Privacy Policy Program

The Privacy Act of 1974, 5 U.S.C. § 552a (PDF), establishes a code of fair information practices that governs how the Federal Government may collect, maintain, use, and disclose information about individuals. The Act applies to information about individuals maintained in a “system of records.” A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some other unique identifier, such as a social security number. 

The Privacy Act requires BIS to: 

• Inform individuals from whom it collects information why the information is needed, how it will be used, and the reasons it may be disclosed
• Ensure that information about individuals is used only for the stated reasons, unless it receives the individual’s consent to disclose the information
• Ensure that information about individuals is accurate, relevant, and up-to-date
• Allow individuals to see records about them and provide them with the opportunity to correct inaccuracies
• Establish and maintain appropriate administrative, technical, and physical safeguards to protect the security and confidentiality of personal information 

To effectively meet these responsibilities, BIS follows the Department of Commerce’s (DOC) Privacy Laws, Policies and Guidance. 

Privacy-related questions or complaints can be emailed to BIS at [email protected]; or to the U.S. Department of Commerce Office of Privacy and Open Government via [email protected].

A PIA is an analysis of how information in identifiable form is collected, maintain, stored, and disseminated, in addition to examining and evaluating the privacy risks and the protections and processes for handling information to mitigate those privacy risks. The purpose of a PIA is to demonstrate that an agency has consciously incorporated privacy protections in developing and managing its applicable information technology systems. PIAs are required by the E-Government Act of 2002. BIS’s PIA are available here. 

A Privacy Act System of Records Notice (SORN) contains all relevant information about a system of records, including the categories of individuals on whom records are maintained, the categories of records maintained, and each routine use of the records contained in the system.  Current DOC and BIS SORNs are available here.