(a) General. All employees are required to be aware of their responsibilities under the Privacy Act of 1974, 5 U.S.C. 552a . Regulations implementing the Act are set forth in 34 CFR 5b . Instruction on the requirements of the Act and regulation shall be provided to all new employees of the Department. In addition, supervisors shall be responsible for assuring that employees who are working with systems of records or who undertake new duties which require the use of systems of records are informed of their responsibilities. Supervisors shall also be responsible for assuring that all employees who work with such systems of records are periodically reminded of the requirements of the Act and are advised of any new provisions or interpretations of the Act.
(b) Penalties.
(1) All employees must guard against improper disclosure of records which are governed by the Act. Because of the serious consequences of improper invasions of personal privacy, employees may be subject to disciplinary action and criminal prosecution for knowing and willful violations of the Act and regulation. In addition, employees may also be subject to disciplinary action for unknowing or unwillful violations, where the employee had notice of the provisions of the Act and regulations and failed to inform himself sufficiently or to conduct himself in accordance with the requirements to avoid violations.
(2) The Department may be subjected to civil liability for the following actions undertaken by its employees:
(a) Making a determination under the Act and §§ 5b.7 and 5b.8 of the regulation not to amend an individual's record in accordance with his request, or failing to make such review in conformity with those provisions;
(b) Refusing to comply with an individual's request for notification of or access to a record pertaining to him;
(c) Failing to maintain any record pertaining to any individual with such accuracy, relevance, timeliness, and completeness as is necessary to assure fairness in any determination relating to the qualifications, character, rights, or opportunities of, or benefits to the individual that may be made on the basis of such a record, and consequently a determination is made which is adverse to the individual; or
(d) Failing to comply with any other provision of the Act or any rule promulgated thereunder, in such a way as to have an adverse effect on an individual.
(3) "An employee may be personally subject to criminal liability as set forth below and in 5 U.S.C. 552a (i) :
(a) Any officer or employee of an agency, who by virtue of his employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by the Act or by rules or regulations established thereunder, and who, knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000."
(b) "Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements [of the Act] shall be guilty of a misdemeanor and fined not more than $5,000."
(c) Rules Governing Employees Not Working With Systems of Records. Employees whose duties do not involve working with systems of records will not generally disclose to any one, without specific authorization from their supervisors, records pertaining to employees or other individuals which by reason of their official duties are available to them. Notwithstanding the above, the following records concerning Federal employees are a matter of public record and no further authorization is necessary for disclosure:
(1) Name and title of individual.
(2) Grade classification or equivalent and annual rate of salary.
(3) Position description.
(4) Location of duty station, including room number and telephone number.
In addition, employees shall disclose records which are listed in the Department's Freedom of Information Regulation as being available to the public. Requests for other records will be referred to the responsible Department official. This does not preclude employees from discussing matters which are known to them personally, and without resort to a record, to official investigators of Federal agencies for official purposes such as suitability checks, Equal Employment Opportunity investigations, adverse action proceedings, grievance proceedings, etc.
(d) Rules governing employees whose duties require use or reference to systems of records. Employees whose official duties require that they refer to, maintain, service, or otherwise deal with systems of records (hereinafter referred to as "Systems Employees") are governed by the general provisions. In addition, extra precautions are required and systems employees are held to higher standards of conduct.
(1) Systems Employees shall:
(a) Be informed with respect to their responsibilities under the Act;
(b) Be alert to possible misuses of the system and report to their supervisors any potential or actual use of the system which they believe is not in compliance with the Act and regulation;
(c) Make a disclosure of records within the Department only to an employee who has a legitimate need to know the record in the course of his official duties;
(d) Maintain records as accurately as practicable.
(e) Consult with a supervisor prior to taking any action where they are in doubt whether such action is in conformance with the Act and regulation.
(2) Systems Employees shall not:
(a) Disclose in any form records from a system of records except (1) with the consent or at the request of the subject individual; or (2) where its disclosure is permitted under § 5b.9 of the regulation.
(b) Permit unauthorized individuals to be present in controlled areas. Any unauthorized individuals observed in controlled areas shall be reported to a supervisor or to the guard force.
(c) Knowingly or willfully take action which might subject the Department to civil liability.
(d) Make any arrangements for the design development, or operation of any system of records without making reasonable effort to provide that the system can be maintained in accordance with the Act and regulation.
(e) Contracting officers. In addition to any applicable provisions set forth above, those employees whose official duties involve entering into contracts on behalf of the Department shall also be governed by the following provisions:
(1) Contracts for design, or development of systems and equipment. No contract for the design or development of a system of records, or for equipment to store, service or maintain a system of records shall be entered into unless the contracting officer has made reasonable effort to ensure that the product to be purchased is capable of being used without violation of the Act or regulation. Special attention shall be given to provision of physical safeguards.
(2) Contracts for the operation of systems and equipment. No contract for the design or development of a system of whom he feels appropriate, of all proposed contracts providing for the operation of systems of records shall be made prior to execution of the contracts to determine whether operation of the system of records is for the purpose of accomplishing a Department function. If a determination is made that the operation of the system is to accomplish a Department function, the contracting officer shall be responsible for including in the contract appropriate provisions to apply the provisions of the Act and regulation to the system, including prohibitions against improper release by the contractor, his employees, agents, or subcontractors.
(3) Other service contracts. Contracting officers entering into general service contracts shall be responsible for determining the appropriateness of including provisions in the contract to prevent potential misuse (inadvertent or otherwise) by employees, agents, or subcontractors of the contractor.
(f) Rules Governing Responsible Department Officials. In addition to the requirements for Systems Employees, responsible Department officials shall:
(1) Respond to all requests for notification of or access, disclosure, or amendment of records in a timely fashion in accordance with the Act and regulation;
(2) Make any amendment of records accurately and in a timely fashion;
(3) Inform all persons whom the accounting records show have received copies of the record prior to the amendments of the correction; and
(4) Associate any statement of disagreement with the disputed record, and
(a) Transmit a copy of the statement to all persons whom the accounting records show have received a copy of the disputed record, and
(b) Transmit that statement with any future disclosure.
34 C.F.R. 5b app A to Part 5b