Safeguards appropriate for a NASA system of records shall be developed by the system manager in a written plan approved by the Center Security Officer or Center Information Technology Security Officer for electronic records maintained in automated systems. Safeguards must insure the security and confidentiality of records and protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
When records or copies of records are distributed within NASA they shall be prominently identified as records protected under the Privacy Act and shall be subject to the same safeguard, retention, and disposition requirements applicable to the system of records.
When records or copies of records are distributed to other Federal agencies, other than those having custody of the systems of records, they shall be prominently identified as records protected under the Privacy Act.
Records that are otherwise required by law to be released to the public need not be safeguarded or identified as Privacy Act records.