12 CFR § 1204.10 - What are FHFA and FHFA–OIG employee responsibilities under the Privacy Act?

§ 1204.10 What are FHFA and FHFA–OIG employee responsibilities under the Privacy Act?

At least annually, the FHFA Privacy Act Officer or the Senior Agency Official for Privacy will inform employees about the provisions of the Privacy Act, including the Privacy Act's civil liability and criminal penalty provisions. Unless otherwise permitted by law, an authorized FHFA or FHFA–OIG employee shall—

(a) Collect from individuals only information that is relevant and necessary to discharge FHFA or FHFA–OIG responsibilities;

(b) Collect information about an individual directly from that individual whenever practicable;

(c) Inform each individual from whom information is collected of—

(1) The legal authority to collect the information and whether providing it is mandatory or voluntary;

(2) The principal purpose for which FHFA or FHFA–OIG intends to use the information;

(3) The routine uses FHFA or FHFA–OIG may make of the information; and

(4) The effects on the individual, if any, of not providing the information.

(d) Ensure that the employee's office does not maintain a system of records without public notice and notify appropriate officials of the existence or development of any system of records that is not the subject of a current or planned public notice;

(e) Maintain all records that are used in making any determination about an individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in the determination;

(f) Except for disclosures made under FOIA, make reasonable efforts, prior to disseminating any record about an individual, to ensure that the record is accurate, relevant, timely, and complete;

(g) When required by the Privacy Act, maintain an accounting in the specified form of all disclosures of records by FHFA or FHFA–OIG to persons, organizations, or Federal agencies;

(h) Maintain and use records with care to prevent the unauthorized or inadvertent disclosure of a record to anyone; and

(i) Notify the appropriate official of any record that contains information that the Privacy Act does not permit FHFA or FHFA–OIG to maintain.