1.28—Training, rules of conduct, penalties for non-compliance.
(a) Training.
Subject to policy guidance and regulations issued by
the Deputy Secretary, who has Departmentwide responsibility therefor, each component
shall institute a training program to instruct employees and employees of Government
contractors covered by 5 U.S.C. 552a(m), who are involved in the design,
development, operation or maintenance of any system of records, on a continuing
basis with respect to the duties and responsibilities imposed on them and the rights
conferred on individuals by the Privacy Act, the regulations in this subpart,
including the appendices thereto, and any other related regulations. Such training
shall provide suitable emphasis on the civil and criminal penalties imposed on the
Department and the individual employees by the Privacy Act for non-compliance with
specified requirements of the Act as implemented by the regulations in this subpart.
(See 5 U.S.C. 552a(e)(9) )
(b) Rules of conduct.
In addition, to the Standards of Conduct
published in part O of this title, particularly 31 CFR 0.735-44, the following are
applicable to employees of the Department of the Treasury (including, to the extent
required by the contract or 5 U.S.C. 552a(m), Government contractors and employees
of such contractors), who are involved in the design, development, operation or
maintenance of any system of records, or in maintaining any records, for or on
behalf of the Department, including any component thereof.
(1)
The head of each office of a component of the Department shall be responsible
for assuring that employees subject to such official's supervision are advised of
the provisions of the Privacy Act, including the criminal penalties and civil
liabilities provided therein, and the regulations in this subpart, and that such
employees are made aware of their individual and collective responsibilities to
protect the security of personal information, to assure its accuracy, relevance,
timeliness and completeness, to avoid unauthorized disclosure either orally or in
writing, and to insure that no information system concerning individuals, no matter
how small or specialized is maintained without public notice.
(2)
Employees of the Department of the Treasury involved in the design,
development, operation, or maintenance of any system of records, or in maintaining
any record shall:
(i)
Collect no information of a personal nature from individuals unless authorized
to collect it to achieve a function or carry out a responsibility of the
Department;
(ii)
Collect from individuals only that information which is necessary to
Department functions or responsibilities, unless related to a system exempted under
5 U.S.C. 552a (j) or (k):
(iii)
Collect information, wherever possible, directly from the individual to whom
it relates, unless related to a system exempted under 5 U.S.C. 552a(j) ;
(iv)
Inform individuals from whom information is collected about themselves of the
authority for collection, the purposes thereof, the use that will be made of the
information, and the effects, both legal and practical, of not furnishing the
information. (While this provision does not explicitly require it, where feasible,
third party sources should be informed of the purposes for which information they
are asked to provide will be used.);
(v)
Neither collect, maintain, use nor disseminate information concerning an
individual's religious or political beliefs or activities or membership in
associations or organizations, unless (A) the individual has volunteered such
information for the individual's own benefits; (B) the information is expressly
authorized by statute to be collected, maintained, used or disseminated; or (C) the
activities involved are pertinent to and within the scope of an authorized
investigation, adjudication or correctional activity;
(vi)
Advise their supervisors of the existence or contemplated development of any
record system which is capable of retrieving information about individuals by
individual identifier;
(vii)
Disseminate no information concerning individuals outside the Department
except when authorized by 5 U.S.C. 552a or pursuant to a routine
use published in the Federal Register;
(viii)
Assure that an accounting is kept in the prescribed form, of all
dissemination of personal information outside the Department, whether made orally or
in writing, unless disclosed under 5 U.S.C. 552 and subpart A of this part;
(ix)
Maintain and process information concerning individuals with care in order to
insure that no inadvertent disclosure of the information is made either within or
without the Department; and
(x)
Assure that the proper Department authorities are aware of any information in a
system maintained by the Department which is not authorized to be maintained under
the provisions of the Privacy Act of 1974, including information on First Amendment
Activities, information that is inaccurate, irrelevant or so incomplete as to risk
unfairness to the individual concerned.
(3)
Heads of components within the Department or their delegates shall, at least
annually, review the record systems subject to their supervision to insure
compliance with the provisions of the Privacy Act of 1974 and the regulations in
this subpart. (See 5 U.S.C. 552a (e)(9), (i) and (m))
(c) Criminal penalties.
(1)
The Privacy Act imposes criminal
penalties on the conduct of Government officers or employees as follows: Any officer
or employee of an agency (which term includes the Department of the Treasury):
(i)
Who by virtue of the official's employment or official position, has possession
of, or access to, agency records which contain individually identifiable information
the disclosure of which is prohibited by this section (5 U.S.C. 552a) or regulations
established thereunder, and who knowing that disclosure of the specific material is
so prohibited, willfully discloses the material in any manner to any person or
agency not entitled to receive it, or
(ii)
Who willfully maintains a system of records without meeting the notice
requirements of paragraph (e)(4) of this section (5 U.S.C. 552a )—shall be guilty of
a misdemeanor and fined not more than $5,000.
“Any person who knowingly and willfully requests or obtains any record concerning
an individual from an agency under false pretenses shall be guilty of a
misdemeanor and fined not more than $5,000.”
(3)
For the purposes of 5 U.S.C. 552a (i), the provisions of paragraph (c)(1) of
this section are applicable to Government contractors and employees of such
contractors who by contract, operate by or on behalf of the Department of the
Treasury a system of records to accomplish a Departmental function. Such contractor
and employees are considered employees of the Department of the Treasury for the
purposes of 5 U.S.C. 552a(i). (See 5 U.S.C. 552a (i) and (m).)