NASA NPR 1382.1 REV B
NASA Privacy Procedural Requirements
Publication Date: | 26 July 2022 |
Status: | active |
Page Count: | 62 |
scope:
Purpose
a. The purpose of this document is to set forth the procedural requirements for safeguarding individual privacy through the protection of personally identifiable information (PII). PII which is collected, used, maintained, and disseminated by the National Aeronautics and Space Administration (NASA) will be protected regardless of format.
b.This NASA Procedural Requirement (NPR) is based on Federal requirements as listed in Section P.4, Applicable Documents and Forms.
Applicability
a. This NPR is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers.
b. For the purposes of this NPR, NASA Headquarters is regarded as a Center. Further, all stipulated Center requirements apply to NASA Headquarters.
c. This directive applies to contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the contracts, grants, or agreements. This directive is applicable to the Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), only to the extent specified in the NASA/Caltech Prime Contract.
d. This directive applies to PII collected, stored, used, processed, disclosed, or disseminated in any format for use by or on behalf of NASA and includes PII collections that are maintained externally through a contract, outsourced to, or operated by:
(1) Government-owned, contractor operated (GOCO) facilities;
(2) Partners under the National Aeronautics and Space Act; 51 U.S.C. § 20101, et seq;
(3) Partners under the Commercial Space Launch Act, as amended, 51 U.S.C. § 50913;
(4) Partners under cooperative agreements; or
(5) Commercial or university facilities.
e. External collections that are not gathered on behalf of NASA or are merely incidental to a contract (e.g., PII in a contractor's payroll and personnel management system) are excluded from this NPR and are considered non-NASA data.
f. This NPR does not apply to PII collected or maintained by NASA employees and contractors for personal use (e.g., contact information for family, relatives, and doctors), as allowed under NASA Interim Directive (NID) 2540.138, Acceptable Use of Government Furnished Information Technology Equipment, Services, and Resources.
g. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" or "can" denote discretionary privilege or permission, "should"
denotes a good practice and is recommended but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
h. In this directive all document citations are assumed to be the latest version unless otherwise noted. Documents cited as authority, applicable, or reference documents may be cited as a different categorization, which characterizes its function in relation to the specific context.
i. In this directive, the citation "Privacy Act of 1974, 5 U.S.C. § 552a" will be referred to as "Privacy Act" throughout.