The IT Law Wiki


The Privacy Act of 1974 requires federal agencies to publish a System of Records Notice (SORN) in the Federal Register when personally identifiable information (PII) is maintained by a federal agency in a system of records and the information is retrieved by a personal identifier. The SORN describes, among other things, the purpose of the collection, information sharing, categories of records and individuals covered, record retention and destruction, and how records are retrieved within the system.

Part of the Privacy Act analysis requires determining whether certain Privacy Act exemptions should be taken to protect the records from disclosure to an individual because of law enforcement and/or national security reasons.

Department of Homeland Security[]

If a SORN is required, the program manager will work with the component Privacy Officer or PPOC and component counsel to write a SORN for submission to the DHS Privacy Office.