[Federal Register Volume 64, Number 43 (Friday, March 5, 1999)]
[Proposed Rules]
[Pages 10872-10878]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-5141]
[[Page 10871]]
_______________________________________________________________________
Part V
Corporation for National and Community Service
_______________________________________________________________________
45 CFR Parts 1224 and 2508
Privacy Act of 1974; Implementation, Report of Altered Systems;
Proposed Rule and Notice
��Federal Register / Vol. 64, No. 43 / Friday, March 5, 1999 / Proposed
Rules��
[[Page 10872]]
CORPORATION FOR NATIONAL AND COMMUNITY SERVICE
45 CFR Parts 1224 and 2508
RIN 3045-AA22
Implementation of the Privacy Act of 1974
AGENCY: Corporation for National and Community Service.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Corporation for National and Community Service
(hereinafter the ``Corporation'') revises its regulations under the
Privacy Act. The Corporation seeks to redesignate its existing
regulations under former ACTION's CFR chapter as updated regulations
under the Corporation's CFR chapter. The Corporation expects this
proposed rule will promote consistency in its processing of Privacy Act
requests by setting forth the basic policies of the Corporation
governing the maintenance of its system of records which contains the
personal information of its employees.
DATES: Comments must be received by the Corporation no later than April
5, 1999.
ADDRESSES: Comments may be mailed to the Corporation for National and
Community Service, Office of General Counsel, Attn: Bill Hudson,
Corporation Privacy Act Officer, Room 8200, 1201 New York Avenue, NW,
Washington, DC 20525.
FOR FURTHER INFORMATION CONTACT: Bill Hudson, Corporation Privacy Act
Officer, at (202) 606-5000, ext. 265.
SUPPLEMENTARY INFORMATION: The Corporation is a wholly-owned government
corporation created by Congress to administer programs established
under the national service laws. The Corporation operates under two
statutes, the National and Community Service Act of 1990, as amended,
42 U.S.C. 12501 et seq., and the Domestic Volunteer Service Act of
1973, as amended, 42 U.S.C. 4950 et seq.
The functions of the ACTION agency were transferred to the
Corporation on April 4, 1994. This proposed Privacy Act rule
redesignates ACTION's policy at 45 CFR Chapter XII, part 1224, to be
revised as 45 CFR Chapter XXV, part 2508, and governs the Corporation
as a whole. The Distribution Table in the Preamble compares the earlier
version of CFR part numbers under 45 Chapter XII, part 1224, with the
new CFR part numbers assigned under 45 Chapter XXV, part 2508. The
subjects listed in 45 CFR Chapter XII, part 1224, are revised and
redesignated under 45 CFR Chapter XXV, part 2508, to reflect the new
subject listings. The redesignated subpart numbers under 45 CFR Chapter
XXV, part 2508, are written in a plain language format as questions/
answers to provide for a better understanding of the Corporation's
revised Privacy Act regulation.
Regulatory Flexibility Act
I certify that this regulation will not have a significant economic
impact on a substantial number of small entities.
Executive Order 12866
This regulation has been drafted and reviewed in accordance with
Executive Order 12866. The Office of Management and Budget has reviewed
this rule and has determined that this rule is not a ``significant
regulatory action'' under Executive Order 12866, section 3(f),
Regulatory Planning and Review.
Paperwork Reduction Act
I certify that this regulation does not require additional
reporting under the criteria of the Paperwork Reduction Act of 1980.
Unfunded Mandates Reform Act of 1995
This regulation will not result in the expenditure by State, local,
and tribal governments, in the aggregate, or by the private sector, of
$100,000,000 or more in any one year, and it will not significantly or
uniquely affect small governments. Therefore, no actions are deemed
necessary under the provisions of the Unfunded Mandates Reform Act of
1995.
Small Business Regulatory Enforcement Fairness Act of 1996
This rule is not a major rule as defined by section 804 of the
Small Business Regulatory Enforcement Fairness Act of 1996. This rule
will not result in an annual effect on the economy of $100,000,000 or
more; a major increase in costs or prices; or significant adverse
effects on competition, employment, investment, productivity,
innovation, or on the ability of United States-based companies to
compete with foreign-based companies in domestic and export markets.
Submission to Congress and the Office of Management and Budget
This proposed rule is hereby submitted pursuant to 5 U.S.C. 552a(f)
for printing in the Federal Register. A copy has been sent to the
Chairman of the Committee on Government Reform and Oversight of the
House of Representatives; the Chairman of the Committee on Governmental
Affairs of the Senate; and the Administrator, Office of Information and
Regulatory Affairs, Office of Management and Budget, in accordance with
5 U.S.C. 552a(e)(4) and (a)(r).
Distribution Table
------------------------------------------------------------------------
New 45 CFR
Old 45 CFR Part 1224 Part 2508
------------------------------------------------------------------------
1224.1-1.................................................. 2508.2
1224.1-2.................................................. 2508.3
1224.1-3.................................................. 2508.1
1224.1-4.................................................. 2508.4
1224.1-5.................................................. 2508.5
1224.1-5a................................................. 2505.6
1224.1-6.................................................. 2508.7
1224.1-7.................................................. None
1224.1-8.................................................. 2508.8
1224.1-9.................................................. 2508.9
1224.1-10................................................. 2508.10
1224.1-11................................................. 2508.11
1224.1-12................................................. 2508.12
1224.1-13................................................. 2508.13
1224.1-14................................................. 2508.19
1224.1-15................................................. 2508.14
1224.1-16................................................. 2508.15
1224.1-17................................................. 2508.16
1224.1-18................................................. 2508.17
1224.1-19................................................. None
None...................................................... 2508.18
None...................................................... 2508.20
------------------------------------------------------------------------
List of Subjects in 45 CFR Parts 1224 and 2508
Privacy.
Accordingly, and under the authority of 42 U.S.C. 12501 et seq.,
and 42 U.S.C. 4950 et seq., the Corporation proposes to amend 45 CFR
chapters XII and XXV as follows:
PART 1224--[REDESIGNATED AS PART 2508]
1. Part 1224 in 45 CFR chapter XII is redesignated as part 2508 in
45 CFR chapter XXV and is revised to read as follows:
PART 2508--IMPLEMENTATION OF THE PRIVACY ACT OF 1974
Sec.
2508.1 Definitions.
2508.2 What is the purpose of this part?
2508.3 What is the Corporation's Privacy Act policy?
2508.4 When can Corporation records be disclosed?
2508.5 When does the Corporation publish its notice of its system
of records?
2508.6 When will the Corporation publish a notice for new routine
uses of information in its system of records?
2508.7 To Whom does the Corporation provide reports to regarding
changes in its system of records?
2508.8 Who is responsible for establishing the Corporation's rules
of conduct for Privacy Act compliance?
[[Page 10873]]
2508.9 What officials are responsible for the security, management
and control of Corporation record keeping systems?
2508.10 Who has the responsibility for maintaining adequate
technical, physical, and security safeguards to prevent unauthorized
disclosure or destruction of manual and automatic record systems?
2508.11 How shall offices maintaining a system of records be
accountable for those records to prevent unauthorized disclosure of
information?
2508.12 What are the contents of the systems of records that are to
be maintained by the Corporation?
2508.13 What are the procedures for acquiring access to Corporation
records by an individual about whom a record is maintained?
2508.14 What are the identification requirements for individuals
who request access to records?
2508.15 What are the procedures for requesting inspection of,
amendment or correction to, or appeal of an individual's records
maintained by the Corporation other than that individual's official
personnel file?
2508.16 What are the procedures for filing an appeal for refusal to
amend or correct records?
2508.17 When shall fees be charged and at what rate?
2508.18 What are the penalties for obtaining a record under false
pretenses?
2508.19 What Privacy Act exemptions or control of systems of
records are exempt from disclosure?
2508.20 What are the restrictions regarding the release of mailing
lists?
Authority: 5 U.S.C. 552a; 42 U.S.C. 12501 et seq; 42 U.S.C. 4950
et seq.
Sec. 2508.1 Definitions
(a) Amend means to make a correction to, or expunge any portion of,
a record about an individual which that individual believes is not
accurate, relevant, timely, or complete.
(b) Appeal Officer means the individual delegated the
responsibility to act on all appeals filed under the Privacy Act.
(c) Chief Executive Officer means the Head of the Corporation.
(d) Corporation means the Corporation for National and Community
Service.
(e) Individual means any citizen of the United States or an alien
lawfully admitted for permanent residence.
(f) Maintain means to collect, use, store, disseminate or any
combination of these record-keeping functions; exercise of control over
and therefore, responsibility and accountability for, systems of
records.
(g) Personnel record means any information about an individual that
is maintained in a system of records by the Corporation that is needed
for personnel management or processes such as staffing, employment
development, retirement, grievances, and appeals.
(h) Privacy Act Officer means the individual delegated the
authority to allow access to, the release of, or the withholding of
records pursuant to an official Privacy Act request. The Privacy Act
Officer is further delegated the authority to make the initial
determination on all requests to amend records.
(i) Record means any document or other information about an
individual maintained by the agency whether collected or grouped, and
including, but not limited to, information regarding education,
financial transactions, medical history, criminal or employment
history, or any other personal information that contains the name or
other personal identification number, symbol, etc. assigned to such
individual.
(j) Routine use means, with respect to the disclosure of a record,
the use of such record for a purpose which is compatible with the
purpose for which it was collected.
(k) System of records means a group of any records under the
maintenance and control of the Corporation from which information is
retrieved by use of the name of an individual or by some personal
identifier of the individual.
Sec. 2508.2 What is the purpose of this part?
The purpose of this part is to set forth the basic policies of the
Corporation governing the maintenance of its system of records which
contains personal information concerning its employees as defined in
the Privacy Act (5 U.S.C. 552a). Records included in this part are
those described in aforesaid act and maintained by the Corporation and/
or any component thereof.
Sec. 2508.3 What is the Corporation's Privacy Act policy?
It is the policy of the Corporation to protect, preserve, and
defend the right of privacy of any individual about whom the
Corporation maintains personal information in any system of records and
to provide appropriate and complete access to such records including
adequate opportunity to correct any errors in said records. Further, it
is the policy of the Corporation to maintain its records in such a
manner that the information contained therein is, and remains material
and relevant to the purposes for which it is received in order to
maintain its records with fairness to the individuals who are the
subjects of such records.
Sec. 2508.4 When can Corporation records be disclosed?
(a) (1) The Corporation will not disclose any record that is
contained in its system of records by any means of communication to any
person, or to another agency, except pursuant to a written request by,
or with the prior written consent of the individual to whom the record
pertains, unless disclosure of the record would be:
(i) To employees of the Corporation who maintain the record and who
have a need for the record in the performance of their official duties;
(ii) When required under the provisions of the Freedom of
Information Act (5 U.S.C. 552);
(iii) For routine uses as appropriately published in the annual
notice of the Federal Register;
(iv) To the Bureau of the Census for purposes of planning or
carrying out a census or survey or related activity pursuant to the
provisions of title 13;
(v) To a recipient who has provided the Corporation with advance
adequate written assurance that the record will be used solely as a
statistical research or reporting record, and the record is to be
transferred in a form that is not individually identifiable;
(vi) To the National Archives and Records Administration of the
United States as a record which has sufficient historical or other
value to warrant its continued preservation by the United States
Government, or for evaluation by the Archivist of the United States or
the designee of the Archivist to determine whether the record has such
value;
(vii) To another agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States for civil or criminal law enforcement activity if the activity
is authorized by law, and if the head of the agency or instrumentality
has made a written request to the Corporation for such records
specifying the particular portion desired and the law enforcement
activity for which the record is sought. Such a record may also be
disclosed by the Corporation to the law enforcement agency on its own
initiative in situations in which criminal conduct is suspected
provided that such disclosure has been established as a routine use or
in situations in which the misconduct is directly related to the
purpose for which the record is maintained;
(viii) To a person pursuant to a showing of compelling
circumstances affecting the health or safety of any individual if, upon
such disclosure, notification is transmitted to the last known address
of such individual;
[[Page 10874]]
(ix) To either House of Congress, or, to the extent of matter
within its jurisdiction, any committee or subcommittee thereof, any
joint committee of Congress or subcommittee of any such joint
committee;
(x) To the Comptroller General or any of his or her authorized
representatives, in the course of the performance of official duties in
the General Accounting Office;
(xi) Pursuant to an order of a court of competent jurisdiction
served upon the Corporation pursuant to 45 CFR 1201.3, and provided
that if any such record is disclosed under such compulsory legal
process and subsequently made public by the court which issued it, the
Corporation must make a reasonable effort to notify the individual to
whom the record pertains of such disclosure;
(xii) To a contractor, expert, or consultant of the Corporation (or
an office within the Corporation) when the purpose of the release to
perform a survey, audit, or other review of the Corporation's
procedures and operations; and
(xiii) To a consumer reporting agency in accordance with section
3711(f) of title 31.
Sec. 2508.5 When does the Corporation publish its notice of its system
of records?
The Corporation shall publish annually a notice of its system of
records maintained by it as defined herein in the format prescribed by
the General Services Administration in the Federal Register; provided,
however, that such publication shall not be made for those systems of
records maintained by other agencies while in the temporary custody of
the Corporation.
Sec. 2508.6 When will the Corporation publish a notice for new routine
uses of information in its system of records?
At least 30 days prior to publication of information under the
preceding section, the Corporation shall publish in the Federal
Register a notice of its intention to establish any new routine use of
any system of records maintained by it with an opportunity for public
comments on such use. Such notice shall contain the following:
(a) The name of the system of records for which the routine use is
to be established.
(b) The authority for the system.
(c) The purpose for which the record is to be maintained.
(d) The proposed routine use(s).
(e) The purpose of the routine use(s).
(f) The categories of recipients of such use. In the event of any
request for an addition to the routine uses of the systems which the
Corporation maintains, such request may be sent to the following
office: Corporation for National and Community Service, Director,
Administration and Management Services, Room 6100, 1201 New York
Avenue, NW, Washington, DC 20525.
Sec. 2508.7 To whom does the Corporation provide reports regarding
changes in its system of records?
The Corporation shall provide to the Committee on Government
Operations of the House of Representatives, the Committee on
Governmental Affairs of the Senate, and the Office of Management and
Budget, advance notice of any proposal to establish or alter any system
of records as defined herein. This report will be submitted in
accordance with guidelines provided by the Office of Management and
Budget.
Sec. 2508.8 Who is responsible for establishing the Corporation's
rules of conduct for Privacy Act compliance?
(a) The Chief Executive Officer shall ensure that all persons
involved in the design, development, operation or maintenance of any
system of records as defined herein are informed of all requirements
necessary to protect the privacy of individuals who are the subject of
such records. All employees shall be informed of all implications of
the Act in this area including the civil remedies provided under 5
U.S.C. 552a(g)(1) and the fact that the Corporation may be subject to
civil remedies for failure to comply with the provisions of the Privacy
Act and this regulation.
(b) The Chief Executive Officer shall also ensure that all
personnel having access to records receive adequate training in the
protection of the security of personal records, and that adequate and
proper storage is provided for all such records with sufficient
security to assure the privacy of such records.
Sec. 2508.9 What officials are responsible for the security,
management and control of Corporation record keeping systems?
(a) The Director of Administration and Management Services shall
have overall control and supervision of the security of all systems of
records and shall be responsible for monitoring the security standards
set forth in this regulation.
(b) A designated official (System Manager) shall be named who shall
have management responsibility for each record system maintained by the
Corporation and who shall be responsible for providing protection and
accountability for such records at all times and for insuring that such
records are secured in appropriate containers whenever not in use or in
the direct control of authorized personnel.
Sec. 2508.10 Who has the responsibility for maintaining adequate
technical, physical, and security safeguards to prevent unauthorized
disclosure or destruction of manual and automatic record systems?
The Chief Executive Officer has the responsibility of maintaining
adequate technical, physical, and security safeguards to prevent
unauthorized disclosure or destruction of manual and automatic record
systems. These security safeguards shall apply to all systems in which
identifiable personal data are processed or maintained, including all
reports and outputs from such systems that contain identifiable
personal information. Such safeguards must be sufficient to prevent
negligent, accidental, or unintentional disclosure, modification or
destruction of any personal records or data, and must furthermore
minimize, to the extent practicable, the risk that skilled technicians
or knowledgeable persons could improperly obtain access to modify or
destroy such records or data and shall further insure against such
casual entry by unskilled persons without official reasons for access
to such records or data.
(a) Manual systems. (1) Records contained in a system of records as
defined herein may be used, held or stored only where facilities are
adequate to prevent unauthorized access by persons within or outside
the Corporation.
(2) All records, when not under the personal control of the
employees authorized to use the records, must be stored in a locked
metal filing cabinet. Some systems of records are not of a such
confidential nature that their disclosure would constitute a harm to an
individual who is the subject of such record. However, records in this
category shall also be maintained in locked metal filing cabinets or
maintained in a secured room with a locking door.
(3) Access to and use of a system of records shall be permitted
only to persons whose duties require such access within the
Corporation, for routine uses as defined in Sec. 2508.4 as to any given
system, or for such other uses as may be provided herein.
(4) Other than for access within the Corporation to persons needing
such records in the performance of their official duties or routine
uses as defined in Sec. 2508.4, or such other uses as provided herein,
access to records within a system of records shall be permitted only to
the individual to whom the record pertains or upon his
[[Page 10875]]
or her written request to the Director, Administration and Management
Services.
(5) Access to areas where a system of records is stored will be
limited to those persons whose duties require work in such areas. There
shall be an accounting of the removal of any records from such storage
areas utilizing a written log, as directed by the Director,
Administration and Management Services. The written log shall be
maintained at all times.
(6) The Corporation shall ensure that all persons whose duties
require access to and use of records contained in a system of records
are adequately trained to protect the security and privacy of such
records.
(7) The disposal and destruction of records within a system of
records shall be in accordance with rules promulgated by the General
Services Administration.
(b) Automated systems. (1) Identifiable personal information may be
processed, stored or maintained by automatic data systems only where
facilities or conditions are adequate to prevent unauthorized access to
such system in any form. Whenever such data, whether contained in punch
cards, magnetic tapes or discs, are not under the personal control of
an authorized person, such information must be stored in a locked or
secured room, or in such other facility having greater safeguards than
those provided for herein.
(2) Access to and use of identifiable personal data associated with
automated data systems shall be limited to those persons whose duties
require such access. Proper control of personal data in any form
associated with automated data systems shall be maintained at all
times, including maintenance of accountability records showing
disposition of input and output documents.
(3) All persons whose duties require access to processing and
maintenance of identifiable personal data and automated systems shall
be adequately trained in the security and privacy of personal data.
(4) The disposal and disposition of identifiable personal data and
automated systems shall be done by shredding, burning or in the case of
tapes or discs, degaussing, in accordance with any regulations now or
hereafter proposed by the General Services Administration or other
appropriate authority.
Sec. 2508.11 How shall offices maintaining a system of records be
accountable for those records to prevent unauthorized disclosure of
information?
(a) Each office maintaining a system of records shall account for
all records within such system by maintaining a written log in the form
prescribed by the Director, Administration and Management Services,
containing the following information:
(1) The date, nature, and purpose of each disclosure of a record to
any person or to another agency. Disclosures made to employees of the
Corporation in the normal course of their duties, or pursuant to the
provisions of the Freedom of Information Act, need not be accounted
for.
(2) Such accounting shall contain the name and address of the
person or agency to whom the disclosure was made.
(3) The accounting shall be maintained in accordance with a system
of records approved by the Director, Administration and Management
Services, as sufficient for the purpose but in any event sufficient to
permit the construction of a listing of all disclosures at appropriate
periodic intervals.
(4) The accounting shall reference any justification or basis upon
which any release was made including any written documentation required
when records are released for statistical or law enforcement purposes
under the provisions of subsection (b) of the Privacy Act of 1974 (5
U.S.C. 552a).
(5) For the purpose of this part, the system of accounting for
disclosures is not a system of records under the definitions hereof,
and need not be maintained within a system of records.
(6) Any subject individual may request access to an accounting of
disclosures of a record. The subject individual shall make a request
for access to an accounting in accordance with Sec. 2508.13. An
individual will be granted access to an accounting of the disclosures
of a record in accordance with the procedures of this subpart which
govern access to the related record. Access to an accounting of a
disclosure of a record made under Sec. 2508.13 may be granted at the
discretion of the Director, Administration and Management Services.
Sec. 2508.12 What are the contents of the systems of record that are
to be maintained by the Corporation?
(a) The Corporation shall maintain all records that are used in
making determinations about any individual with such accuracy,
relevance, timeliness, and completeness as is reasonably necessary to
assure fairness to the individual in the determination;
(b) In situations in which the information may result in adverse
determinations about such individual's rights, benefits and privileges
under any Federal program, all information placed in a system of
records shall, to the greatest extent practicable, be collected from
the individual to whom the record pertains.
(c) Each form or other document that an individual is expected to
complete in order to provide information for any system of records
shall have appended thereto, or in the body of the document:
(1) An indication of the authority authorizing the solicitation of
the information and whether the provision of the information is
mandatory or voluntary.
(2) The purpose or purposes for which the information is intended
to be used.
(3) Routine uses which may be made of the information and published
pursuant to Sec. 2508.6.
(4) The effect on the individual, if any, of not providing all or
part of the required or requested information.
(d) Records maintained in any system of records used by the
Corporation to make any determination about any individual shall be
maintained with such accuracy, relevancy, timeliness, and completeness
as is reasonably necessary to assure fairness to the individual in the
making of any determination about such individual, provided however,
that the Corporation shall not be required to update or keep current
retired records.
(e) Before disseminating any record about any individual to any
person other than an employee in the Corporation, unless the
dissemination is made pursuant to the provisions of the Freedom of
Information Act (5 U.S.C. 552), the Corporation shall make reasonable
efforts to ensure that such records are, or were at the time they were
collected, accurate, complete, timely and relevant for Corporation
purposes.
(f) Under no circumstances shall the Corporation maintain any
record about any individual with respect to or describing how such
individual exercises rights guaranteed by the First Amendment of the
Constitution of the United States, unless expressly authorized by
statute or by the individual about whom the record is maintained, or
unless pertinent to and within the scope of an authorized law
enforcement activity.
(g) In the event any record is disclosed as a result of the order
of a court of appropriate jurisdiction, the
[[Page 10876]]
Corporation shall make reasonable efforts to notify the individual
whose record was so disclosed after the process becomes a matter of
public record.
Sec. 2508.13 What are the procedures for acquiring access to
Corporation records by an individual about whom a record is maintained?
(a) Any request for access to records from any individual about
whom a record is maintained will be addressed to the Corporation for
National and Community Service, Office of the General Counsel, Attn:
Privacy Act Officer, Room 8200, 1201 New York Avenue, NW, Washington,
DC 20525, or delivered in person during regular business hours,
whereupon access to his or her record, or to any information contained
therein, if determined to be releasable, shall be provided.
(b) If the request is made in person, such individual may, upon his
or her request, be accompanied by a person of his or her choosing to
review the record and shall be provided an opportunity to have a copy
made of any record about such individual.
(c) A record may be disclosed to a representative chosen by the
individual as to whom a record is maintained upon the proper written
consent of such individual.
(d) A request made in person will be promptly complied with if the
records sought are in the immediate custody of the Corporation. Mailed
requests or personal requests for documents in storage or otherwise not
immediately available, will be acknowledged within 10 working days, and
the information requested will be promptly provided thereafter.
(e) With regard to any request for disclosure of a record, the
following procedures shall apply:
(1) Medical or psychological records shall be disclosed to an
individual unless, in the judgment of the Corporation, access to such
records might have an adverse effect upon such individual. When such
determination has been made, the Corporation may require that the
information be disclosed only to a physician chosen by the requesting
individual. Such physician shall have full authority to disclose all or
any portion of such record to the requesting individual in the exercise
of his or her professional judgment.
(2) Test material and copies of certificates or other lists of
eligibles or any other listing, the disclosure of which would violate
the privacy of any other individual, or be otherwise exempted by the
provisions of the Privacy Act, shall be removed from the record before
disclosure to any individual to whom the record pertains.
Sec. 2508.14 What are the identification requirements for individuals
who request access to records?
The Corporation shall require reasonable identification of all
individuals who request access to records to ensure that records are
disclosed to the proper person.
(a) In the event an individual requests disclosure in person, such
individual shall be required to show an identification card such as a
drivers license, etc., containing a photo and a sample signature of
such individual. Such individual may also be required to sign a
statement under oath as to his or her identity, acknowledging that he
or she is aware of the penalties for improper disclosure under the
provisions of the Privacy Act.
(b) In the event that disclosure is requested by mail, the
Corporation may request such information as may be necessary to
reasonably ensure that the individual making such request is properly
identified. In certain cases, the Corporation may require that a mail
request be notarized with an indication that the notary received an
acknowledgment of identity from the individual making such request.
(c) In the event an individual is unable to provide suitable
documentation or identification, the Corporation may require a signed
notarized statement asserting the identity of the individual and
stipulating that the individual understands that knowingly or willfully
seeking or obtaining access to records about another person under false
pretenses is punishable by a fine of up to $5,000.
(d) In the event a requestor wishes to be accompanied by another
person while reviewing his or her records, the Corporation may require
a written statement authorizing discussion of his or her records in the
presence of the accompanying representative or other persons.
Sec. 2508.15 What are the procedures for requesting inspection of,
amendment or correction to, or appeal of an individual's records
maintained by the Corporation other than that individual's official
personnel file?
(a) A request for inspection of any record shall be made to the
Director, Administration and Management Services. Such request may be
made by mail or in person provided, however, that requests made in
person may be required to be made upon a form provided by the Director
of Administration and Management Services who shall keep a current list
of all systems of records maintained by the Corporation and published
in accordance with the provisions of this regulation. However, the
request need not be in writing if the individual makes his or her
request in person. The requesting individual may request that the
Corporation compile all records pertaining to such individual at any
named Service Center/State Office, AmeriCorps*NCCC Campus, or at
Corporation Headquarters in Washington, DC, for the individual's
inspection and/or copying. In the event an individual makes such
request for a compilation of all records pertaining to him or her in
various locations, appropriate time for such compilation shall be
provided as may be necessary to promptly comply with such requests.
(b) Any such requests should contain, at a minimum, identifying
information needed to locate any given record and a brief description
of the item or items of information required in the event the
individual wishes to see less than all records maintained about him or
her.
(1) In the event an individual, after examination of his or her
record, desires to request an amendment or correction of such records,
the request must be submitted in writing and addressed to the
Corporation for National and Community Service, Office of the General
Counsel, Attn: Privacy Act Officer, Room 8200, 1201 New York Avenue,
NW, Washington, DC 20525. In his or her written request, the individual
shall specify:
(i) The system of records from which the record is retrieved;
(ii) The particular record that he or she is seeking to amend or
correct;
(iii) Whether he or she is seeking an addition to or a deletion or
substitution of the record; and,
(iv) His or her reasons for requesting amendment or correction of
the record.
(2) A request for amendment or correction of a record will be
acknowledged within 10 working days of its receipt unless the request
can be processed and the individual informed of the Privacy Act
Officer's decision on the request within that 10 day period.
(3) If the Privacy Act Officer agrees that the record is not
accurate, timely, or complete, based on a preponderance of the
evidence, the record will be corrected or amended. The record will be
deleted without regard to its accuracy, if the record is not relevant
or necessary to accomplish the Corporation's function for which the
record was provided or is maintained. In either case, the individual
will be informed in writing of the amendment, correction, or deletion
and, if
[[Page 10877]]
accounting was made of prior disclosures of the record, all previous
recipients of the record will be informed of the corrective action
taken.
(4) If the Privacy Act Officer does not agree that the record
should be amended or corrected, the individual will be informed in
writing of the refusal to amend or correct the record. He or she will
also be informed that he or she may appeal the refusal to amend or
correct his or her record in accordance with Sec. 2508.17.
(5) Requests to amend or correct a record governed by the
regulation of another government agency will be forwarded to such
government agency for processing and the individual will be informed in
writing of the referral.
(c) In the event an individual disagrees with the Privacy Act
Officer's initial determination, he or she may appeal such
determination to the Appeal Officer in accordance with Sec. 2508.17.
Such request for review must be made within 30 days after receipt by
the requestor of the initial refusal to amend.
Sec. 2508.16 What are the procedures for filing an appeal for refusal
to amend or correct records?
(a) In the event an individual desires to appeal any refusal to
correct or amend records, he or she may do so by addressing, in
writing, such appeal to the Corporation for National and Community
Service, Office of the Chief Operating Officer, Attn: Appeal Officer,
1201 New York Avenue NW, Washington, DC 20525. Although there is no
time limit for such appeals, the Corporation shall be under no
obligation to maintain copies of original requests or responses thereto
beyond 180 days from the date of the original request.
(b) An appeal will be completed within 30 working days from its
receipt by the Appeal Officer; except that, the appeal authority may,
for good cause, extend this period for an additional 30 days. Should
the appeal period be extended, the individual appealing the original
refusal will be informed in writing of the extension and the
circumstances of the delay. The individual's request for access to or
to amend or correct the record, the Privacy Act Officer's refusal to
amend or correct the record, and any other pertinent material relating
to the appeal will be reviewed. No hearing will be held.
(c) If the Appeal Officer determines that the record that is the
subject of the appeal should be amended or corrected, the record will
be amended or corrected and the individual will be informed in writing
of the amendment or correction. Where an accounting was made of prior
disclosures of the record, all previous recipients of the record will
be informed of the corrective action taken.
(d) If the appeal is denied, the subject individual will be
informed in writing:
(1) Of the denial and reasons for the denial;
(2) That he or she has a right to seek judicial review of the
denial; and
(3) That he or she may submit to the Appeal Officer a concise
statement of disagreement to be associated with the disputed record and
disclosed whenever the record is disclosed.
(e) Whenever an individual submits a statement of disagreement to
the Appeal Officer in accordance with paragraph (d)(3) of this section,
the record will be annotated to indicate that it is disputed. In any
subsequent disclosure, a copy of the subject individual's statement of
disagreement will be disclosed with the record. If the appeal authority
deems it appropriate, a concise statement of the Appeal Officer's
reasons for denying the individual's appeal may also be disclosed with
the record. While the individual will have access to this statement of
reasons, such statement will not be subject to correction or amendment.
Where an accounting was made of prior disclosures of the record, all
previous recipients of the record will be provided a copy of the
individual's statement of disagreement, as well as the statement, if
any, of the Appeal Officer's reasons for denying the individual's
appeal.
Sec. 2508.17 When shall fees be charged and at what rate?
(a) No fees shall be charged for search time or for any other time
expended by the Corporation to review or produce a record except where
an individual requests that a copy be made of the record to which he or
she is granted access. Where a copy of the record must be made in order
to provide access to the record (e.g., computer printout where no
screen reading is available), the copy will be made available to the
individual without cost.
(b) The applicable fee schedule is as follows:
(1) Each copy of each page, up to 8 \1/2\'' x 14'', made by
photocopy or similar process is $0.10 per page.
(2) Each copy of each microform frame printed on paper is $0.25.
(3) Each aperture card is $0.25.
(4) Each 105-mm fiche is $0.25.
(5) Each 100' foot role of 35-mm microfilm is $7.00.
(6) Each 100' foot role of 16-mm microfilm is $6.00.
(7) Each page of computer printout without regard to the number of
carbon copies concurrently printed is $0.20.
(8) Copying records not susceptible to photocopying (e.g., punch
cards or magnetic tapes), at actual cost to be determined on a case-by-
case basis.
(9) Other copying forms (e.g., typing or printing) will be charged
at direct costs, including personnel and equipment costs.
(c) All copying fees shall be paid by the individual before the
copying will be undertaken. Payments shall be made by check or money
order payable to the ``Corporation for National and Community
Service,'' and provided to the Privacy Act Officer processing the
request.
(d) A copying fee shall not be charged or collected, or
alternatively, it may be reduced, when it is determined by the Privacy
Act Officer, based on a petition, that the petitioning individual is
indigent and that the Corporation's resources permit a waiver of all or
part of the fee. An individual is deemed to be indigent when he or she
is without income or lacks the resources sufficient to pay the fees.
(e) Special and additional services provided at the request of the
individual, such as certification or authentication, postal insurance
and special mailing arrangement costs, will be charged to the
individual.
(f) A copying fee totaling $5.00 or less shall be waived, but the
copying fees for contemporaneous requests by the same individual shall
be aggregated to determine the total fee.
Sec. 2508.18 What are the penalties for obtaining a record under false
pretenses?
The Privacy Act provides, in pertinent part that:
(a) Any person who knowingly and willfully requests to obtain any
record concerning an individual from the Corporation under false
pretenses shall be guilty of a misdemeanor and fined not more than
$5,000 (5 U.S.C. 552a(I)(3)).
(b) A person who falsely or fraudulently attempts to obtain records
under the Privacy Act also may be subject to prosecution under such
other criminal statutes as 18 U.S.C. 494, 495 and 1001.
Sec. 2508.19 What Privacy Act exemptions or control of systems of
records are exempt from disclosure?
(a) Certain systems of records that are maintained by the
Corporation are exempted from provisions of the Privacy Act in
accordance with exemptions (j) and (k) of 5 U.S.C. 552a.
(1) Exemption of Inspector General system of records. Pursuant to,
and limited by 5 U.S.C. 552a(j)(2), the system of records maintained by
the
[[Page 10878]]
Office of the Inspector General that contains the Investigative Files
shall be exempted from the provisions of 5 U.S.C. 552a, except
subsections (b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6)(7), (9),
(10), and (11), and (I), and 45 CFR 2508.11, 2508.12, 2508.13, 2508.14,
2508.15, 2508.16, and 2508.17, insofar as the system contains
information pertaining to criminal law enforcement investigations.
(2) Pursuant to, and limited by 5 U.S.C. 552a(k)(2), the system of
records maintained by the Office of the Inspector General that contains
the Investigative Files shall be exempted from 5 U.S.C. 552a (c)(3),
(d), (e)(1), (e)(4) (G), (H), and (I), and (f), and 45 CFR 2508.11,
2508.12, 2508.13, 2508.14, 2508.15, 2508.16, and 2508.17, insofar as
the system contains investigatory materials compiled for law
enforcement purposes.
(b) Exemptions to the General Counsel system of records. Pursuant
to, and limited by 5 U.S.C. 552a(d)(5), the system of records
maintained by the Office of the General Counsel that contains the Legal
Office Litigation/Correspondence Files shall be exempted from the
provisions of 5 U.S.C. 552a(d)(5), and 45 CFR 2508.4, insofar as the
system contains information compiled in reasonable anticipation of a
civil action or proceeding.
Sec. 2508.20 What are the restrictions regarding the release of
mailing lists?
An individual's name and address may not be sold or rented by the
Corporation unless such action is specifically authorized by law. This
section does not require the withholding of names and addresses
otherwise permitted to be made public.
Dated: February 25, 1999.
Thomas L. Bryant,
Acting General Counsel.
[FR Doc. 99-5141 Filed 3-4-99; 8:45 am]
BILLING CODE 6050-28-P
