|
The Privacy and Records Management Office manages the process for creating, amending, or deleting an authorized SOR. The need for the establishment, change, or deletion of an SOR can be identified during the BIA or CCIA process (see 3-1.3). However, these changes can be made at any time to respond to organizational needs. Contact the Privacy and Records Management Office for assistance under the following circumstances:
- You are considering collecting and maintaining (e.g., using, processing, disclosing) information about customers, employees, or other individuals in a manner that is not currently described in an existing SOR as documented in the relevant records control schedule for your database, file, or other information system.
- You are making any of the following changes to your program or initiative that requires corresponding amendments to the relevant SOR:
- Changing the types of individuals or the scope of the population on whom the records are maintained.
- Expanding or reducing the types of information maintained (i.e., the data elements).
- Amending, adding to, or deleting a purpose for which information is collected and maintained.
- Changing the manner in which the records are stored or retrieved to change the nature or scope of these records (e.g., change from a manual to an automated system).
- Changing or adding a “routine use” (authorized disclosures from the system).
- Changing the name or location of a system owner.
- Changing the retention period.
- You are currently collecting and maintaining information on individuals but the collection and maintenance is not clearly described by an existing SOR as documented in the relevant records control schedule and BIA.
|
|