Office of the Secretary of Defense and Joint Staff Privacy Program, 56113-56117 [E9-26183]
Download as PDF
<![CDATA[
Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations
srobinson on DSKHWCL6B1PROD with RULES
deemed NOL to $8,000. Therefore, X has an
$8,000 excess net operating loss (excess
deemed NOL) to allocate to its shareholders.
Under paragraph (d)(2)(ii)(C) of this section,
none of the $8,000 excess deemed NOL is
allocated to C because C’s section 1366(d)
losses and deductions immediately prior to
the section 108(b)(2)(A) reduction ($2,000) do
not exceed C’s share of the excluded COD
income for 2008 ($3,000). However, each of
A’s and B’s respective section 1366(d) losses
and deductions immediately prior to the
section 108(b)(2)(A) reduction exceed each of
A’s and B’s respective shares of the excluded
COD income for 2009. A’s excess amount is
$2,000 ($5,000¥$3,000) and B’s excess
amount is $7,000 ($13,000¥$6,000).
Therefore, the total of all shareholders’
excess amounts is $9,000. Under paragraph
(d)(2) of this section, X will allocate
$1,777.78 of the $8,000 excess deemed NOL
to A ($8,000 × $2,000/$9,000) and $6,222.22
of the $8,000 excess deemed NOL to B
($8,000 × $7,000/$9,000). However, because
A transferred all of her shares of stock in X
in a transaction not described in section
1041(a), A’s $1,777.78 of section 1366(d)
losses and deductions are permanently
disallowed under paragraph (d)(2)(iii) of this
section. Accordingly, at the beginning of
2010, B has $6,222.22 of section 1366(d)(2)
carryovers and C has no section 1366(d)(2)
carryovers.
Example 7. The facts are the same as in
Example 6, except that X, with the consent
of A and C, makes a terminating election
under section 1377(a)(2) upon A’s sale of her
stock in X to C. Therefore, the COD income
(had it not been excluded) would have been
allocated $6,000 to A, $6,000 to B, and $0 to
C. Under paragraph (d)(2)(ii)(C) of this
section, none of the $8,000 excess deemed
NOL is allocated to A because A’s section
1366(d) losses and deductions immediately
prior to the section 108(b)(2)(A) reduction
($5,000) do not exceed A’s share of the
excluded COD income for 2009 ($6,000).
However, each of B’s and C’s respective
section 1366(d) losses and deductions
immediately prior to the section 108(b)(2)(A)
reduction exceed each of B’s and C’s
respective shares of the excluded COD
income for 2009. B’s excess amount is $7,000
($13,000¥$6,000), C’s excess amount is
$2,000 ($2,000¥$0). Therefore, the total of
all shareholders’ excess amounts is $9,000.
Under paragraph (d)(2) of this section, X will
allocate $6,222.22 of the $8,000 excess
deemed NOL to B ($8,000 × $7,000/$9,000)
and $1,777.78 of the $8,000 excess deemed
NOL to C. Accordingly, at the beginning of
2010, B has $6,222.22 of section 1366(d)(2)
carryovers and C has $1,777.78 of section
1366(d)(2) carryovers.
(f) Effective/applicability date—(1)
Paragraphs (a), (b), (c), and Examples 1,
2, 3, and 4 of paragraph (e) of this
section apply to discharges of
indebtedness occurring on or after May
10, 2004.
(2) Paragraph (d) and Examples 5, 6,
and 7 of paragraph (e) of this section
apply to discharges of indebtedness
occurring on or after October 30, 2009.
VerDate Nov<24>2008
16:17 Oct 29, 2009
Jkt 220001
PART 602—OMB CONTROL NUMBERS
UNDER THE PAPERWORK
REDUCTION ACT
Par. 3. The authority citation for part
602 continues to read as follows:
■
Authority: 26 U.S.C. 7805.
Par. 4. In § 602.101, paragraph (b) is
amended by adding the following entry
in numerical order to the table to read
as follows:
■
§ 602.101
*
OMB Control numbers.
*
*
(b) * * *
*
*
CFR part or section where
identified and described
Current OMB
control No.
*
*
*
1.108–7 .................................
*
*
*
1545–2155
*
*
Approved: October 21, 2009.
Linda E. Stiff,
Deputy Commissioner for Services and
Enforcement.
Michael Mundaca,
Acting Assistant Secretary of the Treasury
(Tax Policy).
[FR Doc. E9–26152 Filed 10–29–09; 8:45 am]
56113
comments received on the
corresponding DoD administrative
instruction: A reordering of some
sections was accomplished to facilitate
readability. A new section ‘‘OSD/JS
Privacy Office Processes’’ was added to
define the role of the OSD/JS Privacy
Office in the program.
Executive Order 12866, ‘‘Regulatory
Planning and Review’’
It has been certified that 32 CFR part
311 does not:
(1) Have an annual effect on the
economy of $100 million or more or
adversely affect in a material way the
economy; a section of the economy;
productivity; competition; jobs; the
environment; public health or safety; or
State, local, or tribunal governments or
communities;
(2) Create a serious inconsistency or
otherwise interfere with an action taken
or planned by another Agency;
(3) Materially alter the budgetary
impact of entitlements, grants, user fees,
or loan programs, or the rights and
obligations of recipients thereof; or
(4) Raise novel legal or policy issues
arising out of legal mandates, the
President’s priorities, or the principles
set forth in this Executive Order 12866,
as amended by Executive Order 13422.
BILLING CODE 4830–01–P
Sec. 202, Pub. L. 104–4, ‘‘Unfunded
Mandates Reform Act’’
DEPARTMENT OF DEFENSE
32 CFR Part 311
It has been certified that 32 CFR part
311 does not contain a Federal mandate
that may result in the expenditure by
State, local and tribunal governments, in
aggregate, or by the private sector, of
$100 million or more in any one year.
Office of the Secretary of Defense and
Joint Staff Privacy Program
Public Law 96–354, ‘‘Regulatory
Flexibility Act’’ (5 U.S.C. 601)
Office of the Secretary
[DoD–2006–OS–0033; RIN 0790–AI26]
Department of Defense.
ACTION: Final rule.
AGENCY:
SUMMARY: This rule revises 32 CFR part
311 to update Office of the Secretary of
Defense (OSD) and Joint Staff (JS)
policy, assigns responsibilities, and
prescribes procedures for the effective
administration of the Privacy Act (PA)
Program in OSD and JS. This rule
supplements and implements 32 CFR
part 310, the DoD Privacy Program.
DATES: Effective Date: This rule is
effective November 30, 2009.
FOR FURTHER INFORMATION CONTACT:
Cindy Allard, 703–588–6830.
SUPPLEMENTARY INFORMATION: A
proposed rule published in the Federal
Register on January 23, 2007 (72 FR
2819–2823). No comments were
received.
The following has been included in
the final rule based on internal
PO 00000
Frm 00027
Fmt 4700
Sfmt 4700
It has been certified that 32 CFR part
311 is not subject to the Regulatory
Flexibility Act (5 U.S.C. 601) because it
would not, if promulgated, have a
significant economic impact on a
substantial number of small entities.
The rule implements the procedures for
the effective administration of the
Privacy Act Program in OSD and the JS.
Public Law 96–511, ‘‘Paperwork
Reduction Act’’ (44 U.S.C. Chapter 35)
It has been certified that 32 CFR part
311 does not impose reporting or
recordkeeping requirements under the
Paperwork Reduction Act of 1995.
Executive Order 13132, ‘‘Federalism’’
It has been certified that 32 CFR part
311 does not have federalism
implications, as set forth in Executive
Order 13132. This rule does not have
substantial direct effects on:
(1) The States;
E:\FR\FM\30OCR1.SGM
30OCR1
56114
Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations
(2) The relationship between the
National Government and the States; or
(3) The distribution of power and
responsibilities among the various
levels of Government.
List of Subjects in 32 CFR Part 311
Privacy Act.
Accordingly, 32 CFR part 311 is
revised to read as follows:
■
PART 311—OFFICE OF THE
SECRETARY OF DEFENSE AND JOINT
STAFF PRIVACY PROGRAM
Sec.
311.1
311.2
311.3
311.4
311.5
311.6
311.7
Purpose.
Applicability.
Definitions.
Policy.
Responsibilities.
Procedures.
OSD/JS Privacy Office Processes.
Authority: 5 U.S.C. 552a.
§ 311.1.
Purpose.
This part revises 32 CFR part 311 to
update Office of the Secretary of
Defense (OSD) and Joint Staff (JS)
policy, assigns responsibilities, and
prescribes procedures for the effective
administration of the Privacy Program
in OSD and the JS. This part
supplements and implements part 32
CFR part 310, the DoD Privacy Program.
§ 311.2.
Applicability.
This part:
(a) Applies to OSD, the Office of the
Chairman of the Joint Chiefs of Staff and
the Joint Staff, and all other activities
serviced by Washington Headquarters
Services (WHS) that receive privacy
program support from OSD/JS Privacy
Office, Executive Services Directorate
(ESD), WHS (hereafter referred to
collectively as the ‘‘WHS-Serviced
Components).’’
(b) Covers systems of records
maintained by the WHS-Serviced
Components and governs the
maintenance, access, change, and
release information contained in those
systems of records, from which
information about an individual is
retrieved by a personal identifier.
srobinson on DSKHWCL6B1PROD with RULES
§ 311.3.
Definitions.
(a) Access. The review of a record or
a copy of a record or parts thereof in a
system of records by any individual.
(b) Computer matching program. A
program that matches the personal
records in computerized databases of
two or more Federal agencies.
(c) Disclosure. The transfer of any
personal information from a system of
records by any means of communication
(such as oral, written, electronic,
mechanical, or actual review) to any
VerDate Nov<24>2008
16:17 Oct 29, 2009
Jkt 220001
person, private entity, or Government
Agency, other than the subject of the
record, the subject’s designated agent or
the subject’s legal guardian.
(d) Individual. A living person who is
a citizen of the United States or an alien
lawfully admitted for permanent
residence. The parent of a minor or the
legal guardian of any individual also
may act on behalf of an individual.
Members of the United States Armed
Forces are ‘‘individuals.’’ Corporations,
partnerships, sole proprietorships,
professional groups, businesses,
whether incorporated or
unincorporated, and other commercial
entities are not ‘‘individuals’’ when
acting in an entrepreneurial capacity
with the Department of Defense but are
‘‘individuals’’ otherwise (e.g., security
clearances, entitlement to DoD
privileges or benefits, etc.).
(e) Individual access. Access to
information pertaining to the individual
by the individual or his or her
designated agent or legal guardian.
(f) Maintain. To maintain, collect, use,
or disseminate records contained in a
system of records.
(g) Personal information. Information
about an individual that identifies,
links, relates, or is unique to, or
describes him or her, e.g., a social
security number; age; military rank;
civilian grade; marital status; race;
salary; home/office phone numbers;
other demographic, biometric,
personnel, medical, and financial
information, etc. Such information also
is known as personally identifiable
information (i.e., information which can
be used to distinguish or trace an
individual’s identity, such as their
name, social security number, date and
place of birth, mother’s maiden name,
biometric records, including any other
personal information which is linked or
linkable to a specified individual).
(h) Record. Any item, collection, or
grouping of information, whatever the
storage media (e.g., paper, electronic,
etc.), about an individual that is
maintained by a WHS-Serviced
Component, including, but not limited
to, his or her education, financial
transactions, medical history, criminal
or employment history, and that
contains his or her name, or the
identifying number, symbol, or other
identifying particular assigned to the
individual, such as a finger or voice
print or a photograph.
(i) System manager. A WHS-Serviced
Component official who has overall
responsibility for a system of records.
The system manager may serve at any
level in OSD. Systems managers are
indicated in the published systems of
records notices. If more than one official
PO 00000
Frm 00028
Fmt 4700
Sfmt 4700
is indicated as a system manager, initial
responsibility resides with the manager
at the appropriate level (i.e., for local
records, at the local activity).
(j) System of records. A group of
records under the control of a WHSServiced Component from which
personal information about an
individual is retrieved by the name of
the individual or by some other
identifying number, symbol, or other
identifying particular assigned, that is
unique to the individual.
§ 311.4.
Policy.
It is DoD policy, in accordance with
32 CFR part 310, that:
(a) Personal information contained in
any system of records maintained by
any DoD organization shall be
safeguarded. To the extent authorized
by section 552a of title 5, United States
Code, commonly known and hereafter
referred to as the ‘‘Privacy Act’’ and
Appendix I of Office of Management
and Budget Circular No. A–130
(available at https://
www.whitehouse.gov/omb/assets/omb/
circulars/a130/a130trans4.pdf), an
individual shall be permitted to know
what existing records pertain to him or
her consistent with 32 CFR part 310.
(b) Each office maintaining records
and information about individuals shall
ensure that this data is protected from
unauthorized collection, use,
dissemination and/or disclosure of
personal information. These offices
shall permit individuals to have access
to and have a copy made of all or any
portion of records about them, except as
provided in 32 CFR 310.17 and 310.18.
The individuals will also have an
opportunity to request that such records
be amended as provided by 32 CFR
310.19 . Individuals requesting access to
their records shall receive concurrent
consideration under section 552 of title
5, United States Code (commonly
known and hereafter referred to as the
‘‘Freedom of Information Act’’).
(c) Necessary records of a personal
nature that are individually identifiable
will be maintained in a manner that
complies with the law and DoD policy.
Any information collected by WHSServiced Components must be as
accurate, relevant, timely, and complete
as is reasonable to ensure fairness to the
individual. Adequate safeguards must
be provided to prevent misuse or
unauthorized release of such
information, consistent with the Privacy
Act.
§ 311.5.
Responsibilities.
(a) The Director, WHS, under the
authority, direction, and control of the
E:\FR\FM\30OCR1.SGM
30OCR1
srobinson on DSKHWCL6B1PROD with RULES
Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations
Director, Administration and
Management, shall:
(1) Direct and administer the OSD/JS
Privacy Program for the WHS-Serviced
Components.
(2) Ensure implementation of and
compliance with standard and
procedures established in 32 CFR part
310.
(3) Coordinate with the WHS General
Counsel on all WHS-Serviced
Components denials of appeals for
amending records and review actions to
confirm denial of access to records.
(4) Provide advice and assistance to
the WHS-Serviced Components on
matters pertaining to the Privacy Act.
(5) Direct the OSD/JS Privacy Office to
implement all aspects of 32 CFR part
310 as directed in § 311.7 of this part.
(b) The Heads of the WHS-Serviced
Components shall:
(1) Designate an individual in writing
as the point of contact for Privacy Act
matters and advise the Chief, OSD/JS
Privacy Office, of names of officials so
designated.
(2) Designate an official in writing to
deny initial requests for access to an
individual’s records or changes to
records and advise the Chief, OSD/JS
Privacy Office of names of officials so
designated.
(3) Provide opportunities for
appointed personnel to attend periodic
Privacy Act training.
(4) Report any new record system, or
changes to an existing system, to the
Chief, OSD/JS Privacy Office at least 90
days before the intended use of the
system.
(5) Formally review each system of
records notice on a biennial basis and
update as necessary.
(6) In accordance with 32 CFR 310.12,
include appropriate Federal Acquisition
Regulation clause (48 CFR 24.104) in all
contracts that provide for contractor
personnel to access WHS-Serviced
Component records systems covered by
the Privacy Act.
(7) Review all implementing guidance
prepared by the WHS-Serviced
Components as well as all forms or
other methods used to collect
information about individuals to ensure
compliance with 32 CFR part 310.
(8) Establish administrative processes
in WHS-Serviced Component
organizations to comply with the
procedures listed in this part and 32
CFR part 310.
(9) Coordinate with WHS General
Counsel on all proposed denials of
access to records.
(10) Provide justification to the OSD/
JS Privacy Office when access to a
record is denied in whole or in part.
(11) Provide the record to the OSD/JS
Privacy Office when the initial denial of
VerDate Nov<24>2008
16:17 Oct 29, 2009
Jkt 220001
a request for access to such record has
been appealed by the requester or at the
time of initial denial if an appeal seems
likely.
(12) Maintain an accurate
administrative record documenting the
actions resulting in a denial for access
to a record or for the correction of a
record. The administrative record
should be maintained so it can be relied
upon and submitted as a complete
record of proceedings if litigation occurs
in accordance with 32 CFR part 310.
(13) Ensure all personnel are aware of
the requirement to take appropriate
Privacy Act training as required by 32
CFR part 310 and the Privacy Act.
(14) Forward all requests for access to
records received directly from an
individual to the OSD/JS Freedom of
Information Act Requester Service
Center for processing under 32 CFR part
310 and 32 CFR part 286.
(15) Maintain a record of each
disclosure of information (other than
routine use) from a system of records as
required by 32 CFR part 310.
§ 311.6.
Procedures.
(a) Publication of Notice in the
Federal Register. (1) A notice shall be
published in the Federal Register of any
record system meeting the definition of
a system of records in 32 CFR 310.4.
(2) The Heads of the WHS-Serviced
Component shall submit notices for new
or revised systems of records to the
Chief, OSD/JS Privacy Office, for review
at least 90 days prior to desired
implementation.
(3) The Chief, OSD/JS Privacy Office
shall forward completed notices to the
Defense Privacy Office (DPO) for review
in accordance with 32 CFR 310.30.
Publication in the Federal Register
starts a 30-day comment window which
provides the public with an opportunity
to submit written data, views, or
arguments to the DPO for consideration
before a system of record is established
or modified.
(b) Access to Systems of Records
Information. (1) As provided in the
Privacy Act, records shall be disclosed
only to the individual they pertain to
and under whose individual name or
identifier they are filed, unless
exempted by the provisions in 32 CFR
310.31. If an individual is accompanied
by a third party, the individual shall be
required to furnish a signed access
authorization granting the third party
access according to 32 CFR 310.17.
(2) Individuals seeking access to
records that pertain to themselves, and
that are filed by name or other personal
identifier, may submit the request in
person or by mail, in accordance with
these procedures:
PO 00000
Frm 00029
Fmt 4700
Sfmt 4700
56115
(i) Any individual making a request
for access to records in person shall
provide personal identification to the
appropriate system owner, as identified
in the system of records notice
published in the Federal Register, to
verify the individual’s identity
according to 32 CFR 310.17.
(ii) Any individual making a request
for access to records by mail shall
address such request to the OSD/JS
FOIA Requester Service Center, Office
of Freedom of Information, 1155
Pentagon, Washington, DC 20301–1155.
To verify his or her identity, the
requester shall include either a signed
notarized statement or an unsworn
declaration in the format specified by 32
CFR part 286.
(iii) All requests for records shall
describe the record sought and provide
sufficient information to enable the
material to be located (e.g.,
identification of system of records,
approximate date it was initiated,
originating organization, and type of
document).
(iv) All requesters shall comply with
the procedures in 32 CFR part 310 for
inspecting and/or obtaining copies of
requested records.
(v) If the requester is not satisfied
with the response, he or she may file a
written appeal as provided in paragraph
(f)(8) of this section. The requester must
provide proof of identity by showing a
driver’s license or similar credentials.
(3) There is no requirement that an
individual be given access to records
that are not in a group of records that
meet the definition of a system of
records in the Privacy Act. (For an
explanation of the relationship between
the Privacy Act and the Freedom of
Information Act, and for guidelines to
ensure requesters are given the
maximum amount of information
authorized by both Acts, see 32 CFR
part 310.17
(4) Granting access to a record
containing personal information shall
not be conditioned upon any
requirement that the individual state a
reason or otherwise justify the need to
gain access.
(5) No verification of identity shall be
required of an individual seeking access
to records that are otherwise available to
the public.
(6) Individuals shall not be denied
access to a record in a system of records
about themselves because those records
are exempted from disclosure under 32
CFR part 286. Individuals may only be
denied access to a record in a system of
records about themselves when those
records are exempted from the access
provisions of 32 CFR 310.26.
E:\FR\FM\30OCR1.SGM
30OCR1
srobinson on DSKHWCL6B1PROD with RULES
56116
Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations
(7) Individuals shall not be denied
access to their records for refusing to
disclose their Social Security Number
(SSN), unless disclosure of the SSN is
required by statute, by regulation
adopted before January 1, 1975, or if the
record’s filing identifier and only means
of retrieval is by SSN (Privacy Act,
note).
(c) Access to Records or Information
Compiled for Law Enforcement
Purposes.
(1) Requests are processed under 32
CFR part 310 and 32 CFR part 286 to
give requesters a greater degree of access
to records on themselves.
(2) Records (including those in the
custody of law enforcement activities)
that have been incorporated into a
system of records exempted from the
access conditions of 32 CFR part 310,
will be processed in accordance with 32
CFR 286.12. Individuals shall not be
denied access to records solely because
they are in the exempt system. They
will have the same access that they
would receive under 32 CFR part 286.
(See also 32 CFR 310.17.)
(3) Records systems exempted from
access conditions will be processed
under 32 CFR 310.26 or 32 CFR 286.12,
depending upon which regulation gives
the greater degree of access. (See also 32
CFR 310.17.)
(4) Records systems exempted from
access under 32 CFR 310.27 that are
temporarily in the hands of a non-law
enforcement element for adjudicative or
personnel actions, shall be referred to
the originating agency. The requester
will be informed in writing of this
referral.
(d) Access to Illegible, Incomplete, or
Partially Exempt Records. (1) An
individual shall not be denied access to
a record or a copy of a record solely
because the physical condition or
format of the record does not make it
readily available (e.g., deteriorated state
or on magnetic tape). The document
will be prepared as an extract, or it will
be exactly recopied.
(2) If a portion of the record contains
information that is exempt from access,
an extract or summary containing all of
the information in the record that is
releasable shall be prepared.
(3) When the physical condition of
the record makes it necessary to prepare
an extract for release, the extract shall
be prepared so that the requester will
understand it.
(4) The requester shall be informed of
all deletions or changes to records.
(e) Access to Medical Records. (1)
Medical records shall be disclosed to
the individual and may be transmitted
to a medical doctor named by the
individual concerned.
VerDate Nov<24>2008
16:17 Oct 29, 2009
Jkt 220001
(2) The individual may be charged
reproduction fees for copies or records
as outlined in 32 CFR 310.20.
(f) Amending and Disputing Personal
Information in Systems of Records.
(1) The Head of a WHS-Serviced
Component, or designated official, shall
allow individuals to request amendment
to their records to the extent that such
records are not accurate, relevant,
timely, or complete.
(2) Requests shall be submitted in
person or by mail to the office
designated in the system of records
notice. They should contain, as a
minimum, identifying information to
locate the record, a description of the
items to be amended, and the reason for
the change. Requesters shall be required
to provide verification of their identity
as stated in paragraphs (b)(2)(i) and
(b)(2)(ii) of this section to ensure that
they are seeking to amend records about
themselves and not, inadvertently or
intentionally, the records of others.
(3) Requests shall not be rejected nor
required to be resubmitted unless
additional information is essential to
process the request.
(4) The appropriate system manager
shall mail a written acknowledgment to
an individual’s request to amend a
record within 10 workdays after receipt.
Such acknowledgment shall identify the
request and may, if necessary, request
any additional information needed to
make a determination. No
acknowledgment is necessary if the
request can be reviewed and processed
and if the individual can be notified of
compliance or denial within the 10-day
period. Whenever practical, the decision
shall be made within 30 working days.
For requests presented in person,
written acknowledgment may be
provided at the time the request is
presented.
(5) The Head of a WHS-Serviced
Component, or designated official, shall
promptly take one of three actions on
requests to amend the records:
(i) If the WHS-Serviced Component
official agrees with any portion or all of
an individual’s request, he or she will
proceed to amend the records in
accordance with existing statutes,
regulations, or administrative
procedures and inform the requester of
the action taken in accordance with 32
CFR 310.19. The WHS-Serviced
Component official shall also notify all
previous holders of the record that the
amendment has been made and shall
explain the substance of the correction.
(ii) If the WHS-Serviced Component
official disagrees with all or any portion
of a request, the individual shall be
informed promptly of the refusal to
amend a record, the reason for the
PO 00000
Frm 00030
Fmt 4700
Sfmt 4700
refusal, and the procedure to submit an
appeal as described in paragraph (f)(8)
of this section.
(iii) If the request for an amendment
pertains to a record controlled and
maintained by another Federal agency,
the request shall be referred to the
appropriate agency and the requester
advised of this.
(6) When personal information has
been disputed by the requestor, the
Head of a WHS-Serviced Component, or
designated official, shall:
(i) Determine whether the requester
has adequately supported his or her
claim that the record is inaccurate,
irrelevant, untimely, or incomplete.
(ii) Limit the review of a record to
those items of information that clearly
bear on any determination to amend the
record, and shall ensure that all those
elements are present before a
determination is made.
(7) If the Head of a WHS-Serviced
Component, or designated official, after
an initial review of a request to amend
a record, disagrees with all or any
portion of the request to amend a
record, he or she shall:
(i) Advise the individual of the denial
and the reason for it.
(ii) Inform the individual that he or
she may appeal the denial.
(iii) Describe the procedures for
appealing the denial, including the
name and address of the official to
whom the appeal should be directed.
The procedures should be as brief and
simple as possible.
(iv) Furnish a copy of the justification
of any denial to amend a record to the
OSD/JS Privacy Office.
(8) If an individual disagrees with the
initial WHS-Serviced Component
determination, he or she may file an
appeal. If the record is created and
maintained by a WHS-Serviced
Component, the appeal should be sent
to the Chief, OSD/JS Privacy Office,
WHS, 1155 Defense Pentagon,
Washington, DC 20301–1155.
(9) If, after review, the Chief, OSD/JS
Privacy Office, determines the system of
records should not be amended as
requested, the Chief, OSD/JS Privacy
Office, shall provide a copy of any
statement of disagreement to the extent
that disclosure accounting is maintained
in accordance with 32 CFR 310.25 and
shall advise the individual:
(i) Of the reason and authority for the
denial.
(ii) Of his or her right to file a
statement of the reason for disagreeing
with the OSD/JS Privacy Office’s
decision.
(iii) Of the procedures for filing a
statement of disagreement.
E:\FR\FM\30OCR1.SGM
30OCR1
srobinson on DSKHWCL6B1PROD with RULES
Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations
(iv) That the statement filed shall be
made available to anyone the record is
disclosed to, together with a brief
statement by the WHS-Serviced
Component summarizing its reasons for
refusing to amend the records.
(10) If the Chief, OSD/JS Privacy
Office, determines that the record
should be amended in accordance with
the individual’s request, the WHSServiced Component shall amend the
record, advise the individual, and
inform previous recipients where a
disclosure accounting has been
maintained in accordance with 32 CFR
310.25.
(11) All appeals should be processed
within 30 workdays after receipt by the
proper office. If the Chief, OSD/JS
Privacy Office, determines that a fair
and equitable review cannot be made
within that time, the individual shall be
informed in writing of the reasons for
the delay and of the approximate date
the review is expected to be completed.
(g) Disclosure of Disputed
Information. (1) If the OSD/JS Privacy
Office determines the record should not
be amended and the individual has filed
a statement of disagreement under
paragraph (f)(8) of this section, the
WHS-Serviced Component shall
annotate the disputed record so it is
apparent to any person to whom the
record is disclosed that a statement has
been filed. Where feasible, the notation
itself shall be integral to the record.
Where disclosure accounting has been
made, the WHS-Serviced Component
shall advise previous recipients that the
record has been disputed and shall
provide a copy of the individual’s
statement of disagreement in accordance
with 32 CFR 310.21.
(i) This statement shall be maintained
to permit ready retrieval whenever the
disputed portion of the record is
disclosed.
(ii) When information that is the
subject of a statement of disagreement is
subsequently disclosed, the WHSServiced Component designated official
shall note which information is
disputed and provide a copy of the
individual’s statement.
(2) The WHS-Serviced Component
shall include a brief summary of its
reasons for not making a correction
when disclosing disputed information.
Such statement shall normally be
limited to the reasons given to the
individual for not amending the record.
(3) Copies of the WHS-Serviced
Component summary will be treated as
part of the individual’s record; however,
it will not be subject to the amendment
procedure outlined in paragraph (f) of
this section.
VerDate Nov<24>2008
16:17 Oct 29, 2009
Jkt 220001
(h) Penalties. (1) Civil Action. An
individual may file a civil suit against
the WHS-Serviced Component or its
employees if the individual feels certain
provisions of the Privacy Act have been
violated.
(2) Criminal Action. (i) Criminal
penalties may be imposed against an
officer or employee of a WHS-Serviced
Component for these offenses listed in
the Privacy Act:
(A) Willful unauthorized disclosure of
protected information in the records;
(B) Failure to publish a notice of the
existence of a record system in the
Federal Register; and
(C) Requesting or gaining access to the
individual’s record under false
pretenses.
(ii) An officer or employee of a WHSServiced Component may be fined up to
$5,000 for a violation as outlined in
paragraphs (h)(2)(i)(A) through
(h)(2)(i)(C) of this section.
(i) Litigation Status Sheet. Whenever
a complaint citing the Privacy Act is
filed in a U.S. District Court against the
Department of Defense, a WHS-Serviced
Component, or any employee of a WHSServiced Component, the responsible
system manager shall promptly notify
the OSD/JS Privacy Office, which shall
notify the DPO. The litigation status
sheet in Appendix H of 32 CFR part 310
provides a standard format for this
notification. (The initial litigation status
sheet shall, as a minimum, provide the
information required by items 1 through
6). A revised litigation status sheet shall
be provided at each stage of the
litigation. When a court renders a formal
opinion or judgment, copies of the
judgment or opinion shall be provided
to the OSD/JS Privacy Office with the
litigation status sheet reporting that
judgment or opinion.
(j) Computer Matching Programs. 32
CFR 310.52 prescribes that all requests
for participation in a matching program
(either as a matching agency or a source
agency) be submitted to the DPO for
review and compliance. The WHSServiced Components shall submit a
courtesy copy to the OSD/JS Privacy
Office at the time of transmittal to the
DPO.
§ 311.7.
OSD/JS Privacy Office Processes.
The OSD/JS Privacy Office shall:
(a) Exercise oversight and
administrative control of the OSD/JS
Privacy Program for the WHS-Serviced
Components.
(b) Provide guidance and training to
the WHS-Serviced Components as
required by 32 CFR 310.37.
(c) Collect and consolidate data from
the WHS-Serviced Components and
submit reports to the DPO, as required
PO 00000
Frm 00031
Fmt 4700
Sfmt 4700
56117
by 32 CFR 310.40 or otherwise
requested by the DPO.
(d) Coordinate and consolidate
information for reporting all record
systems, as well as changes to approved
systems, to the DPO for final processing
to the Office of Management and
Budget, the Congress, and the Federal
Register, as required by 32 CFR part
310.
(e) In coordination with DPO, serve as
the appellate authority for the WHSServiced Components when a requester
appeals a denial for access as well as
when a requester appeals a denial for
amendment or initiates legal action to
correct a record.
(f) Refer all matters about
amendments of records and general and
specific exemptions under 32 CFR
310.19, 310.28 and 310.29 to the proper
WHS-Serviced Components.
Dated: October 26, 2009.
Patricia L. Toppings,
OSD Federal Register Liaison Officer,
Department of Defense.
[FR Doc. E9–26183 Filed 10–29–09; 8:45 am]
BILLING CODE 5001–06–P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 52
[EPA–R03–OAR–2009–0034; FRL–8975–2]
Approval and Promulgation of Air
Quality Implementation Plans;
Maryland; Clean Air Interstate Rule
AGENCY: Environmental Protection
Agency (EPA).
ACTION: Final rule.
SUMMARY: EPA is approving State
Implementation Plan (SIP) revisions
submitted by the State of Maryland,
with the exception of its 2009 nitrogen
oxides (NOX) ozone season and NOX
annual allocations, its 2009 set-aside
allocations and the Compliance
Supplement Pool (CSP) allocations. The
revisions establish budget trading
programs for nitrogen oxides (NOX)
annual, NOX ozone season, and sulfur
dioxides (SO2) annual emissions to
address the requirements of EPA’s Clean
Air Interstate Rule (CAIR). Maryland
will meet its CAIR requirements by
participating in the EPA-administered
regional cap-and-trade program for NOX
annual, NOX ozone season, and SO2
annual emissions. EPA is determining
that the SIP revisions fully implement
the CAIR requirements for Maryland.
Although the DC Circuit found CAIR to
be flawed, the rule was remanded
without vacatur and thus remains in
E:\FR\FM\30OCR1.SGM
30OCR1
]]>Agencies
[Federal Register Volume 74, Number 209 (Friday, October 30, 2009)]
[Rules and Regulations]
[Pages 56113-56117]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-26183]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[DoD-2006-OS-0033; RIN 0790-AI26]
32 CFR Part 311
Office of the Secretary of Defense and Joint Staff Privacy
Program
AGENCY: Department of Defense.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This rule revises 32 CFR part 311 to update Office of the
Secretary of Defense (OSD) and Joint Staff (JS) policy, assigns
responsibilities, and prescribes procedures for the effective
administration of the Privacy Act (PA) Program in OSD and JS. This rule
supplements and implements 32 CFR part 310, the DoD Privacy Program.
DATES: Effective Date: This rule is effective November 30, 2009.
FOR FURTHER INFORMATION CONTACT: Cindy Allard, 703-588-6830.
SUPPLEMENTARY INFORMATION: A proposed rule published in the Federal
Register on January 23, 2007 (72 FR 2819-2823). No comments were
received.
The following has been included in the final rule based on internal
comments received on the corresponding DoD administrative instruction:
A reordering of some sections was accomplished to facilitate
readability. A new section ``OSD/JS Privacy Office Processes'' was
added to define the role of the OSD/JS Privacy Office in the program.
Executive Order 12866, ``Regulatory Planning and Review''
It has been certified that 32 CFR part 311 does not:
(1) Have an annual effect on the economy of $100 million or more or
adversely affect in a material way the economy; a section of the
economy; productivity; competition; jobs; the environment; public
health or safety; or State, local, or tribunal governments or
communities;
(2) Create a serious inconsistency or otherwise interfere with an
action taken or planned by another Agency;
(3) Materially alter the budgetary impact of entitlements, grants,
user fees, or loan programs, or the rights and obligations of
recipients thereof; or
(4) Raise novel legal or policy issues arising out of legal
mandates, the President's priorities, or the principles set forth in
this Executive Order 12866, as amended by Executive Order 13422.
Sec. 202, Pub. L. 104-4, ``Unfunded Mandates Reform Act''
It has been certified that 32 CFR part 311 does not contain a
Federal mandate that may result in the expenditure by State, local and
tribunal governments, in aggregate, or by the private sector, of $100
million or more in any one year.
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)
It has been certified that 32 CFR part 311 is not subject to the
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if
promulgated, have a significant economic impact on a substantial number
of small entities. The rule implements the procedures for the effective
administration of the Privacy Act Program in OSD and the JS.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
It has been certified that 32 CFR part 311 does not impose
reporting or recordkeeping requirements under the Paperwork Reduction
Act of 1995.
Executive Order 13132, ``Federalism''
It has been certified that 32 CFR part 311 does not have federalism
implications, as set forth in Executive Order 13132. This rule does not
have substantial direct effects on:
(1) The States;
[[Page 56114]]
(2) The relationship between the National Government and the
States; or
(3) The distribution of power and responsibilities among the
various levels of Government.
List of Subjects in 32 CFR Part 311
Privacy Act.
0
Accordingly, 32 CFR part 311 is revised to read as follows:
PART 311--OFFICE OF THE SECRETARY OF DEFENSE AND JOINT STAFF
PRIVACY PROGRAM
Sec.
311.1 Purpose.
311.2 Applicability.
311.3 Definitions.
311.4 Policy.
311.5 Responsibilities.
311.6 Procedures.
311.7 OSD/JS Privacy Office Processes.
Authority: 5 U.S.C. 552a.
Sec. 311.1. Purpose.
This part revises 32 CFR part 311 to update Office of the Secretary
of Defense (OSD) and Joint Staff (JS) policy, assigns responsibilities,
and prescribes procedures for the effective administration of the
Privacy Program in OSD and the JS. This part supplements and implements
part 32 CFR part 310, the DoD Privacy Program.
Sec. 311.2. Applicability.
This part:
(a) Applies to OSD, the Office of the Chairman of the Joint Chiefs
of Staff and the Joint Staff, and all other activities serviced by
Washington Headquarters Services (WHS) that receive privacy program
support from OSD/JS Privacy Office, Executive Services Directorate
(ESD), WHS (hereafter referred to collectively as the ``WHS-Serviced
Components).''
(b) Covers systems of records maintained by the WHS-Serviced
Components and governs the maintenance, access, change, and release
information contained in those systems of records, from which
information about an individual is retrieved by a personal identifier.
Sec. 311.3. Definitions.
(a) Access. The review of a record or a copy of a record or parts
thereof in a system of records by any individual.
(b) Computer matching program. A program that matches the personal
records in computerized databases of two or more Federal agencies.
(c) Disclosure. The transfer of any personal information from a
system of records by any means of communication (such as oral, written,
electronic, mechanical, or actual review) to any person, private
entity, or Government Agency, other than the subject of the record, the
subject's designated agent or the subject's legal guardian.
(d) Individual. A living person who is a citizen of the United
States or an alien lawfully admitted for permanent residence. The
parent of a minor or the legal guardian of any individual also may act
on behalf of an individual. Members of the United States Armed Forces
are ``individuals.'' Corporations, partnerships, sole proprietorships,
professional groups, businesses, whether incorporated or
unincorporated, and other commercial entities are not ``individuals''
when acting in an entrepreneurial capacity with the Department of
Defense but are ``individuals'' otherwise (e.g., security clearances,
entitlement to DoD privileges or benefits, etc.).
(e) Individual access. Access to information pertaining to the
individual by the individual or his or her designated agent or legal
guardian.
(f) Maintain. To maintain, collect, use, or disseminate records
contained in a system of records.
(g) Personal information. Information about an individual that
identifies, links, relates, or is unique to, or describes him or her,
e.g., a social security number; age; military rank; civilian grade;
marital status; race; salary; home/office phone numbers; other
demographic, biometric, personnel, medical, and financial information,
etc. Such information also is known as personally identifiable
information (i.e., information which can be used to distinguish or
trace an individual's identity, such as their name, social security
number, date and place of birth, mother's maiden name, biometric
records, including any other personal information which is linked or
linkable to a specified individual).
(h) Record. Any item, collection, or grouping of information,
whatever the storage media (e.g., paper, electronic, etc.), about an
individual that is maintained by a WHS-Serviced Component, including,
but not limited to, his or her education, financial transactions,
medical history, criminal or employment history, and that contains his
or her name, or the identifying number, symbol, or other identifying
particular assigned to the individual, such as a finger or voice print
or a photograph.
(i) System manager. A WHS-Serviced Component official who has
overall responsibility for a system of records. The system manager may
serve at any level in OSD. Systems managers are indicated in the
published systems of records notices. If more than one official is
indicated as a system manager, initial responsibility resides with the
manager at the appropriate level (i.e., for local records, at the local
activity).
(j) System of records. A group of records under the control of a
WHS-Serviced Component from which personal information about an
individual is retrieved by the name of the individual or by some other
identifying number, symbol, or other identifying particular assigned,
that is unique to the individual.
Sec. 311.4. Policy.
It is DoD policy, in accordance with 32 CFR part 310, that:
(a) Personal information contained in any system of records
maintained by any DoD organization shall be safeguarded. To the extent
authorized by section 552a of title 5, United States Code, commonly
known and hereafter referred to as the ``Privacy Act'' and Appendix I
of Office of Management and Budget Circular No. A-130 (available at
https://www.whitehouse.gov/omb/assets/omb/circulars/a130/a130trans4.pdf), an individual shall be permitted to know what existing
records pertain to him or her consistent with 32 CFR part 310.
(b) Each office maintaining records and information about
individuals shall ensure that this data is protected from unauthorized
collection, use, dissemination and/or disclosure of personal
information. These offices shall permit individuals to have access to
and have a copy made of all or any portion of records about them,
except as provided in 32 CFR 310.17 and 310.18. The individuals will
also have an opportunity to request that such records be amended as
provided by 32 CFR 310.19 . Individuals requesting access to their
records shall receive concurrent consideration under section 552 of
title 5, United States Code (commonly known and hereafter referred to
as the ``Freedom of Information Act'').
(c) Necessary records of a personal nature that are individually
identifiable will be maintained in a manner that complies with the law
and DoD policy. Any information collected by WHS-Serviced Components
must be as accurate, relevant, timely, and complete as is reasonable to
ensure fairness to the individual. Adequate safeguards must be provided
to prevent misuse or unauthorized release of such information,
consistent with the Privacy Act.
Sec. 311.5. Responsibilities.
(a) The Director, WHS, under the authority, direction, and control
of the
[[Page 56115]]
Director, Administration and Management, shall:
(1) Direct and administer the OSD/JS Privacy Program for the WHS-
Serviced Components.
(2) Ensure implementation of and compliance with standard and
procedures established in 32 CFR part 310.
(3) Coordinate with the WHS General Counsel on all WHS-Serviced
Components denials of appeals for amending records and review actions
to confirm denial of access to records.
(4) Provide advice and assistance to the WHS-Serviced Components on
matters pertaining to the Privacy Act.
(5) Direct the OSD/JS Privacy Office to implement all aspects of 32
CFR part 310 as directed in Sec. 311.7 of this part.
(b) The Heads of the WHS-Serviced Components shall:
(1) Designate an individual in writing as the point of contact for
Privacy Act matters and advise the Chief, OSD/JS Privacy Office, of
names of officials so designated.
(2) Designate an official in writing to deny initial requests for
access to an individual's records or changes to records and advise the
Chief, OSD/JS Privacy Office of names of officials so designated.
(3) Provide opportunities for appointed personnel to attend
periodic Privacy Act training.
(4) Report any new record system, or changes to an existing system,
to the Chief, OSD/JS Privacy Office at least 90 days before the
intended use of the system.
(5) Formally review each system of records notice on a biennial
basis and update as necessary.
(6) In accordance with 32 CFR 310.12, include appropriate Federal
Acquisition Regulation clause (48 CFR 24.104) in all contracts that
provide for contractor personnel to access WHS-Serviced Component
records systems covered by the Privacy Act.
(7) Review all implementing guidance prepared by the WHS-Serviced
Components as well as all forms or other methods used to collect
information about individuals to ensure compliance with 32 CFR part
310.
(8) Establish administrative processes in WHS-Serviced Component
organizations to comply with the procedures listed in this part and 32
CFR part 310.
(9) Coordinate with WHS General Counsel on all proposed denials of
access to records.
(10) Provide justification to the OSD/JS Privacy Office when access
to a record is denied in whole or in part.
(11) Provide the record to the OSD/JS Privacy Office when the
initial denial of a request for access to such record has been appealed
by the requester or at the time of initial denial if an appeal seems
likely.
(12) Maintain an accurate administrative record documenting the
actions resulting in a denial for access to a record or for the
correction of a record. The administrative record should be maintained
so it can be relied upon and submitted as a complete record of
proceedings if litigation occurs in accordance with 32 CFR part 310.
(13) Ensure all personnel are aware of the requirement to take
appropriate Privacy Act training as required by 32 CFR part 310 and the
Privacy Act.
(14) Forward all requests for access to records received directly
from an individual to the OSD/JS Freedom of Information Act Requester
Service Center for processing under 32 CFR part 310 and 32 CFR part
286.
(15) Maintain a record of each disclosure of information (other
than routine use) from a system of records as required by 32 CFR part
310.
Sec. 311.6. Procedures.
(a) Publication of Notice in the Federal Register. (1) A notice
shall be published in the Federal Register of any record system meeting
the definition of a system of records in 32 CFR 310.4.
(2) The Heads of the WHS-Serviced Component shall submit notices
for new or revised systems of records to the Chief, OSD/JS Privacy
Office, for review at least 90 days prior to desired implementation.
(3) The Chief, OSD/JS Privacy Office shall forward completed
notices to the Defense Privacy Office (DPO) for review in accordance
with 32 CFR 310.30. Publication in the Federal Register starts a 30-day
comment window which provides the public with an opportunity to submit
written data, views, or arguments to the DPO for consideration before a
system of record is established or modified.
(b) Access to Systems of Records Information. (1) As provided in
the Privacy Act, records shall be disclosed only to the individual they
pertain to and under whose individual name or identifier they are
filed, unless exempted by the provisions in 32 CFR 310.31. If an
individual is accompanied by a third party, the individual shall be
required to furnish a signed access authorization granting the third
party access according to 32 CFR 310.17.
(2) Individuals seeking access to records that pertain to
themselves, and that are filed by name or other personal identifier,
may submit the request in person or by mail, in accordance with these
procedures:
(i) Any individual making a request for access to records in person
shall provide personal identification to the appropriate system owner,
as identified in the system of records notice published in the Federal
Register, to verify the individual's identity according to 32 CFR
310.17.
(ii) Any individual making a request for access to records by mail
shall address such request to the OSD/JS FOIA Requester Service Center,
Office of Freedom of Information, 1155 Pentagon, Washington, DC 20301-
1155. To verify his or her identity, the requester shall include either
a signed notarized statement or an unsworn declaration in the format
specified by 32 CFR part 286.
(iii) All requests for records shall describe the record sought and
provide sufficient information to enable the material to be located
(e.g., identification of system of records, approximate date it was
initiated, originating organization, and type of document).
(iv) All requesters shall comply with the procedures in 32 CFR part
310 for inspecting and/or obtaining copies of requested records.
(v) If the requester is not satisfied with the response, he or she
may file a written appeal as provided in paragraph (f)(8) of this
section. The requester must provide proof of identity by showing a
driver's license or similar credentials.
(3) There is no requirement that an individual be given access to
records that are not in a group of records that meet the definition of
a system of records in the Privacy Act. (For an explanation of the
relationship between the Privacy Act and the Freedom of Information
Act, and for guidelines to ensure requesters are given the maximum
amount of information authorized by both Acts, see 32 CFR part 310.17
(4) Granting access to a record containing personal information
shall not be conditioned upon any requirement that the individual state
a reason or otherwise justify the need to gain access.
(5) No verification of identity shall be required of an individual
seeking access to records that are otherwise available to the public.
(6) Individuals shall not be denied access to a record in a system
of records about themselves because those records are exempted from
disclosure under 32 CFR part 286. Individuals may only be denied access
to a record in a system of records about themselves when those records
are exempted from the access provisions of 32 CFR 310.26.
[[Page 56116]]
(7) Individuals shall not be denied access to their records for
refusing to disclose their Social Security Number (SSN), unless
disclosure of the SSN is required by statute, by regulation adopted
before January 1, 1975, or if the record's filing identifier and only
means of retrieval is by SSN (Privacy Act, note).
(c) Access to Records or Information Compiled for Law Enforcement
Purposes.
(1) Requests are processed under 32 CFR part 310 and 32 CFR part
286 to give requesters a greater degree of access to records on
themselves.
(2) Records (including those in the custody of law enforcement
activities) that have been incorporated into a system of records
exempted from the access conditions of 32 CFR part 310, will be
processed in accordance with 32 CFR 286.12. Individuals shall not be
denied access to records solely because they are in the exempt system.
They will have the same access that they would receive under 32 CFR
part 286. (See also 32 CFR 310.17.)
(3) Records systems exempted from access conditions will be
processed under 32 CFR 310.26 or 32 CFR 286.12, depending upon which
regulation gives the greater degree of access. (See also 32 CFR
310.17.)
(4) Records systems exempted from access under 32 CFR 310.27 that
are temporarily in the hands of a non-law enforcement element for
adjudicative or personnel actions, shall be referred to the originating
agency. The requester will be informed in writing of this referral.
(d) Access to Illegible, Incomplete, or Partially Exempt Records.
(1) An individual shall not be denied access to a record or a copy of a
record solely because the physical condition or format of the record
does not make it readily available (e.g., deteriorated state or on
magnetic tape). The document will be prepared as an extract, or it will
be exactly recopied.
(2) If a portion of the record contains information that is exempt
from access, an extract or summary containing all of the information in
the record that is releasable shall be prepared.
(3) When the physical condition of the record makes it necessary to
prepare an extract for release, the extract shall be prepared so that
the requester will understand it.
(4) The requester shall be informed of all deletions or changes to
records.
(e) Access to Medical Records. (1) Medical records shall be
disclosed to the individual and may be transmitted to a medical doctor
named by the individual concerned.
(2) The individual may be charged reproduction fees for copies or
records as outlined in 32 CFR 310.20.
(f) Amending and Disputing Personal Information in Systems of
Records.
(1) The Head of a WHS-Serviced Component, or designated official,
shall allow individuals to request amendment to their records to the
extent that such records are not accurate, relevant, timely, or
complete.
(2) Requests shall be submitted in person or by mail to the office
designated in the system of records notice. They should contain, as a
minimum, identifying information to locate the record, a description of
the items to be amended, and the reason for the change. Requesters
shall be required to provide verification of their identity as stated
in paragraphs (b)(2)(i) and (b)(2)(ii) of this section to ensure that
they are seeking to amend records about themselves and not,
inadvertently or intentionally, the records of others.
(3) Requests shall not be rejected nor required to be resubmitted
unless additional information is essential to process the request.
(4) The appropriate system manager shall mail a written
acknowledgment to an individual's request to amend a record within 10
workdays after receipt. Such acknowledgment shall identify the request
and may, if necessary, request any additional information needed to
make a determination. No acknowledgment is necessary if the request can
be reviewed and processed and if the individual can be notified of
compliance or denial within the 10-day period. Whenever practical, the
decision shall be made within 30 working days. For requests presented
in person, written acknowledgment may be provided at the time the
request is presented.
(5) The Head of a WHS-Serviced Component, or designated official,
shall promptly take one of three actions on requests to amend the
records:
(i) If the WHS-Serviced Component official agrees with any portion
or all of an individual's request, he or she will proceed to amend the
records in accordance with existing statutes, regulations, or
administrative procedures and inform the requester of the action taken
in accordance with 32 CFR 310.19. The WHS-Serviced Component official
shall also notify all previous holders of the record that the amendment
has been made and shall explain the substance of the correction.
(ii) If the WHS-Serviced Component official disagrees with all or
any portion of a request, the individual shall be informed promptly of
the refusal to amend a record, the reason for the refusal, and the
procedure to submit an appeal as described in paragraph (f)(8) of this
section.
(iii) If the request for an amendment pertains to a record
controlled and maintained by another Federal agency, the request shall
be referred to the appropriate agency and the requester advised of
this.
(6) When personal information has been disputed by the requestor,
the Head of a WHS-Serviced Component, or designated official, shall:
(i) Determine whether the requester has adequately supported his or
her claim that the record is inaccurate, irrelevant, untimely, or
incomplete.
(ii) Limit the review of a record to those items of information
that clearly bear on any determination to amend the record, and shall
ensure that all those elements are present before a determination is
made.
(7) If the Head of a WHS-Serviced Component, or designated
official, after an initial review of a request to amend a record,
disagrees with all or any portion of the request to amend a record, he
or she shall:
(i) Advise the individual of the denial and the reason for it.
(ii) Inform the individual that he or she may appeal the denial.
(iii) Describe the procedures for appealing the denial, including
the name and address of the official to whom the appeal should be
directed. The procedures should be as brief and simple as possible.
(iv) Furnish a copy of the justification of any denial to amend a
record to the OSD/JS Privacy Office.
(8) If an individual disagrees with the initial WHS-Serviced
Component determination, he or she may file an appeal. If the record is
created and maintained by a WHS-Serviced Component, the appeal should
be sent to the Chief, OSD/JS Privacy Office, WHS, 1155 Defense
Pentagon, Washington, DC 20301-1155.
(9) If, after review, the Chief, OSD/JS Privacy Office, determines
the system of records should not be amended as requested, the Chief,
OSD/JS Privacy Office, shall provide a copy of any statement of
disagreement to the extent that disclosure accounting is maintained in
accordance with 32 CFR 310.25 and shall advise the individual:
(i) Of the reason and authority for the denial.
(ii) Of his or her right to file a statement of the reason for
disagreeing with the OSD/JS Privacy Office's decision.
(iii) Of the procedures for filing a statement of disagreement.
[[Page 56117]]
(iv) That the statement filed shall be made available to anyone the
record is disclosed to, together with a brief statement by the WHS-
Serviced Component summarizing its reasons for refusing to amend the
records.
(10) If the Chief, OSD/JS Privacy Office, determines that the
record should be amended in accordance with the individual's request,
the WHS-Serviced Component shall amend the record, advise the
individual, and inform previous recipients where a disclosure
accounting has been maintained in accordance with 32 CFR 310.25.
(11) All appeals should be processed within 30 workdays after
receipt by the proper office. If the Chief, OSD/JS Privacy Office,
determines that a fair and equitable review cannot be made within that
time, the individual shall be informed in writing of the reasons for
the delay and of the approximate date the review is expected to be
completed.
(g) Disclosure of Disputed Information. (1) If the OSD/JS Privacy
Office determines the record should not be amended and the individual
has filed a statement of disagreement under paragraph (f)(8) of this
section, the WHS-Serviced Component shall annotate the disputed record
so it is apparent to any person to whom the record is disclosed that a
statement has been filed. Where feasible, the notation itself shall be
integral to the record. Where disclosure accounting has been made, the
WHS-Serviced Component shall advise previous recipients that the record
has been disputed and shall provide a copy of the individual's
statement of disagreement in accordance with 32 CFR 310.21.
(i) This statement shall be maintained to permit ready retrieval
whenever the disputed portion of the record is disclosed.
(ii) When information that is the subject of a statement of
disagreement is subsequently disclosed, the WHS-Serviced Component
designated official shall note which information is disputed and
provide a copy of the individual's statement.
(2) The WHS-Serviced Component shall include a brief summary of its
reasons for not making a correction when disclosing disputed
information. Such statement shall normally be limited to the reasons
given to the individual for not amending the record.
(3) Copies of the WHS-Serviced Component summary will be treated as
part of the individual's record; however, it will not be subject to the
amendment procedure outlined in paragraph (f) of this section.
(h) Penalties. (1) Civil Action. An individual may file a civil
suit against the WHS-Serviced Component or its employees if the
individual feels certain provisions of the Privacy Act have been
violated.
(2) Criminal Action. (i) Criminal penalties may be imposed against
an officer or employee of a WHS-Serviced Component for these offenses
listed in the Privacy Act:
(A) Willful unauthorized disclosure of protected information in the
records;
(B) Failure to publish a notice of the existence of a record system
in the Federal Register; and
(C) Requesting or gaining access to the individual's record under
false pretenses.
(ii) An officer or employee of a WHS-Serviced Component may be
fined up to $5,000 for a violation as outlined in paragraphs
(h)(2)(i)(A) through (h)(2)(i)(C) of this section.
(i) Litigation Status Sheet. Whenever a complaint citing the
Privacy Act is filed in a U.S. District Court against the Department of
Defense, a WHS-Serviced Component, or any employee of a WHS-Serviced
Component, the responsible system manager shall promptly notify the
OSD/JS Privacy Office, which shall notify the DPO. The litigation
status sheet in Appendix H of 32 CFR part 310 provides a standard
format for this notification. (The initial litigation status sheet
shall, as a minimum, provide the information required by items 1
through 6). A revised litigation status sheet shall be provided at each
stage of the litigation. When a court renders a formal opinion or
judgment, copies of the judgment or opinion shall be provided to the
OSD/JS Privacy Office with the litigation status sheet reporting that
judgment or opinion.
(j) Computer Matching Programs. 32 CFR 310.52 prescribes that all
requests for participation in a matching program (either as a matching
agency or a source agency) be submitted to the DPO for review and
compliance. The WHS-Serviced Components shall submit a courtesy copy to
the OSD/JS Privacy Office at the time of transmittal to the DPO.
Sec. 311.7. OSD/JS Privacy Office Processes.
The OSD/JS Privacy Office shall:
(a) Exercise oversight and administrative control of the OSD/JS
Privacy Program for the WHS-Serviced Components.
(b) Provide guidance and training to the WHS-Serviced Components as
required by 32 CFR 310.37.
(c) Collect and consolidate data from the WHS-Serviced Components
and submit reports to the DPO, as required by 32 CFR 310.40 or
otherwise requested by the DPO.
(d) Coordinate and consolidate information for reporting all record
systems, as well as changes to approved systems, to the DPO for final
processing to the Office of Management and Budget, the Congress, and
the Federal Register, as required by 32 CFR part 310.
(e) In coordination with DPO, serve as the appellate authority for
the WHS-Serviced Components when a requester appeals a denial for
access as well as when a requester appeals a denial for amendment or
initiates legal action to correct a record.
(f) Refer all matters about amendments of records and general and
specific exemptions under 32 CFR 310.19, 310.28 and 310.29 to the
proper WHS-Serviced Components.
Dated: October 26, 2009.
Patricia L. Toppings,
OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. E9-26183 Filed 10-29-09; 8:45 am]
BILLING CODE 5001-06-P
