Privacy Act Implementation, 33907-33911 [E9-16678]
Download as PDF
Federal Register / Vol. 74, No. 133 / Tuesday, July 14, 2009 / Rules and Regulations
FEDERAL HOUSING FINANCE BOARD
12 CFR Part 913
FEDERAL HOUSING FINANCE
AGENCY
12 CFR Part 1204
DEPARTMENT OF HOUSING AND
URBAN DEVELOPMENT
Office of Federal Housing Enterprise
Oversight
12 CFR Part 1702
RIN 2590–AA07
Privacy Act Implementation
AGENCIES: Federal Housing Finance
Board; Federal Housing Finance
Agency; Office of Federal Housing
Enterprise Oversight.
ACTION: Final rule.
SUMMARY: The Federal Housing Finance
Agency (FHFA) is issuing a final
regulation to provide the procedures
and guidelines under which it will
implement the Privacy Act of 1974, as
amended. The regulation provides the
policies and procedures whereby
individuals may obtain notification of
whether an FHFA system of records
contains information about the
individual and, if so, how to access or
amend a record under the Privacy Act.
Upon adoption of this regulation the
Privacy Act regulations of the Federal
Housing Finance Board and the Office
of Federal Housing Enterprise
Oversight, will be removed.
DATES: The effective date of this
regulation is: July 14, 2009.
FOR FURTHER INFORMATION CONTACT:
David A. Lee, Senior Agency Official for
Privacy, telephone (202) 408–2514 (not
a toll free number), Federal Housing
Finance Agency, 1625 Eye Street, NW.,
Washington, DC 20006. The telephone
number for the Telecommunications
Device for the Deaf is (800) 877–8339.
SUPPLEMENTARY INFORMATION:
I. Background
hsrobinson on PROD1PC76 with RULES
A. Privacy Act
The Privacy Act of 1974 serves to
balance the Federal Government’s need
to maintain information about
individuals while protecting individuals
against unwarranted invasions of
privacy stemming from Federal
agencies’ collection, maintenance, use,
security, and disclosure of personal
information about them that is
contained in systems of records.
VerDate Nov<24>2008
16:05 Jul 13, 2009
Jkt 217001
The Privacy Act requires each Federal
agency to publish rules describing its
Privacy Act procedures and any system
of records it exempts from provisions of
the Privacy Act, including the reasons
for the exemption.
Pursuant to the Privacy Act, FHFA
will inform the public of each system of
records it maintains by separately
publishing notices of each system of
records in the Federal Register and also
on the FHFA Web site at http://
www.fhfa.gov. The notices will describe
the standards for FHFA employees,
regarding collection, use, maintenance,
or disclosure of records in the system
and identify whether information in the
system is exempt from provisions of the
Privacy Act. The system manager
responsible for the system will also be
identified and any other contact
information will be included. Moreover,
notices will inform individuals with
detailed information regarding the
exercise of their rights, such as what
procedures to take to determine whether
a system contains a record pertaining to
them, how to access those records
pertaining to them, how to seek to
amend or correct information in a
record about them, or, how to contest
adverse determinations with respect to
such a record.
B. Establishment of the Federal Housing
Finance Agency
The Housing and Economic Recovery
Act of 2008 (HERA), Public Law No.
110–289, 122 Stat. 2654, amended the
Federal Housing Enterprises Financial
Safety and Soundness Act of 1992
(Safety and Soundness Act) (12 U.S.C.
4501 et seq.) and the Federal Home
Loan Bank Act (12 U.S.C. 1421–1449) to
establish FHFA as an independent
agency of the Federal Government 1 to
ensure that the Federal National
Mortgage Association, the Federal Home
Loan Mortgage Corporation
(collectively, the Enterprises), and the
Federal Home Loan Banks (Banks)
(collectively, the regulated entities) are
capitalized adequately; foster liquid,
efficient, competitive and resilient
national housing finance markets;
operate in a safe and sound manner;
comply with the Safety and Soundness
Act and rules, regulations, guidelines
and orders issued under the Act, and
the respective authorizing statutes of the
regulated entities; and carry out their
missions through activities authorized
and consistent with the Safety and
Soundness Act and their authorizing
statutes; and, that the activities and
Division A, titled the ‘‘Federal Housing
Finance Regulatory Reform Act of 2008,’’ Title I,
§ 1101 of HERA.
PO 00000
1 See
Frm 00007
Fmt 4700
Sfmt 4700
33907
operations of the regulated entities are
consistent with the public interest.
The Office of Federal Housing
Enterprise Oversight (OFHEO) and the
Federal Housing Finance Board (FHFB)
will be abolished one year after
enactment of HERA. However, the
regulated entities continue to operate
under regulations promulgated by
OFHEO and FHFB; and such regulations
are enforceable by the Director of FHFA
until such regulations are modified,
terminated, set aside, or superseded by
the Director.2
Section 1201 of HERA requires the
Director, prior to promulgating
regulations relating to the Banks, to
consider the differences between the
Banks and the Enterprises.3 The
Director considered the differences
between the Banks and the Enterprises
as they relate to the above factors and
determined that pending the publication
of consolidated Systems of Records
Notices, FHFA will maintain the
Systems of Records established by FHFB
and OFHEO, respectively.
C. Proposed Rulemaking
The FHFA published a proposed
Privacy Act Implementation regulation
for public comment in the Federal
Register, 74 FR 22842 (May 15, 2009).
No comments were received.
Accordingly, the proposed regulation is
adopted as a final regulation with only
minor editorial changes.
II. Section-by-Section Analysis
Section 1204.1 Why Did FHFA Issue
This Part?
This section describes the purpose of
the regulation, which is to implement
the Privacy Act, and explains FHFA
general policies and procedures for
individuals requesting access to records,
amending or correcting records, and
requesting an accounting of disclosures
of records.
Section 1204.2 What Do the Terms in
this Part Mean?
This section sets forth definitions of
some terms in this part.
Section 1204.3 How Do I Make a
Privacy Act Request?
This section explains what an
individual must do to submit a valid
request to FHFA for access to records or
information to amend or correct records
or for an accounting of disclosures of
records. It also describes the
information an individual is to provide,
2 See §§ 1302 and 1312 of HERA (12 U.S.C. 4511
note).
3 See § 1313 of the Safety and Soundness Act (12
U.S.C. 4513), as amended.
E:\FR\FM\14JYR1.SGM
14JYR1
33908
Federal Register / Vol. 74, No. 133 / Tuesday, July 14, 2009 / Rules and Regulations
allowing FHFA to identify the records
sought and determine whether the
request can be granted.
Section 1204.4 How Will FHFA
Respond to my Privacy Act Request?
This section describes the period of
time within which FHFA will respond
to requests. It also explains that FHFA
will grant or deny requests in writing,
provide reasons if a request is denied in
whole or in part, and explain the right
of appeal.
Section 1204.5 What if I am
Dissatisfied With the FHFA Response to
my Privacy Act Request?
This section describes when and how
an individual may appeal FHFA
determination on a Privacy Act request
and how and within what period of time
FHFA will make determinations on an
appeal.
Section 1204.6 What Does It Cost to
Get Records Under the Privacy Act?
Regulatory Flexibility Act
The Regulatory Flexibility Act (5
U.S.C. 601 et seq.) requires that a
regulation that has a significant
economic impact on a substantial
number of small entities, small
businesses, or small organizations
include an initial regulatory flexibility
analysis describing the regulation’s
impact on small entities. Such an
analysis need not be undertaken if the
agency has certified that the regulation
does not have a significant economic
impact on a substantial number of small
entities. 5 U.S.C. 605(b). FHFA has
considered the impact of the regulation
under the Regulatory Flexibility Act.
The General Counsel of FHFA certifies
that the regulation is not likely to have
a significant economic impact on a
substantial number of small business
entities because the regulation is
applicable to the internal operations and
legal obligations of FHFA.
List of Subjects
This section explains that requesters
are expected to pay fees for the
duplication of records that they
requested.
12 CFR Part 913
Administrative practice and
procedure, Archives and records,
Freedom of information, Privacy.
Section 1204.7 Are There Any
Exemptions From the Privacy Act?
12 CFR Part 1204
Accounting, Amendment, Appeals,
Correction, Disclosure, Exemptions,
Fees, Records, Requests, Privacy Act,
Social Security numbers.
This section explains that some
exemptions from the Privacy Act exist,
how they are made effective, what the
effect of an exemption is, and how to
identify if an exemption applies.
Section 1204.8
Secured?
How Are Records
Authority and Issuance
This section explains how FHFA
generally protects records under the
Privacy Act.
This section explains that FHFA
collects Social Security numbers only
when authorized and describes the
conditions under which they may be
collected.
Section 1204.10 What Are FHFA
Employee Responsibilities Under the
Privacy Act?
Paperwork Reduction Act
hsrobinson on PROD1PC76 with RULES
■
The final regulation does not contain
any information collection requirement
that requires the approval of the Office
of Management and Budget under the
Paperwork Reduction Act (44 U.S.C.
3501 et seq.).
1. Remove part 913.
CHAPTER XII—FEDERAL HOUSING
FINANCE AGENCY
PART 1204—PRIVACY ACT
IMPLEMENTATION
Sec.
1204.1 Why did FHFA issue this part?
1204.2 What do the terms in this part
mean?
1204.3 How do I make a Privacy Act
request?
1204.4 How will FHFA respond to my
Privacy Act request?
1204.5 What if I am dissatisfied with the
FHFA response to my Privacy Act
request?
PO 00000
Frm 00008
Fmt 4700
Sfmt 4700
Authority: 5 U.S.C. 552a.
§ 1204.1
Why did FHFA issue this part?
FHFA issued this part to:
(a) Implement the Privacy Act of
1974, 5 U.S.C. 552a, as amended
(Privacy Act), a Federal law that helps
protect private information about
individuals that Federal agencies collect
or maintain. You should read this part
together with the Privacy Act, which
provides additional information about
records maintained on individuals;
(b) Establish rules that apply to all
FHFA maintained systems of records
retrieved by an individual’s name or
other personal identifier;
(c) Describe procedures through
which you may request access to
records, request amendment or
correction of those records, and request
an accounting of disclosures of those
records by FHFA;
(d) Inform you, that when it is
appropriate to do so, FHFA
automatically processes a Privacy Act
request for access to records under both
the Privacy Act and the FOIA, following
the rules contained in this part and part
1202 of this subchapter so you will
receive the maximum amount of
information available to you by law; and
(e) Notify you that this regulation
does not entitle you to any service or to
the disclosure of any record to which
you are not entitled under the Privacy
Act. It also does not, and may not be
relied upon to create any substantive or
procedural right or benefit enforceable
against FHFA.
§ 1204.2
mean?
PART 913—[REMOVED]
2. Add part 1204 to subchapter A as
set forth below.
Regulatory Impacts
Jkt 217001
CHAPTER IX—FEDERAL HOUSING
FINANCE BOARD
■
This section lists the responsibilities
of FHFA employees under the Privacy
Act.
16:05 Jul 13, 2009
Accordingly, for the reasons stated in
the preamble, under 12 U.S.C. 4526,
FHFA amends Title 12 CFR Chapters IX,
XII and XVII as follows:
■
Section 1204.9 Does FHFA Collect and
Use Social Security Numbers?
VerDate Nov<24>2008
12 CFR Part 1702
Privacy.
1204.6 What does it cost to get records
under the Privacy Act?
1204.7 Are there any exemptions from the
Privacy Act?
1204.8 How are records secured?
1204.9 Does FHFA collect and use Social
Security numbers?
1204.10 What are FHFA employee
responsibilities under the Privacy Act?
What do the terms in this part
The following definitions apply to the
terms used in this part—
Access means making a record
available to a subject individual.
Amendment means any correction of,
addition to, or deletion from a record.
Court means any entity conducting a
legal proceeding.
FHFA means the Federal Housing
Finance Agency.
FHFB means the Federal Housing
Finance Board.
FOIA means the Freedom of
Information Act, as amended (5 U.S.C.
552).
Individual means a natural person
who is either a citizen ofhe United
States of America or an alien lawfully
admitted for permanent residence.
E:\FR\FM\14JYR1.SGM
14JYR1
Federal Register / Vol. 74, No. 133 / Tuesday, July 14, 2009 / Rules and Regulations
Maintain includes collect, use,
disseminate, or control.
OFHEO means the Office of Federal
Housing Enterprise Oversight.
Privacy Act means the Privacy Act of
1974, as amended (5 U.S.C. 552a).
Privacy Act Appeals Officer means
the FHFA employee who has been
delegated the authority to determine
Privacy Act appeals.
Privacy Act Officer means the FHFA
employee who has primary
responsibility for privacy and data
protection policy and is authorized to
determine Privacy Act requests.
Record means any item, collection, or
grouping of information about an
individual that FHFA maintains within
a system of records, including, but not
limited to, the individual’s name, an
identifying number, symbol, or other
identifying particular assigned to the
individual, such as a finger or voice
print or photograph.
Routine use means the purposes for
which records and information
contained in a system of records may be
disclosed by FHFA without the consent
of the subject of the record. Routine uses
for records are identified in each System
of Records Notice. Routine use does not
include disclosure that subsection (b) of
the Privacy Act (5 U.S.C. 552a(b))
otherwise permits.
Senior Agency Official for Privacy
means the FHFA employee delegated
the authority and responsibility to
oversee and supervise the FHFA privacy
program and implementation of the
Privacy Act.
System of records means a group of
records FHFA maintains or controls
from which information is retrieved by
the name of an individual or by some
identifying number, symbol, or other
identifying particular assigned to the
individual. Single records or groups of
records that are not retrieved by a
personal identifier are not part of a
system of records.
hsrobinson on PROD1PC76 with RULES
§ 1204.3 How do I make a Privacy Act
request?
(a) What is a valid request? In general,
a Privacy Act request can be made on
your own behalf for records or
information about you. You can make a
Privacy Act request on behalf of another
individual as the parent or guardian of
a minor or as the guardian of someone
determined by a court to be
incompetent. You also may request
access to another individual’s record or
information if you have that
individual’s written consent, unless
other conditions of disclosure apply (5
U.S.C. 552a(b)(1) through (12)).
(b) How and where do I make a
request? Your request must be in
VerDate Nov<24>2008
16:05 Jul 13, 2009
Jkt 217001
writing. You may appear in person to
submit your written request to the
Privacy Act Officer, or send your
written request to the Privacy Act
Officer by electronic mail, regular mail,
or fax. The electronic mail address is:
privacy@fhfa.gov. The regular mail
address is: Privacy Act Officer, Federal
Housing Finance Agency, 1625 Eye
Street, NW., Washington, DC 20006. The
fax number is: (202) 408–2530. For the
quickest possible handling, you should
mark your electronic mail, letter, or fax
and the subject line, envelope, or fax
cover sheet ‘‘Privacy Act Request.’’
(c) What must the request include?
You must describe the record that you
want in enough detail to enable the
Privacy Act Officer to locate the system
of records containing it with a
reasonable amount of effort. Your
request should include specific
information about each record sought,
such as the time period in which you
believe it was compiled, the name or
identifying number of each system of
records in which you believe it is kept,
and the date, title or name, author,
recipient, and subject matter of the
record. As a general rule, the more
specific you are about the record that
you want, the more likely FHFA will be
able to locate it in response to your
request.
(d) How do I request amendment or
correction of a record? If you are
requesting an amendment or correction
of any FHFA record, you should
identify each particular record in
question and the systems of records in
which the record is located, describe the
amendment or correction that you want,
and state why you believe that the
record is not accurate, relevant, timely,
or complete. You may submit any
documentation that you think would be
helpful, including an annotated copy of
the record.
(e) How do I request for an accounting
of disclosures? If you are requesting an
accounting of disclosures by FHFA of a
record to another person, organization,
or Federal agency, you should identify
each particular record in question. An
accounting generally includes the date,
nature, and purpose of each disclosure,
as well as the name and address of the
person, organization, or Federal agency
to which the disclosure was made.
(f) Must I verify my identity? When
making requests under the Privacy Act,
your request must verify your identity to
protect your privacy or the privacy of
the individual on whose behalf you are
acting. If you make a Privacy Act
request and you do not follow these
identity verification procedures, FHFA
cannot process your request.
PO 00000
Frm 00009
Fmt 4700
Sfmt 4700
33909
(1) How do I verify my identity? To
verify your identity, you must state your
full name, current address, and date and
place of birth. In order to help identify
and locate the records you request, you
also may, at your option, include your
Social Security number. If you make
your request in person and your identity
is not known to the Privacy Act Officer,
you must provide either two forms of
identification with photographs, or one
form of identification with a photograph
and a properly authenticated birth
certificate. If you make your request by
mail, your signature either must be
notarized or submitted under 28 U.S.C.
1746, a law that permits statements to
be made under penalty of perjury as a
substitute for notarization. You may
fulfill this requirement by having your
signature on your request letter
witnessed by a notary or by including
the following statement just before the
signature on your request letter: ‘‘I
declare under penalty of perjury that the
foregoing is true and correct. Executed
on [date].’’
(2) How do I verify parentage or
guardianship? If you make a Privacy Act
request as the parent or guardian of a
minor or as the guardian of someone
determined by a court to be
incompetent, with respect to records or
information about that individual, you
must establish:
(i) The identity of the individual who
is the subject of the record, by stating
the individual’s name, current address,
date and place of birth, and, at your
option, the Social Security number of
the individual;
(ii) Your own identity, as required in
paragraph (f)(1) of this section;
(iii) That you are the parent or
guardian of the individual, which you
may prove by providing a properly
authenticated copy of the individual’s
birth certificate showing your parentage
or a properly authenticated court order
establishing your guardianship; and
(iv) That you are acting on behalf of
the individual in making the request.
§ 1204.4 How will FHFA respond to my
Privacy Act request?
(a) How will FHFA locate the
requested records? FHFA will search to
determine if requested records exist in
the systems of records it owns or
controls. You can find descriptions of
FHFA systems of records on its Web site
at http://www.fhfa.gov, or by linking to
http://www.ofheo.gov and http://
www.fhfb.gov, as appropriate. You can
also find descriptions of OFHEO and
FHFB systems of records that have not
been superseded on the FHFA Web site.
A description of the systems of records
also is available in the ‘‘Privacy Act
E:\FR\FM\14JYR1.SGM
14JYR1
hsrobinson on PROD1PC76 with RULES
33910
Federal Register / Vol. 74, No. 133 / Tuesday, July 14, 2009 / Rules and Regulations
Issuances’’ compilation published by
the Office of the Federal Register of the
National Archives and Records
Administration. You can access the
‘‘Privacy Act Issuances’’ compilation in
most large reference and university
libraries or electronically at the
Government Printing Office Web site at:
http://www.gpoaccess.gov/privacyact/
index.html. You also can request a copy
of FHFA systems of records from the
Privacy Act Officer.
(b) How long does FHFA have to
respond? The Privacy Act Officer
generally will respond to your request
in writing within 20 business days after
receiving it, if it meets the requirements
of § 1204.3. FHFA may extend the
response time in unusual
circumstances, such as when
consultation is needed with another
Federal agency (if that agency is subject
to the Privacy Act) about a record or to
retrieve a record shipped offsite for
storage. If you submit your written
request in person, the Privacy Act
Officer may disclose records or
information to you directly with a
written record made of the grant of the
request. If you are to be accompanied by
another person when accessing your
record or any information pertaining to
you, FHFA may require your written
authorization before permitting access
or discussing the record in the presence
of the other person.
(c) What will the FHFA response
include? The written response will
include a determination to grant or deny
your request in whole or in part, a brief
explanation of the reasons for the
determination, and the amount of the
fee charged, if any, under § 1204.6. If
you are granted a request to access a
record, FHFA will make the record
available to you. If you are granted a
request to amend or correct a record, the
response will describe any amendments
or corrections made and advise you of
your right to obtain a copy of the
amended or corrected record.
(d) What is an adverse determination?
An adverse determination is a
determination on a Privacy Act request
that:
(1) Withholds any requested record in
whole or in part;
(2) Denies a request for an amendment
or correction of a record in whole or in
part;
(3) Declines to provide a requested
accounting of disclosures;
(4) Advises that a requested record
does not exist or cannot be located;
(5) Finds what has been requested is
not a record subject to the Privacy Act;
or
(6) Addresses any disputed fee matter.
VerDate Nov<24>2008
16:05 Jul 13, 2009
Jkt 217001
(e) What will be stated in a response
that includes an adverse determination?
If the Privacy Act Officer makes an
adverse determination with respect to
your request, the written response under
this section will state that the Privacy
Act Officer is the person responsible for
the adverse determination, that the
adverse determination is not a final
action of FHFA, and that you may
appeal the adverse determination under
§ 1204.5.
§ 1204.5 What if I am dissatisfied with the
FHFA response to my Privacy Act request?
(a) May I appeal the response? You
may appeal any adverse determination
made by the Privacy Act Officer in
response to your Privacy Act request. If
you wish to seek review by a court of
any adverse determination or denial of
a request, you first must appeal it under
this section.
(b) How do I appeal the response? (1)
You may appeal by submitting a written
appeal stating the reasons you believe
the adverse determination should be
overturned. FHFA must receive your
written appeal within 30 business days
of the date of the Privacy Act Officer’s
determination under § 1204.4. Your
written appeal may include as much or
as little related information as you wish,
as long as it clearly identifies the
determination (including the request
number, if known) that you are
appealing.
(2) You should transmit your written
appeal addressed to the Privacy Act
Appeals Officer by electronic mail,
regular mail, or fax. The electronic mail
address is: privacy@fhfa.gov. The
regular mail address is: Privacy Act
Appeals Officer, Federal Housing
Finance Agency, 1700 G Street, NW.,
Fourth Floor, Washington, DC 20552.
The fax number is: (202) 414–6504. For
the quickest possible handling, you
should mark your electronic mail, letter,
or fax and the subject line, envelope, or
fax cover sheet ‘‘Privacy Act Appeal.’’
FHFA ordinarily will not act on an
appeal if the Privacy Act request
becomes a matter of Privacy Act
litigation.
(c) Who has the authority to grant or
deny appeals? The Privacy Act Appeals
Officer is authorized to act on behalf of
the Director on all appeals under this
section.
(d) When will FHFA respond to my
appeal? FHFA generally will respond to
you in writing within 30 business days
of receipt of an appeal that meets the
requirements of paragraph (b) of this
section, unless for good cause shown,
the Director extends the response time.
(e) What will the FHFA response
include? The written response will
PO 00000
Frm 00010
Fmt 4700
Sfmt 4700
include the determination of the Privacy
Act Appeals Officer; whether to grant or
deny your appeal in whole or in part, a
brief explanation of the reasons for the
determination, and information about
the Privacy Act provisions for court
review of the determination.
(1) If your appeal concerns a request
for access to records or information and
the appeal determination grants your
access, the records or information, if
any, will be made available to you.
(2)(i) If your appeal concerns an
amendment or correction of a record
and the appeal determination grants
your request for an amendment or
correction, the response will describe
any amendment or correction made to
the record and advise you of your right
to obtain a copy of the amended or
corrected record under this part. FHFA
will notify all persons, organizations, or
Federal agencies to which it previously
disclosed the record, if an accounting of
that disclosure was made, that the
record has been amended or corrected.
Whenever the record is subsequently
disclosed, the record will be disclosed
as amended or corrected.
(ii) If the response to your appeal
denies your request for an amendment
or correction to a record, the response
will advise you of your right to file a
Statement of Disagreement under
paragraph (f) of this section.
(f) What is a Statement of
Disagreement? (1) A Statement of
Disagreement is a concise written
statement in which you clearly identify
each part of any record that you dispute
and explain your reason(s) for
disagreeing with the Privacy Act
Appeals Officer’s denial in whole or in
part of your appeal requesting
amendment or correction. Your
Statement of Disagreement must be
received by the Privacy Act Officer
within 30 business days of the Privacy
Act Appeals Officer’s denial in whole or
in part of your appeal concerning
amendment or correction of a record.
FHFA will place your Statement of
Disagreement in the system(s) of records
in which the disputed record is
maintained. FHFA also may append a
concise statement of its reason(s) for
denying the request for an amendment
or correction of the record.
(2) FHFA will notify all persons,
organizations, or Federal agencies to
which it previously disclosed the
disputed record, if an accounting of that
disclosure was made, that the record is
disputed and provide your Statement of
Disagreement and the FHFA concise
statement, if any. Whenever the
disputed record is subsequently
disclosed, a copy of your Statement of
E:\FR\FM\14JYR1.SGM
14JYR1
Federal Register / Vol. 74, No. 133 / Tuesday, July 14, 2009 / Rules and Regulations
(a) Must I agree to pay fees? Your
Privacy Act request is your agreement to
pay all applicable fees, unless you
specify a limit on the amount of fees
you agree to pay. FHFA will not exceed
the specified limit without your written
agreement.
(b) How does FHFA calculate fees?
FHFA will charge a fee for duplication
of a record under the Privacy Act in the
same way it charges for duplication of
records under FOIA (5 U.S.C. 552) in 12
CFR 1202.11. There are no fees to search
for or review records.
(1) Records are protected from public
view;
(2) The area in which records are kept
is supervised during business hours to
prevent unauthorized persons from
having access to them;
(3) Records are inaccessible to
unauthorized persons outside of
business hours; and
(4) Records are not disclosed to
unauthorized persons or under
unauthorized circumstances in either
oral or written form.
(b) Is access to records restricted?
Access to records is restricted only to
authorized employees who require
access in order to perform their official
duties.
§ 1204.7 Are there any exemptions from
the Privacy Act?
§ 1204.9 Does FHFA collect and use Social
Security numbers?
Disagreement and the FHFA concise
statement, if any, will also be disclosed.
§ 1204.6 What does it cost to get records
under the Privacy Act?
(a) What is a Privacy Act exemption?
The Privacy Act allows the Director to
exempt records or information in a
system of records from some of the
Privacy Act requirements, if the Director
determines that the exemption is
necessary.
(b) How do I know if the records or
information I want are exempt? (1) Each
notice of a system of records will advise
you if the Director has determined
records or information in records are
exempt from Privacy Act requirements.
If the Director has claimed an
exemption for a system of records, the
System of Records Notice will identify
the exemption and the provisions of the
Privacy Act from which the system is
exempt.
(2) Until superseded by FHFA
Systems of Records, the following
OFHEO and FHFB Systems of Records
are, under 5 U.S.C. 552a(k)(2) or (k)(5),
exempt from the Privacy Act
requirements of 5 U.S.C. 552a(c)(3), (d),
(e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and
(f):
(i) OFHEO–11 Litigation and
Enforcement Information System;
(ii) FHFB–5 Agency Personnel
Investigative Records; and
(iii) FHFB–6 Office of Inspector
General Audit and Investigative
Records.
hsrobinson on PROD1PC76 with RULES
§ 1204.8
How are records secured?
(a) What controls must FHFA have in
place? Each FHFA office must establish
administrative and physical controls to
prevent unauthorized access to its
systems of records, unauthorized or
inadvertent disclosure of records, and
physical damage to or destruction of
records. The stringency of these controls
should correspond to the sensitivity of
the records that the controls protect. At
a minimum, the administrative and
physical controls must ensure that:
VerDate Nov<24>2008
16:05 Jul 13, 2009
Jkt 217001
FHFA collects Social Security
numbers only when it is necessary and
authorized. At least annually, the
Privacy Act Officer or the Senior
Agency Official for Privacy will inform
employees who are authorized to collect
information that:
(a) Individuals may not be denied any
right, benefit, or privilege as a result of
refusing to provide their Social Security
numbers, unless the collection is
authorized either by a statute or by a
regulation issued prior to 1975; and
(b) They must inform individuals who
are asked to provide their Social
Security numbers:
(1) If providing a Social Security
number is mandatory or voluntary;
(2) If any statutory or regulatory
authority authorizes collection of a
Social Security number; and
(3) The uses that will be made of the
Social Security number.
§ 1204.10 What are FHFA employee
responsibilities under the Privacy Act?
At least annually, the Privacy Act
Officer or the Senior Agency Official for
Privacy will inform employees about the
provisions of the Privacy Act, including
the Privacy Act’s civil liability and
criminal penalty provisions. Unless
otherwise permitted by law, an
authorized FHFA employee shall:
(a) Collect from individuals only
information that is relevant and
necessary to discharge FHFA
responsibilities;
(b) Collect information about an
individual directly from that individual
whenever practicable;
(c) Inform each individual from whom
information is collected of:
(1) The legal authority to collect the
information and whether providing it is
mandatory or voluntary;
(2) The principal purpose for which
FHFA intends to use the information;
PO 00000
Frm 00011
Fmt 4700
Sfmt 4700
33911
(3) The routine uses FHFA may make
of the information; and
(4) The effects on the individual, if
any, of not providing the information.
(d) Ensure that the employee’s office
does not maintain a system of records
without public notice and notify
appropriate officials of the existence or
development of any system of records
that is not the subject of a current or
planned public notice.
(e) Maintain all records that are used
in making any determination about an
individual with such accuracy,
relevance, timeliness, and completeness
as is reasonably necessary to ensure
fairness to the individual in the
determination.
(f) Except for disclosures made under
the FOIA, make reasonable efforts, prior
to disseminating any record about an
individual, to ensure that the record is
accurate, relevant, timely, and complete.
(g) When required by the Privacy Act,
maintain an accounting in the specified
form of all disclosures of records by
FHFA to persons, organizations, or
Federal agencies.
(h) Maintain and use records with
care to prevent the unauthorized or
inadvertent disclosure of a record to
anyone.
(i) Notify the appropriate official of
any record that contains information
that the Privacy Act does not permit
FHFA to maintain.
CHAPTER XVII—OFFICE OF FEDERAL
HOUSING ENTERPRISE OVERSIGHT,
DEPARTMENT OF HOUSING AND URBAN
DEVELOPMENT
PART 1702—[REMOVED]
■
3. Remove part 1702.
Dated: July 9, 2009.
James B. Lockhart III,
Director, Federal Housing Finance Agency.
[FR Doc. E9–16678 Filed 7–13–09; 8:45 am]
BILLING CODE 8070–01–P
SMALL BUSINESS ADMINISTRATION
13 CFR Part 107
RIN 3245–AF92
Small Business Investment
Companies—Leverage Eligibility and
Portfolio Diversification Requirements
AGENCY: U.S. Small Business
Administration.
ACTION: Interim final rule.
SUMMARY: This interim final rule
implements certain provisions of the
American Recovery and Reinvestment
Act of 2009 affecting small business
E:\FR\FM\14JYR1.SGM
14JYR1
Agencies
[Federal Register Volume 74, Number 133 (Tuesday, July 14, 2009)]
[Rules and Regulations]
[Pages 33907-33911]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-16678]
[[Page 33907]]
=======================================================================
-----------------------------------------------------------------------
FEDERAL HOUSING FINANCE BOARD
12 CFR Part 913
FEDERAL HOUSING FINANCE AGENCY
12 CFR Part 1204
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
Office of Federal Housing Enterprise Oversight
12 CFR Part 1702
RIN 2590-AA07
Privacy Act Implementation
AGENCIES: Federal Housing Finance Board; Federal Housing Finance
Agency; Office of Federal Housing Enterprise Oversight.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Federal Housing Finance Agency (FHFA) is issuing a final
regulation to provide the procedures and guidelines under which it will
implement the Privacy Act of 1974, as amended. The regulation provides
the policies and procedures whereby individuals may obtain notification
of whether an FHFA system of records contains information about the
individual and, if so, how to access or amend a record under the
Privacy Act. Upon adoption of this regulation the Privacy Act
regulations of the Federal Housing Finance Board and the Office of
Federal Housing Enterprise Oversight, will be removed.
DATES: The effective date of this regulation is: July 14, 2009.
FOR FURTHER INFORMATION CONTACT: David A. Lee, Senior Agency Official
for Privacy, telephone (202) 408-2514 (not a toll free number), Federal
Housing Finance Agency, 1625 Eye Street, NW., Washington, DC 20006. The
telephone number for the Telecommunications Device for the Deaf is
(800) 877-8339.
SUPPLEMENTARY INFORMATION:
I. Background
A. Privacy Act
The Privacy Act of 1974 serves to balance the Federal Government's
need to maintain information about individuals while protecting
individuals against unwarranted invasions of privacy stemming from
Federal agencies' collection, maintenance, use, security, and
disclosure of personal information about them that is contained in
systems of records.
The Privacy Act requires each Federal agency to publish rules
describing its Privacy Act procedures and any system of records it
exempts from provisions of the Privacy Act, including the reasons for
the exemption.
Pursuant to the Privacy Act, FHFA will inform the public of each
system of records it maintains by separately publishing notices of each
system of records in the Federal Register and also on the FHFA Web site
at http://www.fhfa.gov. The notices will describe the standards for
FHFA employees, regarding collection, use, maintenance, or disclosure
of records in the system and identify whether information in the system
is exempt from provisions of the Privacy Act. The system manager
responsible for the system will also be identified and any other
contact information will be included. Moreover, notices will inform
individuals with detailed information regarding the exercise of their
rights, such as what procedures to take to determine whether a system
contains a record pertaining to them, how to access those records
pertaining to them, how to seek to amend or correct information in a
record about them, or, how to contest adverse determinations with
respect to such a record.
B. Establishment of the Federal Housing Finance Agency
The Housing and Economic Recovery Act of 2008 (HERA), Public Law
No. 110-289, 122 Stat. 2654, amended the Federal Housing Enterprises
Financial Safety and Soundness Act of 1992 (Safety and Soundness Act)
(12 U.S.C. 4501 et seq.) and the Federal Home Loan Bank Act (12 U.S.C.
1421-1449) to establish FHFA as an independent agency of the Federal
Government \1\ to ensure that the Federal National Mortgage
Association, the Federal Home Loan Mortgage Corporation (collectively,
the Enterprises), and the Federal Home Loan Banks (Banks)
(collectively, the regulated entities) are capitalized adequately;
foster liquid, efficient, competitive and resilient national housing
finance markets; operate in a safe and sound manner; comply with the
Safety and Soundness Act and rules, regulations, guidelines and orders
issued under the Act, and the respective authorizing statutes of the
regulated entities; and carry out their missions through activities
authorized and consistent with the Safety and Soundness Act and their
authorizing statutes; and, that the activities and operations of the
regulated entities are consistent with the public interest.
---------------------------------------------------------------------------
\1\ See Division A, titled the ``Federal Housing Finance
Regulatory Reform Act of 2008,'' Title I, Sec. 1101 of HERA.
---------------------------------------------------------------------------
The Office of Federal Housing Enterprise Oversight (OFHEO) and the
Federal Housing Finance Board (FHFB) will be abolished one year after
enactment of HERA. However, the regulated entities continue to operate
under regulations promulgated by OFHEO and FHFB; and such regulations
are enforceable by the Director of FHFA until such regulations are
modified, terminated, set aside, or superseded by the Director.\2\
---------------------------------------------------------------------------
\2\ See Sec. Sec. 1302 and 1312 of HERA (12 U.S.C. 4511 note).
---------------------------------------------------------------------------
Section 1201 of HERA requires the Director, prior to promulgating
regulations relating to the Banks, to consider the differences between
the Banks and the Enterprises.\3\ The Director considered the
differences between the Banks and the Enterprises as they relate to the
above factors and determined that pending the publication of
consolidated Systems of Records Notices, FHFA will maintain the Systems
of Records established by FHFB and OFHEO, respectively.
---------------------------------------------------------------------------
\3\ See Sec. 1313 of the Safety and Soundness Act (12 U.S.C.
4513), as amended.
---------------------------------------------------------------------------
C. Proposed Rulemaking
The FHFA published a proposed Privacy Act Implementation regulation
for public comment in the Federal Register, 74 FR 22842 (May 15, 2009).
No comments were received. Accordingly, the proposed regulation is
adopted as a final regulation with only minor editorial changes.
II. Section-by-Section Analysis
Section 1204.1 Why Did FHFA Issue This Part?
This section describes the purpose of the regulation, which is to
implement the Privacy Act, and explains FHFA general policies and
procedures for individuals requesting access to records, amending or
correcting records, and requesting an accounting of disclosures of
records.
Section 1204.2 What Do the Terms in this Part Mean?
This section sets forth definitions of some terms in this part.
Section 1204.3 How Do I Make a Privacy Act Request?
This section explains what an individual must do to submit a valid
request to FHFA for access to records or information to amend or
correct records or for an accounting of disclosures of records. It also
describes the information an individual is to provide,
[[Page 33908]]
allowing FHFA to identify the records sought and determine whether the
request can be granted.
Section 1204.4 How Will FHFA Respond to my Privacy Act Request?
This section describes the period of time within which FHFA will
respond to requests. It also explains that FHFA will grant or deny
requests in writing, provide reasons if a request is denied in whole or
in part, and explain the right of appeal.
Section 1204.5 What if I am Dissatisfied With the FHFA Response to my
Privacy Act Request?
This section describes when and how an individual may appeal FHFA
determination on a Privacy Act request and how and within what period
of time FHFA will make determinations on an appeal.
Section 1204.6 What Does It Cost to Get Records Under the Privacy Act?
This section explains that requesters are expected to pay fees for
the duplication of records that they requested.
Section 1204.7 Are There Any Exemptions From the Privacy Act?
This section explains that some exemptions from the Privacy Act
exist, how they are made effective, what the effect of an exemption is,
and how to identify if an exemption applies.
Section 1204.8 How Are Records Secured?
This section explains how FHFA generally protects records under the
Privacy Act.
Section 1204.9 Does FHFA Collect and Use Social Security Numbers?
This section explains that FHFA collects Social Security numbers
only when authorized and describes the conditions under which they may
be collected.
Section 1204.10 What Are FHFA Employee Responsibilities Under the
Privacy Act?
This section lists the responsibilities of FHFA employees under the
Privacy Act.
Regulatory Impacts
Paperwork Reduction Act
The final regulation does not contain any information collection
requirement that requires the approval of the Office of Management and
Budget under the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).
Regulatory Flexibility Act
The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires that
a regulation that has a significant economic impact on a substantial
number of small entities, small businesses, or small organizations
include an initial regulatory flexibility analysis describing the
regulation's impact on small entities. Such an analysis need not be
undertaken if the agency has certified that the regulation does not
have a significant economic impact on a substantial number of small
entities. 5 U.S.C. 605(b). FHFA has considered the impact of the
regulation under the Regulatory Flexibility Act. The General Counsel of
FHFA certifies that the regulation is not likely to have a significant
economic impact on a substantial number of small business entities
because the regulation is applicable to the internal operations and
legal obligations of FHFA.
List of Subjects
12 CFR Part 913
Administrative practice and procedure, Archives and records,
Freedom of information, Privacy.
12 CFR Part 1204
Accounting, Amendment, Appeals, Correction, Disclosure, Exemptions,
Fees, Records, Requests, Privacy Act, Social Security numbers.
12 CFR Part 1702
Privacy.
Authority and Issuance
0
Accordingly, for the reasons stated in the preamble, under 12 U.S.C.
4526, FHFA amends Title 12 CFR Chapters IX, XII and XVII as follows:
CHAPTER IX--FEDERAL HOUSING FINANCE BOARD
PART 913--[REMOVED]
0
1. Remove part 913.
CHAPTER XII--FEDERAL HOUSING FINANCE AGENCY
0
2. Add part 1204 to subchapter A as set forth below.
PART 1204--PRIVACY ACT IMPLEMENTATION
Sec.
1204.1 Why did FHFA issue this part?
1204.2 What do the terms in this part mean?
1204.3 How do I make a Privacy Act request?
1204.4 How will FHFA respond to my Privacy Act request?
1204.5 What if I am dissatisfied with the FHFA response to my
Privacy Act request?
1204.6 What does it cost to get records under the Privacy Act?
1204.7 Are there any exemptions from the Privacy Act?
1204.8 How are records secured?
1204.9 Does FHFA collect and use Social Security numbers?
1204.10 What are FHFA employee responsibilities under the Privacy
Act?
Authority: 5 U.S.C. 552a.
Sec. 1204.1 Why did FHFA issue this part?
FHFA issued this part to:
(a) Implement the Privacy Act of 1974, 5 U.S.C. 552a, as amended
(Privacy Act), a Federal law that helps protect private information
about individuals that Federal agencies collect or maintain. You should
read this part together with the Privacy Act, which provides additional
information about records maintained on individuals;
(b) Establish rules that apply to all FHFA maintained systems of
records retrieved by an individual's name or other personal identifier;
(c) Describe procedures through which you may request access to
records, request amendment or correction of those records, and request
an accounting of disclosures of those records by FHFA;
(d) Inform you, that when it is appropriate to do so, FHFA
automatically processes a Privacy Act request for access to records
under both the Privacy Act and the FOIA, following the rules contained
in this part and part 1202 of this subchapter so you will receive the
maximum amount of information available to you by law; and
(e) Notify you that this regulation does not entitle you to any
service or to the disclosure of any record to which you are not
entitled under the Privacy Act. It also does not, and may not be relied
upon to create any substantive or procedural right or benefit
enforceable against FHFA.
Sec. 1204.2 What do the terms in this part mean?
The following definitions apply to the terms used in this part--
Access means making a record available to a subject individual.
Amendment means any correction of, addition to, or deletion from a
record.
Court means any entity conducting a legal proceeding.
FHFA means the Federal Housing Finance Agency.
FHFB means the Federal Housing Finance Board.
FOIA means the Freedom of Information Act, as amended (5 U.S.C.
552).
Individual means a natural person who is either a citizen ofhe
United States of America or an alien lawfully admitted for permanent
residence.
[[Page 33909]]
Maintain includes collect, use, disseminate, or control.
OFHEO means the Office of Federal Housing Enterprise Oversight.
Privacy Act means the Privacy Act of 1974, as amended (5 U.S.C.
552a).
Privacy Act Appeals Officer means the FHFA employee who has been
delegated the authority to determine Privacy Act appeals.
Privacy Act Officer means the FHFA employee who has primary
responsibility for privacy and data protection policy and is authorized
to determine Privacy Act requests.
Record means any item, collection, or grouping of information about
an individual that FHFA maintains within a system of records,
including, but not limited to, the individual's name, an identifying
number, symbol, or other identifying particular assigned to the
individual, such as a finger or voice print or photograph.
Routine use means the purposes for which records and information
contained in a system of records may be disclosed by FHFA without the
consent of the subject of the record. Routine uses for records are
identified in each System of Records Notice. Routine use does not
include disclosure that subsection (b) of the Privacy Act (5 U.S.C.
552a(b)) otherwise permits.
Senior Agency Official for Privacy means the FHFA employee
delegated the authority and responsibility to oversee and supervise the
FHFA privacy program and implementation of the Privacy Act.
System of records means a group of records FHFA maintains or
controls from which information is retrieved by the name of an
individual or by some identifying number, symbol, or other identifying
particular assigned to the individual. Single records or groups of
records that are not retrieved by a personal identifier are not part of
a system of records.
Sec. 1204.3 How do I make a Privacy Act request?
(a) What is a valid request? In general, a Privacy Act request can
be made on your own behalf for records or information about you. You
can make a Privacy Act request on behalf of another individual as the
parent or guardian of a minor or as the guardian of someone determined
by a court to be incompetent. You also may request access to another
individual's record or information if you have that individual's
written consent, unless other conditions of disclosure apply (5 U.S.C.
552a(b)(1) through (12)).
(b) How and where do I make a request? Your request must be in
writing. You may appear in person to submit your written request to the
Privacy Act Officer, or send your written request to the Privacy Act
Officer by electronic mail, regular mail, or fax. The electronic mail
address is: privacy@fhfa.gov. The regular mail address is: Privacy Act
Officer, Federal Housing Finance Agency, 1625 Eye Street, NW.,
Washington, DC 20006. The fax number is: (202) 408-2530. For the
quickest possible handling, you should mark your electronic mail,
letter, or fax and the subject line, envelope, or fax cover sheet
``Privacy Act Request.''
(c) What must the request include? You must describe the record
that you want in enough detail to enable the Privacy Act Officer to
locate the system of records containing it with a reasonable amount of
effort. Your request should include specific information about each
record sought, such as the time period in which you believe it was
compiled, the name or identifying number of each system of records in
which you believe it is kept, and the date, title or name, author,
recipient, and subject matter of the record. As a general rule, the
more specific you are about the record that you want, the more likely
FHFA will be able to locate it in response to your request.
(d) How do I request amendment or correction of a record? If you
are requesting an amendment or correction of any FHFA record, you
should identify each particular record in question and the systems of
records in which the record is located, describe the amendment or
correction that you want, and state why you believe that the record is
not accurate, relevant, timely, or complete. You may submit any
documentation that you think would be helpful, including an annotated
copy of the record.
(e) How do I request for an accounting of disclosures? If you are
requesting an accounting of disclosures by FHFA of a record to another
person, organization, or Federal agency, you should identify each
particular record in question. An accounting generally includes the
date, nature, and purpose of each disclosure, as well as the name and
address of the person, organization, or Federal agency to which the
disclosure was made.
(f) Must I verify my identity? When making requests under the
Privacy Act, your request must verify your identity to protect your
privacy or the privacy of the individual on whose behalf you are
acting. If you make a Privacy Act request and you do not follow these
identity verification procedures, FHFA cannot process your request.
(1) How do I verify my identity? To verify your identity, you must
state your full name, current address, and date and place of birth. In
order to help identify and locate the records you request, you also
may, at your option, include your Social Security number. If you make
your request in person and your identity is not known to the Privacy
Act Officer, you must provide either two forms of identification with
photographs, or one form of identification with a photograph and a
properly authenticated birth certificate. If you make your request by
mail, your signature either must be notarized or submitted under 28
U.S.C. 1746, a law that permits statements to be made under penalty of
perjury as a substitute for notarization. You may fulfill this
requirement by having your signature on your request letter witnessed
by a notary or by including the following statement just before the
signature on your request letter: ``I declare under penalty of perjury
that the foregoing is true and correct. Executed on [date].''
(2) How do I verify parentage or guardianship? If you make a
Privacy Act request as the parent or guardian of a minor or as the
guardian of someone determined by a court to be incompetent, with
respect to records or information about that individual, you must
establish:
(i) The identity of the individual who is the subject of the
record, by stating the individual's name, current address, date and
place of birth, and, at your option, the Social Security number of the
individual;
(ii) Your own identity, as required in paragraph (f)(1) of this
section;
(iii) That you are the parent or guardian of the individual, which
you may prove by providing a properly authenticated copy of the
individual's birth certificate showing your parentage or a properly
authenticated court order establishing your guardianship; and
(iv) That you are acting on behalf of the individual in making the
request.
Sec. 1204.4 How will FHFA respond to my Privacy Act request?
(a) How will FHFA locate the requested records? FHFA will search to
determine if requested records exist in the systems of records it owns
or controls. You can find descriptions of FHFA systems of records on
its Web site at http://www.fhfa.gov, or by linking to http://www.ofheo.gov and http://www.fhfb.gov, as appropriate. You can also
find descriptions of OFHEO and FHFB systems of records that have not
been superseded on the FHFA Web site. A description of the systems of
records also is available in the ``Privacy Act
[[Page 33910]]
Issuances'' compilation published by the Office of the Federal Register
of the National Archives and Records Administration. You can access the
``Privacy Act Issuances'' compilation in most large reference and
university libraries or electronically at the Government Printing
Office Web site at: http://www.gpoaccess.gov/privacyact/index.html. You
also can request a copy of FHFA systems of records from the Privacy Act
Officer.
(b) How long does FHFA have to respond? The Privacy Act Officer
generally will respond to your request in writing within 20 business
days after receiving it, if it meets the requirements of Sec. 1204.3.
FHFA may extend the response time in unusual circumstances, such as
when consultation is needed with another Federal agency (if that agency
is subject to the Privacy Act) about a record or to retrieve a record
shipped offsite for storage. If you submit your written request in
person, the Privacy Act Officer may disclose records or information to
you directly with a written record made of the grant of the request. If
you are to be accompanied by another person when accessing your record
or any information pertaining to you, FHFA may require your written
authorization before permitting access or discussing the record in the
presence of the other person.
(c) What will the FHFA response include? The written response will
include a determination to grant or deny your request in whole or in
part, a brief explanation of the reasons for the determination, and the
amount of the fee charged, if any, under Sec. 1204.6. If you are
granted a request to access a record, FHFA will make the record
available to you. If you are granted a request to amend or correct a
record, the response will describe any amendments or corrections made
and advise you of your right to obtain a copy of the amended or
corrected record.
(d) What is an adverse determination? An adverse determination is a
determination on a Privacy Act request that:
(1) Withholds any requested record in whole or in part;
(2) Denies a request for an amendment or correction of a record in
whole or in part;
(3) Declines to provide a requested accounting of disclosures;
(4) Advises that a requested record does not exist or cannot be
located;
(5) Finds what has been requested is not a record subject to the
Privacy Act; or
(6) Addresses any disputed fee matter.
(e) What will be stated in a response that includes an adverse
determination? If the Privacy Act Officer makes an adverse
determination with respect to your request, the written response under
this section will state that the Privacy Act Officer is the person
responsible for the adverse determination, that the adverse
determination is not a final action of FHFA, and that you may appeal
the adverse determination under Sec. 1204.5.
Sec. 1204.5 What if I am dissatisfied with the FHFA response to my
Privacy Act request?
(a) May I appeal the response? You may appeal any adverse
determination made by the Privacy Act Officer in response to your
Privacy Act request. If you wish to seek review by a court of any
adverse determination or denial of a request, you first must appeal it
under this section.
(b) How do I appeal the response? (1) You may appeal by submitting
a written appeal stating the reasons you believe the adverse
determination should be overturned. FHFA must receive your written
appeal within 30 business days of the date of the Privacy Act Officer's
determination under Sec. 1204.4. Your written appeal may include as
much or as little related information as you wish, as long as it
clearly identifies the determination (including the request number, if
known) that you are appealing.
(2) You should transmit your written appeal addressed to the
Privacy Act Appeals Officer by electronic mail, regular mail, or fax.
The electronic mail address is: privacy@fhfa.gov. The regular mail
address is: Privacy Act Appeals Officer, Federal Housing Finance
Agency, 1700 G Street, NW., Fourth Floor, Washington, DC 20552. The fax
number is: (202) 414-6504. For the quickest possible handling, you
should mark your electronic mail, letter, or fax and the subject line,
envelope, or fax cover sheet ``Privacy Act Appeal.'' FHFA ordinarily
will not act on an appeal if the Privacy Act request becomes a matter
of Privacy Act litigation.
(c) Who has the authority to grant or deny appeals? The Privacy Act
Appeals Officer is authorized to act on behalf of the Director on all
appeals under this section.
(d) When will FHFA respond to my appeal? FHFA generally will
respond to you in writing within 30 business days of receipt of an
appeal that meets the requirements of paragraph (b) of this section,
unless for good cause shown, the Director extends the response time.
(e) What will the FHFA response include? The written response will
include the determination of the Privacy Act Appeals Officer; whether
to grant or deny your appeal in whole or in part, a brief explanation
of the reasons for the determination, and information about the Privacy
Act provisions for court review of the determination.
(1) If your appeal concerns a request for access to records or
information and the appeal determination grants your access, the
records or information, if any, will be made available to you.
(2)(i) If your appeal concerns an amendment or correction of a
record and the appeal determination grants your request for an
amendment or correction, the response will describe any amendment or
correction made to the record and advise you of your right to obtain a
copy of the amended or corrected record under this part. FHFA will
notify all persons, organizations, or Federal agencies to which it
previously disclosed the record, if an accounting of that disclosure
was made, that the record has been amended or corrected. Whenever the
record is subsequently disclosed, the record will be disclosed as
amended or corrected.
(ii) If the response to your appeal denies your request for an
amendment or correction to a record, the response will advise you of
your right to file a Statement of Disagreement under paragraph (f) of
this section.
(f) What is a Statement of Disagreement? (1) A Statement of
Disagreement is a concise written statement in which you clearly
identify each part of any record that you dispute and explain your
reason(s) for disagreeing with the Privacy Act Appeals Officer's denial
in whole or in part of your appeal requesting amendment or correction.
Your Statement of Disagreement must be received by the Privacy Act
Officer within 30 business days of the Privacy Act Appeals Officer's
denial in whole or in part of your appeal concerning amendment or
correction of a record. FHFA will place your Statement of Disagreement
in the system(s) of records in which the disputed record is maintained.
FHFA also may append a concise statement of its reason(s) for denying
the request for an amendment or correction of the record.
(2) FHFA will notify all persons, organizations, or Federal
agencies to which it previously disclosed the disputed record, if an
accounting of that disclosure was made, that the record is disputed and
provide your Statement of Disagreement and the FHFA concise statement,
if any. Whenever the disputed record is subsequently disclosed, a copy
of your Statement of
[[Page 33911]]
Disagreement and the FHFA concise statement, if any, will also be
disclosed.
Sec. 1204.6 What does it cost to get records under the Privacy Act?
(a) Must I agree to pay fees? Your Privacy Act request is your
agreement to pay all applicable fees, unless you specify a limit on the
amount of fees you agree to pay. FHFA will not exceed the specified
limit without your written agreement.
(b) How does FHFA calculate fees? FHFA will charge a fee for
duplication of a record under the Privacy Act in the same way it
charges for duplication of records under FOIA (5 U.S.C. 552) in 12 CFR
1202.11. There are no fees to search for or review records.
Sec. 1204.7 Are there any exemptions from the Privacy Act?
(a) What is a Privacy Act exemption? The Privacy Act allows the
Director to exempt records or information in a system of records from
some of the Privacy Act requirements, if the Director determines that
the exemption is necessary.
(b) How do I know if the records or information I want are exempt?
(1) Each notice of a system of records will advise you if the Director
has determined records or information in records are exempt from
Privacy Act requirements. If the Director has claimed an exemption for
a system of records, the System of Records Notice will identify the
exemption and the provisions of the Privacy Act from which the system
is exempt.
(2) Until superseded by FHFA Systems of Records, the following
OFHEO and FHFB Systems of Records are, under 5 U.S.C. 552a(k)(2) or
(k)(5), exempt from the Privacy Act requirements of 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f):
(i) OFHEO-11 Litigation and Enforcement Information System;
(ii) FHFB-5 Agency Personnel Investigative Records; and
(iii) FHFB-6 Office of Inspector General Audit and Investigative
Records.
Sec. 1204.8 How are records secured?
(a) What controls must FHFA have in place? Each FHFA office must
establish administrative and physical controls to prevent unauthorized
access to its systems of records, unauthorized or inadvertent
disclosure of records, and physical damage to or destruction of
records. The stringency of these controls should correspond to the
sensitivity of the records that the controls protect. At a minimum, the
administrative and physical controls must ensure that:
(1) Records are protected from public view;
(2) The area in which records are kept is supervised during
business hours to prevent unauthorized persons from having access to
them;
(3) Records are inaccessible to unauthorized persons outside of
business hours; and
(4) Records are not disclosed to unauthorized persons or under
unauthorized circumstances in either oral or written form.
(b) Is access to records restricted? Access to records is
restricted only to authorized employees who require access in order to
perform their official duties.
Sec. 1204.9 Does FHFA collect and use Social Security numbers?
FHFA collects Social Security numbers only when it is necessary and
authorized. At least annually, the Privacy Act Officer or the Senior
Agency Official for Privacy will inform employees who are authorized to
collect information that:
(a) Individuals may not be denied any right, benefit, or privilege
as a result of refusing to provide their Social Security numbers,
unless the collection is authorized either by a statute or by a
regulation issued prior to 1975; and
(b) They must inform individuals who are asked to provide their
Social Security numbers:
(1) If providing a Social Security number is mandatory or
voluntary;
(2) If any statutory or regulatory authority authorizes collection
of a Social Security number; and
(3) The uses that will be made of the Social Security number.
Sec. 1204.10 What are FHFA employee responsibilities under the
Privacy Act?
At least annually, the Privacy Act Officer or the Senior Agency
Official for Privacy will inform employees about the provisions of the
Privacy Act, including the Privacy Act's civil liability and criminal
penalty provisions. Unless otherwise permitted by law, an authorized
FHFA employee shall:
(a) Collect from individuals only information that is relevant and
necessary to discharge FHFA responsibilities;
(b) Collect information about an individual directly from that
individual whenever practicable;
(c) Inform each individual from whom information is collected of:
(1) The legal authority to collect the information and whether
providing it is mandatory or voluntary;
(2) The principal purpose for which FHFA intends to use the
information;
(3) The routine uses FHFA may make of the information; and
(4) The effects on the individual, if any, of not providing the
information.
(d) Ensure that the employee's office does not maintain a system of
records without public notice and notify appropriate officials of the
existence or development of any system of records that is not the
subject of a current or planned public notice.
(e) Maintain all records that are used in making any determination
about an individual with such accuracy, relevance, timeliness, and
completeness as is reasonably necessary to ensure fairness to the
individual in the determination.
(f) Except for disclosures made under the FOIA, make reasonable
efforts, prior to disseminating any record about an individual, to
ensure that the record is accurate, relevant, timely, and complete.
(g) When required by the Privacy Act, maintain an accounting in the
specified form of all disclosures of records by FHFA to persons,
organizations, or Federal agencies.
(h) Maintain and use records with care to prevent the unauthorized
or inadvertent disclosure of a record to anyone.
(i) Notify the appropriate official of any record that contains
information that the Privacy Act does not permit FHFA to maintain.
CHAPTER XVII--OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT,
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
PART 1702--[REMOVED]
0
3. Remove part 1702.
Dated: July 9, 2009.
James B. Lockhart III,
Director, Federal Housing Finance Agency.
[FR Doc. E9-16678 Filed 7-13-09; 8:45 am]
BILLING CODE 8070-01-P