10 CFR 1008.3 - Employee standards of conduct with regard to privacy.
(a) The Headquarters DOE Privacy Act Officer shall assure that DOE personnel are advised of the provisions of the Privacy Act, including the criminal penalties and civil liabilities provided therein, (subsections (g) and (i) of the Act), and that DOE personnel are made aware of their responsibilities: to protect the security of personal information to assure its accuracy, relevance, timeliness and completeness; to avoid unauthorized disclosure; and to insure that no system of records concerning individuals, no matter how insignificant or specialized, is maintained without public notice.
(b) DOE personnel shall:
(1) Collect or maintain no information of a personal nature about individuals unless relevant and necessary to achieve a purpose or carry out a responsibility of the DOE as required by statute or by Executive Order. See subsection (e)(1) of the Act and § 1008.18(a).
(2) Collect information, wherever possible, directly from the individual to whom it pertains. See subsection (e)(2) of the Act and § 1009.19(a).
(3) Inform individuals from whom information is collected of the authority for collection, the principal purposes for which the information will be used, the routine uses that will be made of the information, and the effects of not furnishing the information. See subsection (e)(3) of the Act and § 1008.19(b).
(4) Collect, maintain, use or disseminate no information concerning an individual's rights guaranteed by the First Amendment, unless:
(i) The individual has volunteered such; or
(ii) The information is expressly authorized by statute to be collected, maintained, used or disseminated; or
(iii) The activities involved are pertinent to and within the scope of an authorized law enforcement activity. See subsection (e)(7) of the Act and § 1008.18(b).
(5) Advise their supervisors of the existence or proposal of any system of records which retrieves information about individuals by the individual's name or other identifying number, symbol, or identifying particulars assigned to the individual.
(6) Maintain an accounting, in the prescribed form, of all disclosures of information other than those to officers or employees who have a need for the record in the performance of their duties and those required under the Freedom of Information Act. See subsection (c) of the Act.
(7) Disclose no records other than to DOE personnel without the advance written consent of the individual, except as authorized by 5 U.S.C. 552a(b) including routine uses published in the Federal Register.
(8) Maintain and process information concerning individuals with care to insure that no inadvertent disclosure of the information is made. See subsection (e)(10) of the Act.
(9) Inform the proper DOE authorities of any information maintained in a DOE system of records which is not authorized by the Privacy Act of 1974.
(c) Heads of Headquarters Divisions and Offices and heads of the other DOE locations shall review annually the systems of records subject to their responsibility to insure compliance with the requirements of the Privacy Act of 1974.