-
Start Preamble
AGENCY:
Office of the Secretary, Department of Homeland Security.
ACTION:
Final rule.
SUMMARY:
The Department of Homeland Security (DHS or Department) is amending its regulations under the Privacy Act of 1974. DHS is updating and streamlining the language of several provisions. In addition, DHS is making minor, technical edits to its Freedom of Information Act regulations.
DATES:
This final rule is effective December 16, 2022.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Lynn Parker Dupree, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528, (202) 343-1717, Privacy@hq.dhs.gov.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
I. Background
The Secretary of Homeland Security has authority under 5 U.S.C. 301, 552, and 552a, and 6 U.S.C. 112(e) to issue Privacy Act regulations. That authority has been delegated to the Chief Privacy Officer of the Department pursuant to 6 U.S.C. 142 and DHS Del. No. 13001, Rev. 01 (June 2, 2020).
On January 27, 2003, DHS published an interim rule in the Federal Register (68 FR 4056) that established DHS procedures implementing the Privacy Act, 5 U.S.C. 552a. DHS has since issued minor procedural amendments to the interim rule, see85 FR 11829 (Feb. 28, 2020), but DHS has not issued a more comprehensive update since 2003.
On November 22, 2016, DHS issued a final rule amending the Department's regulations under the Freedom of Information Act (FOIA), 6 CFR part 5, subpart A, in order to update and streamline the language of several procedural provisions, to incorporate changes brought by the amendments to the FOIA under the Open Government Act of 2007 and FOIA Improvement Act of 2016, and to reflect developments in the case law. See81 FR 83625.
On October 6, 2021, DHS published a proposed rule to amend existing regulations under the Privacy Act at 6 CFR part 5, subpart B, and make minor, technical edits to 6 CFR part 5, subpart A, for the limited purpose of replacing references to appendix I to subpart A with references to appendix A to part 5. See86 FR 55528.[1] DHS accepted comments on the proposed rule through December 6, 2021. DHS is now finalizing the rule with minor clarifying changes, the more prominent of which are discussed below.
II. Discussion of Final Rule
A. Response to Comments
In total, DHS received 6 public submissions to its proposed rule, of which only one provided a specific recommendation. The commenter stated that DHS should add language to the proposed regulation to address the ability of the public to seek corrections to records maintained about them or organizations they are associated with. The comment stated that when federal agencies maintain records that are inaccurate it can expose individuals to risk, and such individuals should have redress to correct such errors. DHS interprets the comment to refer to content that is already included in proposed 6 CFR 5.26, Requests for Amendment or Correction of Records. After review and consideration, DHS has decided to not make additional changes to this section. This section clearly explains how an individual can Start Printed Page 68600 ask DHS to amend or correct agency records about them.
B. Clarifying and Procedural Changes
Upon further review of the proposed rule, DHS has made a number of clarifying and procedural changes as compared to the proposed rule, as follows:
• DHS is removing Appendix I to subpart A, consistent with the proposed rule.[2]
- DHS is eliminating gendered language.
- DHS is removing existing § 5.20(e), a provision relating to interim retention of authorities, because the Department is now issuing a Privacy Act final rule and has updated its existing systems of records notices since the Department first issued this provision. The paragraph stated that the interim provision would remain operative “until this regulation is promulgated as a final rule, or the Department revises all systems of records notices.” Because both of these conditions have been satisfied, and the provision is no longer operative in any event, DHS is removing this provision.
- DHS is modifying § 5.22(d)(1) to remove the last sentence of that paragraph, which was redundant to § 5.22(d)(2).
• DHS is modifying § 5.22(d)(2) to make clear that the component FOIA Office, rather than the component medical practitioner or other qualified designee, is responsible for making any disclosure to the individual's representative or the individual. In addition, in light of the purpose of the procedures contained in this provision, DHS has opted to retain authority to withhold medical records if the individual does not designate a representative.[3] Such a decision would be appealable pursuant to the general appeal procedures in 6 CFR 5.25. However, consistent with the proposed rule,[4] if an individual does designate a representative, § 5.22(d)(2) makes clear that the representative does not have discretion to withhold the records from the individual.
• Consistent with the preamble to the proposed rule,[5] DHS is adding a § 5.22(d)(3) to clarify that Coast Guard medical records held by another agency (such as military medical records held by the Department of Defense) are not subject to § 5.22(d)(2).
• DHS is modifying § 5.25(a) by removing the reference to filing appeals directly with the Office of the General Counsel and making other procedural and nonsubstantive changes. These changes will make this paragraph consistent with the parallel provision in 6 CFR 5.8(a), which addresses administrative appeals under the FOIA. DHS is not modifying § 5.25(b), under which the Office of the General Counsel, or its designee ( e.g., Component Appeals Officer) is the authorized appeals authority for DHS.
- DHS is modifying § 5.27(a) by removing the words “to the extent covered by the [Judicial Redress Act (JRA)]” and adding “or for records covered by the JRA” at the end of § 5.27(b)(1). The purpose of this change is to clarify that accounting of disclosures is not required by the JRA and not provided for by the Department.
- DHS is modifying appendix A to part 5 to specify where persons should send their FOIA and Privacy Act requests for each Headquarters Office and Component of the Department. Although individuals may request records as they deem fit, the Department strongly encourages persons to submit their requests electronically through a designated DHS FOIA electronic portal, if applicable and available.
III. Regulatory Analyses
Executive Orders 12866 and 13563—Regulatory Review
Executive Orders 13563 and 12866 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This rule has been designated a “significant regulatory action,” under section 3(f) of Executive Order 12866. Accordingly, the rule has been reviewed by the Office of Management and Budget.
DHS has considered the costs and benefits of this rule. This rule will not introduce new regulatory mandates. In the proposed rule we stated this rule would not result in additional costs on the public or the government. Further, we stated this rule does not collect any additional fee revenues compared to current practices or otherwise introduce new regulatory mandates. The rule's benefits include additional clarity for the public and DHS personnel with respect to DHS's implementation of the Privacy Act and JRA. No public comments were submitted on the analysis presented in the proposed rule.
Unfunded Mandates Reform Act of 1995
This rule will not result in the expenditure by state, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000 or more in any one year, and it will not significantly or uniquely affect small governments. Therefore, no written statement was deemed necessary under the provisions of the Unfunded Mandates Reform Act of 1995.
Regulatory Flexibility Act
Under the Regulatory Flexibility Act (RFA), 5 U.S.C. 601-612, and section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996, 5 U.S.C. 601 note, agencies must consider the impact of their rulemakings on “small entities” (small businesses, small organizations, and local governments). The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. DHS has reviewed this regulation and by approving it certifies that this regulation will not have a significant economic impact on a substantial number of small entities. As stated in the proposed rule, DHS does not believe this rule imposes any additional direct costs on small entities. No public comments were submitted on the analysis presented in the proposed rule.
Small Business Regulatory Enforcement Fairness Act of 1996
This rule is not a major rule as defined by section 251 of the Small Business Regulatory Enforcement Fairness Act of 1996 (as amended), 5 U.S.C. 804(2). The Office of Management and Budget's Office of Information and Regulatory Affairs has not found that this rule is likely to result in an annual effect on the economy of $100,000,000 or more; a major increase in costs or prices; or significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based companies to compete with foreign-based companies in domestic and export markets.
National Environmental Policy Act
DHS reviews proposed actions to determine whether the National Environmental Policy Act (NEPA) applies to them and, if so, what degree of analysis is required. DHS Directive Start Printed Page 68601 023-01 Rev. 01 (Directive) and Instruction Manual 023-01-001-01 Rev. 01 (Instruction Manual) establish the procedures that DHS and its components use to comply with NEPA and the Council on Environmental Quality (CEQ) regulations for implementing NEPA, 40 CFR parts 1500 through 1508.
The CEQ regulations allow federal agencies to establish, with CEQ review and concurrence, categories of actions (“categorical exclusions”) which experience has shown do not individually or cumulatively have a significant effect on the human environment and, therefore, do not require an Environmental Assessment (EA) or Environmental Impact Statement (EIS). 40 CFR 1507.3(b)(2)(ii), 1508.4. For an action to be categorically excluded, it must satisfy each of the following three conditions: (1) the entire action clearly fits within one or more of the categorical exclusions; (2) the action is not a piece of a larger action; and (3) no extraordinary circumstances exist that create the potential for a significant environmental effect. Instruction Manual section V.B(2)(a)-(c).
This rule fits within categorical exclusion A3(a) “Promulgation of rules . . . of a strictly administrative or procedural nature.” Instruction Manual, Appendix A, Table 1. Furthermore, the rule is not part of a larger action and presents no extraordinary circumstances creating the potential for significant environmental impacts. Therefore, the rule is categorically excluded from further NEPA review.
Start List of SubjectsList of Subjects in 6 CFR Part 5
- Classified information
- Courts
- Freedom of information
- Government employees
- Privacy
For the reasons stated in the preamble, DHS amends 6 CFR part 5 as follows:
Start PartPART 5—DISCLOSURE OF RECORDS AND INFORMATION
End Part Start Amendment Part1. The authority citation for Part 5 is revised to read as follows:
End Amendment PartSubpart A also issued under 5 U.S.C. 552.
Subpart B also issued under 5 U.S.C. 552a and 552 note.
[Amended]2. In § 5.2, remove the text “appendix I to this subpart” and add in its place the text “appendix A to this part”.
End Amendment Part[Amended]3. In § 5.3:
End Amendment Part Start Amendment Parta. In paragraph (a)(1), remove the text “appendix I of this subpart” and add in its place the text “appendix A to this part”; and
End Amendment Part Start Amendment Partb. In paragraph (b), remove the text “appendix I of this subpart” and add in its place the text “appendix A to this part”.
End Amendment Part[Amended]4. In § 5.5:
End Amendment Part Start Amendment Parta. In paragraph (a), in the first sentence, remove the text “Appendix I to this subpart” and add in its place the text “appendix A to this part” and in the last sentence, remove the text “appendix I of this subpart” and add in its place “appendix A to this part”; and
End Amendment Part Start Amendment Partb. In paragraph (e)(2), remove the text “appendix I” and “appendix I of this subpart” and add in their places the text “appendix A to part 5”.
End Amendment Part[Amended]5. In § 5.8, in paragraph (a)(1), remove the text “appendix I to this subpart,” and add in its place the text “appendix A to this part,”.
End Amendment PartAppendix I to Subpart A of Part 5—[Removed]
Start Amendment Part6. Remove appendix I to subpart A of part 5.
End Amendment Part Start Amendment Part7. Revise subpart B to read as follows:
End Amendment PartSubpart B—Privacy Act
- 5.20
- General provisions.
- 5.21
- Requests for access to records.
- 5.22
- Responsibility for responding to requests for access to records.
- 5.23
- Responses to requests for access to records.
- 5.24
- Classified information.
- 5.25
- Administrative appeals for access requests.
- 5.26
- Requests for amendment or correction of records.
- 5.27
- Requests for an accounting of record disclosures.
- 5.28
- Preservation of records.
- 5.29
- Fees.
- 5.30
- Notice of court-ordered and emergency Ddsclosures.
- 5.31
- Security of systems of records.
- 5.32
- Contracts for the operation of systems of records.
- 5.33
- Use and collection of Social Security numbers.
- 5.34
- Standards of conduct for administration of the Privacy Act.
- 5.35
- Sanctions and penalties.
- 5.36
- Other rights and services.
Subpart B—Privacy Act
General provisions.(a) Purpose and scope. (1) This subpart contains the rules that the Department of Homeland Security (Department or DHS) follows in processing records under the Privacy Act of 1974 (Privacy Act) (5 U.S.C. 552a) and under the Judicial Redress Act of 2015 (JRA) (5 U.S.C. 552a note).
(2) The rules in this subpart should be read in conjunction with the text of the Privacy Act and the JRA, 5 U.S.C. 552a and 5 U.S.C. 552a note, respectively (which provide additional information abo ut records maintained on individuals and covered persons), and JRA designations issued in the Federal Register . The rules in this subpart apply to all records in systems of records maintained by the Department. These rules also apply to all records containing Social Security Numbers regardless of whether such records are covered by an applicable system of records maintained by the Department. They describe the procedures by which individuals may request access to records about themselves, request amendment or correction of those records, and request an accounting of disclosures by Department personnel and contractors. In addition, the Department processes all Privacy Act and JRA requests for access to records under the Freedom of Information Act (FOIA) (5 U.S.C. 552), following the rules contained in subpart A of this part, which gives requesters the benefit of both statutes.
(3) The provisions established by this subpart apply to all Department Components, as defined in paragraph (b)(1) of this section.
(4) DHS has a decentralized system for processing requests, with each component handling requests for its records.
(b) Definitions. As used in this subpart:
(1) Component means the office that processes Privacy Act and JRA requests for each separate organizational entity within DHS that reports directly to the Office of the Secretary.
(2) Request for access to a record means a request made under Privacy Act subsection (d)(1).
(3) Request for amendment or correction of a record means a request made under Privacy Act subsection (d)(2).
(4) Request for an accounting means a request made under Privacy Act subsection (c)(3).
(5) Requester means an individual who makes a request for access, a request for amendment or correction, or a request for an accounting under the Privacy Act.
(6) Individual means, as defined by the Privacy Act, 5 U.S.C. 552a(a)(2), a citizen of the United States or an alien lawfully admitted for permanent residence. Also, an individual, for Start Printed Page 68602 purposes of this subpart, but limited to the exclusive rights and civil remedies provided in the JRA, includes covered persons, as defined by the JRA, as a natural person (other than an individual) who is a citizen of a covered country, as designated by the Attorney General, with the concurrence of the Secretary of State, the Secretary of the Treasury, and the Secretary of Homeland Security.
(7) Record has the same meaning as contained in the Privacy Act, 5 U.S.C. 552a(a)(4), except that in cases covered by the JRA, the term “record” has the same meaning as “covered record” in the JRA, 5 U.S.C. 552a note.
(c) Authority to request records for a law enforcement purpose. The head of a component or designee thereof is authorized to make written requests under subsection 552a(b)(7) of the Privacy Act for records maintained by other agencies that are necessary to carry out an authorized law enforcement activity.
(d) Notice on Departmental use of (b)(1) exception. As a general matter, when applying the Privacy Act (b)(1) exception for authorized disclosures within an agency on a need to know basis, the Department will consider itself a single entity, meaning that information may be disclosed between components of the Department under the (b)(1) exception.
Requests for access to records.(a) How made and addressed. (1) DHS has a decentralized system for responding to Privacy Act and JRA requests, with each component designating an office to process records from that component.
(2) An individual may make a request for access to a Department of Homeland Security record about that individual covered by a DHS or Component system of records notice (SORN) by writing directly to the Department component that maintains the record at the address listed in appendix A to this part or via the internet at http://www.dhs.gov/dhs-foia-request-submission-form. A description of all DHS-wide and component SORNs may be found here: https://www.dhs.gov/system-records-notices-sorns.
(3) In most cases, a component's central FOIA office, as indicated in appendix A to this part, is the place to send a Privacy Act request. For records held by a field office of U.S. Customs and Border Protection, the U.S. Coast Guard, or other Department components with field offices other than the U.S. Secret Service and Transportation Security Administration, the requester must write directly to that U.S. Customs and Border Protection, Coast Guard, or other field office address, which can be found by calling the component's central FOIA office. Requests for U.S. Secret Service records should be sent only to the U.S. Secret Service central FOIA office, and requests for Transportation Security Administration records should be sent only to the Transportation Security Administration central FOIA office.
(4) Requests for records held by the Cybersecurity and Infrastructure Security Agency (CISA) should be sent to the DHS Privacy Office.
(5) DHS's FOIA website refers the reader to descriptions of the functions of each component and provides other information that is helpful in determining where to make a request. Each component's FOIA office and any additional requirements for submitting a request to a given component are listed in appendix A to this part. These references can all be used by requesters to determine where to send their requests within DHS.
(6) An individual may also send a request to the Privacy Office, Mail Stop 0655, U.S. Department of Homeland Security, 2707 Martin Luther King Jr. Ave. SE, Washington DC 20528-0655, or via the internet at http://www.dhs.gov/dhs-foia-request-submission-form, or via fax to (202) 343-4011. The Privacy Office will forward the request to the component(s) that it determines to be most likely to maintain the records that are sought. For the quickest possible handling, the requester should mark both the request letter and the envelope “Privacy Act Request” or “Judicial Redress Act Request.”
(b) Government-wide SORNs. A government-wide system of records is a system of records where one agency has regulatory authority over records in the custody of multiple agencies, and the agency with regulatory authority publishes a SORN that applies to all of the records regardless of their custodial location. If records are sought that are covered by a Government-wide SORN and requested of DHS, DHS will consult or refer such request, only as applicable and necessary, to the corresponding agency having authority over such records for further processing. DHS will acknowledge to the requester that it is referring the request to another agency or consulting with that agency when processing the request.
(c) Description of records sought. A requester must describe the records sought in sufficient detail to enable Department personnel to locate the system of records covering them with a reasonable amount of effort. Whenever possible, the request should describe the records sought, the time periods in which the requester believes they were compiled, the office or location in which the requester believes the records are kept, and the name or identifying number of each system of records in which the requester believes they are kept. The Department publishes notices in the Federal Register that describe its components' systems of records. These notices can be found on the Department's website here: https://www.dhs.gov/system-records-notices-sorns. If a request does not adequately describe the records sought, DHS may at its discretion either administratively close the request or seek additional information from the requester. Requests for clarification or more information will be made in writing (either via U.S. mail or electronic mail whenever possible). Requesters may respond by U.S. Mail or by electronic mail regardless of the method used by DHS to transmit the request for additional information. To be considered timely, responses to requests for additional information must be postmarked or received by electronic mail within 30 working days of the postmark date or date of the electronic mail request for additional information. If the requester does not respond timely, the request may be administratively closed at DHS's discretion. This administrative closure does not prejudice the requester's ability to submit a new request for further consideration with additional information.
(d) Agreement to pay fees. DHS and components shall charge for processing requests under the Privacy Act or JRA. DHS and components will ordinarily use the most efficient and least expensive method for processing requested records. DHS may contact a requester for additional information in order to resolve any fee issues that arise under this section. DHS ordinarily will collect all applicable fees before sending copies of records to a requester. If one makes a Privacy Act or JRA request for access to records, it will be considered a firm commitment to pay all applicable fees charged under § 5.29, up to $25.00. The component responsible for responding to a request ordinarily will confirm this agreement in an acknowledgement letter. When making a request, an individual may specify a willingness to pay a greater or lesser amount. Requesters must pay fees by check or money order made payable to the Treasury of the United States.
(e) Verification of identity. When an individual makes a request for access to their own records, their identity must be verified. The individual must provide Start Printed Page 68603 their full name, current address, date and place of birth, and country of citizenship or residency. The individual must sign the request and provide a signature that must either be notarized or submitted by the requester under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury, as a substitute for notarization. An individual may obtain more information about this process at http://www.dhs.gov/foia or 1-866-431-0486. In order to help the identification and location of requested records, an individual may also voluntarily include other identifying information that are relevant to the request ( e.g., passport number, Alien Registration Number (A-Number)).
(f) Verification of guardianship. When making a request as the parent or guardian of a minor or as the guardian of someone determined by a court of competent jurisdiction to be incompetent due to physical or mental incapacity or age, for access to records about that individual, the individual submitting a request must establish:
(1) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and country of citizenship or residency of the individual;
(2) The submitting individual's own identity, in the same manner as required in paragraph (e) of this section;
(3) That the submitting individual is the parent or guardian of the subject of the record, which may be proven by providing a copy of the subject of the record's birth certificate showing parentage or by providing a court order establishing guardianship; and
(4) That the submitting individual is acting on behalf of that individual that is the subject of the record.
(g) Verification in the case of third-party information requests. Outside of requests made pursuant to paragraph (f) of this section, if a third party requests records about a subject individual, the third party requester must provide verification of the subject individual's identity in the manner provided in paragraph (e) of this section along with the subject individual's written consent authorizing disclosure of the records to the third party requester, or by submitting proof by the requester that the subject individual is deceased ( e.g., a copy of a death certificate or an obituary). As an exercise of its administrative discretion, each component can require a third-party requester to supply additional information to verify that the subject individual has consented to disclosure or is deceased.
Responsibility for responding to requests for access to records.(a) In general. Except as stated in paragraphs (c), (d), and (e) of this section, the component that first receives a request for access to a record, and has possession of that record, is the component responsible for responding to the request. In determining which records are responsive to a request, a component ordinarily will include only those records in its possession as of the date the component begins its search for them. If any other date is used, the component will inform the requester of that date.
(b) Authority to grant or deny requests. The head of a component, or the component head's designee, is authorized to grant or deny any request for access or amendment to a record of that component.
(c) Consultations, coordination, and referrals. All consultations, coordination, and referrals for requests of records subject to the Privacy Act or JRA will follow the same process and procedures as described in § 5.4(d), including how to handle those requests that pertain to law enforcement information, as specified in § 5.4(d)(2), and classified information, as specified in § 5.4(d)(2) and (e). Further, whenever a request is made for access to a record containing information that has been classified by or may be appropriate for classification by another component or agency under any relevant executive order concerning the classification of records, the receiving component will refer to § 5.24 for processing.
(d) Release of medical records. (1) Generally, an individual has the right to access their medical records maintained by the Department. Special procedures for requests from an individual requesting medical records that include psychological records for which direct release may cause harm to the individual requesting access are set forth in paragraph (d)(2) of this section.
(2) If a request is made for access to medical records that include psychological records, and a component medical practitioner or qualified designee determines that direct release is likely to adversely affect the individual who is requesting access, the component will request the individual to provide the name and contact information of a representative who is capable of ameliorating the potential adverse effect. The representative may be a physician or other health professional who will be willing to review the record and inform the requester of its contents. Once provided, the component FOIA office or designated component official will send the medical records to the individual's designated representative. The component will inform the subject individual in writing (either via U.S. mail or electronic mail whenever possible) that the record has been sent to that individual's chosen representative. The representative does not have the discretion to withhold any part of the individual's record. If the subject individual does not comply with the procedural requirement to designate a representative, the component may decline to release the requested information.
(3) Paragraph (d)(2) of this section does not apply to Coast Guard records held by another agency.
(e) Notice of referral. Whenever a component refers all or any part of the responsibility for responding to a request to another component or agency, it ordinarily will notify the requester of the referral and inform the requester of the name of each component or agency to which the request has been referred and of the part of the request that has been referred.
(f) Timing of responses to consultations and referrals. All consultations and referrals received by DHS will be handled according to the date the Privacy Act or JRA access request was initially received by the first component or agency, not any later date.
(g) Agreements regarding consultations and referrals. Components may establish agreements with other components or agencies to eliminate the need for consultations or referrals with respect to types of records.
Responses to requests for access to records.(a) In general. Components should, to the extent practicable, communicate with requesters having access to the internet using electronic means, such as email or web portal.
(b) Acknowledgements of requests. Consistent with the procedures in subpart A of this part, a component will acknowledge the request and assign it an individualized tracking number if it will take longer than ten (10) working days to process. Components will include in the acknowledgement letter a brief description of the records sought to allow requesters to more easily keep track of their requests. Further, in the acknowledgment letter, the component will confirm the requester's agreement to pay fees under §§ 5.21(d) and 5.29.
(c) Grants of requests for access. Consistent with the procedures in subpart A to this part, a component will have twenty (20) working days from when a request is received to determine Start Printed Page 68604 whether to grant or deny the request unless there are unusual or exceptional circumstances as defined by the FOIA and set out in § 5.5(c). Once a component decides to grant a request for access to record(s) in whole or in part, it will notify the requester in writing. The component will inform the requester in the notice of any fee charged under §§ 5.21(d) and 5.29 and will disclose records to the requester promptly upon payment of any applicable fee. The component will inform the requester of the availability of its FOIA Liaison to offer assistance.
(d) Adverse determinations of requests for access. A component making an adverse determination denying a request for access in any respect will notify the requester of that determination in writing. Adverse determinations, or denials of requests, include decisions that: the requested record is exempt, in whole or in part; the requested record does not exist or cannot be located; or the record requested is not subject to the Privacy Act or JRA. Further, adverse determinations also include disputes regarding fees, or denials of a request for expedited processing. The denial letter will be signed by the head of the component, or the component head's designee, and will include:
(1) The name and title or position of the person responsible for the denial;
(2) A brief statement of the reason(s) for the denial, including any Privacy Act exemption(s) applied by the component in denying the request; and
(3) A statement that the denial may be appealed under § 5.25(a) and a description of the requirements of § 5.25(a).
(e) JRA access requests. For purposes of responding to a JRA access request, a covered person is subject to the same limitations, including exemptions and exceptions, as an individual is subject to under section 552a of title 5, United States Code, when pursuing access to records. The implementing regulations and reasons provided for exemptions can be found in appendix C to this part.
Classified information.On receipt of any request involving classified information, the component will determine whether information is currently and properly classified and take appropriate action to ensure compliance with 6 CFR part 7. Whenever a request is made for access to a record that is covered by a system of records containing information that has been classified by or may be appropriate for classification by another component or agency under any applicable executive order, the receiving component will consult the component or agency that classified the information. Whenever a record contains information that has been derivatively classified by a component or agency because it contains information classified by another component or agency, the component will consult the component or agency that classified the underlying information. Information determined to no longer require classification will not be withheld from a requester based on exemption (k)(1) of the Privacy Act. On receipt of any appeal involving classified information, the DHS Office of the General Counsel, or its designee, shall take appropriate action to ensure compliance with 6 CFR part 7.
Administrative appeals for access requests.(a) Requirements for filing an appeal. An individual may appeal an adverse determination denying the individual's request for access in any respect to the appropriate Appeals Officer. For the address of the appropriate component Appeals Officer, an individual may contact the applicable component FOIA Liaison using the information in appendix A to this part, visit www.dhs.gov/foia, or call 1-866-431-0486. An appeal must be in writing, and to be considered timely it must be postmarked or, in the case of electronic submissions, transmitted to the Appeals Officer within 90 working days, consistent with the procedures in subpart A to this part, after the date of the component's response. An electronically filed appeal will be considered timely if transmitted to the Appeals Officer by 11:59:59 p.m. EST or EDT on the 90th working day. The appeal should clearly identify the component determination (including the assigned request number if the requester knows it) that is being appealed and should contain the reasons the requester believes the determination was erroneous. For the quickest possible handling, an individual should mark both the appeal letter and the envelope “Privacy Act Appeal” or “Judicial Redress Act Appeal.”
(b) Adjudication of appeals. The DHS Office of the General Counsel, or its designee, ( e.g., Component Appeals Officer) is the authorized appeals authority for DHS. On receipt of any appeal involving classified information, the Appeals Officer will consult with the Chief Security Officer and take appropriate action to ensure compliance with 6 CFR part 7. If the appeal becomes the subject of a lawsuit, the Appeals Officer is not required to act further on the appeal.
(c) Appeal decisions. Consistent with the procedures in subpart A to this part, the decision on an appeal will be made in writing generally twenty (20) working days after receipt. However, consistent with the procedures in subpart A to this part, the time limit for responding to an appeal may be extended provided the circumstances set forth in 5 U.S.C. 552(a)(6)(B)(i) are met. A decision affirming an adverse determination in whole or in part will include a brief statement of the reason(s) for the affirmance, including any Privacy Act exemption applied, and will inform the requester of the Privacy Act provisions for court review of the decision. If the adverse determination is reversed or modified on appeal in whole or in part, the requester will be notified in a written decision and the request will be reprocessed in accordance with that appeal decision. An adverse determination by the DHS Office of the General Counsel or its designee or Component Appeals Officer will be the final action of the Department.
(d) Appeal necessary before seeking court review. If an individual wishes to seek review by a court of any adverse determination or denial of a request by DHS within the allotted 20 working days to respond unless there are unusual or exceptional circumstances, that individual must first appeal it under this subpart. An appeal will not be acted on if the request becomes a matter of litigation.
Requests for amendment or correction of records.(a) How made and addressed. Unless the record is not subject to amendment or correction as stated in paragraph (f) of this section, an individual may make a request for amendment or correction of a record of the Department about that individual by writing directly to the component that maintains the record, following the procedures in § 5.21. The request should identify each record in question, state the amendment or correction requested, and state the reason why the requester believes that the record is not accurate, relevant, timely, or complete. The requester may submit any documentation that the requester thinks would support the request. If the individual believes that the same record is in more than one system of records, the requester should state that and address the request to each component that maintains a system of records containing the record.
(b) Component responses. Within ten working days of receiving a request for amendment or correction of records, a Start Printed Page 68605 component will send the requester a written acknowledgment of its receipt of the request, and it will promptly notify the requester whether the request is granted or denied. If the component grants the request in whole or in part, it will describe the amendment or correction made and will advise the requester of the right to obtain a copy of the corrected or amended record, in disclosable form. If the component denies the request in whole or in part, it will send the requester a letter signed by the head of the component, or the component head's designee, that will state:
(1) The reason(s) for the denial; and
(2) The procedure for appeal of the denial under paragraph (c) of this section, including the name and business address of the official who will act on the appeal.
(c) Appeals. Within 90 working days after the date of the component's response, the requester may appeal a denial of a request for amendment or correction to the Component Appeals Officer or the DHS Office of the General Counsel or its designee. The Component Appeals Officer or the DHS Office of the General Counsel or its designee must complete its review and make a final determination on the requester's appeal no later than 30 days (excluding Saturdays, Sundays, and legal public holidays) from the date on which the individual requests such review unless good cause is shown, and communicated to the individual, for which the 30-day period may be extended for an additional 30 days. If the appeal is denied, the requester will be advised of the right to file a Statement of Disagreement as described in paragraph (d) of this section and of the right under the Privacy Act, 5 U.S.C. 552a(d)(3), for court review of the decision. If an individual wishes to seek review by a court of any adverse determination or denial of a request, that individual must first appeal it under this subpart. For purposes of responding to a JRA amendment request, a covered person is subject to the same limitations, including exemptions and exceptions, as an individual is subject to under section 552a of title 5, United States Code, when pursuing amendment to records. The implementing regulations and reasons provided for exemptions can be found in appendix C to this part, titled DHS Systems of Records Exempt from the Privacy Act.
(d) Statements of Disagreement. If an individual's appeal under this section is denied in whole or in part, that individual has the right to file a Statement of Disagreement, unless exempt, that states the individual's reason(s) for disagreeing with the Department's denial of the request for amendment or correction. Statements of Disagreement must be concise, must clearly identify each part of any record that is disputed, and should be no longer than one typed page for each fact disputed. The individual's Statement of Disagreement must be sent to the component involved, which will place it in the system of records in which the disputed record is maintained and will mark the disputed record to indicate that a Statement of Disagreement has been filed and where in the system of records it may be found.
(e) Notification of amendment/correction or disagreement. Within 30 working days of the amendment or correction of a record, the component that maintains the record will, unless exempt, notify all persons, organizations, or agencies to which it previously disclosed the record, if an accounting of that disclosure was made or should have been made, that the record has been amended or corrected. If an individual has filed a Statement of Disagreement, the component will append a copy of it to the disputed record whenever the record is disclosed and may also append a concise statement of its reason(s) for denying the request to amend or correct the record.
(f) Records not subject to amendment or correction. The following records are not subject to amendment or correction:
(1) Transcripts of testimony given under oath or written statements made under oath;
(2) Transcripts of grand jury proceedings, judicial proceedings, or quasi-judicial proceedings, which are the official record of those proceedings;
(3) Presentence records that originated with the courts; and
(4) Records in systems of records that have been exempted from amendment and correction under the Privacy Act (5 U.S.C. 552a(j) or (k)) pursuant to a final rule published in the Federal Register .
Requests for an accounting of record disclosures.(a) How made and addressed. Except where accountings of disclosures are not required to be kept (as stated in paragraph (b)(1) of this section), an individual may make a request for an accounting of any disclosure that has been made by the Department to another person, organization, or agency of any record about the requester. This accounting contains the date, nature, and purpose of each disclosure, as well as the name and address of the person, organization, or agency to which the disclosure was made. A request for an accounting should identify each record in question and should be made by writing directly to the Department component that maintains the record, following the procedures in § 5.21.
(b) Where accountings are not required. Components are not required to provide accountings to the requester where they relate to:
(1) Disclosures for which accountings are, by statute (5 U.S.C. 552a(c)(1)), not required to be kept, such as disclosures that are made to officers and employees within the agency and disclosures that are required to be made under the FOIA, or for records covered by the JRA;
(2) Disclosures made to law enforcement agencies for authorized law enforcement activities in response to written requests from those law enforcement agencies specifying the law enforcement activities for which the disclosures are sought; or
(3) Disclosures made from systems of records that have been exempted from accounting requirements by a rulemaking pursuant to 5 U.S.C. 552a(j) or (k).
(c) Appeals. A requester may appeal a denial of a request for an accounting to the Component Appeals Officer or the DHS Office of the General Counsel or its designee in the same manner as a denial of a request for access to records ( see § 5.25) and the same procedures will be followed.
Preservation of records.Each component will preserve all correspondence pertaining to the requests that it receives under this subpart, as well as copies of all requested records, until disposition or destruction is authorized by title 44 of the United States Code or the National Archives and Records Administration's General Records Schedule 4.2. Records will not be disposed of while they are the subject of a pending request, appeal, lawsuit, or litigation or audit hold under the Act.
Fees.(a) Fees for access requests granted in full under the Privacy Act are limited to duplication fees, which are chargeable to the same extent that fees are chargeable under subpart A of this part. An access request not granted in full under the Privacy Act will be processed under the FOIA and will be subject to all fees chargeable under the applicable FOIA regulations. Fees are not charged for processing amendment and accounting requests.
(b) DHS will not process a request under the Privacy Act or JRA from persons with an unpaid fee from any previous Privacy Act or JRA request to Start Printed Page 68606 any Federal agency until that outstanding fee has been paid in full to the agency.
Notice of court-ordered and emergency disclosures.(a) Court-ordered disclosures. When the component discloses an individual's information covered by a system of records pursuant to an order from a court of competent jurisdiction, and the order is a matter of public record, the Privacy Act requires the component to send a notice of the disclosure to the last known address of the person whose record was disclosed. Notice will be given within a reasonable time after the component's receipt of the order, except that in a case in which the order is not a matter of public record, the notice will be given only after the order becomes public. This notice will be mailed to the individual's last known address and will contain a copy of the order and a description of the information disclosed. Notice will not be given if disclosure is made from a criminal law enforcement system of records that has been exempted from the notice requirement.
(b) Court. For purposes of this section, a court is an institution of the judicial branch of the U.S. Federal Government consisting of one or more judges who seek to adjudicate disputes and administer justice. Entities not in the judicial branch of the Federal Government are not courts for purposes of this section.
(c) Court order. For purposes of this section, a court order is any legal process which satisfies all the following conditions:
(1) It is issued under the authority of a Federal court;
(2) A judge or a magistrate judge of that court signs it;
(3) It commands or permits DHS to disclose the Privacy Act protected information at issue; and
(4) The court is a court of competent jurisdiction.
(d) Court of competent jurisdiction. It is the view of DHS that under the Privacy Act the Federal Government has not waived sovereign immunity, which precludes state court jurisdiction over a Federal agency or official. Therefore, DHS will not honor state court orders as a basis for disclosure, unless DHS does so under its own discretion.
(e) Conditions for disclosure under a court order of competent jurisdiction. The component may disclose information in compliance with an order of a court of competent jurisdiction if—
(1) Another section of this part specifically allows such disclosure, or
(2) DHS, the Secretary, or any officer or employee of DHS in their official capacity is properly a party in the proceeding, or
(3) Disclosure of the information is necessary to ensure that an individual who is accused of criminal activity receives due process of law in a criminal proceeding under the jurisdiction of the judicial branch of the Federal Government.
(f) In other circumstances. DHS may disclose information to a court of competent jurisdiction in circumstances other than those stated in paragraph (e) of this section. DHS will make its decision regarding disclosure by balancing the needs of a court while preserving the confidentiality of information. For example, DHS may disclose information under a court order that restricts the use and redisclosure of the information by the participants in the proceeding; DHS may offer the information for inspection by the court in camera and under seal; or DHS may arrange for the court to exclude information identifying individuals from that portion of the record of the proceedings that is available to the public.
(g) Emergency disclosures. Upon disclosing a record pertaining to an individual made under compelling circumstances affecting the health or safety of an individual, the component will notify the individual to whom the record pertains of the disclosure. This notice will be mailed to the individual's last known address and will state the nature of the information disclosed; the person, organization, or agency to which it was disclosed; the date of disclosure; and the compelling circumstances justifying the disclosure.
(h) Other regulations on disclosure of information in litigation. See subpart C to this part for additional rules covering disclosure of information and records governed by this part and requested in connection with legal proceedings.
Security of systems of records.(a) In general. Each component will establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and to prevent physical damage to or destruction of records. The stringency of these controls will correspond to the sensitivity of the records that the controls protect. At a minimum, each component's administrative and physical controls will ensure that:
(1) Records are protected from public view;
(2) The area in which records are kept is supervised during business hours to prevent unauthorized persons from having access to them;
(3) Records are inaccessible to unauthorized persons outside of business hours; and
(4) Records are not disclosed to unauthorized persons or under unauthorized circumstances in either oral or written form.
(b) Procedures required. Each component will have procedures that restrict access to records to only those individuals within the Department who must have access to those records to perform their duties and that prevent inadvertent disclosure of records.
Contracts for the operation of systems of records.As required by 5 U.S.C. 552a(m), any approved contract for the operation of a system of records to accomplish an agency function will contain the standard contract requirements issued by the General Services Administration to ensure compliance with the requirements of the Privacy Act for that system. The contracting component will be responsible for ensuring that the contractor complies with these contract requirements.
Use and collection of Social Security numbers.Each component will ensure that employees authorized to collect information are aware:
(a) That individuals may not be denied any right, benefit, or privilege because of refusing to provide their Social Security numbers, unless the collection is authorized either by a statute or by a regulation issued prior to 1975; and
(b) That individuals requested to provide their Social Security numbers must be informed of:
(1) Whether providing Social Security numbers is mandatory or voluntary;
(2) Any statutory or regulatory authority that authorizes the collection of Social Security numbers; and
(3) The uses that will be made of the numbers.
(c) Including Social Security numbers of an individual on any document sent by mail is not permitted unless the Secretary determines that the inclusion of the number on the document is necessary.
Standards of conduct for administration of the Privacy Act.Each component will inform its employees of the provisions of the Privacy Act, including the Act's civil liability and criminal penalty provisions referenced in § 5.35. Unless otherwise permitted by law, the Department will: Start Printed Page 68607
(a) Maintain only such information about an individual as is relevant and necessary to accomplish a purpose of the Component or the Department that is required to be accomplished by statute or by Executive order of the President;
(b) Collect information about an individual directly from that individual whenever practicable and when the information may result in adverse determinations about an individual's rights, benefits, and privileges under federal programs;
(c) Inform each individual from whom information is collected of:
(1) The legal authority to collect the information and whether providing it is mandatory or voluntary;
(2) The principal purpose for which the Department intends to use the information;
(3) The routine uses the Department may make of the information; and
(4) The effects on the individual, if any, of not providing the information;
(d) Ensure that the component maintains no system of records without public notice and that it notifies appropriate Department officials of the existence or development of any system of records that is not the subject of a current or planned public notice;
(e) Maintain all records that are used by the Department in making any determination about an individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in the determination;
(f) Except as to disclosures made to an agency or made under the FOIA, make reasonable efforts, prior to disseminating any record about an individual, to ensure that the record is accurate, relevant, timely, and complete;
(g) Maintain no record describing how an individual exercises their First Amendment rights, unless it is expressly authorized by statute or by the individual about whom the record is maintained, or is pertinent to and within the scope of an authorized law enforcement activity;
(h) When required by the Act, maintain an accounting in the specified form of all disclosures of records by the Department to persons, organizations, or agencies;
(i) Maintain and use records with care to prevent the unauthorized or inadvertent disclosure of a record to anyone; and
(j) Disclose Privacy Act or JRA records only as permitted by 5 U.S.C. 552a(b).
Sanctions and penalties.Each component will inform its employees and contractors of the Privacy Act's civil liability provisions (5 U.S.C. 552a(g)) and criminal penalty provisions (5 U.S.C. 552a(i)) as they apply to Privacy Act and JRA complaints.
Other rights and services.Nothing in this subpart will be construed to entitle any person, as of right, to any service or to the disclosure of any record to which such person is not entitled under the Privacy Act or JRA.
8. Revise appendix A to part 5 to read as follows:
End Amendment PartAppendix A to Part 5—FOIA/Privacy Act Offices of the Department of Homeland Security
I. For the following Headquarters Offices of the Department of Homeland Security, FOIA and Privacy Act requests should either be mailed to the Department's Privacy Office, Mail Stop 0655, U.S. Department of Homeland Security, 2707 Martin Luther King Jr. Ave. SE, Washington, DC 20528-0655, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-343-1743 or 866-431-0486, Fax: 202-343-4011, or Email: foia@hq.dhs.gov. The Public Liaison may also be contacted using this information.
The Headquarters Offices are:
Office of the Secretary
Office of the Deputy Secretary
Office of the General Counsel (OGC)
Office of the Executive Secretary (ESEC)
Office of Intelligence and Analysis (I&A)
Office of Legislative Affairs (OLA)
Office of Operations Coordination (OPS)
Office of Partnership and Engagement (OPE)
Office of Public Affairs (OPA)
Office of Strategy, Policy, and Plans (PLCY)
Citizenship and Immigration Services Ombudsman (CISOMB)
Civil Rights and Civil Liberties (CRCL) Countering Weapons of Mass Destruction Office (CWMD)
Federal Protective Service (FPS)
Management Directorate (MGMT), including the Office of Biometric Identity Management (OBIM)
Military Advisor's Office (MIL)
Privacy Office (PRIV)
Science and Technology Directorate (S&T)
II. For the following components and offices of the Department of Homeland Security, FOIA and Privacy Act requests should be sent to the component's FOIA Office, unless otherwise noted below. For each component, the Public Liaison may also be contacted using the information below. The components are:
Cybersecurity and Infrastructure Security Agency (CISA)
All requests should be either be mailed to the Department's Privacy Office, Mail Stop 0655, U.S. Department of Homeland Security, 2707 Martin Luther King Jr. Ave. SE, Washington, DC 20528-0655, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-343-1743 or 866-431-0486, Fax: 202-343-4011, or Email: CISAFOIA@hq.dhs.gov.
U.S. Customs and Border Protection (CBP)
All requests should be mailed to U.S. Customs and Border Protection, Office of Privacy and Diversity Office, 90 K Street NE, Mail Stop 1181, 9th Floor, or submitted electronically at https://foiaonline.gov/foiaonline/action/public/home or cbpfoiapublicliaison@cbp.dhs.gov. Electronic requests should be made to https://foiarequest.dhs.gov/ once CBP is no longer listed as an agency on https://foiaonline.gov/foiaonline/action/public/home. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-325-0150.
Federal Emergency Management Agency (FEMA)
All requests should be mailed to FOIA Officer, 500 C Street SW, Room 840, Washington, DC 20472, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-646-3323, Fax: 202-646-3347, or Email: fema-foia@fema.dhs.gov.
Federal Law Enforcement Training Center (FLETC)
All requests should be mailed to Freedom of Information Act Officer, Building #681, Suite B187, 1131 Chapel Crossing Road, Glico, GA 31524, or submitted electronically to https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you Start Printed Page 68608 to submit your request electronically. Additional contact information for questions: Phone: 912-267-3103, Fax: 912-267-3113, or Email: fletc-foia@dhs.gov.
Immigration and Customs Enforcement (ICE)
All requests should be mailed to Freedom of Information Act Office, 500 12th Street SW, Stop 5009, Washington, DC 20536-5009, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 866-633-1182, Fax: 202-732-4265, or Email: ice-foia@ice.dhs.gov.
Office of Inspector General
All requests should be mailed to the OIG Office of Counsel, 245 Murray Lane SW, Mail Stop—0305, Washington, DC 20528-0305, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-981-6100, Fax: 202-245-5217, or Email: foia.oig@oig.dhs.gov.
Transportation Security Administration (TSA)
All requests should be mailed to Freedom of Information Act Branch, 6595 Springfield Center Drive, Springfield, VA 20598-6020, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 1-866-FOIA-TSA or 571-227-2300, Fax: 571-227-1406, or Email: foia@tsa.dhs.gov.
U.S. Citizenship and Immigration Services (USCIS)
All requests should be mailed to National Records Center, FOIA/PA Office, P. O. Box 648010, Lee's Summit, MO. 64064-8010 or submitted electronically through the USCIS FOIA Portal: https://first.uscis.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 1-800-375-5283, USCIS Contact Center, or Email: FOIAPAQuestions@uscis.dhs.gov.
U.S. Coast Guard (USCG)
All requests should be mailed to Commandant (CG-6P), 2703 Martin Luther King Jr. Ave. SE, Stop 7710, Washington, DC 20593-7710, or submitted electronically through https://foiarequest.dhs.gov/. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-475-3522, Fax: 202-372-8413, or Email: efoia@uscg.mil.
U.S. Secret Service (USSS)
All requests should be mailed to Freedom of Information Act and Privacy Act Branch, 245 Murray Lane SW, Building T-5, Washington, DC 20223, or submitted electronically to FOIA@usss.dhs.gov. To respond to your FOIA or Privacy Act request as quickly as possible, we strongly encourage you to submit your request electronically. Additional contact information for questions: Phone: 202-406-6370, Fax: 202-406-5586, or Email: FOIA@usss.dhs.gov.
Start SignatureLynn Parker Dupree,
Chief Privacy Officer, Department of Homeland Security.
Footnotes
1. Except as explicitly stated below, DHS incorporates by reference the section-by-section analysis contained in the preamble to the proposed rule.
Back to Citation2. 86 FR at 55528.
Back to Citation3. Compare, e.g.,20 CFR 401.55(b)(1)(ii).
Back to Citation4. See 86 FR at 55534.
Back to Citation5. See 86 FR at 55529.
Back to Citation[FR Doc. 2022-24871 Filed 11-15-22; 8:45 am]
BILLING CODE 4410-9B-P
Document Information
- Effective Date:
- 12/16/2022
- Published:
- 11/16/2022
- Department:
- Homeland Security Department
- Entry Type:
- Rule
- Action:
- Final rule.
- Document Number:
- 2022-24871
- Dates:
- This final rule is effective December 16, 2022.
- Pages:
- 68599-68608 (10 pages)
- Docket Numbers:
- Docket No. DHS-2021-0020
- RINs:
- 1601-AB04: Privacy Act of 1974
- RIN Links:
- https://www.federalregister.gov/regulations/1601-AB04/privacy-act-of-1974
- Topics:
- Classified information, Courts, Freedom of information, Government employees, Privacy
- PDF File:
- 2022-24871.pdf
- Supporting Documents:
- » Privacy Act of 1974
- » Privacy Act of 1974
- CFR: (21)
- 6 CFR 5.2
- 6 CFR 5.3
- 6 CFR 5.5
- 6 CFR 5.8
- 6 CFR 5.20
- More ...