The Privacy Act

The Privacy Act  

The Privacy Act of 1974, 5 U.S.C. § 552a (PDF), establishes a code of fair information practices that governs how the Federal Government may collect, maintain, use, and disclose information about individuals. The Act applies to information about individuals maintained in a “system of records.” A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some other unique identifier, such as a social security number or a certificate of divestiture number. 

The Privacy Act requires the U.S. Office of Government Ethics (OGE) to:

  • Inform individuals from whom it collects information why the information is needed, how it will be used, and the reasons it may be disclosed  
  • Ensure that information about individuals is used only for the stated reasons, unless it receives the individual’s consent to disclose the information  
  • Ensure that information about individuals is accurate, relevant, and up-to-date 
  • Allow individuals to see records about them and provide them with the opportunity to correct inaccuracies 
  • Establish and maintain appropriate administrative, technical, and physical safeguards to protect the security and confidentiality of personal information   

In order to effectively meet these responsibilities, OGE issued regulations implementing the Privacy Act (PDF). These regulations govern access, maintenance, disclosure, and amendment of records contained in OGE's Privacy Act systems of records and establish rules of conduct for OGE employees and contractors who access the records in the performance of their duties.


Requests for Personal Records 

Under the Privacy Act, United States citizens and non-citizens lawfully admitted for permanent residence have the right to request:

  • Access to their personal records
  • Amendment of personal records that are inaccurate, irrelevant, out-of-date, or incomplete

For more information on submitting a request to OGE under the Privacy Act, click here.


System of Records Notices 

The Privacy Act requires that agencies publish a system of records notice (SORN) for each system of records maintained.  A SORN describes what information is collected and maintained in the system, how the information is stored and used, and the procedures by which individuals can request access to, or correction of, information about them.  A SORN includes the routine uses for which information from the system can be disclosed.

OGE maintains two Governmentwide systems covering financial disclosure and related records:

OGE/GOVT–1 is a system of records containing public financial disclosure reports and other name-retrieved ethics program records. 

OGE/GOVT–2 is a system of records containing confidential financial disclosure reports, including OGE Form 450, OGE Optional Form 450-A, and agency supplemental or alternative confidential report forms.

Note: Not all records maintained in OGE/GOVT-1 and OGE/GOVT-2 are under the control of OGE.

To view OGE’s Governmentwide System of Records Notices, click here.

Privacy Impact Assessments 

A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information about the public is collected, used, shared, and maintained in an electronic system. The purpose of a PIA is to demonstrate that an agency has consciously incorporated privacy protections in developing and managing its applicable information technology systems. PIAs are required by the E-Government Act of 2002 (PDF).

OGE's Privacy Impact Assessments  

Privacy Impact Assessment for Financial Disclosure Tracking System 

Privacy Impact Assessment for Speakers Information Form (OGE Form 207) 

Privacy Impact Assessment for OGE Form 201 Automated Submission and Response System 

Privacy Impact Assessment for the Use of Third-Party Websites and Applications 

To view OGE’s Privacy Impact Assessments, click here.

Breach Policy 

OGE is committed to protecting the security and integrity of its electronic and physical information systems. Because a breach of personally identifiable information may result in financial loss and personal hardship, OGE has established standardized response and notification procedures to be used in the event personally identifiable information is compromised. 

Read OGE’s Breach of Personally Identifiable Information Notification Policy and Procedures here.

Other Resources  

Read about OGE's Website Privacy and Security Policies here.

Read about OGE's Social Media Privacy Statement here.