31 CFR 1.28 - Training, rules of conduct, penalties for non-compliance.
(a) Training. Subject to policy guidance and regulations issued by the Deputy Secretary, who has Departmentwide responsibility therefor, each component shall institute a training program to instruct employees and employees of Government contractors covered by 5 U.S.C. 552a(m), who are involved in the design, development, operation or maintenance of any system of records, on a continuing basis with respect to the duties and responsibilities imposed on them and the rights conferred on individuals by the Privacy Act, the regulations in this subpart, including the appendices thereto, and any other related regulations. Such training shall provide suitable emphasis on the civil and criminal penalties imposed on the Department and the individual employees by the Privacy Act for non-compliance with specified requirements of the Act as implemented by the regulations in this subpart. (See 5 U.S.C. 552a(e)(9))
(b) Rules of conduct. In addition, to the Standards of Conduct published in part O of this title, particularly 31 CFR 0.735-44, the following are applicable to employees of the Department of the Treasury (including, to the extent required by the contract or 5 U.S.C. 552a(m), Government contractors and employees of such contractors), who are involved in the design, development, operation or maintenance of any system of records, or in maintaining any records, for or on behalf of the Department, including any component thereof.
(1) The head of each office of a component of the Department shall be responsible for assuring that employees subject to such official's supervision are advised of the provisions of the Privacy Act, including the criminal penalties and civil liabilities provided therein, and the regulations in this subpart, and that such employees are made aware of their individual and collective responsibilities to protect the security of personal information, to assure its accuracy, relevance, timeliness and completeness, to avoid unauthorized disclosure either orally or in writing, and to insure that no information system concerning individuals, no matter how small or specialized is maintained without public notice.
(i) Collect no information of a personal nature from individuals unless authorized to collect it to achieve a function or carry out a responsibility of the Department;
(iv) Inform individuals from whom information is collected about themselves of the authority for collection, the purposes thereof, the use that will be made of the information, and the effects, both legal and practical, of not furnishing the information. (While this provision does not explicitly require it, where feasible, third party sources should be informed of the purposes for which information they are asked to provide will be used.);
(v) Neither collect, maintain, use nor disseminate information concerning an individual's religious or political beliefs or activities or membership in associations or organizations, unless (A) the individual has volunteered such information for the individual's own benefits; (B) the information is expressly authorized by statute to be collected, maintained, used or disseminated; or (C) the activities involved are pertinent to and within the scope of an authorized investigation, adjudication or correctional activity;
(viii) Assure that an accounting is kept in the prescribed form, of all dissemination of personal information outside the Department, whether made orally or in writing, unless disclosed under 5 U.S.C. 552 and subpart A of this part;
(x) Assure that the proper Department authorities are aware of any information in a system maintained by the Department which is not authorized to be maintained under the provisions of the Privacy Act of 1974, including information on First Amendment Activities, information that is inaccurate, irrelevant or so incomplete as to risk unfairness to the individual concerned.
(3) Heads of components within the Department or their delegates shall, at least annually, review the record systems subject to their supervision to insure compliance with the provisions of the Privacy Act of 1974 and the regulations in this subpart. (See 5 U.S.C. 552a (e)(9), (i) and (m))
(c) Criminal penalties.
(1) The Privacy Act imposes criminal penalties on the conduct of Government officers or employees as follows: Any officer or employee of an agency (which term includes the Department of the Treasury):
(i) Who by virtue of the official's employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this section (5 U.S.C. 552a) or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, or
(ii) Who willfully maintains a system of records without meeting the notice requirements of paragraph (e)(4) of this section (5 U.S.C. 552a) - shall be guilty of a misdemeanor and fined not more than $5,000.
(2) The Act also imposes a collateral criminal penalty on the conduct of any person as follows:
“Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.”
(3) For the purposes of 5 U.S.C. 552a (i), the provisions of paragraph (c)(1) of this section are applicable to Government contractors and employees of such contractors who by contract, operate by or on behalf of the Department of the Treasury a system of records to accomplish a Departmental function. Such contractor and employees are considered employees of the Department of the Treasury for the purposes of 5 U.S.C. 552a(i). (See 5 U.S.C. 552a (i) and (m).)