What are the Senior Agency Official for Privacy's responsibilities, and how do they differ from the records officer's?
The Senior Agency Official for Privacy (SAOP) and the agency records officer both help safeguard information, but they answer different questions. The SAOP asks, “Are we collecting, using, and protecting personal information responsibly and lawfully?” The records officer asks, “Are we creating, keeping, and disposing of records properly, for the right amount of time?” The two roles overlap most where records contain personal data, which is why they must coordinate closely.
What the SAOP Does
The SAOP is the senior leader accountable for an organization’s privacy program. In the federal context, this is typically a high-level official with agency-wide authority. Core responsibilities generally include:
- Setting privacy policy and strategy for how personally identifiable information (PII) is collected, used, shared, and protected.
- Ensuring legal compliance, including obligations under the Privacy Act of 1974 and related privacy requirements.
- Overseeing privacy impact assessments and reviewing programs, systems, and rulemakings that touch personal data.
- Managing privacy risk, breach response, and workforce privacy training.
- Reporting and accountability to leadership and oversight bodies on the state of the privacy program.
The SAOP’s lens is the individual and their data: minimizing collection, limiting use to authorized purposes, and protecting against unauthorized disclosure.
What the Records Officer Does
The records officer leads the records and information management program. Their lens is the record as evidence of activity. Core duties include:
- Developing and applying records schedules that define how long records are kept and when they may be destroyed or transferred.
- Ensuring records are created, captured, and maintained so they remain authentic, reliable, and usable.
- Coordinating disposition, including transfer of permanent records to an archives and lawful destruction of temporary records.
- Supporting access requests and legal holds.
Where They Differ — and Connect
The clearest difference is purpose. The SAOP governs privacy outcomes; the records officer governs the records lifecycle. Tension can arise when privacy favors minimization and timely deletion, while recordkeeping requires retaining records for a fixed period. Neither role can unilaterally decide: a record containing PII must meet its retention schedule and its privacy protections.
In practice, strong programs treat these as partners. Records schedules should reflect privacy requirements, and privacy assessments should account for retention and disposition.
Learn more on the privacy and PII topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Privacy Act of 1974 — U.S. Department of Justice
- Records management (NARA) — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What are the Senior Agency Official for Privacy's responsibilities, and how do they differ from the records officer's?. Records Management University. https://www.recordsmgmt.org/questions/saop-responsibilities-vs-records-officer/
MLA
RM University Editorial. "What are the Senior Agency Official for Privacy's responsibilities, and how do they differ from the records officer's?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/saop-responsibilities-vs-records-officer/.
Related questions
- Can a multinational use ISO 15489 to build one global records policy, or does it still need separate schedules per country?
- Can blockchain or immutable storage be used for records when privacy laws require you to delete personal data on request?
- Can I keep customer data longer than my retention schedule says if I might need it later?
- Can I keep customer personal data indefinitely if they agreed to my privacy policy when they signed up?
- Can you be fined for failing to honor a data subject's deletion request if you can't find their records?