The Privacy Act of 1974 requires U.S. Government agencies to:
- limit the collection of personal information about U.S. citizens and legal residents to information that is necessary to carry out an agency function and to collect Social Security numbers only when legally authorized;
- publish a Systems of Records Notice in the Federal Register for each agency system that collects more than one record that contains information about an individual and is designed to be retrieved by name or other personal identifier.
Systems of Records Notices (SORN)
HHS System of Records Notices (SORNs) describe the types of information contained in the records, the legal authority for collecting and maintaining the records, how the records are used within HHS, and the purposes (referred to as “routine uses”) for which HHS may disclose the records to non-HHS parties without the individual record subject’s consent.