(b) Rules of conduct. In addition, to the Standards of Conduct published in part O of this title, particularly 31 CFR 0.735-44, the following are applicable to employees of the Department of the Treasury (including, to the extent required by the contract or 5 U.S.C. 552a(m), Government contractors and employees of such contractors), who are involved in the design, development, operation or maintenance of any system of records, or in maintaining any records, for or on behalf of the Department, including any component thereof.
- (1) The head of each office of a component of the Department shall be responsible for assuring that employees subject to such official's supervision are advised of the provisions of the Privacy Act, including the criminal penalties and civil liabilities provided therein, and the regulations in this subpart, and that such employees are made aware of their individual and collective responsibilities to protect the security of personal information, to assure its accuracy, relevance, timeliness and completeness, to avoid unauthorized disclosure either orally or in writing, and to insure that no information system concerning individuals, no matter how small or specialized is maintained without public notice.
(2) Employees of the Department of the Treasury involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record shall:
- (i) Collect no information of a personal nature from individuals unless authorized to collect it to achieve a function or carry out a responsibility of the Department;
- (ii) Collect from individuals only that information which is necessary to Department functions or responsibilities, unless related to a system exempted under 5 U.S.C. 552a (j) or (k):
- (iii) Collect information, wherever possible, directly from the individual to whom it relates, unless related to a system exempted under 5 U.S.C. 552a(j);
- (iv) Inform individuals from whom information is collected about themselves of the authority for collection, the purposes thereof, the use that will be made of the information, and the effects, both legal and practical, of not furnishing the information. (While this provision does not explicitly require it, where feasible, third party sources should be informed of the purposes for which information they are asked to provide will be used.);
- (v) Neither collect, maintain, use nor disseminate information concerning an individual's religious or political beliefs or activities or membership in associations or organizations, unless (A) the individual has volunteered such information for the individual's own benefits; (B) the information is expressly authorized by statute to be collected, maintained, used or disseminated; or (C) the activities involved are pertinent to and within the scope of an authorized investigation, adjudication or correctional activity;
- (vi) Advise their supervisors of the existence or contemplated development of any record system which is capable of retrieving information about individuals by individual identifier;
- (vii) Disseminate no information concerning individuals outside the Department except when authorized by 5 U.S.C. 552a or pursuant to a routine use published in the Federal Register;
- (viii) Assure that an accounting is kept in the prescribed form, of all dissemination of personal information outside the Department, whether made orally or in writing, unless disclosed under 5 U.S.C. 552 and subpart A of this part;
- (ix) Maintain and process information concerning individuals with care in order to insure that no inadvertent disclosure of the information is made either within or without the Department; and
- (x) Assure that the proper Department authorities are aware of any information in a system maintained by the Department which is not authorized to be maintained under the provisions of the Privacy Act of 1974, including information on First Amendment Activities, information that is inaccurate, irrelevant or so incomplete as to risk unfairness to the individual concerned.
- (3) Heads of components within the Department or their delegates shall, at least annually, review the record systems subject to their supervision to insure compliance with the provisions of the Privacy Act of 1974 and the regulations in this subpart. (See 5 U.S.C. 552a (e)(9), (i) and (m))