Privacy Act Implementation, 51869-51876 [2011-21250]

Agencies

• FEDERAL HOUSING FINANCE AGENCY

[Federal Register Volume 76, Number 161 (Friday, August 19, 2011)]
[Rules and Regulations]
[Pages 51869-51876]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-21250]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 
Prices of new books are listed in the first FEDERAL REGISTER issue of each 
week.

========================================================================


Federal Register / Vol. 76, No. 161 / Friday, August 19, 2011 / Rules 
and Regulations

[[Page 51869]]



FEDERAL HOUSING FINANCE AGENCY

12 CFR Part 1204

RIN 2590-AA46


Privacy Act Implementation

AGENCY: Federal Housing Finance Agency.

ACTION: Interim final regulation with request for comments.

-----------------------------------------------------------------------

SUMMARY: The Federal Housing Finance Agency (FHFA) is issuing this 
interim final regulation with a request for comments on changes to its 
existing Privacy Act regulation. The changes to the existing Privacy 
Act regulation provide the procedures and guidelines under which FHFA 
and FHFA Office of Inspector General (FHFA-OIG) will implement the 
Privacy Act of 1974, as amended (5 U.S.C. 552a) (Privacy Act). The 
interim final regulation describes the policies and procedures whereby 
individuals may obtain notification of whether an FHFA or FHFA-OIG 
system of records contains information about the individual and, if so, 
how to access or amend a record under the Privacy Act.

DATES: The interim final regulation is effective August 19, 2011. FHFA 
will accept comments on the interim final regulation on or before 
October 18, 2011. For additional information, see SUPPLEMENTARY 
INFORMATION.

ADDRESSES: You may submit your comments on the interim final 
regulation, identified by ``RIN 2590-AA46,'' by any one of the 
following methods:
     E-mail: Comments to Alfred M. Pollard, General Counsel, 
may be sent by e-mail to RegComments@fhfa.gov. Please include ``RIN 
2590-AA46'' in the subject line of the message.
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments. If you submit your 
comment to the Federal eRulemaking Portal, please also send it by e-
mail to FHFA at RegComments@fhfa.gov to ensure timely receipt by FHFA. 
Include the following information in the subject line of your 
submission: ``Comments/RIN 2590-AA46.''
     U.S. Mail Service, United Parcel Service, Federal Express, 
or other commercial delivery service to: Alfred M. Pollard, General 
Counsel, Attention: Comments/RIN 2590-AA46, Federal Housing Finance 
Agency, Fourth Floor, 1700 G Street, NW., Washington, DC 20552. Please 
note that all mail sent to FHFA via the U.S. Mail service is routed 
through a national irradiation facility, a process that may delay 
delivery by approximately two weeks. For any time-sensitive 
correspondence, please plan accordingly.
     Hand Delivery/Courier to: Alfred M. Pollard, General 
Counsel, Attention: Comments/RIN 2590-AA46, Federal Housing Finance 
Agency, Fourth Floor, 1700 G Street, NW., Washington, DC 20552. The 
package must be logged at the Guard Desk, First Floor, on business days 
between 9 a.m. and 3 p.m.

FOR FURTHER INFORMATION CONTACT: Stacy J. Easter, Privacy Act Officer, 
telephone (202) 414-3762; David A. Lee, Senior Agency Official for 
Privacy, telephone (202) 414-3804, (not toll-free numbers), Federal 
Housing Finance Agency, 1700 G Street, NW., Washington, DC 20552. The 
telephone number for the Telecommunications Device for the Deaf is 
(800) 877-8339.

SUPPLEMENTARY INFORMATION: 

I. Comments

    FHFA is issuing an amendment to 12 CFR part 1204 to include 
language concerning Privacy Act requests as they relate to FHFA-OIG, as 
well as to clarify and update the existing regulation. FHFA invites 
comments on all aspects of the interim final regulation and will take 
all comments into consideration before issuing a final regulation. All 
submissions received must include the agency name or Regulatory 
Information Number (RIN) for this rulemaking. Copies of all comments 
received will be posted without change on the FHFA Web site, https://www.fhfa.gov, and will include any personal information provided. In 
addition, copies of all comments received will be available for 
examination by the public on business days between the hours of 10 a.m. 
and 3 p.m. at the Federal Housing Finance Agency, Fourth Floor, 1700 G 
Street, NW., Washington, DC 20552. To make an appointment to inspect 
comments, please call the Office of General Counsel at (202) 414-6924.

II. Effective Date and Request for Comments

    FHFA has concluded that good cause exists, under 5 U.S.C. 553(b)(B) 
and (d)(3), to waive the notice-and-comment and delayed effective date 
requirements of the Administrative Procedure Act and to proceed with 
this interim final regulation. The changes to part 1204 primarily cover 
how FHFA-OIG will implement the Privacy Act and make clarifying and 
general updates to the existing regulation, but do not fundamentally 
change the regulation's nature or scope. Further, in light of the 
significant need for immediate guidance regarding FHFA-OIG's role in 
the Privacy Act process, FHFA has determined that notice-and-comment 
rulemaking is impracticable and contrary to public policy. 
Nevertheless, FHFA is providing the public with a 60-day period 
following publication of this document to submit comments on the 
interim final regulation.

III. Background

A. Establishment of the Federal Housing Finance Agency

    The Housing and Economic Recovery Act of 2008 (HERA), Public Law 
110-289, 122 Stat. 2654, amended the Federal Housing Enterprises 
Financial Safety and Soundness Act of 1992 (Safety and Soundness Act) 
(12 U.S.C. 4501 et seq.) and the Federal Home Loan Bank Act (12 U.S.C. 
1421-1449) to establish FHFA as an independent agency of the Federal 
Government to ensure that the Federal National Mortgage Association, 
the Federal Home Loan Mortgage Corporation, and the Federal Home Loan 
Banks (collectively, the regulated entities) are capitalized 
adequately; foster liquid, efficient, competitive and resilient 
national housing finance markets; operate in a safe and sound manner; 
comply with the Safety and Soundness Act and all rules, regulations, 
guidelines and orders issued under the Safety and Soundness Act, and 
the regulated entities' respective authorizing statutes; carry out

[[Page 51870]]

their missions through activities consistent with the aforementioned 
authorities; and the activities and operations of the regulated 
entities are consistent with the public interest.
    In 2009 FHFA issued a final regulation on the Privacy Act at 12 CFR 
part 1204 (74 FR 33907 (July 14, 2009)). The final regulation provided 
the procedures and guidelines under which FHFA would implement the 
Privacy Act. FHFA-OIG did not exist when the regulation was adopted, 
but came into existence the following year (2010). This interim final 
regulation amends FHFA's 2009 Privacy Act regulation by adding 
provisions on how FHFA-OIG will implement the Privacy Act as well as to 
clarify and update the existing regulation.

B. Establishment of the Office of Inspector General for the Federal 
Housing Finance Agency

    Section 1105 of HERA amended the Safety and Soundness Act and the 
Inspector General Act of 1978, as amended, by specifying that there 
shall be established an Inspector General within FHFA. See 12 U.S.C. 
4517(d). Among other duties, FHFA-OIG is responsible for conducting 
audits, evaluations, and investigations of FHFA's programs and 
operations; recommending polices that promote economy and efficiency in 
the administration of FHFA's programs and operations; and preventing 
and detecting fraud, waste, and abuse in FHFA's programs and 
operations.

C. Privacy Act

    The Privacy Act serves to balance the Federal Government's need to 
maintain information about individuals while protecting individuals 
against unwarranted invasions of privacy stemming from Federal 
agencies' collection, maintenance, use, security, and disclosure of 
personal information about them that is contained in systems of 
records. The Privacy Act requires each Federal agency to publish 
regulations describing its Privacy Act procedures and any system of 
records it exempts from provisions of the Privacy Act, including the 
reasons for the exemption. Pursuant to the Privacy Act, FHFA and FHFA-
OIG will inform the public of each system of records it maintains by 
separately publishing notices of each system of records in the Federal 
Register and also on the FHFA Web site at https://www.fhfa.gov. The 
notices will describe the standards for FHFA and FHFA-OIG employees 
regarding collection, use, maintenance, or disclosure of records in the 
system and identify whether information in the system is exempt from 
provisions of the Privacy Act. The system manager responsible for the 
system will also be identified and any other contact information will 
be included. Moreover, notices will provide individuals with detailed 
information regarding the exercise of their rights, such as how to 
determine whether a system contains a record pertaining to them, how to 
access those records, how to seek to amend or correct information in a 
record about them, and how to contest adverse determinations with 
respect to such a record.

IV. Section-by-Section Analysis

Section 1204.1 Why did FHFA issue this regulation?

    This section describes the purpose of the regulation, which is to 
implement the Privacy Act, and explains general policies and procedures 
for individuals requesting access to records, requesting amendments or 
corrections to records, and requesting an accounting of disclosures of 
records. In addition, there are minor editorial changes to the existing 
regulation for clarity and consistency purposes, as well as to notify 
the public that this regulation applies to FHFA-OIG.

Section 1204.2 What do the terms in this regulation mean?

    This section sets forth definitions of select terms in this part 
and includes new definitions, as well as definitions relating to FHFA-
OIG.

Section 1204.3 How do I make a Privacy Act request?

    This section is amended to explain what an individual must do to 
submit a valid request to FHFA or FHFA-OIG for access to records, to 
amend or correct records, or for an accounting of disclosures of 
records. It also describes the information an individual must provide 
to FHFA or FHFA-OIG so that FHFA or FHFA-OIG may identify the records 
sought and determine whether the request can be granted.

Section 1204.4 How will FHFA or FHFA-OIG respond to my Privacy Act 
request?

    This section describes the period of time within which FHFA or 
FHFA-OIG will respond to requests. It also explains that FHFA or FHFA-
OIG will grant or deny requests in writing, provide reasons if a 
request is denied in whole or in part, and explain the right of appeal. 
In addition, there are minor editorial changes to the existing 
regulation for clarity and consistency purposes.

Section 1204.5 What if I am dissatisfied with the response to my 
Privacy Act request?

    This section describes when and how an individual may appeal an 
FHFA or FHFA-OIG determination on a Privacy Act request and how and 
within what period of time FHFA or FHFA-OIG will make a determination 
on an appeal. In addition, minor editorial changes have been made for 
clarity and consistency purposes.

Section 1204.6 What does it cost to get records under the Privacy Act?

    This section explains that requesters are expected to pay fees for 
the duplication of requested records.

Section 1204.7 Are there any exemptions from the Privacy Act?

    This section explains that certain exemptions from the Privacy Act 
exist, explains how those exemptions are made effective, what the 
effect of an exemption is, and how to determine whether an exemption 
applies. In particular, this section details those FHFA-OIG records 
that are potentially exempt from the Privacy Act. In addition, minor 
editorial changes have been made for clarity and consistency purposes.

Section 1204.8 How are records secured?

    This section explains how FHFA and FHFA-OIG generally protect 
records under the Privacy Act.

Section 1204.9 Does FHFA or FHFA-OIG collect and use Social Security 
numbers?

    This section explains that FHFA and FHFA-OIG collect Social 
Security numbers only when authorized and describes the conditions 
under which they may be collected.

Section 1204.10 What are FHFA and FHFA-OIG employee responsibilities 
under the Privacy Act?

    This section lists the responsibilities of FHFA employees under the 
Privacy Act.

Section 1204.11 May FHFA-OIG obtain Privacy Act records from other 
federal agencies for law enforcement purposes?

    This is a new section. This section explains that the FHFA 
Inspector General or designee may obtain records under the Privacy Act 
from other Federal agencies for law enforcement purposes.

[[Page 51871]]

Regulatory Impacts

Paperwork Reduction Act

    The interim final regulation does not contain any information 
collection requirement that requires the approval of OMB under the 
Paperwork Reduction Act (44 U.S.C. 3501 et seq.).

Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires that 
a regulation that has a significant economic impact on a substantial 
number of small entities, small businesses, or small organizations 
include an initial regulatory flexibility analysis describing the 
regulation's impact on small entities. Such an analysis need not be 
undertaken if the agency has certified that the regulation does not 
have a significant economic impact on a substantial number of small 
entities. 5 U.S.C. 605(b). FHFA has considered the impact of the 
interim final regulation under the Regulatory Flexibility Act. FHFA 
certifies that the regulation is not likely to have a significant 
economic impact on a substantial number of small business entities 
because the regulation is applicable to the internal operations and 
legal obligations of FHFA and FHFA-OIG.

List of Subjects in 12 CFR Part 1204

    Amendment, Appeals, Correction, Disclosure, Exemptions, Fees, 
Privacy, Privacy Act, Records, Requests, Social Security numbers.

Authority and Issuance

    Accordingly, for the reasons stated in the preamble, FHFA revises 
part 1204 of chapter XII of title 12 of the Code of Federal Regulations 
to read as follows:

PART 1204--PRIVACY ACT IMPLEMENTATION

Sec.
1204.1 Why did FHFA issue this part?
1204.2 What do the terms in this part mean?
1204.3 How do I make a Privacy Act request?
1204.4 How will FHFA or FHFA-OIG respond to my Privacy Act request?
1204.5 What if I am dissatisfied with the response to my Privacy Act 
request?
1204.6 What does it cost to get records under the Privacy Act?
1204.7 Are there any exemptions from the Privacy Act?
1204.8 How are records secured?
1204.9 Does FHFA or FHFA-OIG collect and use Social Security 
numbers?
1204.10 What are FHFA and FHFA-OIG employee responsibilities under 
the Privacy Act?
1204.11 May FHFA-OIG obtain Privacy Act records from other Federal 
agencies for law enforcement purposes?

    Authority:  5 U.S.C. 552a.


Sec.  1204.1  Why did FHFA issue this part?

    The Federal Housing Finance Agency (FHFA) issued this part to--
    (a) Implement the Privacy Act, a Federal law that helps protect 
private information about individuals that Federal agencies collect or 
maintain. You should read this part together with the Privacy Act, 
which provides additional information about records maintained on 
individuals;
    (b) Establish rules that apply to all FHFA and FHFA Office of 
Inspector General (FHFA-OIG) maintained systems of records retrievable 
by an individual's name or other personal identifier;
    (c) Describe procedures through which you may request access to 
records, request amendment or correction of those records, or request 
an accounting of disclosures of those records by FHFA or FHFA-OIG;
    (d) Inform you, that when it is appropriate to do so, FHFA or FHFA-
OIG automatically processes a Privacy Act request for access to records 
under both the Privacy Act and FOIA, following the rules contained in 
this part and in FHFA's Freedom of Information Act regulation at part 
1202 of this title so that you will receive the maximum amount of 
information available to you by law;
    (e) Notify you that this part does not entitle you to any service 
or to the disclosure of any record to which you are not entitled under 
the Privacy Act. It also does not, and may not be relied upon, to 
create any substantive or procedural right or benefit enforceable 
against FHFA or FHFA-OIG; and
    (f) Notify you that this part applies to both FHFA and FHFA-OIG.


Sec.  1204.2  What do the terms in this part mean?

    The following definitions apply to the terms used in this part--
    Access means making a record available to a subject individual.
    Amendment means any correction of, addition to, or deletion from a 
record.
    Court means any entity conducting a legal proceeding.
    Days, unless stated as ``calendar days,'' are working days and do 
not include Saturdays, Sundays, and federal holidays. If the last day 
of any period prescribed herein falls on a Saturday, Sunday, or federal 
holiday, the last day of the period will be the next working day that 
is not a Saturday, Sunday, or federal holiday.
    FHFA means the Federal Housing Finance Agency and includes its 
predecessor agencies, the Office of Federal Housing Enterprise 
Oversight (OFHEO) and the Federal Housing Finance Board (FHFB).
    FHFA-OIG means the Office of Inspector General for FHFA.
    FOIA means the Freedom of Information Act, as amended (5 U.S.C. 
552).
    Individual means a natural person who is either a citizen of the 
United States of America or an alien lawfully admitted for permanent 
residence.
    Maintain includes collect, use, disseminate, or control.
    Privacy Act means the Privacy Act of 1974, as amended (5 U.S.C. 
552a).
    Privacy Act Appeals Officer means a person designated by the FHFA 
Director to process appeals of denials of requests for or seeking 
amendment of records maintained by FHFA under the Privacy Act. For 
appeals pertaining to records maintained by FHFA-OIG, Privacy Act 
Appeals Officer means a person designated by the FHFA Inspector General 
to process appeals of denials of requests for or seeking amendment of 
records maintained by FHFA-OIG under the Privacy Act.
    Privacy Act Officer means a person designated by the FHFA Director 
who has primary responsibility for privacy and data protection policy 
and is authorized to process requests for or amendment of records 
maintained by FHFA under the Privacy Act. For requests pertaining to 
records maintained by FHFA-OIG, Privacy Act Officer means a person 
designated by the FHFA Inspector General to process requests for or 
amendment of records maintained by FHFA-OIG under the Privacy Act.
    Record means any item, collection, or grouping of information about 
an individual that FHFA or FHFA-OIG maintains within a system of 
records, including, but not limited to, the individual's name, an 
identifying number, symbol, or other identifying particular assigned to 
the individual, such as a finger or voice print, or photograph.
    Routine use means the purposes for which records and information 
contained in a system of records may be disclosed by FHFA or FHFA-OIG 
without the consent of the subject of the record. Routine uses for 
records are identified in each system of records notice. Routine use 
does not include disclosure that subsection (b) of the Privacy Act (5 
U.S.C. 552a(b)) otherwise permits.
    Senior Agency Official for Privacy means a person designated by the 
FHFA

[[Page 51872]]

Director who has the authority and responsibility to oversee and 
supervise the FHFA privacy program and implementation of the Privacy 
Act.
    System of Records means a group of records FHFA or FHFA-OIG 
maintains or controls from which information is retrieved by the name 
of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. Single records or 
groups of records that are not retrieved by a personal identifier are 
not part of a system of records.
    System of Records Notice means a notice published in the Federal 
Register which announces the creation, deletion, or amendment of one or 
more system of records. System of records notices are also used to 
identify a system of records' routine uses.


Sec.  1204.3  How do I make a Privacy Act request?

    (a) What is a valid request? In general, a Privacy Act request can 
be made on your own behalf for records or information about you. You 
can make a Privacy Act request on behalf of another individual as the 
parent or guardian of a minor, or as the guardian of someone determined 
by a court to be incompetent. You also may request access to another 
individual's record or information if you have that individual's 
written consent, unless other conditions of disclosure apply.
    (b) How and where do I make a request? Your request must be in 
writing. Regardless of whether your request seeks records from FHFA, 
FHFA-OIG, or both, you may appear in person to submit your written 
request to the FHFA Privacy Act Officer, or send your written request 
to the FHFA Privacy Act Officer by electronic mail, mail, delivery 
service, or facsimile. The electronic mail address is: 
privacy@fhfa.gov. For mail or delivery service, the address is: FHFA 
Privacy Act Officer, Federal Housing Finance Agency, 1700 G Street, 
NW., Washington, DC 20552. The facsimile number is (202) 414-6425. 
Requests for FHFA-OIG maintained records will be forwarded to FHFA-OIG 
for processing and direct response. You can help FHFA and FHFA-OIG 
process your request by marking electronic mail, letters, or facsimiles 
and the subject line, envelope, or facsimile cover sheet with ``Privacy 
Act Request.'' FHFA's ``Privacy Act Reference Guide,'' which is 
available on FHFA's Web site, https://www.fhfa.gov, provides additional 
information to assist you in making your request.
    (c) What must the request include? You must describe the record 
that you want in enough detail to enable either the FHFA or FHFA-OIG 
Privacy Act Officer to locate the system of records containing it with 
a reasonable amount of effort. Include specific information about each 
record sought, such as the time period in which you believe it was 
compiled, the name or identifying number of each system of records in 
which you believe it is kept, and the date, title or name, author, 
recipient, or subject matter of the record. As a general rule, the more 
specific you are about the record that you want, the more likely FHFA 
or FHFA-OIG will be able to locate it in response to your request.
    (d) How do I request amendment or correction of a record? If you 
are requesting an amendment or correction of any FHFA or FHFA-OIG 
record, identify each particular record in question and the system of 
records in which the record is located, describe the amendment or 
correction that you want, and state why you believe that the record is 
not accurate, relevant, timely, or complete. You may submit any 
documentation that you think would be helpful, including an annotated 
copy of the record.
    (e) How do I request for an accounting of disclosures? If you are 
requesting an accounting of disclosures by FHFA or FHFA-OIG of a record 
to another person, organization, or Federal agency, you must identify 
each particular record in question. An accounting generally includes 
the date, nature, and purpose of each disclosure, as well as the name 
and address of the person, organization, or Federal agency to which the 
disclosure was made, subject to Sec.  1204.7.
    (f) Must I verify my identity? Yes. When making requests under the 
Privacy Act, your request must verify your identity to protect your 
privacy or the privacy of the individual on whose behalf you are 
acting. If you make a Privacy Act request and you do not follow these 
identity verification procedures, FHFA or FHFA-OIG cannot and will not 
process your request.
    (1) How do I verify my identity? To verify your identity, you must 
state your full name, current address, and date and place of birth. In 
order to help identify and locate the records you request, you also 
may, at your option, include your Social Security number. If you make 
your request in person and your identity is not known to either the 
FHFA or FHFA-OIG Privacy Act Officer, you must provide either two forms 
of unexpired identification with photographs issued by a federal, 
state, or local government agency or entity (i.e. passport, passport 
card, driver's license, ID card, etc.), or one form of unexpired 
identification with a photograph issued by a federal, state, or local 
government agency or entity (i.e. passport, passport card, driver's 
license, ID card, etc.) and a properly authenticated birth certificate. 
If you make your request by mail, your signature either must be 
notarized or submitted under 28 U.S.C. 1746, a law that permits 
statements to be made under penalty of perjury as a substitute for 
notarization. You may fulfill this requirement by having your signature 
on your request letter witnessed by a notary or by including the 
following statement just before the signature on your request letter: 
``I declare (or certify, verify, or state) under penalty of perjury 
that the foregoing is true and correct. Executed on [date]. 
[Signature].''
    (2) How do I verify parentage or guardianship? If you make a 
Privacy Act request as the parent or guardian of a minor, or as the 
guardian of someone determined by a court to be incompetent, with 
respect to records or information about that individual, you must 
establish--
    (i) The identity of the individual who is the subject of the 
record, by stating the individual's name, current address, date and 
place of birth, and, at your option, the Social Security number of the 
individual;
    (ii) Your own identity, as required in paragraph (f)(1) of this 
section;
    (iii) That you are the parent or guardian of the individual, which 
you may prove by providing a properly authenticated copy of the 
individual's birth certificate showing your parentage or a properly 
authenticated court order establishing your guardianship; and
    (iv) That you are acting on behalf of the individual in making the 
request.


Sec.  1204.4  How will FHFA or FHFA-OIG respond to my Privacy Act 
request?

    (a) How will FHFA or FHFA-OIG locate the requested records? FHFA or 
FHFA-OIG will search to determine if requested records exist in the 
system of records it owns or controls. You can find FHFA and FHFA-OIG 
system of records notices on our Web site at https://www.fhfa.gov. You 
can also find descriptions of OFHEO and FHFB system of records that 
have not yet been superseded on the FHFA Web site. A description of the 
system of records also is available in the ``Privacy Act Issuances'' 
compilation published by the Office of the Federal Register of the 
National Archives and Records Administration. You can access the 
``Privacy Act Issuances'' compilation in most large reference and 
university libraries or electronically at the

[[Page 51873]]

Government Printing Office Web site at: https://www.gpoaccess.gov/privacyact/. You also can request a copy of FHFA or FHFA-OIG 
system of records from the Privacy Act Officer.
    (b) How long does FHFA or FHFA-OIG have to respond? Either the FHFA 
or FHFA-OIG Privacy Act Officer generally will respond to your request 
in writing within 20 days after receiving it, if it meets the Sec.  
1204.3 requirements. For requests to amend a record, either the FHFA or 
FHFA-OIG Privacy Act Officer will respond within 10 days after receipt 
of the request to amend. FHFA or FHFA-OIG may extend the response time 
in unusual circumstances, such as when consultation is needed with 
another Federal agency (if that agency is subject to the Privacy Act) 
about a record or to retrieve a record shipped offsite for storage. If 
you submit your written request in person, either the FHFA or FHFA-OIG 
Privacy Act Officer may disclose records or information to you directly 
and create a written record of the grant of the request. If you are to 
be accompanied by another person when accessing your record or any 
information pertaining to you, FHFA or FHFA-OIG may require your 
written authorization before permitting access or discussing the record 
in the presence of the other person.
    (c) What will the FHFA or FHFA-OIG response include? The written 
response will include a determination to grant or deny your request in 
whole or in part, a brief explanation of the reasons for the 
determination, and the amount of the fee charged, if any, under Sec.  
1204.6. If you are granted a request to access a record, FHFA or FHFA-
OIG will make the record available to you. If you are granted a request 
to amend or correct a record, the response will describe any amendments 
or corrections made and advise you of your right to obtain a copy of 
the amended or corrected record.
    (d) What is an adverse determination? An adverse determination is a 
determination on a Privacy Act request that--
    (1) Withholds any requested record in whole or in part;
    (2) Denies a request for an amendment or correction of a record in 
whole or in part;
    (3) Declines to provide a requested accounting of disclosures;
    (4) Advises that a requested record does not exist or cannot be 
located; or
    (5) Finds what has been requested is not a record subject to the 
Privacy Act.
    (e) What will be stated in a response that includes an adverse 
determination? If an adverse determination is made with respect to your 
request, either the FHFA or FHFA-OIG Privacy Act Officer's written 
response under this section will identify the person responsible for 
the adverse determination, state that the adverse determination is not 
a final action of FHFA or FHFA-OIG, and state that you may appeal the 
adverse determination under Sec.  1204.5.


Sec.  1204.5  What if I am dissatisfied with the response to my Privacy 
Act request?

    (a) May I appeal the response? You may appeal any adverse 
determination made in response to your Privacy Act request. If you wish 
to seek review by a court of any adverse determination or denial of a 
request, you must first appeal it under this section.
    (b) How do I appeal the response?--(1) You may appeal by submitting 
in writing, a statement of the reasons you believe the adverse 
determination should be overturned. FHFA or FHFA-OIG must receive your 
written appeal within 30 calendar days of the date of the adverse 
determination under Sec.  1204.4. Your written appeal may include as 
much or as little related information as you wish, as long as it 
clearly identifies the determination (including the request number, if 
known) that you are appealing.
    (2) If FHFA or FHFA-OIG denied your request in whole or in part, 
you may appeal the denial by writing directly to the FHFA Privacy Act 
Appeals Officer through electronic mail, mail, delivery service, or 
facsimile. The electronic mail address is: privacy@fhfa.gov. For mail 
or express mail, the address is: FHFA Privacy Act Appeals Officer, 
Federal Housing Finance Agency, 1700 G Street, NW., Washington, DC 
20552. The facsimile number is: (202) 414-8917. For appeals of FHFA-OIG 
denials, whether in whole or in part, the appeal must be clearly marked 
by adding ``FHFA-OIG'' after ``Privacy Act Appeal.'' All appeals from 
denials, in whole or part, made by FHFA-OIG will be forwarded to the 
FHFA-OIG Privacy Act Appeals Officer for processing and direct 
response. You can help FHFA and FHFA-OIG process your appeal by marking 
electronic mail, letters, or facsimiles and the subject line, envelope, 
or facsimile cover sheet with ``Privacy Act Appeal.'' FHFA's ``Privacy 
Act Reference Guide,'' which is available on FHFA's Web site, https://www.fhfa.gov, provides additional information to assist you in making 
your appeal. FHFA or FHFA-OIG ordinarily will not act on an appeal if 
the Privacy Act request becomes a matter of litigation.
    (3) If you need more time to file your appeal, you may request an 
extension of time of no more than ten (10) calendar days in which to 
file your appeal, but only if your request is made within the original 
30-calendar day time period for filing the appeal. Granting an 
extension is in the sole discretion of either the FHFA or FHFA-OIG 
Privacy Act Appeals Officer.
    (c) Who has the authority to grant or deny appeals? For appeals 
from the FHFA Privacy Act Officer, the FHFA Privacy Act Appeals Officer 
is authorized to act on your appeal. For appeals from the FHFA-OIG 
Privacy Act Officer, the FHFA-OIG Privacy Act Appeals Officer is 
authorized to act on your appeal.
    (d) When will FHFA or FHFA-OIG respond to my appeal? FHFA or FHFA-
OIG generally will respond to you in writing within 30 days of receipt 
of an appeal that meets the requirements of paragraph (b) of this 
section, unless for good cause shown, the FHFA or FHFA-OIG Privacy Act 
Appeals Officer extends the response time.
    (e) What will the FHFA or FHFA-OIG response include? The written 
response will include the determination of either the FHFA or FHFA-OIG 
Privacy Act Appeals Officer, whether to grant or deny your appeal in 
whole or in part, a brief explanation of the reasons for the 
determination, and information about the Privacy Act provisions for 
court review of the determination.
    (1) If your appeal concerns a request for access to records or 
information and the appeal determination grants your access, the 
records or information, if any, will be made available to you.
    (2)(i) If your appeal concerns an amendment or correction of a 
record and the appeal determination grants your request for an 
amendment or correction, the response will describe any amendment or 
correction made to the record and advise you of your right to obtain a 
copy of the amended or corrected record under this part. FHFA or FHFA-
OIG will notify all persons, organizations, or Federal agencies to 
which it previously disclosed the record, if an accounting of that 
disclosure was made, that the record has been amended or corrected. 
Whenever the record is subsequently disclosed, the record will be 
disclosed as amended or corrected.
    (ii) If the response to your appeal denies your request for an 
amendment or correction to a record, the response will advise you of 
your right to file a Statement of Disagreement under paragraph (f) of 
this section.
    (f) What is a Statement of Disagreement?--(1) A Statement of 
Disagreement is a concise written statement in which you clearly 
identify

[[Page 51874]]

each part of any record that you dispute and explain your reason(s) for 
disagreeing with either the FHFA or FHFA-OIG Privacy Act Appeals 
Officer's denial, in whole or in part, of your appeal requesting 
amendment or correction. Your Statement of Disagreement must be 
received by either the FHFA or FHFA-OIG Privacy Act Officer within 30 
calendar days of either the FHFA or FHFA-OIG Privacy Act Appeals 
Officer's denial, in whole or in part, of your appeal concerning 
amendment or correction of a record. FHFA and FHFA-OIG will place your 
Statement of Disagreement in the system of records in which the 
disputed record is maintained. FHFA and FHFA-OIG may also append a 
concise statement of its reason(s) for denying the request for an 
amendment or correction of the record.
    (2) FHFA and FHFA-OIG will notify all persons, organizations, and 
Federal agencies to which it previously disclosed the disputed record, 
if an accounting of that disclosure was made, that the record is 
disputed and provide your Statement of Disagreement and the FHFA or 
FHFA-OIG concise statement, if any. Whenever the disputed record is 
subsequently disclosed, a copy of your Statement of Disagreement and 
the FHFA or FHFA-OIG concise statement, if any, will also be disclosed.


Sec.  1204.6  What does it cost to get records under the Privacy Act?

    (a) Must I agree to pay fees? Your Privacy Act request is your 
agreement to pay all applicable fees, unless you specify a limit on the 
amount of fees you agree to pay. FHFA or FHFA-OIG will not exceed the 
specified limit without your written agreement.
    (b) How does FHFA or FHFA-OIG calculate fees? FHFA and FHFA-OIG 
will charge a fee for duplication of a record under the Privacy Act in 
the same way it charges for duplication of records under FOIA in 12 CFR 
1202.11. There are no fees to search for or review records.


Sec.  1204.7  Are there any exemptions from the Privacy Act?

    (a) What is a Privacy Act exemption? The Privacy Act authorizes the 
Director and the FHFA Inspector General to exempt records or 
information in a system of records from some of the Privacy Act 
requirements, if the Director or the FHFA Inspector General, as 
appropriate, determines that the exemption is necessary.
    (b) How do I know if the records or information I want are 
exempt?--(1) Each system of records notice will advise you if the 
Director or the FHFA Inspector General has determined records or 
information in records are exempt from Privacy Act requirements. If the 
Director or the FHFA Inspector General has claimed an exemption for a 
system of records, the system of records notice will identify the 
exemption and the provisions of the Privacy Act from which the system 
is exempt.
    (2) Until superseded by FHFA or FHFA-OIG systems of records, the 
following OFHEO and FHFB systems of records are, under 5 U.S.C. 
552a(k)(2) or (k)(5), exempt from the Privacy Act requirements of 5 
U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and 
(f)--
    (i) OFHEO-11 Litigation and Enforcement Information System; and
    (ii) FHFB-5 Agency Personnel Investigative Records.
    (c) What exemptions potentially apply to FHFA-OIG records? Unless 
the FHFA Inspector General, his or her designee, or a statute 
specifically authorizes disclosure, FHFA-OIG will not release records 
of matters that are subject to the following exemptions--
    (1) To the extent that the systems of records entitled ``FHFA-OIG 
Audit Files Database,'' ``FHFA-OIG Investigative & Evaluative Files 
Database,'' ``FHFA-OIG Investigative & Evaluative MIS Database,'' 
``FHFA-OIG Hotline Database,'' and ``FHFA-OIG Correspondence Database'' 
contain any information compiled by FHFA-OIG for the purpose of 
criminal law enforcement investigations, such information falls within 
the scope of exemption (j)(2) of the Privacy Act, 5 U.S.C. 552a(j)(2), 
and therefore these systems of records are exempt from the requirements 
of the following subsections of the Privacy Act to that extent, for the 
reasons stated in paragraphs (1)(i) through (vi) of this section.
    (i) From 5 U.S.C. 552a(c)(3), because release of an accounting of 
disclosures to an individual who is the subject of an investigation or 
evaluation could reveal the nature and scope of the investigation or 
evaluation and could result in the altering or destruction of evidence, 
improper influencing of witnesses, and other evasive actions that could 
impede or compromise the investigation or evaluation.
    (ii) From 5 U.S.C. 552a(d)(1), because release of investigative or 
evaluative records to an individual who is the subject of an 
investigation or evaluation could interfere with pending or prospective 
law enforcement proceedings, constitute an unwarranted invasion of the 
personal privacy of third parties, reveal the identity of confidential 
sources, or reveal sensitive investigative or evaluative techniques and 
procedures.
    (iii) From 5 U.S.C. 552a(d)(2), because amendment or correction of 
investigative or evaluative records could interfere with pending or 
prospective law enforcement proceedings, or could impose an impossible 
administrative and investigative or evaluative burden by requiring 
FHFA-OIG to continuously retrograde its investigations or evaluations 
attempting to resolve questions of accuracy, relevance, timeliness, and 
completeness.
    (iv) From 5 U.S.C. 552a(e)(1), because it is often impossible to 
determine relevance or necessity of information in the early stages of 
an investigation or evaluation. The value of such information is a 
question of judgment and timing; what appears relevant and necessary 
when collected may ultimately be evaluated and viewed as irrelevant and 
unnecessary to an investigation or evaluation. In addition, FHFA-OIG 
may obtain information concerning the violation of laws other than 
those within the scope of its jurisdiction. In the interest of 
effective law enforcement, FHFA-OIG should retain this information 
because it may aid in establishing patterns of unlawful activity and 
provide leads for other law enforcement agencies. Further, in obtaining 
evidence during an investigation or evaluation, information may be 
provided to FHFA-OIG that relates to matters incidental to the main 
purpose of the investigation or evaluation, but which may be pertinent 
to the investigative or evaluative jurisdiction of another agency. Such 
information cannot readily be identified.
    (v) From 5 U.S.C. 552a(e)(2), because in a law enforcement 
investigation or an evaluation it is usually counterproductive to 
collect information to the greatest extent practicable directly from 
the subject thereof. It is not always feasible to rely upon the subject 
of an investigation or evaluation as a source for information which may 
implicate him or her in illegal activities. In addition, collecting 
information directly from the subject could seriously compromise an 
investigation or evaluation by prematurely revealing its nature and 
scope, or could provide the subject with an opportunity to conceal 
criminal activities, or intimidate potential sources, in order to avoid 
apprehension.
    (vi) From 5 U.S.C. 552a(e)(3), because providing such notice to the 
subject of an investigation or evaluation, or to other individual 
sources, could seriously compromise the investigation or evaluation by 
prematurely revealing

[[Page 51875]]

its nature and scope, or could inhibit cooperation, permit the subject 
to evade apprehension, or cause interference with undercover 
activities.
    (2) To the extent that the systems of records entitled ``FHFA-OIG 
Audit Files Database,'' ``FHFA-OIG Investigative & Evaluative Files 
Database,'' ``FHFA-OIG Investigative & Evaluative MIS Database,'' 
``FHFA-OIG Hotline Database,'' and ``FHFA-OIG Correspondence 
Database,'' contain information compiled by FHFA-OIG for the purpose of 
criminal law enforcement investigations, such information falls within 
the scope of exemption (k)(2) of the Privacy Act, 5 U.S.C. 552a(k)(2), 
and therefore these systems of records are exempt from the requirements 
of the following subsections of the Privacy Act to that extent, for the 
reasons stated in paragraphs (c)(2)(i) through (iv) of this section.
    (i) From 5 U.S.C. 552a(c)(3), because release of an accounting of 
disclosures to an individual who is the subject of an investigation or 
evaluation could reveal the nature and scope of the investigation or 
evaluation and could result in the altering or destruction of evidence, 
improper influencing of witnesses, and other evasive actions that could 
impede or compromise the investigation or evaluation.
    (ii) From 5 U.S.C. 552a(d)(1), because release of investigative or 
evaluative records to an individual who is the subject of an 
investigation or evaluation could interfere with pending or prospective 
law enforcement proceedings, constitute an unwarranted invasion of the 
personal privacy of third parties, reveal the identity of confidential 
sources, or reveal sensitive investigative or evaluative techniques and 
procedures.
    (iii) From 5 U.S.C. 552a(d)(2), because amendment or correction of 
investigative or evaluative records could interfere with pending or 
prospective law enforcement proceedings, or could impose an impossible 
administrative and investigative or evaluative burden by requiring 
FHFA-OIG to continuously retrograde its investigations or evaluations 
attempting to resolve questions of accuracy, relevance, timeliness, and 
completeness.
    (iv) From 5 U.S.C. 552a(e)(1), because it is often impossible to 
determine relevance or necessity of information in the early stages of 
an investigation or evaluation. The value of such information is a 
question of judgment and timing; what appears relevant and necessary 
when collected may ultimately be evaluated and viewed as irrelevant and 
unnecessary to an investigation or evaluation. In addition, FHFA-OIG 
may obtain information concerning the violation of laws other than 
those within the scope of its jurisdiction. In the interest of 
effective law enforcement, FHFA-OIG should retain this information 
because it may aid in establishing patterns of unlawful activity and 
provide leads for other law enforcement agencies. Further, in obtaining 
evidence during an investigation or evaluation, information may be 
provided to FHFA-OIG that relates to matters incidental to the main 
purpose of the investigation or evaluation but which may be pertinent 
to the investigative or evaluative jurisdiction of another agency. Such 
information cannot readily be identified.
    (3) To the extent that the systems of records entitled ``FHFA-OIG 
Audit Files Database,'' ``FHFA-OIG Investigative & Evaluative Files 
Database,'' ``FHFA-OIG Investigative & Evaluative MIS Database,'' 
``FHFA-OIG Hotline Database,'' and ``FHFA-OIG Correspondence Database'' 
contain any investigatory material compiled by FHFA-OIG for the purpose 
of determining suitability, eligibility, or qualifications for Federal 
civilian employment or Federal contracts, the release of which would 
reveal the identity of a source who furnished information to the 
Government under an express promise that the identity of the source 
would be held in confidence, such information falls within the scope of 
exemption (k)(5) of the Privacy Act, 5 U.S.C. 552a(k)(5), and therefore 
these systems of records are exempt from the requirements of subsection 
(d)(1) of the Privacy Act to that extent, because release would reveal 
the identity of a source who furnished information to the Government 
under an express promise of confidentiality. Revealing the identity of 
a confidential source could impede future cooperation by sources, and 
could result in harassment or harm to such sources.


Sec.  1204.8  How are records secured?

    (a) What controls must FHFA and FHFA-OIG have in place? FHFA and 
FHFA-OIG must establish administrative and physical controls to prevent 
unauthorized access to their systems of records, unauthorized or 
inadvertent disclosure of records, and physical damage to or 
destruction of records. The stringency of these controls corresponds to 
the sensitivity of the records that the controls protect. At a minimum, 
the administrative and physical controls must ensure that--
    (1) Records are protected from public view;
    (2) The area in which records are kept is supervised during 
business hours to prevent unauthorized persons from having access to 
them;
    (3) Records are inaccessible to unauthorized persons outside of 
business hours; and
    (4) Records are not disclosed to unauthorized persons or under 
unauthorized circumstances in either oral or written form.
    (b) Is access to records restricted? Access to records is 
restricted to authorized employees who require access in order to 
perform their official duties.


Sec.  1204.9  Does FHFA or FHFA-OIG collect and use Social Security 
numbers?

    FHFA and FHFA-OIG collect Social Security numbers only when it is 
necessary and authorized. At least annually, the FHFA Privacy Act 
Officer or the Senior Agency Official for Privacy will inform employees 
who are authorized to collect information that--
    (a) Individuals may not be denied any right, benefit, or privilege 
as a result of refusing to provide their Social Security numbers, 
unless the collection is authorized either by a statute or by a 
regulation issued prior to 1975; and
    (b) They must inform individuals who are asked to provide their 
Social Security numbers--
    (1) If providing a Social Security number is mandatory or 
voluntary;
    (2) If any statutory or regulatory authority authorizes collection 
of a Social Security number; and
    (3) The uses that will be made of the Social Security number.


Sec.  1204.10  What are FHFA and FHFA-OIG employee responsibilities 
under the Privacy Act?

    At least annually, the FHFA Privacy Act Officer or the Senior 
Agency Official for Privacy will inform employees about the provisions 
of the Privacy Act, including the Privacy Act's civil liability and 
criminal penalty provisions. Unless otherwise permitted by law, an 
authorized FHFA or FHFA-OIG employee shall--
    (a) Collect from individuals only information that is relevant and 
necessary to discharge FHFA or FHFA-OIG responsibilities;
    (b) Collect information about an individual directly from that 
individual whenever practicable;
    (c) Inform each individual from whom information is collected of--
    (1) The legal authority to collect the information and whether 
providing it is mandatory or voluntary;
    (2) The principal purpose for which FHFA or FHFA-OIG intends to use 
the information;

[[Page 51876]]

    (3) The routine uses FHFA or FHFA-OIG may make of the information; 
and
    (4) The effects on the individual, if any, of not providing the 
information.
    (d) Ensure that the employee's office does not maintain a system of 
records without public notice and notify appropriate officials of the 
existence or development of any system of records that is not the 
subject of a current or planned public notice;
    (e) Maintain all records that are used in making any determination 
about an individual with such accuracy, relevance, timeliness, and 
completeness as is reasonably necessary to ensure fairness to the 
individual in the determination;
    (f) Except for disclosures made under FOIA, make reasonable 
efforts, prior to disseminating any record about an individual, to 
ensure that the record is accurate, relevant, timely, and complete;
    (g) When required by the Privacy Act, maintain an accounting in the 
specified form of all disclosures of records by FHFA or FHFA-OIG to 
persons, organizations, or Federal agencies;
    (h) Maintain and use records with care to prevent the unauthorized 
or inadvertent disclosure of a record to anyone; and
    (i) Notify the appropriate official of any record that contains 
information that the Privacy Act does not permit FHFA or FHFA-OIG to 
maintain.


Sec.  1204.11  May FHFA-OIG obtain Privacy Act records from other 
Federal agencies for law enforcement purposes?

    (a) The FHFA Inspector General is authorized under the Inspector 
General Act of 1978, as amended, to make written requests under 5 
U.S.C. 552a(b)(7) for transfer of records maintained by other Federal 
agencies which are necessary to carry out an authorized law enforcement 
activity under the Inspector General Act of 1978, as amended.
    (b) The FHFA Inspector General delegates the authority under 
paragraph (a) of this section to the following FHFA-OIG officials--
    (1) Principal Deputy Inspector General;
    (2) Deputy Inspector General for Audits;
    (3) Deputy Inspector General for Investigations;
    (4) Deputy Inspector General for Evaluations; and
    (5) Deputy Inspector General for Administration.
    (c) The officials listed in paragraph (b) of this section may not 
further delegate or re-delegate the authority described in paragraph 
(a) of this section.

    Dated: August 11, 2011.
Edward J. DeMarco,
Acting Director, Federal Housing Finance Agency.
[FR Doc. 2011-21250 Filed 8-18-11; 8:45 am]
BILLING CODE 8070-01-P