41 CFR 105-64.107 - What standards of conduct apply to employees with privacy-related responsibilities?
(a) Employees who design, develop, operate, or maintain Privacy Act record systems will protect system security, avoid unauthorized disclosure of information, both verbal and written, and ensure that no system of records is maintained without public notice. All such employees will follow the standards of conduct in 5 CFR part 2635, 5 CFR part 6701, 5 CFR part 735, and 5 CFR part 2634 to protect personal information.
(b) Employees who have access to privacy act records will avoid unauthorized disclosure of personal information, both written and verbal, and ensure they have met privacy training requirements. All such employees will follow GSA orders HCO 9297.1 GSA Data Release Policy, HCO 9297.2A GSA Information Breach Notification Policy, HCO 2180.1 GSA Rules of Behavior for Handling Personally Identifiable Information (PII), CIO P 2100.1E CIO P GSA Information Technology (IT) Security Policy, and CIO 2104.1 GSA Information Technology (IT) General Rules of Behavior.