FIPS 201 - Privacy Requirements

 

HSPD 12 explicitly states that “protect[ing] personal privacy” is a requirement of the PIV system. As such, all departments and agencies shall implement the PIV system in accordance with the spirit and letter of all privacy controls specified in this standard, as well as those specified in Federal privacy laws and policies including but not limited to the E-Government Act of 2002, the Privacy Act of 1974, and Office of Management and Budget (OMB) Memorandum M-03-22, as applicable.

 

Departments and agencies may have a wide variety of uses of the PIV system and its components that were not intended or anticipated by the President in issuing. In considering whether a proposed use of the PIV system is appropriate, departments and agencies shall consider the aforementioned control objectives and the purpose of the PIV standard, namely “to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy.” No department or agency shall implement a use of the identity credential inconsistent with these control objectives.