The National Industrial Security Program Operating Manual (NISPOM) requires that every cleared U.S. government contractor designate a Facility Security Officer, or “FSO”, to ensure compliance with physical and personnel security mandates. One of an FSO’s job duties is to review applications for security clearances (SF-86’s) completed by the contractor’s employees for completeness prior to releasing the SF-86’s to the government’s investigative service provider – most often the Defense Counterintelligence and Security Agency – for a background investigation and subsequent eligibility determination.
Legal for FSOs to Have Loose Lips About my SF-86?
For some applicant’s, especially those working in smaller companies, family-owned operations, or for supervisors who double as personal friends, this FSO review induces serious anxiety. A completed SF-86 can include information about substance abuse, financial problems, cohabitation, arrest record, and mental health history, among other sensitive topics. The question that has been asked by a number of security clearance applicants over the years – and the reason for this anxiety – is whether there is any law or policy that prevents their FSO from sharing sometimes-sordid personal details derived from the SF-86 around the office water cooler.
The short answer to this entirely reasonable question is “yes.” The Privacy Act of 1974, as amended (5 U.S.C. § 552a), requires that government employees and contractors who obtain personally identifiable information about an individual as a result of their official duties share that information with other government contractors or government employees only as necessary to execute their official duties. Office gossip is not an official duty, so an FSO who knowingly and willfully leaks an applicant’s SF-86 data to colleagues as gossip could be liable for civil and potentially even criminal penalties under federal law.
Law Versus Compliance
With all that being said, just because something is unlawful doesn’t necessarily guarantee compliance. Laws are designed to be deterrents, but those who are either unaware of them or lack an ethical compass won’t be deterred. Because of this, the onus is on the employer to ensure that their FSO is well-trained, acting ethically, and has the ability to consult with corporate counsel when the inevitable questions arise.
Applicants, on the other hand, should keep in mind that they are completing the SF-86 under penalty of prosecution for false statements. That, and the risk of security clearance denial or revocation, should always trump concern over personal embarrassment when certifying the form as truthful. If concerns still persist, it may be time to find a new employer – the vast majority of whom do strictly adhere to their legal and ethical obligations regarding employee data privacy.
This article is intended as general information only and should not be construed as legal advice. Consult an attorney regarding your specific situation.