45 CFR 503.2 - General policies—Privacy Act.
The Commission will protect the privacy of an individual identified in any information or record systems which it maintains. Accordingly, its officials and employees, except as otherwise provided by law or regulation, will:
(a) Permit an individual to determine what records pertaining to that individual are collected, maintained, used or disseminated by the Commission.
(b) Permit an individual to prevent a record pertaining to that individual obtained by the Commission for a particular purpose from being used or made available for another purpose without the individual's consent.
(c) Permit an individual to gain access to information pertaining to that individual in Commission records, to have a copy made of all or any portion thereof, and to correct or amend those records.
(d) Collect, maintain, use, or disseminate any record of identifiable personal information in a manner that assures that the Commission's action is for a necessary and lawful purpose, that the information is current and accurate for its intended use, and that adequate safeguards are provided to prevent misuse of the information.
(e) Permit exemptions from record requirements provided under the Privacy Act only where an important public policy use for the exemption has been determined in accordance with specific statutory authority.