If you hold a security clearance, you may get a little nervous filling out the 100-pages of the SF-86. Not only is it a lot of information to remember or find, but it’s a lot of information to disclose – from criminal history to mental health. It’s worth noting that the information you disclose is protected. Many applicants fear their personal details may suddenly become fodder for every neighbor or potential reference. The background investigation process is designed to gather information about the applicant – not disclose their dirty secrets, however.
The Privacy Act of 1974 was designed to protect individuals against a government invasion of their privacy, or the misuse of any information gathered by the government about U.S. Citizens. Among the protected information is the data included in your SF-86, and any personnel files or records. Those records can only be disclosed to the applicant after they submit a Privacy Act request, or by court order or other extreme circumstances (ironically, Privacy Act protections have been one of the pitfalls for background investigators trying to gather local law enforcement records about security clearance applicants).
Federal Acquisition Regulation (FAR) Subpart 24.1 applies the Privacy Act to federal contractors, which means that security clearance applicants working directly for a contractor rather than the federal government are also protected.
The Privacy Act and Self-Reporting
In addition to the information gathered in the SF-86, applicants are also required to self report adverse information or changes in their personal history to their security officer. That information is also protected under the Privacy Act. It’s worth noting that information the individual self reports as a part of their security clearance process is protected, but independent personnel files kept by the individual contractor are not. Individuals with information to self-report should ensure they do so through proper channels, either submitting the information directly to the Defense Office of Hearings and Appeals, or to their security officer – not through human resources. Make sure you know your company’s individual reporting requirements for employee change in status or behavior.