Chapter 4. Physical Safeguards
PURPOSE. This Chapter prescribes policy and procedures regarding the physical safeguards of information within EPA which has been identified as being subject to the Privacy Act of 1974.
POLICY. It is EPA policy that all privacy information be safeguarded in accordance with the requirements of the Privacy Act, the applicable Federal Register notice for the System, the Security Volume, FSS Manual, Part III, Chapter 13, and the procedures outlined in this Chapter.
PROTECTION OF PRIVACY ACT RECORDS.
Only EPA employees who require access to Privacy Act records in the performance of their official duties shall be permitted to review such documents.
Privacy Act records, while in use, shall be controlled at all times and never left in an unattended office.
Internal distribution within the Agency shall be by hand-carrying or transmitted within a sealed envelope and the intended recipient properly identified on the envelope. In addition, the envelope should be annotated "To be opened by addressee only," or a similar notation.
Storage. All Privacy Act records shall be stored as outlined in the current Federal Register notice for that System of Records. Guidelines for storing existing and future Systems are outlined below:
Within a keylocked cabinet within a keylocked room.
When the office configuration does not permit a keylocked room, the storage cabinet should have a bar and a three positioned changeable combination padlock.
Within a security cabinet with a built-in three position changeable combination lock.
Any other manner authorized by the Chief, General Services Branch, Facilities and Support Services Division.
TRANSFER/DESTRUCTION OF PRIVACY ACT RECORDS.
System Managers contemplating transfer to the Federal Records Center or destruction of information in a System of Records should determine that such data is eligible for transfer/destruction under authorized retention periods in the EPA Records Control Schedules.
Destruction, when authorized by EPA Schedules, must be by shredding or pulping or other method that makes the data unretrievable. (The Security and Records staffs are available for assistance concerning the proper method of destruction.)