General Services Administration Property Management Regulations; GSA Privacy Act Rules, 3781-3786 [06-669]

Download as PDF Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations decide to hold a public hearing, this direct final rule will be revoked and the final deadline for submitting comments will be extended. EPA will notify any persons who submit comments on this notice if there is a public hearing. In addition, anyone who wishes to learn whether the hearing will be held may call the EPA representative listed in the FOR FURTHER INFORMATION CONTACT rmajette on PROD1PC67 with RULES section above. Copies of Maine’s application are available for inspection and copying at the location indicated in the ADDRESSES section of this direct final rule. IV. Regulatory Assessments The Office of Management and Budget has exempted this type of action from the requirements of Executive Order 12866; therefore, this action is not subject to review by OMB. This action approves State requirements for the purposes of RCRA and imposes no additional requirements beyond those imposed by State law. Accordingly, this action will not have a significant economic impact on a substantial number of small entities under the Regulatory Flexibility Act (5 U.S.C. 601 et seq.). Because this action authorizes pre-existing requirements under State law and does not impose any additional enforceable duty beyond that required by State law, it does not contain any unfunded mandate or significantly or uniquely affect small governments, as described in the Unfunded Mandates Reform Act of 1995 (Pub. L. 104–4). For the same reason, and because this action has no effect in Indian country, this action also does not significantly or uniquely affect the communities or Tribal governments, as specified by Executive Order 13175 (65 FR 67249, November 9, 2000). This action will not have substantial direct effects on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government, as specified in Executive Order 13132 (64 FR 43255, August 10, 1999), because it merely approves State requirements as part of the State RCRA program without altering the relationship or the distribution of power and responsibilities established by RCRA. This action also is not subject to Executive Order 13045 (62 FR 19885, April 23, 1997), because it is not economically significant and it does not make decisions based on environmental health or safety risks. This rule is not subject to Executive Order 13211, ‘‘Actions Concerning Regulations That Significantly Affect Energy Supply, Distribution, or Use’’ (66 FR 28355 (May VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 22, 2001) ) because it is not a significant regulatory action under Executive Order 12866. Under RCRA, EPA grants a State’s application as long as the State meets the criteria required by RCRA. It would thus be inconsistent with applicable law for EPA, when it reviews a State application, to require the use of any particular voluntary consensus standard in place of another standard that otherwise satisfies the requirements of RCRA. Thus, the requirements of section 12(d) of the National Technology Transfer and Advancement Act of 1995 (15 U.S.C. 272 note) do not apply. This rule does not impose an information collection burden under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). The Congressional Review Act, 5 U.S.C. 801 et seq., as added by the Small Business Regulatory Enforcement Fairness Act of 1996, generally provides that before a rule may take effect, the agency promulgating the rule must submit a rule report, which includes a copy of the rule, to each House of the Congress and to the Comptroller General of the United States. EPA will submit a report containing this document and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States prior to publication in the Federal Register. This action is not a ‘‘major rule’’ as defined by 5 U.S.C. 804(2) and therefore is not subject to the additional requirements for major rules. List of Subjects 40 CFR Part 239 Environmental protection, Administrative practice and procedure, Intergovernmental relations, Waste treatment and disposal. 40 CFR Part 257 Waste treatment and disposal. 40 CFR Part 258 Reporting and recordkeeping requirements, Waste treatment and disposal, Water pollution control. Authority: This action is issued under the authority of the Solid Waste Disposal Act as amended 42 U.S.C. 6912, 6945, 6949(a). Dated: December 27, 2005. Robert Varney, Regional Administrator, New England. [FR Doc. 06–627 Filed 1–23–06; 8:45 am] BILLING CODE 6560–50–P PO 00000 Frm 00029 Fmt 4700 Sfmt 4700 3781 GENERAL SERVICES ADMINISTRATION 41 CFR Part 105 [GSPMR Amendment 2006–01; GSPMR Case 2006–105–1] General Services Administration Property Management Regulations; GSA Privacy Act Rules Office of the Chief People Officer, General Services Administration (GSA). ACTION: Final rule. AGENCY: SUMMARY: The General Services Administration (GSA) is revising its Privacy Act rules to reflect organizational changes and to update policies and procedures. This revision informs individuals of procedures for obtaining personal information in GSA’s systems of records and provides current organizational titles and addresses of offices to contact about the GSA Privacy Program and the systems of records that are maintained by GSA. DATES: Effective January 24, 2006. FOR FURTHER INFORMATION CONTACT: GSA Privacy Act Officer, General Services Administration, Office of the Chief People Officer, 1800 F Street NW, Washington DC 20405; telephone (202) 501–1452; or e-mail at gsa.privacyact@gsa.gov. GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW, Washington, DC 20405. ADDRESSES: SUPPLEMENTARY INFORMATION: A. Background GSA undertook a project that focused on making sure that all GSA Privacy Act Rules are still relevant, necessary, and covered by a legal or regulatory authority and that the GSA regulations implementing the Privacy Act Rules reflect the current GSA organization, policies, standards, and practices. As a result of this review GSA is publishing updated Privacy Act Rules. Nothing in the final rule indicates a change in authorities or practices regarding the collection and maintenance of information. The changes do not impact individuals’ rights to access or amend their records in the systems of records. B. Executive Order 12866 This is not a significant regulatory action and, therefore, was not subject to review under Section 6(b) of Executive Order 12866, Regulatory Planning and Review, dated September 30, 1993. This rule is not a major rule under 5 U.S.C. 804. E:\FR\FM\24JAR1.SGM 24JAR1 3782 Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations C. Regulatory Flexibility Act The Regulatory Flexibility Act does not apply to this final rule. It is not expected to have a significant economic impact on small business entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq. D. Paperwork Reduction Act The Paperwork Reduction Act does not apply because the rule imposes no record keeping or information collection requirements nor the collection of information from offerors, contractors, or members of the public that would require the approval of the Office of Management and Budget (OMB) under 44 U.S.C. 3501, et seq.; and the rule is exempt from Congressional review under 5 U.S.C. 801. List of Subjects in 41 CFR Part 105–64 Privacy. Dated: January 11, 2006. June V. Huber, Director,Office of Information Management,Office of the Chief People Officer. Therefore, GSA is revising 41 CFR part 105–64 as follows: I PART 105–64—GSA PRIVACY ACT RULES Sec. 105–64.000 part? 105–64.001 part? What is the purpose of this What terms are defined in this rmajette on PROD1PC67 with RULES Subpart 105–64.1—Policies and Responsibilities 105–64.101 Who is responsible for enforcing these rules? 105–64.102 What is GSA’s policy on disclosure of information in a system of records? 105–64.103 What is GSA’s policy on collecting and using information in a system of records? 105–64.104 What must the system manager tell me when soliciting information for a system of records? 105–64.105 When may Social Security Numbers (SSNs) be collected? 105–64.106 What is GSA’s policy on information accuracy in a system of records? 105–64.107 What standards of conduct apply to employees with privacy-related responsibilities? 105–64.108 How does GSA safeguard personal information? 105–64.109 How does GSA handle other agencies’ records? 105–64.110 When may GSA establish computer matching programs? 105–64.111 What is GSA’s policy on directives that may conflict with these rules? VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 Subpart 105–64.2—Access to Records 105–64.201 How do I get access to my records? 105–64.202 How do I request access in person? 105–64.203 How do I request access in writing? 105–64.204 Can parents and guardians obtain access to records? 105–64.205 Who will provide access to my records? 105–64.206 How long will it take to get my record? 105–64.207 Are there any fees? 105–64.208 What special conditions apply to release of medical records? 105–64.209 What special conditions apply to accessing law enforcement and security records? Subpart 105–64.3—Denial of Access to Records 105–64.301 Under what conditions will I be denied access to a record? 105–64.302 How will I be denied access? 105–64.303 How do I appeal a denial to access a record? 105–64.304 How are administrative appeal decisions made? 105–64.305 What is my recourse to an appeal denial? Subpart 105–64.4—Amending Records 105–64.401 Can I amend my records? 105–64.402 What records are not subject to amendment? 105–64.403 What happens when I submit a request to amend a record? 105–64.404 How do I agree to an alternative amendment? 105–64.405 Can I appeal a denial to amend a record? 105–64.406 How will my appeal be handled? 105–64.407 How do I file a Statement of Disagreement? 105–64.408 What is my recourse to a denial decision? Subpart 105–64.5—Disclosure of Records 105–64.501 Under what conditions may a record be disclosed without my consent? 105–64.502 How do I find out if my record has been disclosed? 105–64.503 What is an accounting of disclosures? 105–64.504 Under what conditions will I be denied an accounting of disclosures? Subpart 105–64.6—Establishing or Revising Systems of Records in GSA 105–64.601 Procedures for establishing system of records. Subpart 105–64.7—Assistance and Referrals 105–64.701 Submittal of requests for assistance and referrals. Appendix A to Part 105–64—Addresses for Geographically Dispersed Records Authority: 5 U.S.C. 552a. § 105–64.000 part? What is the purpose of this This part implements the General Services Administration (GSA) rules PO 00000 Frm 00030 Fmt 4700 Sfmt 4700 under the Privacy Act of 1974, 5 U.S.C. 552a, as amended. The rules cover the GSA systems of records from which information is retrieved by an individual’s name or personal identifier. These rules set forth GSA’s policies and procedures for accessing, reviewing, amending, and disclosing records covered by the Privacy Act. § 105–64.001 this part? What terms are defined in GSA defines the following terms to ensure consistency of use and understanding of their meaning under this part: Agency means any organization covered by the Privacy Act as defined in 5 U.S.C. 551(1) and 5 U.S.C. 552a (a)(1). GSA is such an agency. Individual means a citizen of the United States or a legal resident alien on whom GSA maintains Privacy Act records. An individual may be addressed as you when information is provided for the individual’s use. System of records means a group of records from which information is retrieved by the name of an individual, or by any number, symbol, or other identifier assigned to that individual. Record means any item, collection, or grouping of information about an individual within a system of records which contains the individual’s name or any other personal identifier such as number or symbol, fingerprint, voiceprint, or photograph. The information may relate to education, financial transactions, medical conditions, employment, or criminal history collected in connection with an individual’s interaction with GSA. Request for access means a request by an individual to obtain or review his or her record or information in the record. Disclosure of information means providing a record or the information in a record to someone other than the individual of record. Exempt records means records exempted from access by an individual under the Privacy Act, subsections (j)(1), Central Intelligence Agency, (j)(2) and (k)(2), law enforcement, (k)(1), Section 552 (b)(1), (k)(3), protective services to the President, (k)(4), statistical records, (k)(5), employee background investigations, (k)(6), federal service disclosure, and (k)(7), promotion in armed services. Solicitation means a request by an officer or employee of GSA for an individual to provide information about himself or herself for a specified purpose. Routine use means disclosure of a record outside GSA for the purpose for E:\FR\FM\24JAR1.SGM 24JAR1 Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations which it is intended, as specified in the systems of records notices. Computer matching program means the computerized comparison of two or more Federal personnel or payroll systems of records, or systems of records used to establish or verify an individual’s eligibility for Federal benefits or to recoup delinquent debts. System manager means the GSA associate responsible for a system of records and the information in it, as noted in the Federal Register systems of records notices. Subpart 105–64.1—Policies and Responsibilities § 105–64.101 Who is responsible for enforcing these rules? GSA Heads of Services and Staff Offices and Regional Administrators are responsible for ensuring that all systems of records under their jurisdiction meet the provisions of the Privacy Act and these rules. System managers are responsible for the system(s) of records assigned to them. The GSA Privacy Act Officer oversees the GSA Privacy Program and establishes privacy-related policy and procedures for the agency under the direction of the GSA Senior Agency Official for Privacy. § 105–64.102 What is GSA’s policy on disclosure of information in a system of records? § 105–64.103 What is GSA’s policy on collecting and using information in a system of records? System managers must collect information that is used to determine your rights, benefits, or privileges under GSA programs directly from you whenever practical, and use the information only for the intended purpose(s). rmajette on PROD1PC67 with RULES § 105–64.104 What must the system manager tell me when soliciting personal information? When soliciting information from you or a third party for a system of records, system managers must: cite the authority for collecting the information; say whether providing the information is mandatory or voluntary; give the purpose for which the information will be used; state the routine uses of the information; and describe the effect on you, if any, of not providing the information. Any information solicitation forms will contain this information. VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 § 105–64.105 When may Social Security Numbers (SSNs) be collected? Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of identification. Systems without statutory or regulatory authority implemented after January 1, 1975, will not collect Social Security Numbers. § 105–64.111 What is GSA’s policy on directives that may conflict with these rules? These rules take precedence over any GSA directive that may conflict with the requirements stated here. GSA officials will ensure that no such conflict exists in new or existing directives. Subpart 105–64.2—Access to Records § 105–64.106 What is GSA’s policy on information accuracy in a system of records? § 105–64.201 records? System managers will ensure that all Privacy Act records are accurate, relevant, necessary, timely, and complete. You may request access to your record in person or by writing to the system manager or, in the case of geographically dispersed records, to the office maintaining the records (see Appendix A). Parents or guardians may obtain access to records of minors or when a court has determined that the individual of record is incompetent. § 105–64.107 What standards of conduct apply to employees with privacy-related responsibilities? Employees who design, develop, operate, or maintain Privacy Act record systems will protect system security, avoid unauthorized disclosure of information, both verbal and written, and ensure that no system of records is maintained without public notice. All such employees will follow the standards of conduct in 5 CFR part 2635, 5 CFR part 6701, 5 CFR part 735, and 5 CFR part 2634 to protect personal information. § 105–64.108 How is personal information safeguarded? No information contained in a Privacy Act system of records will be disclosed to third parties without the written consent of you, the individual of record, except under the conditions cited in § 105–64.501. 3783 System managers will establish administrative, technical, and physical safeguards to ensure the security and confidentiality of records, protect the records against possible threats or hazards, and permit access only to authorized persons. Automated systems will incorporate security controls such as password protection, verification of identity of authorized users, detection of break-in attempts, firewalls, or encryption, as appropriate. § 105–64.109 How does GSA handle other agencies’ records? In cases where GSA has either permanent or temporary custody of other agencies’ records, system managers will coordinate with those agencies on any release of information. Office of Personnel Management (OPM) records that are in GSA’s custody are subject to OPM’s Privacy Act rules. § 105–64.110 When may GSA establish computer matching programs? System managers will establish computer matching programs or agreements for sharing information with other agencies only with the consent and under the direction of the GSA Data Integrity Board that will be established when and if computer matching programs are used at GSA. PO 00000 Frm 00031 Fmt 4700 Sfmt 4700 § 105–64.202 person? How do I get access to my How do I request access in If appearing in person, you must properly identify yourself through photographic identification such as an agency identification badge, passport, or driver’s license. Records will be available during normal business hours at the offices where the records are maintained. You may examine the record and be provided a copy on request. If you want someone else to accompany you when reviewing a record, you must first sign a statement authorizing the disclosure of the record; the statement will be maintained with your record. § 105–64.203 writing? How do I request access in If you request access in writing, mark both the envelope and the request letter ‘‘Privacy Act Request.’’ Include in the request your full name and address; a description of the records you seek; the title and number of the system of records as published in the Federal Register; a brief description of the nature, time, and place of your association with GSA; and any other information you believe will help in locating the record. § 105–64.204 How do parents or guardians obtain access to records? If you are the parent or guardian of a minor, or of a person judicially determined to be incompetent, you must provide full information about the individual of record. You also must properly identify yourself and provide a copy of the birth certificate of the individual, or a court order establishing guardianship, whichever applies. E:\FR\FM\24JAR1.SGM 24JAR1 3784 § 105–64.205 my record? Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations Who will provide access to The system manager will make a record available to you on request, unless special conditions apply, such as for medical, law enforcement, and security records. § 105–64.206 my record? How long will it take to get The system manager will make a record available within 10 workdays after receipt of your request. If a delay of more than 10 workdays is expected, the system manager will notify you in writing of the reason for the delay and when the record will be available. The system manager may ask you for additional information to clarify your request. The system manager will have an additional 10 workdays after receipt of the new information to provide the record to you, or provide another acknowledgment letter if a delay in locating the record is expected. § 105–64.207 Are there any fees? No fees are charged for records when the total fee is less than $25. The system manager may waive the fee above this amount if providing records without charge is customary or in the public interest. When the cost exceeds $25, the fee for a paper copy is 10 cents per page, and the fee for materials other than paper copies is the actual cost of reproduction. For fees above $250, advance payment is required. You should pay by check or money order made payable to the General Services Administration, and provide it to the system manager. § 105–64.208 What special conditions apply to release of medical records? Medical records containing information that may have an adverse effect upon a person will be released only to a physician designated in writing by you, or by your guardian or conservator. Medical records in an Official Personnel Folder (OPF) fall under the jurisdiction of the Office of Personnel Management (OPM) and will be referred to OPM for a response. rmajette on PROD1PC67 with RULES § 105–64.209 What special conditions apply to access of law enforcement and security records? Law enforcement and security records are generally exempt from disclosure to individuals except when the system manager, in consultation with legal counsel and the Head of the Service or Staff Office or Regional Administrator or their representatives, determines that information in a record has been used or is being used to deny you any right, privilege, or benefit for which you are eligible or entitled under Federal law. If VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 so, the system manager will notify you of the existence of the record and disclose the information, but only to the extent that the information does not identify a confidential source. If disclosure of information could reasonably be expected to identify a confidential source, the record will not be disclosed to you unless it is possible to delete all such information. A confidential source is a person or persons who furnished information during Federal investigations with the understanding that his or her identity would remain confidential. Subpart 105–64.3—Denial of Access to Records § 105–64.301 Under what conditions will I be denied access to a record? The system manager will deny access to a record that is being compiled in the reasonable anticipation of a civil action or proceeding or to records that are specifically exempted from disclosure by GSA in its system of records notices, published in the Federal Register. Exempted systems include the Investigation Case Files, Internal Evaluation Case Files, and Security Files. These systems are exempted to maintain the effectiveness and integrity of investigations conducted by the Office of Inspector General, and others, as part of their duties and responsibilities involving Federal employment, contracts, and security. § 105–64.302 How will I be denied access? If you request access to a record in an exempt system of records, the system manager will consult with the Head of Service or Staff Office or Regional Administrator or their representatives, legal counsel, and other officials as appropriate, to determine if all or part of the record may be disclosed. If the decision is to deny access, the system manager will provide a written notice to you giving the reason for the denial and your appeal rights. § 105–64.303 How do I appeal a denial to access a record? If you are denied access to a record in whole or in part, you may file an administrative appeal within 30 days of the denial. The appeal should be in writing and addressed to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW, Washington DC 20405. Mark both the envelope and the appeal letter ‘‘Privacy Act Appeal.’’ consulting with legal counsel and appropriate officials. The Privacy Act Officer may grant record access if the appeal is granted. If the decision is to reject the appeal, the Privacy Act Officer will provide all pertinent information about the case to the Deputy Administrator and ask for a final administrative decision. The Deputy Administrator may grant access to a record, in which case the Privacy Act Officer will notify you in writing, and the system manager will make the record available to you. If the Deputy Administrator denies the appeal, he or she will notify you in writing of the reason for rejection and of your right to a judicial review. The administrative appeal review will take no longer than 30 workdays after the Privacy Act Officer receives the appeal. The Deputy Administrator may extend the time limit by notifying you in writing of the extension and the reason for it before the 30 days are up. § 105–64.305 What is my recourse to an appeal denial? You may file a civil action to have the GSA administrative decision overturned within two years after the decision is made. You may file in a Federal District Court where you live or have a principal place of business, where the records are maintained, or in the District of Columbia. Subpart 105–64.4—Amending a Record § 105–64.401 Can I amend my record? You may request to amend your record by writing to the system manager with the proposed amendment. Mark both the envelope and the letter ‘‘Privacy Act Request to Amend Record.’’ § 105–64.402 What records are not subject to amendment? You may not amend the following records under the law: (a) Transcripts of testimony given under oath or written statements made under oath. (b) Transcripts of grand jury proceedings, judicial proceedings, or quasi-judicial proceedings which constitute the official record of the proceedings. (c) Pre-sentence reports that are maintained within a system of records but are the property of the courts. (d) Records exempted from amendment by notice published in the Federal Register. § 105–64.304 How are administrative appeal decisions made? § 105–64.403 What happens when I submit a request to amend a record? The GSA Privacy Act Officer will conduct a review of your appeal by The system manager will consult with the Head of Service or Staff Office or PO 00000 Frm 00032 Fmt 4700 Sfmt 4700 E:\FR\FM\24JAR1.SGM 24JAR1 Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations Regional Administrator or their representatives, and legal counsel. They will determine whether to amend an existing record by comparing its accuracy, relevance, timeliness, and completeness with the amendment you propose. The system manager will notify you within 10 workdays whether your proposed amendment is approved or denied. In case of an expected delay, the system manager will acknowledge receipt of your request in writing and provide an estimate of when you may expect a decision. If your request to amend is approved, the system manager will amend the record and send an amended copy to you and to anyone who had previously received the record. If your request to amend is denied, the system manager will advise you in writing, giving the reason for denial, a proposed alternative amendment if possible, and your appeal rights. The system manager also will notify the GSA Privacy Act Officer of any request for amendment and its disposition. § 105–64.404 What must I do if I agree to an alternative amendment? If you agree to the alternative amendment proposed by the system manager, you must notify the manager in writing of your concurrence. The system manager will amend the record and send an amended copy to you and to anyone else who had previously received the record. § 105–64.405 Can I appeal a denial to amend a record? You may file an appeal within 30 workdays of a denial to amend your record by writing to the: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW, Washington DC 20405. Mark both the envelope and the appeal letter ‘‘Privacy Act Amendment Appeal.’’ Appeals to amend records in a GSA employee’s official personnel file will be sent to the Office of Personnel Management, Washington DC 20415. rmajette on PROD1PC67 with RULES § 105–64.406 handled? How will my appeal be The GSA Privacy Act Officer will consult with legal counsel and appropriate GSA officials concerning your appeal. If they decide to reject your appeal, the Privacy Act Officer will provide the Deputy Administrator with all pertinent information about the case and request a final administrative decision. The Deputy Administrator may approve your amendment, in which case the Privacy Act Officer will notify you in writing, and the system manager will amend the record and send an amended copy to you and anyone who had previously been VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 provided with the record. If the Deputy Administrator denies the appeal, he or she will notify you in writing of the reason for denial, of your right to a judicial review, and of your right to file a Statement of Disagreement. The amendment appeal review will be made within 30 workdays after the Privacy Act Officer receives your appeal. The Deputy Administrator may extend the time limit by notifying you in writing of the reason for the extension before the 30 days are up. § 105–64.407 How do I file a Statement of Disagreement? You may file a Statement of Disagreement with the system manager within 30 days of the denial to amend a record. The statement should explain why you believe the record to be inaccurate, irrelevant, untimely, or incomplete. The system manager will file the statement with your record, provide a copy to anyone who had previously received the record, and include a copy of it in any future disclosure. § 105–64.408 What is my recourse to a denial decision? You may file a civil action to have the GSA decision overturned within two years after denial of an amendment appeal. You may file the civil action in a Federal District Court where you live or have a principal place of business, where the records are maintained, or in the District of Columbia. Subpart 105–64.5—Disclosure of Records § 105–64.501 Under what conditions may a record be disclosed without my consent? A system manager may disclose your record without your consent under the Privacy Act when the disclosure is: to GSA officials or employees in the performance of their official duties; required by the Freedom of Information Act; for a routine use stated in a Federal Register notice; to the Bureau of the Census for use in fulfilling its duties; for statistical research or reporting, and only when the record is not individually identifiable; to the National Archives and Records Administration (NARA) when the record has been determined to be of historical or other value that warrants permanent retention; to a U.S. law enforcement agency or instrumentality for a civil or criminal law enforcement purpose; under compelling circumstances affecting an individual’s health and safety, and upon disclosure a notification will be sent to the individual; to Congress or its committees and subcommittees when the record material falls within their PO 00000 Frm 00033 Fmt 4700 Sfmt 4700 3785 jurisdiction; to the Comptroller General or an authorized representative in the performance of the duties of the Government Accountability Office (GAO); under a court order; or to a consumer reporting agency under the Federal Claims Collection Act of 1966, 31 U.S.C. 3711. § 105–64.502 How do I find out if my record has been disclosed? You may request an accounting of the persons or agencies to whom your record has been disclosed, including the date and purpose of each disclosure, by writing to the system manager. Mark both the envelope and the letter ‘‘Privacy Act Accounting Request.’’ The system manager will provide the requested information in the same way as that for granting access to records, see Subpart 105–64.2, providing no restrictions to disclosure or accounting of disclosures applies. § 105–64.503 What is an accounting of disclosures? The system manager maintains an account of each record disclosure for five years or for the life of the record, whichever is longer. The accounting of disclosure information includes the name of the person or agency to whom your record has been provided, the date, the type of information disclosed, and the reason for disclosure. Other pertinent information, such as justifications for disclosure and any written consent that you may have provided, is also included. No accounting needs to be maintained for disclosures to GSA officials or employees in the performance of their duties, or disclosures under the Freedom of Information Act. § 105–64.504 Under what conditions will I be denied an accounting of disclosures? The system manager will deny your request for an accounting of disclosures when the disclosures are to GSA officials or employees in the performance of their duties or disclosures under the Freedom of Information Act, for which no accounting is required; law enforcement agencies for law enforcement activities; and systems of records exempted by notice in the Federal Register. You may appeal a denial using the same procedures as those for denial of access to records, see Subpart 105–64.3. E:\FR\FM\24JAR1.SGM 24JAR1 3786 Federal Register / Vol. 71, No. 15 / Tuesday, January 24, 2006 / Rules and Regulations Subpart 105–64.6—Establishing or Revising Systems of Records in GSA § 105–64.601 Procedures for establishing system of records. The following procedures apply to any proposed new or revised system of records: (a) Before establishing a new or revising an existing system of records, the system manager, with the concurrence of the appropriate Head of Service or Staff Office, will provide to the GSA Privacy Act Officer a proposal describing and justifying the new system or revision. (b) The GSA Privacy Act Officer will submit a proposal to establish or revise the system to the President of the Senate, the Speaker of the House of Representatives, and the Director of the Office of Management and Budget (OMB) for evaluation at least 40 calendar days before the planned system establishment or revision date. (c) The GSA Privacy Act Officer will publish in the Federal Register a notice of intent to establish or revise the system of records at least 30 calendar days before the planned system establishment or revision date. (d) The new or revised system becomes effective 30 calendar days after the notice is published in the Federal Register unless submitted comments result in a revision to the notice, in which case, a new revised notice will be issued. Subpart 105–64.7—Assistance and Referrals § 105–64.701 Submittal of requests for assistance and referrals. Address requests for assistance involving GSA Privacy Act rules and procedures, or for referrals to system managers or GSA officials responsible for implementing these rules to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street N.W., Washington DC 20405. Rico, and Virgin Islands), 26 Federal Plaza, New York, NY 10278. Mid-Atlantic Region (includes Delaware, Maryland, Pennsylvania, Virginia, and West Virginia, but excludes the National Capital Region), The Strawbridge Building, 20 North 8th Street, Philadelphia, PA 19107–3191. Southeast-Sunbelt Region (includes Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee), Office of the Regional Administrator (4A), 77 Forsyth Street, Atlanta, GA 30303. Great Lakes Region (includes Illinois, Indiana, Michigan, Ohio, Minnesota, and Wisconsin), 230 South Dearborn Street, Chicago, IL 60604–1696. The Heartland Region (includes Iowa, Kansas, Missouri, and Nebraska), 1500 East Bannister Road, Kansas City, MO 64131–3088. Greater Southwest Region (includes Arkansas, Louisiana, Oklahoma, New Mexico, and Texas), 819 Taylor Street, Fort Worth, TX 76102. Rocky Mountain Region (includes Colorado, Montana, North Dakota, South Dakota, Utah, and Wyoming), U.S. General Services Administration, DFC, Bldg. 41, Rm. 210, P.O. Box 25006, Denver, CO 80225–0006. Pacific Rim Region (includes Arizona, California, Hawaii, and Nevada), 450 Golden Gate Avenue, San Francisco, CA 94102–3400. Northwest/Arctic Region (includes Alaska, Idaho, Oregon, and Washington), 400 15th Street SW, Auburn, WA 98001–6599. National Capital Region (includes the District of Columbia; the counties of Montgomery and Prince George’s in Maryland; the city of Alexandria, Virginia; and the counties of Arlington, Fairfax, Loudoun, and Prince William in Virginia), 7th and D Streets, SW, Washington, DC 20407. [FR Doc. 06–669 Filed 1–23–06; 8:45 am] BILLING CODE 6820–34–S rmajette on PROD1PC67 with RULES Appendix A to Part 105–64—Addresses for Geographically Dispersed Records DEPARTMENT OF TRANSPORTATION Address requests for physically dispersed records, as noted in the system of records notices, to the Regional Privacy Act Coordinator, General Services Administration, at the appropriate regional GSA office, as follows: New England Region (includes Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont), 10 Causeway Street, Boston, MA 02222. Northeast and Caribbean Region (includes New Jersey, New York, Puerto National Highway Traffic Safety Administration VerDate Aug<31>2005 14:40 Jan 23, 2006 Jkt 208001 49 CFR Part 571 [Docket No. NHTSA–2006–23651] RIN 2127–AJ81 Federal Motor Vehicle Safety Standards; Controls, Telltales and Indicators National Highway Traffic Safety Administration (NHTSA), Department of Transportation (DOT). AGENCY: PO 00000 Frm 00034 Fmt 4700 Sfmt 4700 ACTION: Final rule; delay of effective date. SUMMARY: In a final rule of August 17, 2005 (70 FR 48295), we updated our standard regulating motor vehicle controls, telltales and indicators. The standard specifies requirements for the location, identification, and illumination of these items. The rule extended the standard’s telltale and indicator requirements to vehicles with a Gross Vehicle Weight Rating (GVWR) of 4,536 kg (10,000 pounds) and greater, updated the standard’s requirements for multi-function controls and multi-task displays to make the requirements appropriate for advanced systems, and reorganized the standard to make it easier to read. The final rule announced an effective date of February 13, 2006, and a compliance date of February 13, 2006 for requirements applicable to vehicles under 4,536 kg (10,000 pounds) GVWR. In response to a petition for extension of the effective date from the Alliance of Automobile Manufacturers (Alliance), this final rule announces a delay in the effective date to September 1, 2006. The additional time allows us to consider issues raised by the Alliance and other petitioners in petitions to reconsider certain items and identifications described in the August 17, 2005 final rule. DATES: Effective date: The effective date of the rule amending 49 CFR 571.101 published at 70 FR 48295, August 17, 2005 is delayed until September 1, 2006. Compliance date: The compliance date for the extension of the standard’s telltale and indicator requirements to vehicles with a GVWR of 4,536 kg (10,000 pounds) or greater is September 1, 2013. The compliance date for all other requirements is delayed until September 1, 2006. Voluntary compliance is permitted as of August 17, 2005. Petitions for reconsideration: Petitions for reconsideration of this final rule must be received not later than March 10, 2006. ADDRESSES: Petitions for reconsideration of the final rule must refer to the docket and notice number set forth above and be submitted to the Administrator, National Highway Traffic Safety Administration, 400 Seventh Street, SW., Washington, DC 20590, with a copy to Docket Management, Room PL– 401, 400 Seventh Street, SW., Washington, DC 20590. FOR FURTHER INFORMATION CONTACT: For non-legal issues you may call Ms. Gayle Dalrymple, Office of Crash Avoidance E:\FR\FM\24JAR1.SGM 24JAR1

Agencies

[Federal Register Volume 71, Number 15 (Tuesday, January 24, 2006)]
[Rules and Regulations]
[Pages 3781-3786]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-669]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

41 CFR Part 105

[GSPMR Amendment 2006-01; GSPMR Case 2006-105-1]


General Services Administration Property Management Regulations; 
GSA Privacy Act Rules

AGENCY: Office of the Chief People Officer, General Services 
Administration (GSA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The General Services Administration (GSA) is revising its 
Privacy Act rules to reflect organizational changes and to update 
policies and procedures. This revision informs individuals of 
procedures for obtaining personal information in GSA's systems of 
records and provides current organizational titles and addresses of 
offices to contact about the GSA Privacy Program and the systems of 
records that are maintained by GSA.

DATES: Effective January 24, 2006.

FOR FURTHER INFORMATION CONTACT: GSA Privacy Act Officer, General 
Services Administration, Office of the Chief People Officer, 1800 F 
Street NW, Washington DC 20405; telephone (202) 501-1452; or e-mail at 
gsa.privacyact@gsa.gov.

ADDRESSES: GSA Privacy Act Officer (CIB), General Services 
Administration, 1800 F Street NW, Washington, DC 20405.

SUPPLEMENTARY INFORMATION:

A. Background

    GSA undertook a project that focused on making sure that all GSA 
Privacy Act Rules are still relevant, necessary, and covered by a legal 
or regulatory authority and that the GSA regulations implementing the 
Privacy Act Rules reflect the current GSA organization, policies, 
standards, and practices. As a result of this review GSA is publishing 
updated Privacy Act Rules. Nothing in the final rule indicates a change 
in authorities or practices regarding the collection and maintenance of 
information. The changes do not impact individuals' rights to access or 
amend their records in the systems of records.

B. Executive Order 12866

    This is not a significant regulatory action and, therefore, was not 
subject to review under Section 6(b) of Executive Order 12866, 
Regulatory Planning and Review, dated September 30, 1993. This rule is 
not a major rule under 5 U.S.C. 804.

[[Page 3782]]

C. Regulatory Flexibility Act

    The Regulatory Flexibility Act does not apply to this final rule. 
It is not expected to have a significant economic impact on small 
business entities within the meaning of the Regulatory Flexibility Act, 
5 U.S.C. 601, et seq.

D. Paperwork Reduction Act

    The Paperwork Reduction Act does not apply because the rule imposes 
no record keeping or information collection requirements nor the 
collection of information from offerors, contractors, or members of the 
public that would require the approval of the Office of Management and 
Budget (OMB) under 44 U.S.C. 3501, et seq.; and the rule is exempt from 
Congressional review under 5 U.S.C. 801.

List of Subjects in 41 CFR Part 105-64

    Privacy.

    Dated: January 11, 2006.
June V. Huber,
Director,Office of Information Management,Office of the Chief People 
Officer.

0
Therefore, GSA is revising 41 CFR part 105-64 as follows:

PART 105-64--GSA PRIVACY ACT RULES

Sec.
105-64.000 What is the purpose of this part?
105-64.001 What terms are defined in this part?

Subpart 105-64.1--Policies and Responsibilities

105-64.101 Who is responsible for enforcing these rules?
105-64.102 What is GSA's policy on disclosure of information in a 
system of records?
105-64.103 What is GSA's policy on collecting and using information 
in a system of records?
105-64.104 What must the system manager tell me when soliciting 
information for a system of records?
105-64.105 When may Social Security Numbers (SSNs) be collected?
105-64.106 What is GSA's policy on information accuracy in a system 
of records?
105-64.107 What standards of conduct apply to employees with 
privacy-related responsibilities?
105-64.108 How does GSA safeguard personal information?
105-64.109 How does GSA handle other agencies' records?
105-64.110 When may GSA establish computer matching programs?
105-64.111 What is GSA's policy on directives that may conflict with 
these rules?

Subpart 105-64.2--Access to Records

105-64.201 How do I get access to my records?
105-64.202 How do I request access in person?
105-64.203 How do I request access in writing?
105-64.204 Can parents and guardians obtain access to records?
105-64.205 Who will provide access to my records?
105-64.206 How long will it take to get my record?
105-64.207 Are there any fees?
105-64.208 What special conditions apply to release of medical 
records?
105-64.209 What special conditions apply to accessing law 
enforcement and security records?

Subpart 105-64.3--Denial of Access to Records

105-64.301 Under what conditions will I be denied access to a 
record?
105-64.302 How will I be denied access?
105-64.303 How do I appeal a denial to access a record?
105-64.304 How are administrative appeal decisions made?
105-64.305 What is my recourse to an appeal denial?

Subpart 105-64.4--Amending Records

105-64.401 Can I amend my records?
105-64.402 What records are not subject to amendment?
105-64.403 What happens when I submit a request to amend a record?
105-64.404 How do I agree to an alternative amendment?
105-64.405 Can I appeal a denial to amend a record?
105-64.406 How will my appeal be handled?
105-64.407 How do I file a Statement of Disagreement?
105-64.408 What is my recourse to a denial decision?

Subpart 105-64.5--Disclosure of Records

105-64.501 Under what conditions may a record be disclosed without 
my consent?
105-64.502 How do I find out if my record has been disclosed?
105-64.503 What is an accounting of disclosures?
105-64.504 Under what conditions will I be denied an accounting of 
disclosures?

Subpart 105-64.6--Establishing or Revising Systems of Records in GSA

105-64.601 Procedures for establishing system of records.

Subpart 105-64.7--Assistance and Referrals

105-64.701 Submittal of requests for assistance and referrals.

Appendix A to Part 105-64--Addresses for Geographically Dispersed 
Records

    Authority:  5 U.S.C. 552a.


Sec.  105-64.000  What is the purpose of this part?

    This part implements the General Services Administration (GSA) 
rules under the Privacy Act of 1974, 5 U.S.C. 552a, as amended. The 
rules cover the GSA systems of records from which information is 
retrieved by an individual's name or personal identifier. These rules 
set forth GSA's policies and procedures for accessing, reviewing, 
amending, and disclosing records covered by the Privacy Act.


Sec.  105-64.001  What terms are defined in this part?

    GSA defines the following terms to ensure consistency of use and 
understanding of their meaning under this part:
    Agency means any organization covered by the Privacy Act as defined 
in 5 U.S.C. 551(1) and 5 U.S.C. 552a (a)(1). GSA is such an agency.
    Individual means a citizen of the United States or a legal resident 
alien on whom GSA maintains Privacy Act records. An individual may be 
addressed as you when information is provided for the individual's use.
    System of records means a group of records from which information 
is retrieved by the name of an individual, or by any number, symbol, or 
other identifier assigned to that individual.
    Record means any item, collection, or grouping of information about 
an individual within a system of records which contains the 
individual's name or any other personal identifier such as number or 
symbol, fingerprint, voiceprint, or photograph. The information may 
relate to education, financial transactions, medical conditions, 
employment, or criminal history collected in connection with an 
individual's interaction with GSA.
    Request for access means a request by an individual to obtain or 
review his or her record or information in the record.
    Disclosure of information means providing a record or the 
information in a record to someone other than the individual of record.
    Exempt records means records exempted from access by an individual 
under the Privacy Act, subsections (j)(1), Central Intelligence Agency, 
(j)(2) and (k)(2), law enforcement, (k)(1), Section 552 (b)(1), (k)(3), 
protective services to the President, (k)(4), statistical records, 
(k)(5), employee background investigations, (k)(6), federal service 
disclosure, and (k)(7), promotion in armed services.
    Solicitation means a request by an officer or employee of GSA for 
an individual to provide information about himself or herself for a 
specified purpose.
    Routine use means disclosure of a record outside GSA for the 
purpose for

[[Page 3783]]

which it is intended, as specified in the systems of records notices.
    Computer matching program means the computerized comparison of two 
or more Federal personnel or payroll systems of records, or systems of 
records used to establish or verify an individual's eligibility for 
Federal benefits or to recoup delinquent debts.
    System manager means the GSA associate responsible for a system of 
records and the information in it, as noted in the Federal Register 
systems of records notices.

Subpart 105-64.1--Policies and Responsibilities


Sec.  105-64.101  Who is responsible for enforcing these rules?

    GSA Heads of Services and Staff Offices and Regional Administrators 
are responsible for ensuring that all systems of records under their 
jurisdiction meet the provisions of the Privacy Act and these rules. 
System managers are responsible for the system(s) of records assigned 
to them. The GSA Privacy Act Officer oversees the GSA Privacy Program 
and establishes privacy-related policy and procedures for the agency 
under the direction of the GSA Senior Agency Official for Privacy.


Sec.  105-64.102  What is GSA's policy on disclosure of information in 
a system of records?

    No information contained in a Privacy Act system of records will be 
disclosed to third parties without the written consent of you, the 
individual of record, except under the conditions cited in Sec.  105-
64.501.


Sec.  105-64.103  What is GSA's policy on collecting and using 
information in a system of records?

    System managers must collect information that is used to determine 
your rights, benefits, or privileges under GSA programs directly from 
you whenever practical, and use the information only for the intended 
purpose(s).


Sec.  105-64.104  What must the system manager tell me when soliciting 
personal information?

    When soliciting information from you or a third party for a system 
of records, system managers must: cite the authority for collecting the 
information; say whether providing the information is mandatory or 
voluntary; give the purpose for which the information will be used; 
state the routine uses of the information; and describe the effect on 
you, if any, of not providing the information. Any information 
solicitation forms will contain this information.


Sec.  105-64.105  When may Social Security Numbers (SSNs) be collected?

    Statutory or regulatory authority must exist for collecting Social 
Security Numbers for record systems that use the SSNs as a method of 
identification. Systems without statutory or regulatory authority 
implemented after January 1, 1975, will not collect Social Security 
Numbers.


Sec.  105-64.106  What is GSA's policy on information accuracy in a 
system of records?

    System managers will ensure that all Privacy Act records are 
accurate, relevant, necessary, timely, and complete.


Sec.  105-64.107  What standards of conduct apply to employees with 
privacy-related responsibilities?

    Employees who design, develop, operate, or maintain Privacy Act 
record systems will protect system security, avoid unauthorized 
disclosure of information, both verbal and written, and ensure that no 
system of records is maintained without public notice. All such 
employees will follow the standards of conduct in 5 CFR part 2635, 5 
CFR part 6701, 5 CFR part 735, and 5 CFR part 2634 to protect personal 
information.


Sec.  105-64.108  How is personal information safeguarded?

    System managers will establish administrative, technical, and 
physical safeguards to ensure the security and confidentiality of 
records, protect the records against possible threats or hazards, and 
permit access only to authorized persons. Automated systems will 
incorporate security controls such as password protection, verification 
of identity of authorized users, detection of break-in attempts, 
firewalls, or encryption, as appropriate.


Sec.  105-64.109  How does GSA handle other agencies' records?

    In cases where GSA has either permanent or temporary custody of 
other agencies' records, system managers will coordinate with those 
agencies on any release of information. Office of Personnel Management 
(OPM) records that are in GSA's custody are subject to OPM's Privacy 
Act rules.


Sec.  105-64.110  When may GSA establish computer matching programs?

    System managers will establish computer matching programs or 
agreements for sharing information with other agencies only with the 
consent and under the direction of the GSA Data Integrity Board that 
will be established when and if computer matching programs are used at 
GSA.


Sec.  105-64.111  What is GSA's policy on directives that may conflict 
with these rules?

    These rules take precedence over any GSA directive that may 
conflict with the requirements stated here. GSA officials will ensure 
that no such conflict exists in new or existing directives.

Subpart 105-64.2--Access to Records


Sec.  105-64.201  How do I get access to my records?

    You may request access to your record in person or by writing to 
the system manager or, in the case of geographically dispersed records, 
to the office maintaining the records (see Appendix A). Parents or 
guardians may obtain access to records of minors or when a court has 
determined that the individual of record is incompetent.


Sec.  105-64.202  How do I request access in person?

    If appearing in person, you must properly identify yourself through 
photographic identification such as an agency identification badge, 
passport, or driver's license. Records will be available during normal 
business hours at the offices where the records are maintained. You may 
examine the record and be provided a copy on request. If you want 
someone else to accompany you when reviewing a record, you must first 
sign a statement authorizing the disclosure of the record; the 
statement will be maintained with your record.


Sec.  105-64.203  How do I request access in writing?

    If you request access in writing, mark both the envelope and the 
request letter ``Privacy Act Request.'' Include in the request your 
full name and address; a description of the records you seek; the title 
and number of the system of records as published in the Federal 
Register; a brief description of the nature, time, and place of your 
association with GSA; and any other information you believe will help 
in locating the record.


Sec.  105-64.204  How do parents or guardians obtain access to records?

    If you are the parent or guardian of a minor, or of a person 
judicially determined to be incompetent, you must provide full 
information about the individual of record. You also must properly 
identify yourself and provide a copy of the birth certificate of the 
individual, or a court order establishing guardianship, whichever 
applies.

[[Page 3784]]

Sec.  105-64.205  Who will provide access to my record?

    The system manager will make a record available to you on request, 
unless special conditions apply, such as for medical, law enforcement, 
and security records.


Sec.  105-64.206  How long will it take to get my record?

    The system manager will make a record available within 10 workdays 
after receipt of your request. If a delay of more than 10 workdays is 
expected, the system manager will notify you in writing of the reason 
for the delay and when the record will be available. The system manager 
may ask you for additional information to clarify your request. The 
system manager will have an additional 10 workdays after receipt of the 
new information to provide the record to you, or provide another 
acknowledgment letter if a delay in locating the record is expected.


Sec.  105-64.207  Are there any fees?

    No fees are charged for records when the total fee is less than 
$25. The system manager may waive the fee above this amount if 
providing records without charge is customary or in the public 
interest. When the cost exceeds $25, the fee for a paper copy is 10 
cents per page, and the fee for materials other than paper copies is 
the actual cost of reproduction. For fees above $250, advance payment 
is required. You should pay by check or money order made payable to the 
General Services Administration, and provide it to the system manager.


Sec.  105-64.208  What special conditions apply to release of medical 
records?

    Medical records containing information that may have an adverse 
effect upon a person will be released only to a physician designated in 
writing by you, or by your guardian or conservator. Medical records in 
an Official Personnel Folder (OPF) fall under the jurisdiction of the 
Office of Personnel Management (OPM) and will be referred to OPM for a 
response.


Sec.  105-64.209  What special conditions apply to access of law 
enforcement and security records?

    Law enforcement and security records are generally exempt from 
disclosure to individuals except when the system manager, in 
consultation with legal counsel and the Head of the Service or Staff 
Office or Regional Administrator or their representatives, determines 
that information in a record has been used or is being used to deny you 
any right, privilege, or benefit for which you are eligible or entitled 
under Federal law. If so, the system manager will notify you of the 
existence of the record and disclose the information, but only to the 
extent that the information does not identify a confidential source. If 
disclosure of information could reasonably be expected to identify a 
confidential source, the record will not be disclosed to you unless it 
is possible to delete all such information. A confidential source is a 
person or persons who furnished information during Federal 
investigations with the understanding that his or her identity would 
remain confidential.

Subpart 105-64.3--Denial of Access to Records


Sec.  105-64.301  Under what conditions will I be denied access to a 
record?

    The system manager will deny access to a record that is being 
compiled in the reasonable anticipation of a civil action or proceeding 
or to records that are specifically exempted from disclosure by GSA in 
its system of records notices, published in the Federal Register. 
Exempted systems include the Investigation Case Files, Internal 
Evaluation Case Files, and Security Files. These systems are exempted 
to maintain the effectiveness and integrity of investigations conducted 
by the Office of Inspector General, and others, as part of their duties 
and responsibilities involving Federal employment, contracts, and 
security.


Sec.  105-64.302  How will I be denied access?

    If you request access to a record in an exempt system of records, 
the system manager will consult with the Head of Service or Staff 
Office or Regional Administrator or their representatives, legal 
counsel, and other officials as appropriate, to determine if all or 
part of the record may be disclosed. If the decision is to deny access, 
the system manager will provide a written notice to you giving the 
reason for the denial and your appeal rights.


Sec.  105-64.303  How do I appeal a denial to access a record?

    If you are denied access to a record in whole or in part, you may 
file an administrative appeal within 30 days of the denial. The appeal 
should be in writing and addressed to: GSA Privacy Act Officer (CIB), 
General Services Administration, 1800 F Street NW, Washington DC 20405. 
Mark both the envelope and the appeal letter ``Privacy Act Appeal.''


Sec.  105-64.304  How are administrative appeal decisions made?

    The GSA Privacy Act Officer will conduct a review of your appeal by 
consulting with legal counsel and appropriate officials. The Privacy 
Act Officer may grant record access if the appeal is granted. If the 
decision is to reject the appeal, the Privacy Act Officer will provide 
all pertinent information about the case to the Deputy Administrator 
and ask for a final administrative decision. The Deputy Administrator 
may grant access to a record, in which case the Privacy Act Officer 
will notify you in writing, and the system manager will make the record 
available to you. If the Deputy Administrator denies the appeal, he or 
she will notify you in writing of the reason for rejection and of your 
right to a judicial review. The administrative appeal review will take 
no longer than 30 workdays after the Privacy Act Officer receives the 
appeal. The Deputy Administrator may extend the time limit by notifying 
you in writing of the extension and the reason for it before the 30 
days are up.


Sec.  105-64.305  What is my recourse to an appeal denial?

    You may file a civil action to have the GSA administrative decision 
overturned within two years after the decision is made. You may file in 
a Federal District Court where you live or have a principal place of 
business, where the records are maintained, or in the District of 
Columbia.

Subpart 105-64.4--Amending a Record


Sec.  105-64.401  Can I amend my record?

    You may request to amend your record by writing to the system 
manager with the proposed amendment. Mark both the envelope and the 
letter ``Privacy Act Request to Amend Record.''


Sec.  105-64.402  What records are not subject to amendment?

    You may not amend the following records under the law:
    (a) Transcripts of testimony given under oath or written statements 
made under oath.
    (b) Transcripts of grand jury proceedings, judicial proceedings, or 
quasi-judicial proceedings which constitute the official record of the 
proceedings.
    (c) Pre-sentence reports that are maintained within a system of 
records but are the property of the courts.
    (d) Records exempted from amendment by notice published in the 
Federal Register.


Sec.  105-64.403  What happens when I submit a request to amend a 
record?

    The system manager will consult with the Head of Service or Staff 
Office or

[[Page 3785]]

Regional Administrator or their representatives, and legal counsel. 
They will determine whether to amend an existing record by comparing 
its accuracy, relevance, timeliness, and completeness with the 
amendment you propose. The system manager will notify you within 10 
workdays whether your proposed amendment is approved or denied. In case 
of an expected delay, the system manager will acknowledge receipt of 
your request in writing and provide an estimate of when you may expect 
a decision. If your request to amend is approved, the system manager 
will amend the record and send an amended copy to you and to anyone who 
had previously received the record. If your request to amend is denied, 
the system manager will advise you in writing, giving the reason for 
denial, a proposed alternative amendment if possible, and your appeal 
rights. The system manager also will notify the GSA Privacy Act Officer 
of any request for amendment and its disposition.


Sec.  105-64.404  What must I do if I agree to an alternative 
amendment?

    If you agree to the alternative amendment proposed by the system 
manager, you must notify the manager in writing of your concurrence. 
The system manager will amend the record and send an amended copy to 
you and to anyone else who had previously received the record.


Sec.  105-64.405  Can I appeal a denial to amend a record?

    You may file an appeal within 30 workdays of a denial to amend your 
record by writing to the: GSA Privacy Act Officer (CIB), General 
Services Administration, 1800 F Street NW, Washington DC 20405. Mark 
both the envelope and the appeal letter ``Privacy Act Amendment 
Appeal.'' Appeals to amend records in a GSA employee's official 
personnel file will be sent to the Office of Personnel Management, 
Washington DC 20415.


Sec.  105-64.406  How will my appeal be handled?

    The GSA Privacy Act Officer will consult with legal counsel and 
appropriate GSA officials concerning your appeal. If they decide to 
reject your appeal, the Privacy Act Officer will provide the Deputy 
Administrator with all pertinent information about the case and request 
a final administrative decision. The Deputy Administrator may approve 
your amendment, in which case the Privacy Act Officer will notify you 
in writing, and the system manager will amend the record and send an 
amended copy to you and anyone who had previously been provided with 
the record. If the Deputy Administrator denies the appeal, he or she 
will notify you in writing of the reason for denial, of your right to a 
judicial review, and of your right to file a Statement of Disagreement. 
The amendment appeal review will be made within 30 workdays after the 
Privacy Act Officer receives your appeal. The Deputy Administrator may 
extend the time limit by notifying you in writing of the reason for the 
extension before the 30 days are up.


Sec.  105-64.407  How do I file a Statement of Disagreement?

    You may file a Statement of Disagreement with the system manager 
within 30 days of the denial to amend a record. The statement should 
explain why you believe the record to be inaccurate, irrelevant, 
untimely, or incomplete. The system manager will file the statement 
with your record, provide a copy to anyone who had previously received 
the record, and include a copy of it in any future disclosure.


Sec.  105-64.408  What is my recourse to a denial decision?

    You may file a civil action to have the GSA decision overturned 
within two years after denial of an amendment appeal. You may file the 
civil action in a Federal District Court where you live or have a 
principal place of business, where the records are maintained, or in 
the District of Columbia.

Subpart 105-64.5--Disclosure of Records


Sec.  105-64.501  Under what conditions may a record be disclosed 
without my consent?

    A system manager may disclose your record without your consent 
under the Privacy Act when the disclosure is: to GSA officials or 
employees in the performance of their official duties; required by the 
Freedom of Information Act; for a routine use stated in a Federal 
Register notice; to the Bureau of the Census for use in fulfilling its 
duties; for statistical research or reporting, and only when the record 
is not individually identifiable; to the National Archives and Records 
Administration (NARA) when the record has been determined to be of 
historical or other value that warrants permanent retention; to a U.S. 
law enforcement agency or instrumentality for a civil or criminal law 
enforcement purpose; under compelling circumstances affecting an 
individual's health and safety, and upon disclosure a notification will 
be sent to the individual; to Congress or its committees and 
subcommittees when the record material falls within their jurisdiction; 
to the Comptroller General or an authorized representative in the 
performance of the duties of the Government Accountability Office 
(GAO); under a court order; or to a consumer reporting agency under the 
Federal Claims Collection Act of 1966, 31 U.S.C. 3711.


Sec.  105-64.502  How do I find out if my record has been disclosed?

    You may request an accounting of the persons or agencies to whom 
your record has been disclosed, including the date and purpose of each 
disclosure, by writing to the system manager. Mark both the envelope 
and the letter ``Privacy Act Accounting Request.'' The system manager 
will provide the requested information in the same way as that for 
granting access to records, see Subpart 105-64.2, providing no 
restrictions to disclosure or accounting of disclosures applies.


Sec.  105-64.503  What is an accounting of disclosures?

    The system manager maintains an account of each record disclosure 
for five years or for the life of the record, whichever is longer. The 
accounting of disclosure information includes the name of the person or 
agency to whom your record has been provided, the date, the type of 
information disclosed, and the reason for disclosure. Other pertinent 
information, such as justifications for disclosure and any written 
consent that you may have provided, is also included. No accounting 
needs to be maintained for disclosures to GSA officials or employees in 
the performance of their duties, or disclosures under the Freedom of 
Information Act.


Sec.  105-64.504  Under what conditions will I be denied an accounting 
of disclosures?

    The system manager will deny your request for an accounting of 
disclosures when the disclosures are to GSA officials or employees in 
the performance of their duties or disclosures under the Freedom of 
Information Act, for which no accounting is required; law enforcement 
agencies for law enforcement activities; and systems of records 
exempted by notice in the Federal Register. You may appeal a denial 
using the same procedures as those for denial of access to records, see 
Subpart 105-64.3.

[[Page 3786]]

Subpart 105-64.6--Establishing or Revising Systems of Records in GSA


Sec.  105-64.601  Procedures for establishing system of records.

    The following procedures apply to any proposed new or revised 
system of records:
    (a) Before establishing a new or revising an existing system of 
records, the system manager, with the concurrence of the appropriate 
Head of Service or Staff Office, will provide to the GSA Privacy Act 
Officer a proposal describing and justifying the new system or 
revision.
    (b) The GSA Privacy Act Officer will submit a proposal to establish 
or revise the system to the President of the Senate, the Speaker of the 
House of Representatives, and the Director of the Office of Management 
and Budget (OMB) for evaluation at least 40 calendar days before the 
planned system establishment or revision date.
    (c) The GSA Privacy Act Officer will publish in the Federal 
Register a notice of intent to establish or revise the system of 
records at least 30 calendar days before the planned system 
establishment or revision date.
    (d) The new or revised system becomes effective 30 calendar days 
after the notice is published in the Federal Register unless submitted 
comments result in a revision to the notice, in which case, a new 
revised notice will be issued.

Subpart 105-64.7--Assistance and Referrals


Sec.  105-64.701  Submittal of requests for assistance and referrals.

    Address requests for assistance involving GSA Privacy Act rules and 
procedures, or for referrals to system managers or GSA officials 
responsible for implementing these rules to: GSA Privacy Act Officer 
(CIB), General Services Administration, 1800 F Street N.W., Washington 
DC 20405.

Appendix A to Part 105-64--Addresses for Geographically Dispersed 
Records

    Address requests for physically dispersed records, as noted in the 
system of records notices, to the Regional Privacy Act Coordinator, 
General Services Administration, at the appropriate regional GSA 
office, as follows:
    New England Region (includes Connecticut, Maine, Massachusetts, New 
Hampshire, Rhode Island, and Vermont), 10 Causeway Street, Boston, MA 
02222.
    Northeast and Caribbean Region (includes New Jersey, New York, 
Puerto Rico, and Virgin Islands), 26 Federal Plaza, New York, NY 10278.
    Mid-Atlantic Region (includes Delaware, Maryland, Pennsylvania, 
Virginia, and West Virginia, but excludes the National Capital Region), 
The Strawbridge Building, 20 North 8\th\ Street, Philadelphia, PA 
19107-3191.
    Southeast-Sunbelt Region (includes Alabama, Florida, Georgia, 
Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee), 
Office of the Regional Administrator (4A), 77 Forsyth Street, Atlanta, 
GA 30303.
    Great Lakes Region (includes Illinois, Indiana, Michigan, Ohio, 
Minnesota, and Wisconsin), 230 South Dearborn Street, Chicago, IL 
60604-1696.
    The Heartland Region (includes Iowa, Kansas, Missouri, and 
Nebraska), 1500 East Bannister Road, Kansas City, MO 64131-3088.
    Greater Southwest Region (includes Arkansas, Louisiana, Oklahoma, 
New Mexico, and Texas), 819 Taylor Street, Fort Worth, TX 76102.
    Rocky Mountain Region (includes Colorado, Montana, North Dakota, 
South Dakota, Utah, and Wyoming), U.S. General Services Administration, 
DFC, Bldg. 41, Rm. 210, P.O. Box 25006, Denver, CO 80225-0006.
    Pacific Rim Region (includes Arizona, California, Hawaii, and 
Nevada), 450 Golden Gate Avenue, San Francisco, CA 94102-3400.
    Northwest/Arctic Region (includes Alaska, Idaho, Oregon, and 
Washington), 400 15th Street SW, Auburn, WA 98001-6599.
    National Capital Region (includes the District of Columbia; the 
counties of Montgomery and Prince George's in Maryland; the city of 
Alexandria, Virginia; and the counties of Arlington, Fairfax, Loudoun, 
and Prince William in Virginia), 7th and D Streets, SW, Washington, DC 
20407.
[FR Doc. 06-669 Filed 1-23-06; 8:45 am]
BILLING CODE 6820-34-S