcement information or other pertinent information, such as
current licenses, if necessary to obtain information relevant to a Department decision concerning the assignment,
hiring or retention of an individual, the issuance of a security clearance, the letting of a contract, or the issuance
of a license, grant or other benefit.
3. A record from this system of records may be disclosed, as a routine use, to a federal, state, local, or
international agency, in response to its request, in connection with the assignment, hiring or retention of an
individual, the issuance of a security clearance, the reporting of an investigation of an individual, the letting of a
contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the
information is relevant and necessary to the requesting agency's decision on the matter.
4. A record from this system of records may be disclosed, as a routine use, in the course of presenting evidence
to a court, magistrate or administrative tribunal, including disclosures to opposing counsel in the course of
settlement negotiations.
5. A record in this system of records may be disclosed, as a routine use, to a Member of Congress submitting a
request involving an individual when the individual has requested assistance from the Member with respect to
the subject matter of the record.
6. A record in this system of records which contains medical information may be disclosed, as a routine use, to
the medical advisor of any individual submitting a request for access to the record under the Act and 15 CFR
part 4b if, in the sole judgment of the Department, disclosure could have an adverse effect upon the individual,
under the provision of 5 U.S.C. 552a(f)(3) and implementing regulations at 15 CFR part 4b.
7. A record in this system of records may be disclosed, as a routine use, to the Office of Management and
Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A-19 at any
stage of the legislative coordination and clearance process as set forth in that Circular.
http://www.osec.doc.gov/opog/PrivacyAct/SORNs/nist-1.html
2/5
2/7/2019
Privacy Act, Office of Privacy and Open Government, U.S. Department of Commerce
8. A record in this system of records may be disclosed, as a routine use, to the Department of Justice in
connection with determining whether disclosure thereof is required by the Freedom of Information Act (5 U.S.C.
552).
9. A record in this system of records may be disclosed, as a routine use, to a contractor of the Department having
need for the information in the performance of the contract, but not operating a system of records within the
meaning of 5 U.S.C. 552a(m).
10. A record in this system may be transferred, as a routine use, to the Office of Personnel Management: for
personnel research purposes; as a data source for management information; for the production of summary
descriptive statistics and analytical studies in support of the function for which the records are collected and
maintained; or for related manpower studies.
11. A record from this system of records may be disclosed, as a routine use, to the Administrator, General
Services Administration (GSA), or his designee, during an inspection of records conducted by GSA as part of
that agency's responsibility to recommend improvements in records management practices and programs, under
authority of 44 U.S.C. 2904 and § 2906. Such disclosure shall be made in accordance with the GSA regulations
governing inspection of records for this purpose, and any other relevant (i.e. GSA or Department) directive.
Such disclosure shall not be used to make determinations about individuals.
12. A record in this system of records may be disclosed to appropriate agencies, entities and persons when: (1) It
is suspected or determined that the security or confidentiality of information in the system of records has been
compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or
integrity of this system or whether systems or programs (whether maintained by the Department or another
agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to
the suspected or confirmed compromise and to prevent, minimize, or remedy such harm.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Disclosure to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12) may be made from this system to
“consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) and the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING,
RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
NA information is stored and maintained in electronic form in system folders and/or databases, within a
controlled environment with access restricted to authorized personnel (see Safeguards below for full list of those
with access to system).
RETRIEVABILITY:
Records are retrieved by name and/or social security number.
SAFEGUARDS:
Privacy Act data, i.e., data defined by and protected under the Privacy Act of 1974 (5 U.S.C. 552a), is
maintained in the NIST Associate Information System (NAIS) as distinct and separate from non-Privacy Act
data in that it cannot be accessed or retrieved except by authorized personnel with a mission-related need-tohttp://www.osec.doc.gov/opog/PrivacyAct/SORNs/nist-1.html
3/5
2/7/2019
Privacy Act, Office of Privacy and Open Government, U.S. Department of Commerce
know. Access to NAIS Privacy Act data by NIST staff must be authorized by the NAIS System-of-Records
Manager on a mission-related, need-to-know basis. Levels of access to NAIS Privacy Act data as well as access
itself are controlled by the NAIS privacy/security/system access architecture that is implemented through “report
writer” software.
Levels of access to NAIS Privacy Act data are granted to individuals based on NA processing roles and
responsibilities that define specific mission-related needs-to-know. Included in these roles and responsibilities
are the following:
a. Initiators—those creating and inputting new data records.
b. Approving Officials—those signing off on NA agreements.
c. Reviewing Officials—those reviewing NA agreements but not signing off.
d. Records Updaters—those directed to update or correct information in NA records.
Physical security and IT security of the NAIS IT assets is assured by all relevant NIST policies and procedures
that are applicable to the e-Approval infrastructure of which NAIS is an IT application.
RETENTION AND DISPOSAL:
Current NIST and Department policies and regulations concerning the retention and disposition of Privacy Act
data apply.
SYSTEM MANAGER(S) AND ADDRESS:
For DGRs and RAs, the System Manager will be appointed by the Director, NIST Technology
Partnerships Office (TPO) from TPO staff. DGR agreements (NIST-1296) are maintained by
the Office of Human Resource Management Onboarding Office, 100 Bureau Drive,
Gaithersburg, MD 20899.
For FGRs and all other foreign NAs, the System Manager will be appointed by the Director,
NIST International and Academic Affairs Office (IAAO) from IAAO staff, 100 Bureau Drive,
Gaithersburg, MD 20899.
For all Contractor Employees and SPCs, the Associate Director for Management Resources
(ADMR) is the System Manager; the ADMR may delegate this duty to a staff member, 100
Bureau Drive, Gaithersburg, MD 20899.
For FU Records, the System Manager is the Director for the NIST Center for Neutron
Research, 100 Bureau Drive, Gaithersburg, MD 20899.
For Employees of Other Government Agencies, the System Manager is the Director, Office of
Human Resources Management, 100 Bureau Drive, Gaithersburg, MD 20899.
For Student Program Participants, depending upon the program, the System Manager is the
Director, Office of Human Resources Management, 100 Bureau Drive, Gaithersburg, MD
20899.
For RETs Records, the System Manager is NIST International and Academic Affairs Office
(IAAO), 100 Bureau Drive, Gaithersburg, MD 20899.
NOTIFICATION PROCEDURE:
Information may be obtained from the Director, Management and Organization Office, NIST, 100
Bureau Drive-Stop 1710, Gaithersburg, MD 20899.
RECORD ACCESS PROCEDURES:
http://www.osec.doc.gov/opog/PrivacyAct/SORNs/nist-1.html
4/5
2/7/2019
Privacy Act, Office of Privacy and Open Government, U.S. Department of Commerce
Requests from individuals should be addressed to the same address provided in the Notification Procedure
above.
CONTESTING RECORD PROCEDURES:
The Department's rules for access, for contesting content, and for appealing initial determinations by the
individuals concerned appear in 15 CFR part 4b. Use same address provided in the Notification Procedure
above.
RECORD SOURCE CATEGORIES:
Information that may be entered into the NAIS will come from the subject individuals and those authorized by
these individuals to furnish information.
SYSTEM EXEMPTIONS FROM CERTAIN PROVISIONS OF THE ACT:
None.
FEDERAL REGISTER HISTORY:
81 FR 21837 April 13, 2016
Notice of Proposed Amendment to Privacy Act System of Records
Return to top
Questions and Comments
Send Questions or Comments on the Commerce Office of Privacy and Open Government programs to
[email protected].
Office of Privacy and Open Government
Office of the Chief Financial Officer and Assistant Secretary for Administration
U.S. Department of Commerce
Page last updated: July 9, 2016->
http://www.osec.doc.gov/opog/PrivacyAct/SORNs/nist-1.html
5/5
File Type | application/pdf |
File Modified | 2019-02-07 |
File Created | 2019-02-07 |