15 CFR § 2004.27 - How are records secured?

§ 2004.27 How are records secured?

(a) Controls. USTR must establish administrative and physical controls to prevent unauthorized access to its systems of records, unauthorized or inadvertent disclosure of records, and physical damage to or destruction of records. The stringency of these controls corresponds to the sensitivity of the records that the controls protect. At a minimum, the administrative and physical controls must ensure that:

(1) Records are protected from public view;

(2) The area in which records are kept is supervised during business hours to prevent unauthorized persons from having access to them;

(3) Records are inaccessible to unauthorized persons outside of business hours; and

(4) Records are not disclosed to unauthorized persons or under unauthorized circumstances in either oral or written form.

(b) Limited access. Access to records is restricted only to individuals who require access in order to perform their official duties.