Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 44 - PUBLIC PRINTING AND DOCUMENTS · CHAPTER 21— NATIONAL ARCHIVES AND RECORDS ADMINISTRATION · SUBCHAPTER I— FEDERAL INFORMATION POLICY · § 208

§ 208. PRIVACY PROVISIONS.

668 words·~3 min read·/usc/title-44/section-208

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Purpose .— The purpose of this section is to ensure sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government. Privacy Impact Assessments.— Responsibilities of agencies.— In general .— An agency shall take actions described under subparagraph
(B)before— developing or procuring information technology that collects, maintains, or disseminates information that is in an identifiable form; or initiating a new collection of information that— will be collected, maintained, or disseminated using information technology; and includes any information in an identifiable form permitting the physical or online contacting of a specific individual, if identical questions have been posed to, or identical reporting requirements imposed on, 10 or more persons, other than agencies, instrumentalities, or employees of the Federal Government. Agency activities .— To the extent required under subparagraph (A), each agency shall— conduct a privacy impact assessment; ensure the review of the privacy impact assessment by the Chief Information Officer, or equivalent official, as determined by the head of the agency; and if practicable, after completion of the review under clause (ii), make the privacy impact assessment publicly available through the website of the agency, publication in the Federal Register, or other means. Sensitive information .— Subparagraph (B)(iii) may be modified or waived for security reasons, or to protect classified, sensitive, or private information contained in an assessment. Copy to director .— Agencies shall provide the Director with a copy of the privacy impact assessment for each system for which funding is requested. Contents of a privacy impact assessment.— In general .— The Director shall issue guidance to agencies specifying the required contents of a privacy impact assessment. Guidance .— The guidance shall— ensure that a privacy impact assessment is commensurate with the size of the information system being assessed, the sensitivity of information that is in an identifiable form in that system, and the risk of harm from unauthorized release of that information; and require that a privacy impact assessment address— what information is to be collected; why the information is being collected; the intended use of the agency of the information; with whom the information will be shared; what notice or opportunities for consent would be provided to individuals regarding what information is collected and how that information is shared; how the information will be secured; and whether a system of records is being created under section 552a of title 5 , United States Code, (commonly referred to as the ‘Privacy Act’). Responsibilities of the director .— The Director shall— develop policies and guidelines for agencies on the conduct of privacy impact assessments; oversee the implementation of the privacy impact assessment process throughout the Government; and require agencies to conduct privacy impact assessments of existing information systems or ongoing collections of information that is in an identifiable form as the Director determines appropriate. Privacy Protections on Agency Websites.— Privacy policies on websites.— Guidelines for notices .— The Director shall develop guidance for privacy notices on agency websites used by the public. Contents .— The guidance shall require that a privacy notice address, consistent with section 552a of title 5 , United States Code— what information is to be collected; why the information is being collected; the intended use of the agency of the information; with whom the information will be shared; what notice or opportunities for consent would be provided to individuals regarding what information is collected and how that information is shared; how the information will be secured; and the rights of the individual under section 552a of title 5 , United States Code (commonly referred to as the ‘Privacy Act’), and other laws relevant to the protection of the privacy of an individual. Privacy policies in machine-readable formats .— The Director shall issue guidance requiring agencies to translate privacy policies into a standardized machine-readable format. Definition .— In this section, the term ‘identifiable form’ means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.