Privacy Act Regulations, 61628-61632 [2016-21473]

Download as PDF 61628 Proposed Rules Federal Register Vol. 81, No. 173 Wednesday, September 7, 2016 This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules. COUNCIL OF THE INSPECTORS GENERAL ON INTEGRITY AND EFFICIENCY 5 CFR Part 9801 RIN 3219–AA00 Privacy Act Regulations Council of the Inspectors General on Integrity and Efficiency. ACTION: Proposed rule. AGENCY: The Council of the Inspectors General on Integrity and Efficiency (CIGIE) is issuing this proposed rule to establish its procedures relating to access, maintenance, disclosure, and amendment of records that are in a CIGIE system of records under the Privacy Act of 1974 (Privacy Act). The proposed rule also establishes rules of conduct for CIGIE personnel who have responsibilities under the Privacy Act. DATES: Submit comments on or before November 7, 2016. ADDRESSES: You may submit comments by any of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Email: comments@cigie.gov. • Fax: (202) 254–0162. • Mail: Atticus J. Reaser, General Counsel, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. • Hand Delivery/Courier: Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. FOR FURTHER INFORMATION CONTACT: Atticus J. Reaser, General Counsel, CIGIE, (202) 292–2600. SUPPLEMENTARY INFORMATION: ehiers on DSK5VPTVN1PROD with PROPOSALS SUMMARY: Background Information CIGIE is issuing this proposed rule to provide the procedures and guidelines under which CIGIE will implement the Privacy Act. In 2008, Congress established CIGIE as an independent entity within the VerDate Sep<11>2014 15:04 Sep 06, 2016 Jkt 238001 executive branch in order to address integrity, economy, and effectiveness issues that transcend individual Government agencies; and increase the professionalism and effectiveness of personnel by developing policies, standards, and approaches to aid in the establishment of a well-trained and highly skilled workforce in the offices of the Inspectors General (OIG). CIGIE’s membership is comprised of all Inspectors General whose offices are established under section 2 or section 8G of the Inspector General Act of 1978, Public Law 95–452, 92 Stat. 1101 (codified as amended at 5 U.S.C. app) (Inspector General Act) (i.e., those Inspectors General that are Presidentially-appointed/Senateconfirmed and those that are appointed by agency heads) as well as the Controller of the Office of Federal Financial Management, a designated official of the Federal Bureau of Investigation (FBI), the Director of the Office of Government Ethics, the Special Counsel of the Office of Special Counsel, the Deputy Director of the Office of Personnel Management, the Deputy Director for Management of the Office of Management and Budget (OMB), and the Inspectors General for the Intelligence Community, Central Intelligence Agency, Library of Congress, Capitol Police, Government Publishing Office, Government Accountability Office, and Architect of the Capitol. The Deputy Director for Management of OMB serves as the Executive Chairperson of CIGIE. Section 11(d) of the Inspector General Act mandates that CIGIE have an Integrity Committee (IC), which shall receive, review, and refer for investigation allegations of wrongdoing that are made against Inspectors General and designated staff members of the various OIGs. Pursuant to section 11(d)(2)(A) of the Inspector General Act, all records received or created by the IC in fulfilling its responsibilities are collected and maintained separately as IC records by the official of the FBI serving on the IC. As of the issuance of this proposed rule, all such records are maintained in FBI’s Central Records System and are subject to the system of records notices and the Privacy Act policies and regulations applicable to that system. See 28 CFR part 16, subpart D. Accordingly, unless otherwise specifically stated, the regulations PO 00000 Frm 00001 Fmt 4702 Sfmt 4702 published below do not apply to records maintained by the IC. Executive Orders 12866 and 13563 In promulgating this rule, CIGIE has adhered to the regulatory philosophy and the applicable principles of regulation set forth in section 1 of Executive Order 12866, Regulatory Planning and Review. The Office of Management and Budget has determined that this rule is not ‘‘significant’’ under Executive Order 12866. Regulatory Flexibility Act These proposed regulations will not have a significant economic impact on a substantial number of small entities. Therefore, a regulatory flexibility analysis as provided by the Regulatory Flexibility Act, as amended, is not required. Paperwork Reduction Act These proposed regulations impose no additional reporting and recordkeeping requirements. Therefore, clearance by OMB is not required. Federalism (Executive Order 13132) This rule does not have Federalism implications, as set forth in Executive Order 13132. It will not have substantial direct effects on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. List of Subjects in 5 CFR Part 9801 Information, Privacy, Privacy Act, Records. ■ For the reasons set forth in the preamble, CIGIE proposes to add part 9801 to title 5 of the Code of Federal Regulations as follows: PART 9801—PRIVACY ACT REGULATIONS Subpart A—General Provisions Sec. 9801.101 Purpose and scope. 9801.102 CIGIE organization. 9801.103 Definitions. 9801.104 Rules for determining if an individual is the subject of a record. 9801.105 Employee standards of conduct. 9801.106 Use and collection of social security numbers. 9801.107 Other rights and services. E:\FR\FM\07SEP1.SGM 07SEP1 Federal Register / Vol. 81, No. 173 / Wednesday, September 7, 2016 / Proposed Rules Subpart B—Access to Records and Accounting of Disclosures Sec. 9801.201 Requests for access. 9801.202 Response to requests. 9801.203 Granting access. 9801.204 Special procedures: Medical records. 9801.205 Appeals from denials of requests for access to records. 9801.206 Response to appeal of a denial of access. 9801.207 Fees. 9801.208 Requests for accounting of record disclosures. Subpart C—Amendment of Records Sec. 9801.301 Requests for amendment of record. 9801.302 Response to requests. 9801.303 Appeal from adverse determination on amendment. 9801.304 Response to appeal of adverse determination on amendment; disagreement statements. 9801.305 Assistance in preparing request to amend a record or to appeal an initial adverse determination. Authority: Section 11 of the Inspector General Act of 1978, Pub. L. 95–452, 92 Stat. 1101 (codified as amended at 5 U.S.C. app); 5 U.S.C. 301, 552a; 31 U.S.C. 9701. Subpart A—General Provisions § 9801.101 Purpose and scope. This part contains the regulations of the Council of the Inspectors General on Integrity and Efficiency (CIGIE) implementing the Privacy Act of 1974, 5 U.S.C. 552a. This part sets forth the basic responsibilities of CIGIE with regard to CIGIE’s compliance with the requirements of the Privacy Act and offers guidance to members of the public who wish to exercise any of the rights established by the Privacy Act with regard to records maintained by CIGIE. These regulations should be read in conjunction with the Privacy Act, which explains in more detail individuals’ rights. ehiers on DSK5VPTVN1PROD with PROPOSALS § 9801.102 CIGIE organization. (a) Centralized program. Except as stated in paragraph (b) of this section, CIGIE has a centralized Privacy Act program, with one office receiving and coordinating the processing of all Privacy Act requests to CIGIE. (b) Integrity Committee records. The Integrity Committee of CIGIE (IC) is the single exception to CIGIE’s centralized Privacy Act program. By statute, all records received or created by the IC in fulfilling its responsibilities are collected and maintained separately as IC records by the official of the Federal Bureau of Investigation (FBI) serving on the IC. Currently, all such records are maintained by the FBI in the FBI’s VerDate Sep<11>2014 15:04 Sep 06, 2016 Jkt 238001 Central Records System and are subject to the system of records notices and the Privacy Act policies and regulations applicable to that system. See 28 CFR part 16, subpart D. Accordingly, except as stated in paragraph (c) of this section, because IC records are not maintained by CIGIE, this part does not apply to requests or appeals regarding IC records. (c) Acceptance of requests and appeals. CIGIE will accept initial requests or appeals regarding CIGIE records and regarding IC records maintained by the FBI on behalf of the FBI. Requests and appeals regarding IC records will be referred to the FBI for processing and direct response to the requester by the FBI. § 9801.103 Definitions. (a) For purposes of this part the terms individual, maintain, record, routine use, and system of records, shall have the meanings set forth in 5 U.S.C. 552a(a). (b) CIGIE means the Council of the Inspectors General on Integrity and Efficiency and includes its predecessor entities, the Executive Council on Integrity and Efficiency and the President’s Council on Integrity and Efficiency. (c) Days, unless stated as ‘‘calendar days,’’ are working days and do not include Saturdays, Sundays, or Federal holidays. (d) IC means the CIGIE Integrity Committee established under section 11(d) of the Inspector General Act of 1978, Public Law 95–452, 92 Stat. 1101 (codified as amended at 5 U.S.C. app) (Inspector General Act). (e) Request for access to a record means a request made under Privacy Act subsection (d)(1). (f) Request for amendment of a record means a request made under Privacy Act subsection (d)(2). (g) Request for an accounting means a request made under Privacy Act subsection (c)(3). (h) Requester means an individual who makes a request for access, a request for amendment, or a request for an accounting under the Privacy Act. § 9801.104 Rules for determining if an individual is the subject of a record. An individual seeking to determine if a specific CIGIE system of records contains a record pertaining to the individual must follow the procedures set forth for access to records in § 9801.201(a), (b)(1) and (2), (c), and (d). A request to determine if an individual is the subject of a record will ordinarily be responded to within 10 days, except when CIGIE determines otherwise, in which case the request will be PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 61629 acknowledged within 10 days and the individual will be informed of the reasons for the delay and an estimated date by which a response will be issued. § 9801.105 conduct. Employee standards of CIGIE will inform its employees involved in the design, development, operation, or maintenance of any system of records, or in maintaining any record, of the provisions of the Privacy Act, including the Act’s civil liability and criminal penalty provisions. Unless otherwise permitted by law, an employee of CIGIE shall: (a) Collect from individuals only the information that is relevant and necessary to discharge the responsibilities of CIGIE; (b) Collect information about an individual directly from that individual whenever practicable when the information may result in adverse determinations about an individual’s rights, benefits, and privileges under Federal programs; (c) Inform each individual from whom information is collected of: (1) The legal authority to collect the information and whether providing it is mandatory or voluntary; (2) The principal purpose for which CIGIE intends to use the information; (3) The routine uses CIGIE may make of the information; and (4) The effects on the individual, if any, of not providing the information; (d) Maintain no system of record without public notice and notify appropriate CIGIE officials of the existence or development of any system of records that is not the subject of a current or planned public notice; (e) Maintain all records that are used by CIGIE in making any determination about an individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in the determination; (f) Except as to disclosures made to an agency or made under the Freedom of Information Act, 5 U.S.C. 552 (FOIA), make reasonable efforts, prior to disseminating any record about an individual, to ensure that the record is accurate, relevant, timely, and complete; (g) Maintain no record describing how an individual exercises his or her First Amendment rights, unless it is expressly authorized by statute or by the individual about whom the record is maintained, or is pertinent to and within the scope of an authorized law enforcement activity; (h) When required by the Privacy Act, maintain an accounting in the specified form of all disclosures of records by E:\FR\FM\07SEP1.SGM 07SEP1 61630 Federal Register / Vol. 81, No. 173 / Wednesday, September 7, 2016 / Proposed Rules CIGIE to persons, organizations, or agencies; (i) Maintain and use records with care to prevent the unauthorized or inadvertent disclosure of a record to anyone. No record contained in a CIGIE system of record shall be disclosed to another person, or to another agency outside CIGIE, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless the disclosure is otherwise authorized by the Privacy Act; and (j) Notify the appropriate CIGIE official of any record that contains information that the Privacy Act does not permit CIGIE to maintain. § 9801.106 Use and collection of social security numbers. (a) No denial of right, benefit, or privilege. Individuals may not be denied any right, benefit, or privilege as a result of refusing to provide their social security numbers, unless the collection is required by Federal statute; and (b) Notification to individual. Individuals requested to provide their social security numbers must be informed of: (1) Whether providing social security numbers is mandatory or voluntary; (2) The statutory or regulatory authority that authorizes the collection of social security numbers; and (3) The uses that will be made of the numbers. § 9801.107 Other rights and services. Nothing in this part shall be construed to entitle any person, as of right, to any service or to the disclosure of any record to which such person is not entitled under the Privacy Act. Subpart B—Access to Records and Accounting of Disclosures ehiers on DSK5VPTVN1PROD with PROPOSALS § 9801.201 Requests for access. (a) How addressed. A requester seeking access to records pertaining to the requester in a CIGIE system of records should submit a written request that includes the words ‘‘Privacy Act Request’’ on both the envelope and at the top of the request letter to the Executive Director, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. (b) Description of records sought. (1) A request should contain a specific reference to the CIGIE system of records from which access to the records is sought. Notices of CIGIE systems of records subject to the Privacy Act are published in the Federal Register, and copies of the notices are available on CIGIE’s Web site at www.ignet.gov, or VerDate Sep<11>2014 15:04 Sep 06, 2016 Jkt 238001 upon request from CIGIE’s Office of General Counsel. (2) If the written inquiry does not refer to a specific system of records, it must describe the records that are sought in enough detail to enable CIGIE personnel to locate the system of records containing them with a reasonable amount of effort. (3) The request should state whether the requester wants a copy of the record or wants to examine the record in person. (c) Verification of identity. A requester seeking access to records pertaining to the requester must verify their identity in their request. The request must state the requester’s full name, current address, and date and place of birth. The requester must sign the request and the signature must either be notarized or state, ‘‘Under penalty of perjury, I hereby declare that I am the person named above and I understand that any falsification of this statement is punishable under the provisions of Title 18, United States Code (U.S.C.), Section 1001 by a fine of not more than $10,000 or by imprisonment of not more than five years, or both; and that requesting or obtaining any record(s) under false pretenses is punishable under the provisions of Title 5, U.S.C., Section 552a(i)(3) as a misdemeanor and by a fine of not more than $5,000.’’ In order to help the identification and location of requested records, the requester may optionally include their social security number. No identification shall be required if the records are required by 5 U.S.C. 552 to be released. (d) Verification of guardianship. When making a request as the parent or guardian of a minor or as the guardian of someone determined by a court to be incompetent for access to records about that individual, the requester must establish: (1) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and, at the requester’s option, the social security number of the individual; (2) The requester’s identity, as required in paragraph (c) of this section; (3) That the requester is the parent or guardian of that individual, which may be established by providing a copy of the individual’s birth certificate showing the requester’s parentage or by providing a court order establishing the requester’s guardianship; and (4) That the requester is acting on behalf of that individual in making the request. PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 § 9801.202 Response to requests. A request for access will ordinarily be responded to within 10 days, except when CIGIE determines otherwise, in which case the request will be acknowledged within 10 days and the requester will be informed of the reasons for the delay and an estimated date by which a response will be issued. A response to a request for access should include the following: (a) A statement that there is a record or records as requested or a statement that there is not a record in the system of records; (b) The method of access (if a copy of all the records requested is not provided with the response); (c) The amount of any fees to be charged for copies of records under § 9801.207, if applicable; (d) The name and title of the official responsible for the response; and (e) If the request is denied in whole or in part, or no record is found in the system, a statement of the reasons for the denial, or a statement that no record has been found, and notice of the procedures for appealing the denial or no record finding. § 9801.203 Granting access. (a) Means of access. (1) The methods for allowing access to records, when such access has been granted by CIGIE, are: (i) Examination in person in a designated office during the hours specified by CIGIE; or (ii) Providing copies of the records. (2) When a requester has not indicated whether he wants a copy of the record or wants to examine the record in person, CIGIE may choose the means of granting access. However, the means chosen should not unduly impede the requester’s right of access. A requester may elect to receive a copy of the records after having examined them. (b) Accompanying individual. If the requester is granted in person access to examine the records, the requester may be accompanied by another individual of the requester’s choice during the course of the examination of the records. CIGIE may require the requester to submit a signed statement authorizing the accompanying individual’s access to the records. (c) Certified copies. CIGIE will not furnish certified copies of records. When copies are to be furnished, they may be provided as determined by CIGIE. (d) Original records. When the requester seeks to obtain original documentation, CIGIE reserves the right to limit the request to copies of the original records. E:\FR\FM\07SEP1.SGM 07SEP1 Federal Register / Vol. 81, No. 173 / Wednesday, September 7, 2016 / Proposed Rules § 9801.204 records. Special procedures: Medical In the event CIGIE receives a request pursuant to § 9801.201 for access to medical records (including psychological records) whose disclosure CIGIE determines would be harmful to the individual to whom they relate, it may refuse to disclose the records directly to the requester but shall transmit them to a physician designated by the requester. § 9801.205 Appeals from denials of requests for access to records. (a) How addressed. A requester may submit a written appeal of the decision by CIGIE to deny an initial request for access to records or a no record response to the Chairperson, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. The words ‘‘Privacy Act Appeal’’ should be included on the envelope and at the top of the letter of appeal. (b) Deadline and content. The appeal must be received by CIGIE within 60 days of the date of the letter denying the access request or reflecting the no record finding and should contain a brief description of the records involved or copies of the relevant correspondence from CIGIE. The appeal should attempt to refute the reasons given by CIGIE in support of its decision to deny the initial request for access or no record finding. § 9801.206 of access. Response to appeal of a denial ehiers on DSK5VPTVN1PROD with PROPOSALS (a) Access granted. If the Chairperson or the Chairperson’s designee determines that access to the records should be granted, the response will state how access will be provided if the records are not included with the response. (b) Denial affirmed. Any decision that either partially or fully affirms the initial decision to deny access or no record finding shall inform the requester of the right to seek judicial review of the decision in accordance with the Privacy Act (5 U.S.C. 552a(g)). (c) When appeal is required. If a requester wishes to seek review by a court of any adverse determination or denial of a request, the requester must first appeal it under § 9801.205. § 9801.207 Fees. (a) No fees for most services. Services for which fees will not be charged: (1) The search and review time expended by CIGIE to produce a record; (2) The first copy of the records provided; and VerDate Sep<11>2014 15:04 Sep 06, 2016 Jkt 238001 (3) CIGIE making the records available to be personally reviewed by the requester. (b) Fees for additional copies. When a requester requests additional copies of records, CIGIE will assess the requester a fee of $.20 per page. CIGIE will bill requester in arrears for such fees, except as follows: (1) If the total fee for additional copies amounts to more than $25.00, the requester will be notified of the fee amount. Except as specified in paragraph (b)(2) of this section, upon requester’s written agreement to pay the assessed fees, CIGIE will provide the additional copies without prepayment of such fees (i.e., payment will be accepted in arrears). (2) An advance payment before additional copies of the records are made will be required if: (i) CIGIE determines that the total fee to be assessed under this section exceeds $250.00. When such a determination is made, the requester will be notified of the determination and will be required to submit an advance payment of an amount up to the total fee. The amount of the advanced payment will be at the sole discretion of CIGIE and will be based, in part, on whether requester has a history of prompt payment of Privacy Act fees. If the required advanced payment is an amount less than the total fee, requester will be required to submit a written agreement to pay any fees not paid in advance; or (ii) The requester has previously failed to pay a previously assessed Privacy Act fee in a timely fashion (i.e., within 30 days of the date of the billing). In such cases, the requester will be required to pay the full amount outstanding plus any applicable interest as provided by paragraph (c) of this section and to make an advance payment of the full amount of the determined fee before CIGIE begins to process a new request for additional copies. (c) Interest charges. For additional copies provided to requester that result in fees assessed, CIGIE will begin levying interest charges on an unpaid balance starting on the 31st day following the day on which the billing was sent. Interest will be assessed at the rate prescribed under 31 U.S.C. 3717 and will accrue from the date of the billing. (d) Payment address. Payment of fees should be made by either a personal check, bank draft or a money order that is payable to the Department of the Treasury of the United States and mailed or delivered to: Privacy Officer, Council of the Inspectors General on PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 61631 Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. § 9801.208 Requests for accounting of record disclosures. (a) How made and addressed. Except where accountings of disclosures are not required to be kept (as stated in paragraph (b) of this section), a requester may request an accounting of any disclosure that has been made by CIGIE to another person, organization, or agency of any record about the requester. This accounting contains the date, nature, and purpose of each disclosure, as well as the name and address of the person, organization, or agency to which the disclosure was made. A requester seeking an accounting of record disclosures must follow the procedures set forth for access to records in § 9801.201(a), (b)(1) and (2), (c), and (d). (b) Where accountings are not required. CIGIE is not required to provide accountings to requesters where they relate to: (1) Disclosures for which accountings are not required to be kept, including disclosures that are made to officers and employees of CIGIE and disclosures that are made under the FOIA. For purposes of this part, officers and employees of CIGIE includes, in part, CIGIE’s membership, as addressed in section 11 of the Inspector General Act, when such members are acting in their capacity as CIGIE members; (2) Disclosures made to law enforcement agencies for authorized law enforcement activities in response to written requests from those law enforcement agencies specifying the law enforcement activities for which the disclosures are sought; or (3) Disclosures made from law enforcement systems of records that have been exempted from accounting requirements. Subpart C—Amendment of Records § 9801.301 record. Requests for amendment of (a) How addressed. A requester seeking to amend a record or records pertaining to requester in a CIGIE system of records should submit a written request that includes the words ‘‘Privacy Act Amendment Request’’ on both the envelope and at the top of the request letter to the Executive Director, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. Records not subject to the Privacy Act will not be amended in accordance with these provisions. E:\FR\FM\07SEP1.SGM 07SEP1 61632 Federal Register / Vol. 81, No. 173 / Wednesday, September 7, 2016 / Proposed Rules (b) Contents of request. A request to amend a record in a CIGIE system of records must include: (1) The name of the system of records and a brief description of the record proposed for amendment. In the event the request to amend the record is the result of the requester having gained access to the record in accordance with the provisions concerning access to records as set forth in subpart B of this part, copies of previous correspondence between the requester and CIGIE will serve in lieu of a separate description of the record. (2) The exact portion of the record the requester seeks to have amended should be indicated clearly. If possible, proposed alternative language should be set forth, or, at a minimum, the reasons why the requester believes the record is not accurate, relevant, timely, or complete should be set forth with enough particularity to permit CIGIE to not only to understand the requester’s basis for the request, but also to make an appropriate amendment to the record. (c) Burden of proof. The requester has the burden of proof when seeking the amendment of a record. The requester must furnish sufficient facts to persuade the appropriate system manager of the inaccuracy, irrelevance, untimeliness, or incompleteness of the record. (d) Identification requirement. When the requester’s identity has been previously verified pursuant to § 9801.201, further verification of identity is not required as long as the communication does not suggest a need for verification. If the requester’s identity has not been previously verified, the appropriate system manager may require identification validation as described in § 9801.201. ehiers on DSK5VPTVN1PROD with PROPOSALS § 9801.302 Response to requests. (a) Time limit for acknowledging a request for amendment. To the extent possible, CIGIE will acknowledge receipt of a request to amend a record or records within 10 working days. (b) Determination on an amendment request. The decision of CIGIE in response to a request for amendment of a record in a system of records may grant in whole or deny any part of the request to amend the record. (1) If CIGIE grants the request, the appropriate system manager will amend the record(s) and provide a copy of the amended record(s) to the requester. To the extent an accounting of disclosure has been maintained, the system manager shall advise all previous recipients of the record that an amendment has been made and give the substance of the amendment. Where VerDate Sep<11>2014 15:04 Sep 06, 2016 Jkt 238001 practicable, the system manager shall send a copy of the amended record to previous recipients. (2) If CIGIE denies the request in whole or in part, the reasons for the denial will be stated in the response letter. In addition, the response letter will state: (i) The name and address of the official with whom an appeal of the denial may be lodged; and (ii) A description of any other procedures which may be required of the requester in order to process the appeal. § 9801.303 Appeal from adverse determination on amendment. (a) How addressed. A requester may submit a written appeal of the decision by CIGIE to deny an initial request to amend a record in a CIGIE system of records to the Chairperson, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. The words ‘‘Privacy Act Appeal’’ should be included on the envelope and at the top of the letter of appeal. (b) Deadline and content. The appeal must be received by CIGIE within 60 days of the date of the letter denying the request and should contain a brief description of the record(s) involved or copies of the correspondence from CIGIE and the reasons why the requester believes that the disputed information should be amended. § 9801.304 Response to appeal of adverse determination on amendment; disagreement statements. (a) Response timing. The Chairperson should make a final determination in writing not later than 30 days from the date the appeal was received. The 30day period may be extended for good cause. Notice of the extension and the reasons therefor will be sent to the requester within the 30-day period. (b) Amendment granted. If the Chairperson determines that the record(s) should be amended in accordance with the requester’s request, the Chairperson will take the necessary steps to advise the requester and to direct the appropriate system manager: (1) To amend the record(s); and (2) To notify previous recipients of the record(s) for which there is an accounting of disclosure that the record(s) have been amended. (c) Denial affirmed. If the appeal decision does not grant in full the request for amendment, the decision letter will notify the requester that the requester may: (1) Obtain judicial review of the decision in accordance with the terms of the Privacy Act at 5 U.S.C. 552a(g); and PO 00000 Frm 00005 Fmt 4702 Sfmt 4702 (2) File a statement setting forth their reasons for disagreeing with the decision. (d) Requester’s disagreement statement. A requester’s disagreement statement must be concise. CIGIE has the authority to determine the ‘‘conciseness’’ of the statement, taking into account the scope of the disagreement and the complexity of the issues. (e) Provision of requester’s disagreement statement. In any disclosure of information about which an individual has filed a proper statement of disagreement, CIGIE will clearly note any disputed portion(s) of the record(s) and will provide a copy of the statement to persons or other agencies to whom the disputed record or records has been disclosed and for whom an accounting of disclosure has been maintained. A concise statement of the reasons for not making the amendments requested may also be provided. § 9801.305 Assistance in preparing request to amend a record or to appeal an initial adverse determination. Requesters may seek assistance in preparing a request to amend a record or an appeal of an initial adverse determination, or to learn further of the provisions for judicial review, by contacting CIGIE’s Privacy Officer by email at privacy@cigie.gov or by mail at Privacy Officer, Council of the Inspectors General on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. Dated: August 31, 2016. Michael E. Horowitz, Chairperson of the Council of the Inspectors General on Integrity and Efficiency. [FR Doc. 2016–21473 Filed 9–6–16; 8:45 am] BILLING CODE 6820–C9–P FEDERAL TRADE COMMISSION 16 CFR Part 314 RIN 3084–AB35 Standards for Safeguarding Customer Information Federal Trade Commission. Request for public comment. AGENCY: ACTION: The Federal Trade Commission (‘‘FTC’’ or ‘‘Commission’’) requests public comment on its Standards for Safeguarding Customer Information (‘‘Safeguards Rule’’ or ‘‘Rule’’). The Commission is soliciting comment as part of the FTC’s systematic review of all current Commission regulations and guides. SUMMARY: E:\FR\FM\07SEP1.SGM 07SEP1

Agencies

[Federal Register Volume 81, Number 173 (Wednesday, September 7, 2016)]
[Proposed Rules]
[Pages 61628-61632]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-21473]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 81, No. 173 / Wednesday, September 7, 2016 / 
Proposed Rules

[[Page 61628]]



COUNCIL OF THE INSPECTORS GENERAL ON INTEGRITY AND EFFICIENCY

5 CFR Part 9801

RIN 3219-AA00


Privacy Act Regulations

AGENCY: Council of the Inspectors General on Integrity and Efficiency.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Council of the Inspectors General on Integrity and 
Efficiency (CIGIE) is issuing this proposed rule to establish its 
procedures relating to access, maintenance, disclosure, and amendment 
of records that are in a CIGIE system of records under the Privacy Act 
of 1974 (Privacy Act). The proposed rule also establishes rules of 
conduct for CIGIE personnel who have responsibilities under the Privacy 
Act.

DATES: Submit comments on or before November 7, 2016.

ADDRESSES: You may submit comments by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: comments@cigie.gov.
     Fax: (202) 254-0162.
     Mail: Atticus J. Reaser, General Counsel, Council of the 
Inspectors General on Integrity and Efficiency, 1717 H Street NW., 
Suite 825, Washington, DC 20006.
     Hand Delivery/Courier: Council of the Inspectors General 
on Integrity and Efficiency, 1717 H Street NW., Suite 825, Washington, 
DC 20006.

FOR FURTHER INFORMATION CONTACT: Atticus J. Reaser, General Counsel, 
CIGIE, (202) 292-2600.

SUPPLEMENTARY INFORMATION:

Background Information

    CIGIE is issuing this proposed rule to provide the procedures and 
guidelines under which CIGIE will implement the Privacy Act.
    In 2008, Congress established CIGIE as an independent entity within 
the executive branch in order to address integrity, economy, and 
effectiveness issues that transcend individual Government agencies; and 
increase the professionalism and effectiveness of personnel by 
developing policies, standards, and approaches to aid in the 
establishment of a well-trained and highly skilled workforce in the 
offices of the Inspectors General (OIG). CIGIE's membership is 
comprised of all Inspectors General whose offices are established under 
section 2 or section 8G of the Inspector General Act of 1978, Public 
Law 95-452, 92 Stat. 1101 (codified as amended at 5 U.S.C. app) 
(Inspector General Act) (i.e., those Inspectors General that are 
Presidentially-appointed/Senate-confirmed and those that are appointed 
by agency heads) as well as the Controller of the Office of Federal 
Financial Management, a designated official of the Federal Bureau of 
Investigation (FBI), the Director of the Office of Government Ethics, 
the Special Counsel of the Office of Special Counsel, the Deputy 
Director of the Office of Personnel Management, the Deputy Director for 
Management of the Office of Management and Budget (OMB), and the 
Inspectors General for the Intelligence Community, Central Intelligence 
Agency, Library of Congress, Capitol Police, Government Publishing 
Office, Government Accountability Office, and Architect of the Capitol. 
The Deputy Director for Management of OMB serves as the Executive 
Chairperson of CIGIE.
    Section 11(d) of the Inspector General Act mandates that CIGIE have 
an Integrity Committee (IC), which shall receive, review, and refer for 
investigation allegations of wrongdoing that are made against 
Inspectors General and designated staff members of the various OIGs. 
Pursuant to section 11(d)(2)(A) of the Inspector General Act, all 
records received or created by the IC in fulfilling its 
responsibilities are collected and maintained separately as IC records 
by the official of the FBI serving on the IC. As of the issuance of 
this proposed rule, all such records are maintained in FBI's Central 
Records System and are subject to the system of records notices and the 
Privacy Act policies and regulations applicable to that system. See 28 
CFR part 16, subpart D. Accordingly, unless otherwise specifically 
stated, the regulations published below do not apply to records 
maintained by the IC.

Executive Orders 12866 and 13563

    In promulgating this rule, CIGIE has adhered to the regulatory 
philosophy and the applicable principles of regulation set forth in 
section 1 of Executive Order 12866, Regulatory Planning and Review. The 
Office of Management and Budget has determined that this rule is not 
``significant'' under Executive Order 12866.

Regulatory Flexibility Act

    These proposed regulations will not have a significant economic 
impact on a substantial number of small entities. Therefore, a 
regulatory flexibility analysis as provided by the Regulatory 
Flexibility Act, as amended, is not required.

Paperwork Reduction Act

    These proposed regulations impose no additional reporting and 
recordkeeping requirements. Therefore, clearance by OMB is not 
required.

Federalism (Executive Order 13132)

    This rule does not have Federalism implications, as set forth in 
Executive Order 13132. It will not have substantial direct effects on 
the States, on the relationship between the national government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government.

List of Subjects in 5 CFR Part 9801

    Information, Privacy, Privacy Act, Records.

0
For the reasons set forth in the preamble, CIGIE proposes to add part 
9801 to title 5 of the Code of Federal Regulations as follows:

PART 9801--PRIVACY ACT REGULATIONS

Subpart A--General Provisions
Sec.
9801.101 Purpose and scope.
9801.102 CIGIE organization.
9801.103 Definitions.
9801.104 Rules for determining if an individual is the subject of a 
record.
9801.105 Employee standards of conduct.
9801.106 Use and collection of social security numbers.
9801.107 Other rights and services.

[[Page 61629]]

Subpart B--Access to Records and Accounting of Disclosures
Sec.
9801.201 Requests for access.
9801.202 Response to requests.
9801.203 Granting access.
9801.204 Special procedures: Medical records.
9801.205 Appeals from denials of requests for access to records.
9801.206 Response to appeal of a denial of access.
9801.207 Fees.
9801.208 Requests for accounting of record disclosures.
Subpart C--Amendment of Records
Sec.
9801.301 Requests for amendment of record.
9801.302 Response to requests.
9801.303 Appeal from adverse determination on amendment.
9801.304 Response to appeal of adverse determination on amendment; 
disagreement statements.
9801.305 Assistance in preparing request to amend a record or to 
appeal an initial adverse determination.

    Authority: Section 11 of the Inspector General Act of 1978, Pub. 
L. 95-452, 92 Stat. 1101 (codified as amended at 5 U.S.C. app); 5 
U.S.C. 301, 552a; 31 U.S.C. 9701.

Subpart A--General Provisions


Sec.  9801.101  Purpose and scope.

    This part contains the regulations of the Council of the Inspectors 
General on Integrity and Efficiency (CIGIE) implementing the Privacy 
Act of 1974, 5 U.S.C. 552a. This part sets forth the basic 
responsibilities of CIGIE with regard to CIGIE's compliance with the 
requirements of the Privacy Act and offers guidance to members of the 
public who wish to exercise any of the rights established by the 
Privacy Act with regard to records maintained by CIGIE. These 
regulations should be read in conjunction with the Privacy Act, which 
explains in more detail individuals' rights.


Sec.  9801.102  CIGIE organization.

    (a) Centralized program. Except as stated in paragraph (b) of this 
section, CIGIE has a centralized Privacy Act program, with one office 
receiving and coordinating the processing of all Privacy Act requests 
to CIGIE.
    (b) Integrity Committee records. The Integrity Committee of CIGIE 
(IC) is the single exception to CIGIE's centralized Privacy Act 
program. By statute, all records received or created by the IC in 
fulfilling its responsibilities are collected and maintained separately 
as IC records by the official of the Federal Bureau of Investigation 
(FBI) serving on the IC. Currently, all such records are maintained by 
the FBI in the FBI's Central Records System and are subject to the 
system of records notices and the Privacy Act policies and regulations 
applicable to that system. See 28 CFR part 16, subpart D. Accordingly, 
except as stated in paragraph (c) of this section, because IC records 
are not maintained by CIGIE, this part does not apply to requests or 
appeals regarding IC records.
    (c) Acceptance of requests and appeals. CIGIE will accept initial 
requests or appeals regarding CIGIE records and regarding IC records 
maintained by the FBI on behalf of the FBI. Requests and appeals 
regarding IC records will be referred to the FBI for processing and 
direct response to the requester by the FBI.


Sec.  9801.103  Definitions.

    (a) For purposes of this part the terms individual, maintain, 
record, routine use, and system of records, shall have the meanings set 
forth in 5 U.S.C. 552a(a).
    (b) CIGIE means the Council of the Inspectors General on Integrity 
and Efficiency and includes its predecessor entities, the Executive 
Council on Integrity and Efficiency and the President's Council on 
Integrity and Efficiency.
    (c) Days, unless stated as ``calendar days,'' are working days and 
do not include Saturdays, Sundays, or Federal holidays.
    (d) IC means the CIGIE Integrity Committee established under 
section 11(d) of the Inspector General Act of 1978, Public Law 95-452, 
92 Stat. 1101 (codified as amended at 5 U.S.C. app) (Inspector General 
Act).
    (e) Request for access to a record means a request made under 
Privacy Act subsection (d)(1).
    (f) Request for amendment of a record means a request made under 
Privacy Act subsection (d)(2).
    (g) Request for an accounting means a request made under Privacy 
Act subsection (c)(3).
    (h) Requester means an individual who makes a request for access, a 
request for amendment, or a request for an accounting under the Privacy 
Act.


Sec.  9801.104  Rules for determining if an individual is the subject 
of a record.

    An individual seeking to determine if a specific CIGIE system of 
records contains a record pertaining to the individual must follow the 
procedures set forth for access to records in Sec.  9801.201(a), (b)(1) 
and (2), (c), and (d). A request to determine if an individual is the 
subject of a record will ordinarily be responded to within 10 days, 
except when CIGIE determines otherwise, in which case the request will 
be acknowledged within 10 days and the individual will be informed of 
the reasons for the delay and an estimated date by which a response 
will be issued.


Sec.  9801.105  Employee standards of conduct.

    CIGIE will inform its employees involved in the design, 
development, operation, or maintenance of any system of records, or in 
maintaining any record, of the provisions of the Privacy Act, including 
the Act's civil liability and criminal penalty provisions. Unless 
otherwise permitted by law, an employee of CIGIE shall:
    (a) Collect from individuals only the information that is relevant 
and necessary to discharge the responsibilities of CIGIE;
    (b) Collect information about an individual directly from that 
individual whenever practicable when the information may result in 
adverse determinations about an individual's rights, benefits, and 
privileges under Federal programs;
    (c) Inform each individual from whom information is collected of:
    (1) The legal authority to collect the information and whether 
providing it is mandatory or voluntary;
    (2) The principal purpose for which CIGIE intends to use the 
information;
    (3) The routine uses CIGIE may make of the information; and
    (4) The effects on the individual, if any, of not providing the 
information;
    (d) Maintain no system of record without public notice and notify 
appropriate CIGIE officials of the existence or development of any 
system of records that is not the subject of a current or planned 
public notice;
    (e) Maintain all records that are used by CIGIE in making any 
determination about an individual with such accuracy, relevance, 
timeliness, and completeness as is reasonably necessary to ensure 
fairness to the individual in the determination;
    (f) Except as to disclosures made to an agency or made under the 
Freedom of Information Act, 5 U.S.C. 552 (FOIA), make reasonable 
efforts, prior to disseminating any record about an individual, to 
ensure that the record is accurate, relevant, timely, and complete;
    (g) Maintain no record describing how an individual exercises his 
or her First Amendment rights, unless it is expressly authorized by 
statute or by the individual about whom the record is maintained, or is 
pertinent to and within the scope of an authorized law enforcement 
activity;
    (h) When required by the Privacy Act, maintain an accounting in the 
specified form of all disclosures of records by

[[Page 61630]]

CIGIE to persons, organizations, or agencies;
    (i) Maintain and use records with care to prevent the unauthorized 
or inadvertent disclosure of a record to anyone. No record contained in 
a CIGIE system of record shall be disclosed to another person, or to 
another agency outside CIGIE, except pursuant to a written request by, 
or with the prior written consent of, the individual to whom the record 
pertains, unless the disclosure is otherwise authorized by the Privacy 
Act; and
    (j) Notify the appropriate CIGIE official of any record that 
contains information that the Privacy Act does not permit CIGIE to 
maintain.


Sec.  9801.106  Use and collection of social security numbers.

    (a) No denial of right, benefit, or privilege. Individuals may not 
be denied any right, benefit, or privilege as a result of refusing to 
provide their social security numbers, unless the collection is 
required by Federal statute; and
    (b) Notification to individual. Individuals requested to provide 
their social security numbers must be informed of:
    (1) Whether providing social security numbers is mandatory or 
voluntary;
    (2) The statutory or regulatory authority that authorizes the 
collection of social security numbers; and
    (3) The uses that will be made of the numbers.


Sec.  9801.107  Other rights and services.

    Nothing in this part shall be construed to entitle any person, as 
of right, to any service or to the disclosure of any record to which 
such person is not entitled under the Privacy Act.

Subpart B--Access to Records and Accounting of Disclosures


Sec.  9801.201  Requests for access.

    (a) How addressed. A requester seeking access to records pertaining 
to the requester in a CIGIE system of records should submit a written 
request that includes the words ``Privacy Act Request'' on both the 
envelope and at the top of the request letter to the Executive 
Director, Council of the Inspectors General on Integrity and 
Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006.
    (b) Description of records sought. (1) A request should contain a 
specific reference to the CIGIE system of records from which access to 
the records is sought. Notices of CIGIE systems of records subject to 
the Privacy Act are published in the Federal Register, and copies of 
the notices are available on CIGIE's Web site at www.ignet.gov, or upon 
request from CIGIE's Office of General Counsel.
    (2) If the written inquiry does not refer to a specific system of 
records, it must describe the records that are sought in enough detail 
to enable CIGIE personnel to locate the system of records containing 
them with a reasonable amount of effort.
    (3) The request should state whether the requester wants a copy of 
the record or wants to examine the record in person.
    (c) Verification of identity. A requester seeking access to records 
pertaining to the requester must verify their identity in their 
request. The request must state the requester's full name, current 
address, and date and place of birth. The requester must sign the 
request and the signature must either be notarized or state, ``Under 
penalty of perjury, I hereby declare that I am the person named above 
and I understand that any falsification of this statement is punishable 
under the provisions of Title 18, United States Code (U.S.C.), Section 
1001 by a fine of not more than $10,000 or by imprisonment of not more 
than five years, or both; and that requesting or obtaining any 
record(s) under false pretenses is punishable under the provisions of 
Title 5, U.S.C., Section 552a(i)(3) as a misdemeanor and by a fine of 
not more than $5,000.'' In order to help the identification and 
location of requested records, the requester may optionally include 
their social security number. No identification shall be required if 
the records are required by 5 U.S.C. 552 to be released.
    (d) Verification of guardianship. When making a request as the 
parent or guardian of a minor or as the guardian of someone determined 
by a court to be incompetent for access to records about that 
individual, the requester must establish:
    (1) The identity of the individual who is the subject of the 
record, by stating the name, current address, date and place of birth, 
and, at the requester's option, the social security number of the 
individual;
    (2) The requester's identity, as required in paragraph (c) of this 
section;
    (3) That the requester is the parent or guardian of that 
individual, which may be established by providing a copy of the 
individual's birth certificate showing the requester's parentage or by 
providing a court order establishing the requester's guardianship; and
    (4) That the requester is acting on behalf of that individual in 
making the request.


Sec.  9801.202  Response to requests.

    A request for access will ordinarily be responded to within 10 
days, except when CIGIE determines otherwise, in which case the request 
will be acknowledged within 10 days and the requester will be informed 
of the reasons for the delay and an estimated date by which a response 
will be issued. A response to a request for access should include the 
following:
    (a) A statement that there is a record or records as requested or a 
statement that there is not a record in the system of records;
    (b) The method of access (if a copy of all the records requested is 
not provided with the response);
    (c) The amount of any fees to be charged for copies of records 
under Sec.  9801.207, if applicable;
    (d) The name and title of the official responsible for the 
response; and
    (e) If the request is denied in whole or in part, or no record is 
found in the system, a statement of the reasons for the denial, or a 
statement that no record has been found, and notice of the procedures 
for appealing the denial or no record finding.


Sec.  9801.203  Granting access.

    (a) Means of access. (1) The methods for allowing access to 
records, when such access has been granted by CIGIE, are:
    (i) Examination in person in a designated office during the hours 
specified by CIGIE; or
    (ii) Providing copies of the records.
    (2) When a requester has not indicated whether he wants a copy of 
the record or wants to examine the record in person, CIGIE may choose 
the means of granting access. However, the means chosen should not 
unduly impede the requester's right of access. A requester may elect to 
receive a copy of the records after having examined them.
    (b) Accompanying individual. If the requester is granted in person 
access to examine the records, the requester may be accompanied by 
another individual of the requester's choice during the course of the 
examination of the records. CIGIE may require the requester to submit a 
signed statement authorizing the accompanying individual's access to 
the records.
    (c) Certified copies. CIGIE will not furnish certified copies of 
records. When copies are to be furnished, they may be provided as 
determined by CIGIE.
    (d) Original records. When the requester seeks to obtain original 
documentation, CIGIE reserves the right to limit the request to copies 
of the original records.

[[Page 61631]]

Sec.  9801.204   Special procedures: Medical records.

    In the event CIGIE receives a request pursuant to Sec.  9801.201 
for access to medical records (including psychological records) whose 
disclosure CIGIE determines would be harmful to the individual to whom 
they relate, it may refuse to disclose the records directly to the 
requester but shall transmit them to a physician designated by the 
requester.


Sec.  9801.205  Appeals from denials of requests for access to records.

    (a) How addressed. A requester may submit a written appeal of the 
decision by CIGIE to deny an initial request for access to records or a 
no record response to the Chairperson, Council of the Inspectors 
General on Integrity and Efficiency, 1717 H Street NW., Suite 825, 
Washington, DC 20006. The words ``Privacy Act Appeal'' should be 
included on the envelope and at the top of the letter of appeal.
    (b) Deadline and content. The appeal must be received by CIGIE 
within 60 days of the date of the letter denying the access request or 
reflecting the no record finding and should contain a brief description 
of the records involved or copies of the relevant correspondence from 
CIGIE. The appeal should attempt to refute the reasons given by CIGIE 
in support of its decision to deny the initial request for access or no 
record finding.


Sec.  9801.206   Response to appeal of a denial of access.

    (a) Access granted. If the Chairperson or the Chairperson's 
designee determines that access to the records should be granted, the 
response will state how access will be provided if the records are not 
included with the response.
    (b) Denial affirmed. Any decision that either partially or fully 
affirms the initial decision to deny access or no record finding shall 
inform the requester of the right to seek judicial review of the 
decision in accordance with the Privacy Act (5 U.S.C. 552a(g)).
    (c) When appeal is required. If a requester wishes to seek review 
by a court of any adverse determination or denial of a request, the 
requester must first appeal it under Sec.  9801.205.


Sec.  9801.207  Fees.

    (a) No fees for most services. Services for which fees will not be 
charged:
    (1) The search and review time expended by CIGIE to produce a 
record;
    (2) The first copy of the records provided; and
    (3) CIGIE making the records available to be personally reviewed by 
the requester.
    (b) Fees for additional copies. When a requester requests 
additional copies of records, CIGIE will assess the requester a fee of 
$.20 per page. CIGIE will bill requester in arrears for such fees, 
except as follows:
    (1) If the total fee for additional copies amounts to more than 
$25.00, the requester will be notified of the fee amount. Except as 
specified in paragraph (b)(2) of this section, upon requester's written 
agreement to pay the assessed fees, CIGIE will provide the additional 
copies without prepayment of such fees (i.e., payment will be accepted 
in arrears).
    (2) An advance payment before additional copies of the records are 
made will be required if:
    (i) CIGIE determines that the total fee to be assessed under this 
section exceeds $250.00. When such a determination is made, the 
requester will be notified of the determination and will be required to 
submit an advance payment of an amount up to the total fee. The amount 
of the advanced payment will be at the sole discretion of CIGIE and 
will be based, in part, on whether requester has a history of prompt 
payment of Privacy Act fees. If the required advanced payment is an 
amount less than the total fee, requester will be required to submit a 
written agreement to pay any fees not paid in advance; or
    (ii) The requester has previously failed to pay a previously 
assessed Privacy Act fee in a timely fashion (i.e., within 30 days of 
the date of the billing). In such cases, the requester will be required 
to pay the full amount outstanding plus any applicable interest as 
provided by paragraph (c) of this section and to make an advance 
payment of the full amount of the determined fee before CIGIE begins to 
process a new request for additional copies.
    (c) Interest charges. For additional copies provided to requester 
that result in fees assessed, CIGIE will begin levying interest charges 
on an unpaid balance starting on the 31st day following the day on 
which the billing was sent. Interest will be assessed at the rate 
prescribed under 31 U.S.C. 3717 and will accrue from the date of the 
billing.
    (d) Payment address. Payment of fees should be made by either a 
personal check, bank draft or a money order that is payable to the 
Department of the Treasury of the United States and mailed or delivered 
to: Privacy Officer, Council of the Inspectors General on Integrity and 
Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006.


Sec.  9801.208  Requests for accounting of record disclosures.

    (a) How made and addressed. Except where accountings of disclosures 
are not required to be kept (as stated in paragraph (b) of this 
section), a requester may request an accounting of any disclosure that 
has been made by CIGIE to another person, organization, or agency of 
any record about the requester. This accounting contains the date, 
nature, and purpose of each disclosure, as well as the name and address 
of the person, organization, or agency to which the disclosure was 
made. A requester seeking an accounting of record disclosures must 
follow the procedures set forth for access to records in Sec.  
9801.201(a), (b)(1) and (2), (c), and (d).
    (b) Where accountings are not required. CIGIE is not required to 
provide accountings to requesters where they relate to:
    (1) Disclosures for which accountings are not required to be kept, 
including disclosures that are made to officers and employees of CIGIE 
and disclosures that are made under the FOIA. For purposes of this 
part, officers and employees of CIGIE includes, in part, CIGIE's 
membership, as addressed in section 11 of the Inspector General Act, 
when such members are acting in their capacity as CIGIE members;
    (2) Disclosures made to law enforcement agencies for authorized law 
enforcement activities in response to written requests from those law 
enforcement agencies specifying the law enforcement activities for 
which the disclosures are sought; or
    (3) Disclosures made from law enforcement systems of records that 
have been exempted from accounting requirements.

Subpart C--Amendment of Records


Sec.  9801.301  Requests for amendment of record.

    (a) How addressed. A requester seeking to amend a record or records 
pertaining to requester in a CIGIE system of records should submit a 
written request that includes the words ``Privacy Act Amendment 
Request'' on both the envelope and at the top of the request letter to 
the Executive Director, Council of the Inspectors General on Integrity 
and Efficiency, 1717 H Street NW., Suite 825, Washington, DC 20006. 
Records not subject to the Privacy Act will not be amended in 
accordance with these provisions.

[[Page 61632]]

    (b) Contents of request. A request to amend a record in a CIGIE 
system of records must include:
    (1) The name of the system of records and a brief description of 
the record proposed for amendment. In the event the request to amend 
the record is the result of the requester having gained access to the 
record in accordance with the provisions concerning access to records 
as set forth in subpart B of this part, copies of previous 
correspondence between the requester and CIGIE will serve in lieu of a 
separate description of the record.
    (2) The exact portion of the record the requester seeks to have 
amended should be indicated clearly. If possible, proposed alternative 
language should be set forth, or, at a minimum, the reasons why the 
requester believes the record is not accurate, relevant, timely, or 
complete should be set forth with enough particularity to permit CIGIE 
to not only to understand the requester's basis for the request, but 
also to make an appropriate amendment to the record.
    (c) Burden of proof. The requester has the burden of proof when 
seeking the amendment of a record. The requester must furnish 
sufficient facts to persuade the appropriate system manager of the 
inaccuracy, irrelevance, untimeliness, or incompleteness of the record.
    (d) Identification requirement. When the requester's identity has 
been previously verified pursuant to Sec.  9801.201, further 
verification of identity is not required as long as the communication 
does not suggest a need for verification. If the requester's identity 
has not been previously verified, the appropriate system manager may 
require identification validation as described in Sec.  9801.201.


Sec.  9801.302  Response to requests.

    (a) Time limit for acknowledging a request for amendment. To the 
extent possible, CIGIE will acknowledge receipt of a request to amend a 
record or records within 10 working days.
    (b) Determination on an amendment request. The decision of CIGIE in 
response to a request for amendment of a record in a system of records 
may grant in whole or deny any part of the request to amend the record.
    (1) If CIGIE grants the request, the appropriate system manager 
will amend the record(s) and provide a copy of the amended record(s) to 
the requester. To the extent an accounting of disclosure has been 
maintained, the system manager shall advise all previous recipients of 
the record that an amendment has been made and give the substance of 
the amendment. Where practicable, the system manager shall send a copy 
of the amended record to previous recipients.
    (2) If CIGIE denies the request in whole or in part, the reasons 
for the denial will be stated in the response letter. In addition, the 
response letter will state:
    (i) The name and address of the official with whom an appeal of the 
denial may be lodged; and
    (ii) A description of any other procedures which may be required of 
the requester in order to process the appeal.


Sec.  9801.303  Appeal from adverse determination on amendment.

    (a) How addressed. A requester may submit a written appeal of the 
decision by CIGIE to deny an initial request to amend a record in a 
CIGIE system of records to the Chairperson, Council of the Inspectors 
General on Integrity and Efficiency, 1717 H Street NW., Suite 825, 
Washington, DC 20006. The words ``Privacy Act Appeal'' should be 
included on the envelope and at the top of the letter of appeal.
    (b) Deadline and content. The appeal must be received by CIGIE 
within 60 days of the date of the letter denying the request and should 
contain a brief description of the record(s) involved or copies of the 
correspondence from CIGIE and the reasons why the requester believes 
that the disputed information should be amended.


Sec.  9801.304  Response to appeal of adverse determination on 
amendment; disagreement statements.

    (a) Response timing. The Chairperson should make a final 
determination in writing not later than 30 days from the date the 
appeal was received. The 30-day period may be extended for good cause. 
Notice of the extension and the reasons therefor will be sent to the 
requester within the 30-day period.
    (b) Amendment granted. If the Chairperson determines that the 
record(s) should be amended in accordance with the requester's request, 
the Chairperson will take the necessary steps to advise the requester 
and to direct the appropriate system manager:
    (1) To amend the record(s); and
    (2) To notify previous recipients of the record(s) for which there 
is an accounting of disclosure that the record(s) have been amended.
    (c) Denial affirmed. If the appeal decision does not grant in full 
the request for amendment, the decision letter will notify the 
requester that the requester may:
    (1) Obtain judicial review of the decision in accordance with the 
terms of the Privacy Act at 5 U.S.C. 552a(g); and
    (2) File a statement setting forth their reasons for disagreeing 
with the decision.
    (d) Requester's disagreement statement. A requester's disagreement 
statement must be concise. CIGIE has the authority to determine the 
``conciseness'' of the statement, taking into account the scope of the 
disagreement and the complexity of the issues.
    (e) Provision of requester's disagreement statement. In any 
disclosure of information about which an individual has filed a proper 
statement of disagreement, CIGIE will clearly note any disputed 
portion(s) of the record(s) and will provide a copy of the statement to 
persons or other agencies to whom the disputed record or records has 
been disclosed and for whom an accounting of disclosure has been 
maintained. A concise statement of the reasons for not making the 
amendments requested may also be provided.


Sec.  9801.305  Assistance in preparing request to amend a record or to 
appeal an initial adverse determination.

    Requesters may seek assistance in preparing a request to amend a 
record or an appeal of an initial adverse determination, or to learn 
further of the provisions for judicial review, by contacting CIGIE's 
Privacy Officer by email at privacy@cigie.gov or by mail at Privacy 
Officer, Council of the Inspectors General on Integrity and Efficiency, 
1717 H Street NW., Suite 825, Washington, DC 20006.

    Dated: August 31, 2016.
Michael E. Horowitz,
Chairperson of the Council of the Inspectors General on Integrity and 
Efficiency.
[FR Doc. 2016-21473 Filed 9-6-16; 8:45 am]
 BILLING CODE 6820-C9-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.