24.000 Scope of part.
This part prescribes policies and procedures that apply requirements of the Privacy Act of 1974 (5 U.S.C. 552a) (the Act) and OMB Circular No. A-130, December 12, 1985, to Government contracts and cites the Freedom of Information Act (5 U.S.C. 552, as amended).
Subpart 24.1 Protection of Individual Privacy
As used in this subpart
“Agency” means any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.
“Individual” means a citizen of the United States or an alien lawfully admitted for permanent residence.
“Maintain” means maintain, collect, use, or disseminate.
“Operation of a system of records” means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records.
“Record” means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history, and that contains the individual’s name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph.
“System of records on individuals” means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
(a) The Act requires that when an agency contracts for the design, development, or operation of a system of records on individuals on behalf of the agency to accomplish an agency function the agency must apply the requirements of the Act to the contractor and its employees working on the contract.
(b) An agency officer or employee may be criminally liable for violations of the Act. When the contract provides for operation of a system of records on individuals, contractors and their employees are considered employees of the agency for purposes of the criminal penalties of the Act.
(c) If a contract specifically provides for the design, development, or operation of a system of records on individuals on behalf of an agency to accomplish an agency function, the agency must apply the requirements of the Act to the contractor and its employees working on the contract. The system of records operated under the contract is deemed to be maintained by the agency and is subject to the Act.
(d) Agencies, which within the limits of their authorities, fail to require that systems of records on individuals operated on their behalf under contracts be operated in conformance with the Act may be civilly liable to individuals injured as a consequence of any subsequent failure to maintain records in conformance with the Act.
(a) The contracting officer shall review requirements to determine whether the contract will involve the design, development, or operation of a system of records on individuals to accomplish an agency function.
(b) If one or more of those tasks will be required, the contracting officer shall
(1) Ensure that the contract work statement specifically identifies the system of records on individuals and the design, development, or operation work to be performed; and
(2) Make available, in accordance with agency procedures, agency rules and regulation implementing the Act.
24.104 Contract clauses.
When the design, development, or operation of a system of records on individuals is required to accomplish an agency function, the contracting officer shall insert the following clauses in solicitations and contracts:
(a) The clause at 52.224-1, Privacy Act Notification.
(b) The clause at 52.224-2, Privacy Act.