5 CFR 293.107 - Special safeguards for automated records.

§ 293.107 Special safeguards for automated records.

(a) In addition to following the security requirements of § 293.106 of this part, managers of automated personnel records shall establish administrative, technical, physical, and security safeguards for data about individuals in automated records, including input and output documents, reports, punched cards, magnetic tapes, disks, and on-line computer storage. The safeguards must be in writing to comply with the standards on automated data processing physical security issued by the National Bureau of Standards, U.S. Department of Commerce, and, as a minimum, must be sufficient to:

(1) Prevent careless, accidental, or unintentional disclosure, modification, or destruction of identifiable personal data;

(2) Minimize the risk that skilled technicians or knowledgeable persons could improperly obtain access to, modify, or destroy identifiable personnel data;

(3) Prevent casual entry by unskilled persons who have no official reason for access to such data;

(4) Minimize the risk of an unauthorized disclosure where use is made of identifiable personal data in testing of computer programs;

(5) Control the flow of data into, through, and from agency computer operations;

(6) Adequately protect identifiable data from environmental hazards and unneccessary exposure; and

(7) Assure adequate internal audit procedures to comply with these procedures.

(b) The disposal of identifiable personal data in automated files is to be accomplished in such a manner as to make the data unobtainable to unauthorized personnel. Unneeded personal data stored on reusable media such as magnetic tapes and disks must be erased prior to release of the media for reuse.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.

United States Code
Presidential Documents

Executive Order ... 9830

Executive Order ... 12107

The section you are viewing is cited by the following CFR sections.