System of Record Notice (SORN) is a requirement for Federal agency under Privacy Act of 1974
A SORN is required when all of the following apply:
A personal identifier might include an individual’s name, address, email address, telephone number, social security number, photograph, biometric information, or any other unique identifier that can be linked to an individual. The mere maintenance of information about an individual is not enough to trigger the SORN requirements of the Privacy Act, although it is enough to trigger the conduct of a privacy impact assessment (PIA)
SORNs have the following purposes:
Whenever a Federal agency maintains information about an individual in a system of records and retrieves the information by a personal identifier), it must publish a SORN in the Federal Register.
As an example, let’s assume Office Personnel Management (OPM) operates a visitor management system. The system stores information about individuals by name, email address, telephone number and date of arrival at OPM, but the system retrieves information only by date of arrival at OPM. Under these circumstances, the visitor management system is not a system of records under the Privacy Act. However, if the system retrieved information by an individual’s identifying information; it would qualify as a system of records under the Privacy Act.
In today’s IT environment, most systems are designed to retrieve records by multiple identifiers, including by personal identifier. The requirements of the Privacy Act apply, regardless of whether the records are electronic or paper.
A System of Record Notice (SORN) is generally required when a group of records maintained by a federal system contains PII and that PII is retrieved by information unique to the individual whose PII is being retrieved. The information in the SORN is accessible public and open for comments for a define period of time.
Component of SORN: http://www.gsa.gov/portal/content/104265
Homeland Security SORNs repository: http://www.dhs.gov/system- records-notices-sorns
HHS SORNs Repository http://www.hhs.gov/foia/privacy/sorns.html
Sample SORN: SORN is the 5th deliverable in the categorization process