The Privacy Act of 1974 requires federal agencies to publish a System of Records Notice (SORN) in the Federal Register when personally identifiable information (PII) is maintained by a federal agency in a system of records and the information is retrieved by a personal identifier. The SORN describes, among other things, the purpose of the collection, information sharing, categories of records and individuals covered, record retention and destruction, and how records are retrieved within the system.
Part of the Privacy Act analysis requires determining whether certain Privacy Act exemptions should be taken to protect the records from disclosure to an individual because of law enforcement and/or national security reasons.
- 5 U.S.C. §552a(a)(5).
- TSA Management Directive 2100.2.[www.tsa.gov/assets/pdf/foia/TSA_MD_2100_2_FINAL3_050725.pdf]