Privacy Act of 1974; System of Records Notice
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
The Department of Energy is updating its Privacy Act System of Records to improve data handling and legal processes. The changes include removing certain outdated record locations, adjusting how confidential information breaches are managed, and extending the time to appeal record access denials. Organizations storing data must comply with new cloud service security standards.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Removing outdated record locations
- Updating breach management protocols for confidentiality
- Extending appeal period for access denials from 30 to 90 days
Obligations
What this law requires
All systems storing DOE-41 records in cloud-based servers must use government-approved cloud services and comply with NIST SP 800-53 security and privacy standards for access and data retention
Cloud-based records must be accessed only through secure data centers located in the continental United States
Remove outdated system locations (Alaska Power Administration, Bartlesville Energy Technology Center, Grand Forks Energy Technology Center, Los Alamos Site Office, and NNSA Nevada Site Office) from DOE-41 system records
Implement new procedures for responding to suspected or confirmed breaches of Personally Identifiable Information (PII) in accordance with OMB Memorandum M-17-12
Extend the appeal period for Privacy Act record access denial requests from 30 days to 90 days as required by the FOIA Improvement Act of 2016