(a) The administrative and physical controls to protect the information in the manual and computer-based record systems from unauthorized access or disclosure will be specified for each system in the Federal Register. The system managers, who are responsible for providing protection and accountability of such records at all times and for insuring that the records are secured in proper containers whenever they are not in use or under direct control of authorized persons, will be identified for each system of records in the Federal Register.
(b) Whenever records in the manual or computer-based record systems, including input and output documents, punched cards, and magnetic tapes or disks, are not under the personal control of an authorized person, they will be stored in lockable containers and/or in a secured room, or in alternative storage systems which furnish an equivalent or greater degree of physical security. In this regard, the Commission may refer to security guidelines prepared by the General Services Administration, the Department of Commerce (National Bureau of Standards), or other agencies with appropriate knowledge and expertise.
(c) Access to and use of records will only be permitted to persons pursuant to §§3b.221, 3b.224, and 3b.225. Access to areas where records are stored will be limited to those persons whose official duties require work in such areas. Proper control of data, in any form, associated with the manual and computer-based record systems will be maintained at all times, including maintenance of an accounting of removal of the records from the storage area.