The Bureau of Industry and Security Chief Privacy Officer is responsible for the development and maintenance of privacy policies, procedures, and guidance essential to safeguarding the collection, access, use, dissemination, and storage of personally identifiable information (PII), business identifiable information (BII), and Privacy Act information in accordance with the Privacy Act of 1974, the E-Government Act of 2002, Federal Information Security Modernization Act (FISMA) of 2014, and policy and guidance issued by the President and Office of Management and Budget (OMB). 

Bureau's Chief Privacy Officer

The Bureau’s Privacy Office is within the Bureau of Industry and Security, Chief Financial Officer and Director of Administration, Office of Planning, Evaluation and Management.

Ms. Carol Rose is the Chief Financial Officer and Administrative Director at the Bureau of Industry and Security. She accepted the position and has taken on the responsibility of leading the Financial Management, Budgetary, Human Resource and Acquisition activities across the entire Bureau. Included in her responsibilities is the management of the Office of the Chief Information Officer and the Bureau’s Chief Privacy Officer. She was deemed this duty by virtue of the CFO position.

Ms. Carol Rose joined the Department of Commerce on February 27, 2011, as Chief of the Budget Division at the Census Bureau. In that position, she directed and led all phases of the Census Bureau’s budget operations and served as the technical authority on budgetary policies, laws and regulations. Ms. Rose held multiple positions during her 4 year tenure at the Census Bureau including Acting Associate Director for Administration and Chief Financial Officer and Acting Division Chief of Finance. She directed the activities of Budget, Finance, Acquisition, Human Resources, Marketing Services, Administrative and Customer Services, and Financial and Administrative systems.

Ms. Rose possesses more than 20 years of leadership and management experience in the Federal Government. She has held leadership positions at the Nuclear Regulatory Commission and several management positions with the Federal Aviation Administration.

Ms. Rose resides in Alexandria, VA. She holds a Bachelor’s of Business Administration in Accounting from Baruch College – the City University of New York.

Bureau's Chief Information Security Officer

Ms. Ida Mix serves as the Bureau’s Chief Information Security Officer

Bureau's Reviewing Official for Privacy Impact Assesments (PIA) 

Ms. Tiffany Daniel serves as the Bureau’s Reviewing Official for PIAs

Bureau's Point of Contact (POC) for URL Links

Mr. Robert Woodard III serves as the POC for Bureau’s URL Links

Bureau's Privacy Operations

Ms. Tiffany Daniel serves as the Bureau’s Privacy Officer

Privacy Act Regulations

Here are the Privacy Act Implementation and Exemption Regulations. Each agency that maintains a system of records is required to publicize certain rules in order to carry out the provisions of the Privacy Act.  In addition, the head of any agency may disseminate rules to exempt certain system of records within the agency from certain provisions of the Privacy Act.

Privacy Act of 1974

Public Law 93-579, Dec 31, 1974 was enacted to amend title 5, United Sates Code, by adding section 552a to safeguard individual privacy from the misuse of Federal records, to provide that individuals be granted access to records concerning them which are maintained by Federal Agencies, to establish a Privacy Protection Study Commission, and for other purposes. In accordance with the ruling of the Senate and House of Representatives of the United States of America in Congress assembled, that this Act may be sited the “Privacy Act of 1974” as amended, Title 5, United States Code (U.S.C.)552a€; Pub. L. 93–579, § 1, Dec. 31, 1974, 88 Stat. 1896

The Privacy Act guarantees three primary rights:

    1. The right to see records about oneself, subject to Privacy Act exemptions;
    2. The right to request the amendment of records that are not accurate, relevant, timely or complete; and
    3. The right of individuals to be protected against unwarranted invasion of their privacy resulting from the collection, maintenance, use, and disclosure of personal information.

Bureau's Federal Information Security Modernization Act of 2014

In accordance with the Federal Information Security Modernization Act of 2014 (FISMA), OMB is responsible for overseeing Federal agencies’ information security practices and developing and implementing related policies and guidelines. (Amends the Federal Information Security Management Act of 2002, 44 U.S.C. § 3541), requires agencies to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of an agency.

E-Government Act of 2002

Establishes procedures to ensure the privacy of personal information in electronic records.

Freedom of Information Act (FOIA)

Spearheads the concept of Open Government by distributing the accountability and transparency of information as much as possible in equal shares for citizens and government except to the extent that such records (or portions of them) are protected from public disclosure by one of nine exemptions or by one of three special law enforcement record exclusions.

Children’s Online Privacy Protection Act of 1998

(15 U.S.C. 6501-06) (COPPA) imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Department of Commerce Privacy Act Fact Sheets

General fact sheet for Systems of Records Notice (SORNs)

OIG's Whistleblower Protection Program:



System of Records

Below is a link to the system of records maintained by BIS. A system of records is defined by the Privacy Act of 1974 as a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.  Rules exempting systems of records from certain Privacy Act requirements are in 28 CFR Part 16, Subpart E, and are listed with the corresponding system of record;

System Exemptions From Certain Provisions Of The Act

Sec. 552 - Public information; agency rules, opinions, orders, records, and proceedings

United States Code, 2015 Edition| Title 5 - GOVERNMENT ORGANIZATION AND EMPLOYEES

Export Administration Act of 1979


The Act was repealed by the Export Controls Act of 2018 enacted on August 4, 2018. That law made the Export Administration Regulations permanent. However, "because the implementation of certain sanctions authorities, including sections 11A, 11B, and 11C of the Export Administration Act," (that were not repealed), the president must continue to use the IEEPA to reauthorize every year.

The link above will show the legal authorities which include the entire EAA as it existed before being repealed with the exception of 11A, 11B and 11C.


Chemical Weapons Convention Implementation Act of 1998


Additional Protocol Implementation Act of 2006

The Committee on Foreign Relations, having had under consideration an original bill to implement the obligations of the United States under the Protocol Additional to the Agreement Between the United States of America and the International Atomic Energy Agency for the Application of Safeguards in the United States of America, with annexes, signed at Vienna June 12, 1998, reports favorably thereon and recommends that the bill do pass.

Defense Production Act of 1950 

The Act establishes a limited antitrust exemption for such voluntary agreements.

Additional Authorities, Office of Management and Budget (OMB) Memoranda and Circulars

BIS Approved PIAs

Instructions for Submitting a Privacy Act Request

(h) Agreements regarding consultations and referrals: Agencies may make agreements with other agencies to eliminate the need for consultations or referrals for particular types of records.

Bureau of Industry and Security Privacy Policy Page

If further questions, please send an email to:

Please send an email to Bureau of Industry and Security at: This email address is being protected from spambots. You need JavaScript enabled to view it.


U.S. Department of Commerce Office of Privacy and Open Government send email to: This email address is being protected from spambots. You need JavaScript enabled to view it.




© BIS 2020