[Code of Federal Regulations] [Title 48, Volume 4] [Revised as of October 1, 2006] From the U.S. Government Printing Office via GPO Access [CITE: 48CFR324.102] [Page 54] TITLE 48--FEDERAL ACQUISITION REGULATIONS SYSTEM CHAPTER 3--HEALTH AND HUMAN SERVICES PART 324_PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION--Table of Contents Subpart 324.1_Protection of Individual Privacy Sec. 324.102 General. (a) It is the Department's policy to protect the privacy of individuals to the maximum possible extent while permitting the exchange of records required to fulfill the Department's administrative and program responsibilities and its responsibilities for disclosing records to which the general public is entitled under the Freedom of Information Act (5 U.S.C. 552). The Privacy Act of 1974 and the Department's implementation under 45 CFR part 5b apply ``when an agency provides by a contract for the operation by or on behalf of the agency of a system of records to accomplish any agency function* * *'' The key factor is whether a departmental function is involved. Therefore, the Privacy Act requirements apply to a departmental contract when, under the contract, the contractor must maintain or operate a system of records to accomplish a departmental function. (e) The program official, and, as necessary, the official designated as the activity's Privacy Act Coordinator and the Office of General Counsel, shall determine the applicability of the Act to each proposed acquisition. The program official is required to include a statement in the request for contract indicating whether the Privacy Act is or is not applicable to the proposed acquisition. (f) Whenever the contracting officer is informed that the Privacy Act is not applicable, but the resultant contract will involve the collection of individually identifiable personal data by the contractor, the contracting officer shall include provisions to protect the confidentiality of the records and the privacy of individuals identified in the records (see subpart 324.70).