GSA Privacy Program
GSA follows the requirements of the Privacy Act which protects personal information that GSA maintains in systems of records (SORs). A system of records is a file, database, or program from which personal information is retrieved by name or other personal identifier. Our Privacy Act System of Records and Notices (SORNs) identifies systems that contain Personally Identifiable Information (PII). The PII are reviewed periodically to ensure they are relevant, necessary, accurate, up-to-date, and covered by the appropriate legal or regulatory authority. We use the Privacy Impact Assessment (PIA) as a key tool to ensure that privacy issues and protections are addressed within information technology systems that contain any PII.
GSA protects PII security and confidentiality through various methods including security technologies and strict access controls. GSA’s Privacy Act program establishes the processes and procedures, and assigns responsibilities, for fulfilling the Privacy Act’s mandate. Also published here is our privacy policies and practices as they apply to GSA employees, contracting requirements, contractors, and clients.
The following GSA-approved list contains information for Social Security Number Fraud Prevention [PDF - 94 KB]. This list designates which documents should include a Social Security number (SSN) to fulfill a compelling Agency business need, when the documents are requested by individuals outside the Agency or other Federal agencies; in accordance with final rule 88 FR 32138 (May 19, 2023).
The Senior Agency Official for Privacy at GSA is Zachary Whitman. Inquiries regarding GSA’s Privacy Program can be directed to gsa.privacyact@gsa.gov.