[Federal Register: January 2, 2008 (Volume 73, Number 1)]
[Proposed Rules]
[Page 113-125]
=======================================================================
-----------------------------------------------------------------------
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
32 CFR Part 1701
Privacy Act Regulations
AGENCY: Office of the Director of National Intelligence.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: This proposed regulation provides the public the guidelines
under which the Office of the Director of National Intelligence (ODNI)
will implement the Privacy Act of 1974, 5 U.S.C. 552a, as amended. The
proposed regulation describes agency policies for collecting and
maintaining personally identifiable records and processes for
administering requests for records under the Privacy Act. In addition,
as permitted by the Privacy Act, subsections (j) and (k), and in
accordance with the rulemaking procedures of the Administrative
Procedures Act, 5 U.S.C. 553, the ODNI proposes exempting several new
systems of records of the National Counterterrorism Center (NCTC), the
Office of the National Counterintelligence Executive (ONCIX), and the
Office of the Inspector General (OIG) from various provisions of the
Act. The ODNI further proposes that exemptions invoked by agencies
whose records the ODNI receives continue in effect where reasons for
the exemption remain valid. Subpart C of this regulation proposes
routine uses applicable to more than one ODNI Privacy Act system of
records.
[[Page 114]]
DATES: Submit comments on or before February 11, 2008.
ADDRESSES: You may submit comments, identified by RIN number, by any of
the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Mail: Director, Information Management Office, Office of the
Director of National Intelligence, Washington, DC 20511.
FOR FURTHER INFORMATION CONTACT: Mr. John F. Hackett, Director,
Information Management Office (703) 482-3610.
SUPPLEMENTARY INFORMATION: The ODNI was created by the Intelligence
Reform and Terrorism Prevention Act of 2004, Public Law 108-458, 118
Stat. 3638 (Dec. 17, 2004). The first Director of National
Intelligence, Ambassador John D. Negroponte, was sworn in to Office on
April 21, 2005 and the ODNI began operations on April 22, 2005. Because
the majority of documents held by the ODNI at its inception were
previously maintained by the Central Intelligence Agency (CIA) and
because the ODNI did not have a Privacy staff upon stand-up, records
were administered under the CIA's Privacy Act authorities and using
CIA's administrative resources. At this time, the ODNI proposes its own
Privacy Act regulations. Additionally, in compliance with the Privacy
Act, 5 U.S.C. 552a(e)(4), the ODNI describes in the notice section of
today's Federal Register the following twelve new systems of records:
NCTC Access Authorization Records, NCTC Human Resources Management
System, NCTC Telephone Directory, NCTC Knowledge Repository (SANCTUM),
NCTC Online (NOL), NCTC Tacit Knowledge Management Records, NCTC
Terrorism Analysis Records, NCTC Terrorist Identities Records, NCTC
Partnership Management Records, ONCIX Counterintelligence Damage
Assessment Records, OIG Experts Contact Records, OIG Human Resources
Records and OIG Investigation and Interview Records.
Regulatory Flexibility Act
This proposed rule affects the manner in which ODNI collects and
maintains information about individuals. ODNI certifies that this
rulemaking will not have a significant economic impact on a substantial
number of small entities. Accordingly, pursuant to the Regulatory
Flexibility Act, 5 U.S.C. 601-612, no regulatory flexibility analysis
is required for this rule.
Small Entity Inquiries
The Small Business Regulatory Enforcement Fairness Act (SBREFA) of
1996 requires the ODNI to comply with small entity requests for
information and advice about compliance with statutes and regulations
within the ODNI jurisdiction. Any small entity that has a question
regarding this document may address it to the information contact
listed above. Further information regarding SBREFA is available on the
Small Business Administration's Web page at http://www.sga.gov/advo/law/law_lib.html
.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)) requires
that the ODNI consider the impact of paperwork and other burdens
imposed on the public associated with the collection of information.
There are no information collection requirements associated with this
proposed rule and therefore no analysis of burden is required.
Executive Order 12866, Regulatory Planning and Review
This proposed rule is not a ``significant regulatory action''
within the meaning of Executive Order 12866. This rule will not have an
annual effect on the economy of $100 million or more or otherwise
adversely affect the economy or sector of the economy in a material
way; will not create inconsistency with or interfere with other agency
action; will not materially alter the budgetary impact of entitlements,
grants, fees or loans or the right and obligations of recipients
thereof; or raise legal or policy issues arising out of legal mandates,
the President's priorities or the principles set forth in the Executive
Order. Accordingly, further regulatory evaluation is not required.
Unfunded Mandates
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Public
Law 104-4, 109 Stat. 48 (Mar. 22, 1995), requires Federal agencies to
assess the effects of certain regulatory actions on State, local, and
tribal governments, and the private sector. This proposed rule imposes
no Federal mandate on any State, local, or tribal government or on the
private sector. Accordingly, no UMRA analysis of economic and
regulatory alternatives is required.
Executive Order 13132, Federalism
Executive Order 13132 requires ODNI to examine the implications for
the distribution of power and responsibilities among the various levels
of government resulting from this proposed rule. ODNI concludes that
the proposed rule does not affect the rights, roles and
responsibilities of the States, involves no preemption of State law and
does not limit State policymaking discretion. This rule has no
federalism implications as defined by the Executive Order.
Environmental Impact
The ODNI has reviewed this action for purposes of the National
Environmental Policy Act of 1969 (NEPA), 42 U.S.C. 4321-4347, and has
determined that this action will not have a significant effect on the
human environment.
Energy Impact
The energy impact of this action has been assessed in accordance
with the Energy Policy and Conservation Act (EPCA), Public Law 94-163,
as amended, 42 U.S.C. 6362. This rulemaking is not a major regulatory
action under the provisions of the EPCA.
List of Subjects in 32 CFR Part 1701
Records and Privacy Act.
For the reasons set forth in the preamble, ODNI proposes to add
part 1701 as follows:
PART 1701--ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974
Subpart A--Protection of Privacy and Access to Individual Records Under
the Privacy Act of 1974
Sec.
1701.1 Purpose, scope, applicability.
1701.2 Definitions.
1701.3 Contact for general information and requests.
1701.4 Privacy Act responsibilities/policy.
1701.5 Collection and maintenance of records.
1701.6 Disclosure of records/policy.
1701.7 Requests for notification of and access to records.
1701.8 Requests to amend or correct records.
1701.9 Requests for an accounting of record disclosures.
1701.10 ODNI responsibility for responding to access requests.
1701.11 ODNI responsibility for responding to requests for amendment
or correction.
1701.12 ODNI responsibility for responding to requests for
accounting.
1701.13 Special procedures for medical/psychiatric/psychological
testing records.
1701.14 Appeals.
1701.15 Fees.
1701.16 Contractors.
1701.17 Standards of conduct.
Subpart B--Exemption of Records Systems Under the Privacy Act
1701.20 Exemption policies.
1701.21 Exemption of National Counterterrorism Center (NCTC) systems
of records.
1701.22 Exemption of Office of the National Counterintelligence
Executive (ONCIX) systems of records.
[[Page 115]]
1701.23 Exemption of Office of Inspector General (OIG) systems of
records.
Subpart C--Routine Uses Applicable to More Than One ODNI System of
Records
1701.30 Policy and applicability.
1701.31 General routine uses.
Authority: 50 U.S.C. 401-442; 5 U.S.C. 552a.
Subpart A--Protection of Privacy and Access to Individual Records
Under the Privacy Act of 1974
Sec. 1701.1 Purpose, scope, applicability.
(a) Purpose. This subpart establishes the policies and procedures
the Office of the Director of National Intelligence (ODNI) will follow
in implementing the requirements of the Privacy Act of 1974, 5 U.S.C.
552a, as amended. This subpart sets forth the procedures ODNI must
follow in collecting and maintaining personal information from or about
individuals, as well as procedures by which individuals may request to
access or amend records about themselves and request an accounting of
disclosures of those records by the ODNI. In addition, this subpart
details parameters for disclosing personally identifiable information
to persons other than the subject of a record.
(b) Scope. The provisions of this subpart apply to all records in
systems of records maintained by ODNI directorates, centers, mission
managers and other sub-organizations [hereinafter called
``components''] that are retrieved by an individual's name or personal
identifier.
(c) Applicability. This subpart governs the following individuals
and entities:
(1) All ODNI staff and components must comply with this subpart.
The terms ``staff'' and ``component'' are defined in Sec. 1701.2.
(2) Unless specifically exempted, this subpart also applies to
advisory committees and councils within the meaning of the Federal
Advisory Committee Act (FACA) which provide advice to: any official or
component of ODNI; or the President, and for which ODNI has been
delegated responsibility for providing service.
(d) Relation to Freedom of Information Act. The ODNI shall provide
a subject individual under this subpart all records which are otherwise
accessible to such individual under the provisions of the Freedom of
Information Act, 5 U.S.C. 552.
Sec. 1701.2 Definitions
For purposes of this subpart, the following terms have the meanings
indicated:
(a) Access means making a record available to a subject individual.
(b) Act means the Privacy Act of 1974.
(c) Agency means the ODNI or any of its components.
(d) Component means any directorate, mission manager, or other sub-
organization in the ODNI or reporting to the Director, that has been
designated or established in the ODNI pursuant to Section 103 of the
National Security Act of 1947, as amended, including the National
CounterterrorismCenter (NCTC), the National Counterproliferation Center
(NCPC) and the Office of the National Counterintelligence Executive
(ONCIX), or such other offices and officials as may be established by
law or as the Director may establish or designate in the ODNI, for
example, the Program Manager, Information Sharing Environment (ISE) and
the Inspector General (IG).
(e) Disclosure means making a record about an individual available
to or releasing it to another party.
(f) FOIA means the Freedom of Information Act.
(g) Individual, when used in connection with the Privacy Act, means
a living person who is a citizen of the United States or an alien
lawfully admitted for permanent residence. It does not include sole
proprietorships, partnerships, or corporations.
(h) Information means information about an individual and includes,
but is not limited to, vital statistics; race, sex, or other physical
characteristics; earnings information; professional fees paid to an
individual and other financial information; benefit data or claims
information; the social security number, employer identification
number, or other individual identifier; address; phone number; medical
information; and information about marital, family or other personal
relationships.
(i) Maintain means to establish, collect, use, or disseminate when
used in connection with the term record; and, to have control over or
responsibility for a system of records, when used in connection with
the term system of records.
(j) Notification means communication to an individual whether he is
a subject individual
(k) Office of the Director of National Intelligence means any and
all of the components of the ODNI.
(l) Record means any item, collection, or grouping of information
about an individual that is maintained by the ODNI including, but not
limited to, information such as an individual's education, financial
transactions, medical history, and criminal or employment history that
contains the individual's name, or an identifying number, symbol, or
any other identifier assigned to an individual. When used in this
subpart, record means only a record that is in a system of records.
(m) Routine use means the disclosure of a record outside ODNI,
without the consent of the subject individual, for a purpose which is
compatible with the purpose for which the record was collected. It does
not include disclosure which the Privacy Act otherwise permits pursuant
to subsection (b) of the Act.
(n) Staff means any current or former regular or special employee,
detailee, assignee, employee of a contracting organization, or
independent contractor of the ODNI or any of its components.
(o) Subject individual means the person to whom a record pertains
(or ``record subject.'').
(p) System of records means a group of records under ODNI's control
from which information about an individual is retrieved by the name of
the individual or by an identifying number, symbol, or other particular
assigned to the individual. Single records or groups of records which
are not retrieved by a personal identifier are not part of a system of
records,
Sec. 1701.3 Contact for general information and requests.
Privacy Act requests and appeals and inquiries regarding this
subpart or about ODNI's Privacy Act program must be submitted in
writing to the Director, Information Management Office (D/IMO), Office
of the Director of National Intelligence, Washington, DC 20511 (by mail
or by facsimile at 703-482-2144) or to the contact designated in the
specific Privacy Act System of Records Notice. Privacy Act requests
with the required identification statement and signature pursuant to
paragraphs (d) and (e) of Sec. 1701.7 of this subpart must be filed in
original form.
Sec. 1701.4 Privacy Act responsibilities/policy.
The ODNI will administer records about individuals consisten t with
statutory, administrative, and program responsibilities. Subject to
exemptions authorized by the Act, ODNI will collect, maintain and
disclose records as required and will honor subjects' rights to view
and amend records and to obtain an accounting of disclosures.
Sec. 1701.5 Collection and maintenance of records.
(a) ODNI will not maintain a record unless:
(1) It is relevant and necessary to accomplish an ODNI function
required by statute or Executive Order;
[[Page 116]]
(2) It is acquired to the greatest extent practicable from the
subject individual when ODNI may use the record to make any
determination about the individual;
(3) The individual providing the record is informed of the
authority for providing the record (including whether providing the
record is mandatory or voluntary), the principal purpose for
maintaining the record, the routine uses for the record, and what
effect refusing to provide the record may have;
(4) It is maintained with such accuracy, relevance, timeliness and
completeness as is reasonably necessary to ensure fairness to the
individual in the determination;
(b) Except as to disclosures made to an agency or made under the
FOIA, ODNI will make reasonable efforts prior to disseminating a record
about an individual, to ensure that the record is accurate, relevant,
timely, and complete;
(c) ODNI will not maintain or develop a system of records that is
not the subject of a current or planned public notice;
(d) ODNI will not adopt a routine use of information in a system
without notice and invitation to comment published in the Federal
Register at least 30 days prior to final adoption of the routine use;
(e) To the extent ODNI participates with a non-Federal agency in
matching activities covered by section (8) of the Act, ODNI will
publish notice of the matching program in the Federal Register;
(f) ODNI will not maintain a record which describes how an
individual exercises rights guaranteed by the First Amendment unless
expressly authorized by statute or by the subject individual, or unless
pertinent to and within the scope of an authorized law enforcement
activity;
(g) When required by the Act, ODNI will maintain an accounting of
all disclosures of records by the ODNI to persons, organizations or
agencies;
(h) Each ODNI component shall implement administrative, physical
and technical controls to prevent unauthorized access to its systems of
records, to prevent unauthorized disclosure of records, and to prevent
physical damage to or destruction of records;
(i) ODNI will establish rules and instructions for complying with
the requirements of the Privacy Act, including notice of the penalties
for non-compliance, applicable to all persons involved in the design,
development, operation or maintenance of any system of records.
Sec. 1701.6 Disclosure of records/policy.
Consistent with 5 U.S.C. 552a(b), ODNI will not disclose any record
which is contained in a system of records by any means (written, oral
or electronic) without the consent of the subject individual unless
disclosure without consent is made for reasons permitted under
applicable law, including:
(a) Internal agency use on a need-to-know basis;
(b) Release under the Freedom of Information Act (FOIA) if not
subject to protection under the FOIA exemptions;
(c) A specific ``routine use'' as described in the ODNI's published
compilation of Blanket Routine Uses or in specific published Privacy
Act Systems of Records Notices (available at http://www.dni.gov);
(d) Release to the Bureau of the Census, the National Archives and
Records Administration, or the Government Accountability Office, for
the performance of those entities' statutory duties;
(e) Release in non-identifiable form to a recipient who has
provided written assurance that the record will be used solely for
statistical research or reporting;
(f) Compelling circumstances in which the health or safety of an
individual is at risk;
(g) Release pursuant to the order of a court of competent
jurisdiction or to a governmental entity for a specifically documented
civil or criminal law enforcement activity;
(h) Release to either House of Congress or to any committee,
subcommittee or joint committee thereof to the extent of matter within
its jurisdiction;
(i) Release to a consumer reporting agency in accordance with
section 3711(e) of Title 31.
Sec. 1701.7 Requests for notification of and access to records.
(a) How to request. Unless records are not subject to access (see
paragraph (b) of this section), individuals seeking access to records
about themselves may submit a request in writing to the D/IMO, as
directed in Sec. 1701.3 of this subpart, or to the contact designated
in the specific Privacy Act System of Records Notice. To ensure proper
routing and tracking, requesters should mark the envelope ``Privacy Act
Request.''
(b) Records not subject to access. The following records are not
subject to review by subject individuals:
(1) Records in ODNI systems of records that ODNI has exempted from
access and correction under the Privacy Act, 5 U.S.C. 552a(j) or (k),
by notice published in the Federal Register, or where those exemptions
require that ODNI can neither confirm nor deny the existence or
nonexistence of responsive records (see Sec. 1701.10(c)(iii)).
(2) Records in ODNI systems of records that another agency has
exempted from access and correction under the Privacy Act, 5 U.S.C.
552a(j) or (k), by notice published in the Federal Register, or where
those exemptions require that ODNI can neither confirm nor deny the
existence or nonexistence of responsive records (see Sec.
1701.10(c)(iii)).
(c) Description of records. Individuals requesting access to
records about themselves should, to the extent possible, describe the
nature of the records, why and under what circumstances the requester
believes ODNI maintains the records, the time period in which they may
have been compiled and, ideally, the name or identifying number of each
Privacy Act System of Records in which they might be included. The ODNI
publishes notices in the Federal Register that describe its systems of
records. The Federal Register compiles these notices biennially and
makes them available in hard copy at large reference libraries and in
electronic form at the Government Printing Office's World Wide Web
site, http://www.gpoaccess.gov.
(d) Verification of identity. A written request for access to
records about oneself must include full (legal) name, current address,
date and place of birth, and citizenship status. Aliens lawfully
admitted for permanent residence must provide their Alien Registration
Number and the date that status was acquired. The D/IMO may request
additional or clarifying information to ascertain identity. Access
requests must be signed and the signature either notarized or submitted
under 28 U.S.C. 1746, authorizing statements made under penalty of
perjury as a substitute for notarization.
(e) Verification of guardianship or representational relationship.
The parent or guardian of a minor, the guardian of an individual under
judicial disability, or an attorney retained to represent an individual
shall provide, in addition to establishing the identity of the minor or
individual represented as required in paragraph (d) of this section,
evidence of such representation by submitting a certified copy of the
minor's birth certificate, court order, or representational agreement
which establishes the relationship and the requester's identity.
[[Page 117]]
(f) ODNI will permit access to or provide copies of records to
individuals other than the record subject (or the subject's legal
representative) only with the requester's written authorization.
Sec. 1701.8 Requests to amend or correct records.
(a) How to request. Unless the record is not subject to amendment
or correction (see paragraph (b) of this section), individuals (or
guardians or representatives acting on their behalf) may make a written
amendment or correction request to the D/IMO, as directed in Sec.
1701.3 of this subpart, or to the contact designated in a specific
Privacy Act System of Records. Requesters seeking amendment or
correction should identify the particular record or portion subject to
the request, explain why an amendment or correction is necessary, and
provide the desired replacement language. Requesters may submit
documentation supporting the request to amend or correct. Requests for
amendment or correction will lapse (but may be re-initiated with a new
request) if all necessary information is not submitted within forty-
five (45) days of the date of the original request. The identity
verification procedures of paragraphs (d) and (e) of Sec. 1701.7 of
this subpart apply to amendment requests.
(b) Records not subject to amendment or correction. (1) Records
which are determinations of fact or evidence received (e.g.,
transcripts of testimony given under oath or written statements made
under oath; transcripts of grand jury proceedings, judicial
proceedings, or quasi-judicial proceedings, which are the official
record of those proceedings; pre-sentence records that originated with
the courts) and
(2) Records in ODNI systems of records that ODNI or another agency
has exempted from amendment and correction under Privacy Act, 5 U.S.C.
552a(j) or (k) by notice published in the Federal Register.
Sec. 1701.9 Requests for an accounting of record disclosures.
(a) How to request. Except where accountings of disclosures are not
required to be kept (see paragraph (b) of this section), record
subjects (or their guardians or representatives) may request an
accounting of disclosures that have been made to another person,
organization, or agency as permitted by the Privacy Act at 5 U.S.C.
552a(b). This accounting contains the date, nature, and purpose of each
disclosure, as well as the name and address of the person,
organization, or agency to which the disclosure was made. Requests for
accounting should identify each record in question and must be made in
writing to the D/IMO, as indicated in Sec. 1701.3 of this subpart, or
to the contact designated in a specific Privacy Act System of Records.
(b) Accounting not required. The ODNI is not required to provide
accounting of disclosure in the following circumstances:
(1) Disclosures for which the Privacy Act does not require
accounting, i.e., disclosures to employees within the agency and
disclosures made under the FOIA;
(2) Disclosures made to law enforcement agencies for authorized law
enforcement activities in response to written requests from the
respective head of the law enforcement agency specifying the law
enforcement activities for which the disclosures are sought; or
(3) Disclosures from systems of records that have been exempted
from accounting requirements under the Privacy Act, 5 U.S.C. 552a(j) or
(k), by notice published in the Federal Register.
Sec. 1701.10 ODNI responsibility for responding to access requests.
(a) Acknowledgement of requests. Upon receipt of a request
providing all necessary information, the D/IMO shall acknowledge
receipt to the requester and provide an assigned request number for
further reference.
(b) Tasking to component. Upon receipt of a proper access request,
the D/IMO shall provide a copy of the request to the point of contact
(POC) in the ODNI component with which the records sought reside. The
POC within the component shall determine whether responsive records
exist and, if so, recommend to the D/IMO:
(1) Whether access should be denied in whole or part (and the legal
basis for denial under the Privacy Act); or
(2) Whether coordination with or referral to another component or
federal agency is appropriate.
(c) Coordination and referrals--(1) Examination of records. If a
component POC receiving a request for access determines that an
originating agency or other agency that has a substantial interest in
the record is best able to process the request (e.g., the record is
governed by another agency's regulation, or another agency originally
generated or classified the record), the POC shall forward to the D/IMO
all records necessary for coordination with or referral to the other
component or agency, as well as specific recommendations with respect
to any denials.
(2) Notice of referral. Whenever the D/IMO refers all or any part
of the responsibility for responding to a request to another agency,
the D/IMO shall notify the requester of the referral.
(3) Effect of certain exemptions. (i) In processing a request, the
ODNI shall decline to confirm or deny the existence or nonexistence of
any responsive records whenever the fact of their existence or
nonexistence:
(A) May reveal protected intelligence sources and collection
methods (50 U.S.C. 403-1(i)); or
(B) Is classified and subject to an exemption appropriately invoked
by ODNI or another agency under subsections (j) or (k) of the Privacy
Act.
(ii) In such event, the ODNI will inform the requester in writing
and advise the requestor of the right to file an administrative appeal
of any adverse determination.
(d) Time for response. The D/IMO shall respond to a request for
access promptly upon receipt of recommendations from the POC and
determinations resulting from any necessary coordination with or
referral to another agency. The D/IMO may determine to update a
requester on the status of a request that remains outstanding longer
than reasonably expected.
(e) ODNI action on requests for access--(1) Grant of access. Once
the D/IMO determines to grant a request for access in whole or in part,
the D/IMO shall notify the requester in writing and come to agreement
with the requester about how to effect access, whether by on-site
review or duplication of the records. If a requester is accompanied by
another person, the requester shall be required to authorize in writing
any discussion of the records in the presence of the other person.
(2) Denial of access. The D/IMO shall notify the requester in
writing when an adverse determination is made denying a request for
access in any respect. Adverse determinations, or denials, consist of a
determination to withhold any requested record in whole or in part; a
determination that a requested record does not exist or cannot be
located; a determination that what has been requested is not a record
subject to the Privacy Act; or a determination that the existence of a
record can neither be confirmed nor denied. The notification letter
shall state:
(i) The reason(s) for the denial; and
(ii) The procedure for appeal of the denial under Sec. 1701.14 of
this subpart.
[[Page 118]]
Sec. 1701.11 ODNI responsibility for responding to requests for
amendment or correction.
(a) Acknowledgement of request. The D/IMO shall acknowledge receipt
of a request for amendment or correction of records in writing and
provide an assigned request number for further reference.
(b) Tasking of component. Upon receipt of a proper request to amend
or correct a record, the D/IMO shall forward the request to the POC in
the component maintaining the record. The POC shall promptly evaluate
the proposed amendment or correction in light of any supporting
justification and recommend that the D/IMO grant or deny the request
or, if the request involves a record subject to correction by an
originating agency, refer the request to the other agency.
(c) Action on request for amendment or correction. (1) If the POC
determines that the request for amendment or correction is justified,
in whole or in part, the D/IMO shall promptly:
(i) Make the amendment, in whole or in part, as requested and
provide the requester a written description of the amendment or
correction made; and
(ii) Provide written notice of the amendment or correction to all
persons, organizations or agencies to which the record has been
disclosed (if an accounting of the disclosure was made);
(2) Where the D/IMO has referred an amendment request to another
agency, the D/IMO, upon confirmation from that agency that the
amendment has been effected, shall provide written notice of the
amendment or correction to all persons, organizations or agencies to
which ODNI previously disclosed the record.
(3) If the POC determines that the requester's records are
accurate, relevant, timely and complete, and that no basis exists for
amending or correcting the record, either in whole or in part, the D/
IMO shall inform the requester in writing of:
(i) The reason(s) for the denial; and
(ii) The procedure for appeal of the denial under Sec. 1701.15 of
this subpart.
Sec. 1701.12 ODNI responsibility for responding to requests for
accounting.
(a) Acknowledgement of request. Upon receipt of a request for
accounting, the D/IMO shall acknowledge receipt of the request in
writing and provide an assigned request number for further reference.
(b) Tasking of component. Upon receipt of a request for accounting,
the D/IMO shall forward the request to the POC in the component
maintaining the record. The POC shall work with the component's
information management officer and the systems administrator to
generate the requested disclosure history.
(c) Action on request for accounting. The D/IMO will notify the
requester when the accounting is available for on-site review or
transmission in paper or electronic medium.
(d) Notice of court-ordered disclosures. The D/IMO shall make
reasonable efforts to notify an individual whose record is disclosed
pursuant to court order. Notice shall be made within a reasonable time
after receipt of the order; however, when the order is not a matter of
public record, the notice shall be made only after the order becomes
public. Notice shall be sent to the individual's last known address and
include a copy of the order and a description of the information
disclosed. No notice shall be made regarding records disclosed from a
criminal law enforcement system that has been exempted from the notice
requirement.
(e) Notice of emergency disclosures. ODNI shall notify an
individual whose record it discloses under compelling circumstances
affecting health or safety. This notice shall be mailed to the
individual's last known address and shall state the nature of the
information disclosed; the person, organization, or agency to which it
was disclosed; the date of disclosure; and the compelling circumstances
justifying the disclosure. This provision shall not apply in
circumstances involving classified records that have been exempted from
disclosure pursuant to subsection (j) or (k) of the Privacy Act.
Sec. 1701.13 Special procedures for medical/psychiatric/psychological
records.
Current and former ODNI employees, including current and former
employees of ODNI contractors, and unsuccessful applicants for
employment may seek access to their medical, psychiatric records, or
psychological testing records by writing to: Information and Privacy
Coordinator, Central Intelligence Agency, Washington, DC 20505, and
provide identifying information as required by paragraphs (d) and (e)
of Sec. 1701.7 of this subpart. The Central Intelligence Agency's
Privacy Act Regulations will govern administration of these types of
records, including appeals from adverse determinations.
Sec. 1701.14 Appeals.
(a) Individuals may appeal denials of requests for access,
amendment, or accounting by submitting a written request for review to
the Director, Information Management Office (D/IMO) at the Office of
the Director of National Intelligence, Washington, DC 20511. The words
``PRIVACY ACT APPEAL'' should be written on the letter and the
envelope. The appeal must be signed by the record subject or legal
representative. No personal appearance or hearing on appeal will be
allowed.
(b) The D/IMO must receive the appeal letter within 45 calendar
days of the date the requester received the notice of denial. The
postmark is conclusive as to timeliness. Copies of correspondence from
ODNI denying the request to access or amend the record should be
included with the appeal, if possible. At a minimum, the appeal letter
should identify:
(1) The records involved;
(2) The date of the initial request for access to or amendment of
the record;
(3) The date of ODNI's denial of that request; and
(4) A statement of the reasons supporting the request for reversal
of the initial decision. The statement should focus on information not
previously available or legal arguments demonstrating that the ODNI's
decision is improper.
(c) Following receipt of the appeal, the Director of Intelligence
Staff (DIS) shall, in consultation with the Office of General Counsel,
make a final determination in writing on the appeal.
(d) Where ODNI reverses an initial denial, the following procedures
apply:
(1) If ODNI reverses an initial denial of access, the procedures in
paragraph (e)(1) of Sec. 1701.10 of this subpart will apply.
(2) If ODNI reverses its initial denial of a request to amend a
record, the POC will ensure that the record is corrected as requested,
and the D/IMO will inform the individual of the correction, as well as
all persons, organizations and agencies to which ODNI had disclosed the
record.
(3) If ODNI reverses its initial denial of a request for
accounting, the POC will notify the requester when the accounting is
available for on-site review or transmission in paper or electronic
medium.
(e) If ODNI upholds its initial denial or reverses in part (i.e.,
only partially granting the request), ODNI'S notice of final agency
action will inform the requester of the following rights:
(1) Judicial review of the denial under 5 U.S.C. 552a(g)(1), as
limited by 5 U.S.C. 552a(g)(5).
(2) Opportunity to file a statement of disagreement with the
denial, citing the reasons for disagreeing with ODNI's final
determination not to correct or amend a record. The requester's
[[Page 119]]
statement of disagreement should explain why he disputes the accuracy
of the record.
(3) Inclusion in one's record of copies of the statement of
disagreement and the final denial, which ODNI will provide to all
subsequent recipients of the disputed record, as well as to all
previous recipients of the record where an accounting was made of prior
disclosures of the record.
Sec. 1701.15 Fees.
ODNI shall charge fees for duplication of records under the Privacy
Act, 5 U.S.C. 552a, in the same way in which it will charge for
duplication of records under Sec. 1700.7(g), ODNI's regulation
implementing the fee provision of the Freedom of Information Act, 5
U.S.C. 552.
Sec. 1701.16 Contractors.
(a) Any approved contract for the operation of a Privacy Act system
of records to accomplish a function of the ODNI will contain the
Privacy Act provisions prescribed by the Federal Acquisition
Regulations (FAR) at 48 CFR Part 24, requiring the contractor to comply
with the Privacy Act and this subpart. The contracting component will
be responsible for ensuring that the contractor complies with these
contract requirements. This section does not apply to systems of
records maintained by a contractor as a function of management
discretion, e.g., the contractor's personnel records.
(b) Where the contract contains a provision requiring the
contractor to comply with the Privacy Act and this subpart, the
contractor and any employee of the contractor will be considered
employees of the ODNI for purposes of the criminal penalties of the
Act, 5 U.S.C. 552a(i).
Sec. 1701.17 Standards of conduct.
(a) General. ODNI will ensure that staff are aware of the
provisions of the Privacy Act and of their responsibilities for
protecting personal information that ODNI collects and maintains,
consistent with Sec. Sec. 1701.5 and 1701.6 of this subpart.
(b) Criminal penalties--(1) Unauthorized disclosure. Criminal
penalties may be imposed against any ODNI staff who, by virtue of
employment, has possession or access to ODNI records which contain
information identifiable with an individual, the disclosure of which is
prohibited by the Privacy Act or by these rules, and who, knowing that
disclosure of the specific material is prohibited, willfully discloses
the material in any manner to any person or agency not entitled to
receive it.
(2) Unauthorized maintenance. Criminal penalties may be imposed
against any ODNI staff who willfully maintains a system of records
without meeting the requirements of subsection (e)(4) of the Privacy
Act, 5 U.S.C. 552a. The D/IMO, the Civil Liberties Protection Officer,
the General Counsel, and the Inspector General are authorized
independently to conduct such surveys and inspect such records as
necessary from time to time to ensure that these requirements are met.
(3) Unauthorized requests. Criminal penalties may be imposed upon
any person who knowingly and willfully requests or obtains any record
concerning an individual from the ODNI under false pretenses.
Subpart B--Exemption of Record Systems Under the Privacy Act
Sec. 1701.20 Exemption policies.
(a) General. The DNI has determined that invoking exemptions under
the Privacy Act and continuing exemptions previously asserted by
agencies whose records ODNI receives is necessary: to ensure against
the release of classified information essential to the national defense
or foreign relations; to protect intelligence sources and methods; and
to maintain the integrity and effectiveness of intelligence,
investigative and law enforcement processes. Accordingly, as authorized
by the Privacy Act, 5 U.S.C. 552a, subsections (j) and (k), and in
accordance with the rule-making procedures of the Administrative
Procedures Act, 5 U.S.C. 553, the ODNI hereby proposes rules to:
(1) Exercise its authority pursuant to subsections (j) and (k) of
the Privacy Act to exempt certain ODNI systems of records or portions
of systems of records from various provisions of the Privacy Act; and
(2) Continue in effect and assert all exemptions claimed under
Privacy Act subsections (j) and (k) by an originating agency from which
the ODNI obtains records where the purposes underlying the original
exemption remain valid and necessary to protect the contents of the
record.
(b) Related policies. (1) The exemptions asserted apply to records
only to the extent they meet the criteria of subsections (j) and (k) of
the Privacy Act, whether claimed by the ODNI or the originator of the
records.
(2) Discretion to supersede exemption: Where complying with a
request for access or amendment would not appear to interfere with or
adversely affect a counterterrorism or law enforcement interest, and
unless prohibited by law, the D/IMO may exercise his discretion to
waive the exemption. Discretionary waiver of an exemption with respect
to a record will not obligate the ODNI to waive the exemption with
respect to any other record in an exempted system of records. As a
condition of such discretionary access, ODNI may impose any
restrictions (e.g., concerning the location of file reviews) deemed
necessary or advisable to protect the security of agency operations,
information, personnel, or facilities.
(3) Records in ODNI systems also are subject to protection under 50
U.S.C. 403-1(i), the provision of the National Security Act of 1947
which requires the DNI to protect intelligence sources and methods from
unauthorized disclosure.
Sec. 1701.21 Exemption of National Counterterrorism Center (NCTC)
systems of records.
(a) The ODNI exempts the following systems of records from the
requirements of subsections (c)(3); (d)(1),(2),(3) and (4); (e)(1);
(e)(4)(G),(H),(I); and (f) of the Privacy Act to the extent that
information in the system is subject to exemption pursuant subsections
(k)(1) and (k)(5) of the Act:
(1) NCTC Human Resources Management System (ODNI/NCTC-001).
(2) [Reserved]
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI or recipient agency and could result in release of properly
classified national security or foreign policy information.
(2) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because affording access and
amendment rights could alert the record subject to the investigative
interest of intelligence or law enforcement agencies or compromise
sensitive information classified in the interest of national security.
In the absence of a national security basis for exemption, records in
this system may be exempted from access and amendment to the extent
necessary to honor promises of confidentiality to persons providing
information concerning a candidate for position. Inability to maintain
such confidentiality would restrict the free flow of information vital
to a
[[Page 120]]
determination of a candidate's qualifications and suitability.
(3) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible to establish relevance and
necessity before all information is considered and evaluated in
relation to an intelligence concern. In the absence of a national
security basis for exemption under subsection (k)(1), records in this
system may be exempted from the relevance requirement pursuant to
subsection (k)(5) because it is not possible to determine in advance
what exact information may assist in determining the qualifications and
suitability of a candidate for position. Seemingly irrelevant details,
when combined with other data, can provide a useful composite for
determining whether a candidate should be appointed.
(4) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects of the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment,
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published notice concerning notification,
access, and contest procedures because it may in certain circumstances
determine it appropriate to provide subjects access to all or a portion
of the records about them in a system of records.
(5) From subsection (e)(4)(I) (identifying sources of records in
the system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information, intelligence sources and methods, and investigatory
techniques and procedures. Notwithstanding its proposed exemption from
this requirement, ODNI identifies record sources in broad categories
sufficient to provide general notice of the origins of the information
it maintains in its systems of records.
(6) From subsection (f) (agency rules for notifying subjects to the
existence of records about them, for accessing and amending records,
and for assessing fees) because the system is exempt from subsection
(d) provisions regarding access and amendment of records by record
subjects. Nevertheless, the ODNI has published agency rules concerning
notification of a subject in response to his request if any system of
records named by the subject contains a record pertaining to him and
procedures by which the subject may access or amend the records.
Notwithstanding exemption, the ODNI may determine it appropriate to
satisfy a record subject's access request.
(c) The ODNI exempts the following systems of records from the
requirements of subsections (c)(3); (d)(1), (2), (3) and (4); (e)(1);
(e)(4)(G), (H), (I); and (f) of the Privacy Act to the extent that
information in the system is subject to exemption pursuant subsection
(k)(1) of the Act:
(1) NCTC Access Authorization Records (ODNI/NCTC-002).
(2) NCTC Telephone Directory (ODNI/NCTC-003).
(3) NCTC Partnership Management Records (ODNI/NCTC-006).
(4) NCTC Tacit Knowledge Management Records (ODNI/NCTC-007)
(d) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI or recipient agency and could result in release of properly
classified national security or foreign policy information.
(2) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because affording access and
amendment rights could alert the record subject to the investigative
interest of intelligence or law enforcement agencies or compromise
sensitive information classified in the interest of national security.
(3) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible to establish relevance and
necessity before all information is considered and evaluated in
relation to an intelligence concern.
(4) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects of the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published notice concerning notification,
access, and contest procedures because it may in certain circumstances
determine it appropriate to provide subjects access to all or a portion
of the records about them in a system of records.
(5) From subsection (e)(4)(I) (identifying sources of records in
the system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information, intelligence sources and methods, and investigatory
techniques and procedures. Notwithstanding its proposed exemption from
this requirement, ODNI identifies record sources in broad categories
sufficient to provide general notice of the origins of the information
it maintains in its systems of records.
(6) From subsection (f) (agency rules for notifying subjects to the
existence of records about them, for accessing and amending records,
and for assessing fees) because the system is exempt from subsection
(d) provisions regarding access and amendment of records by record
subjects. Nevertheless, the ODNI has published agency rules concerning
notification of a subject in response to his request if any system of
records named by the subject contains a record pertaining to him and
procedures by which the subject may access or amend the records.
Notwithstanding exemption, the ODNI may determine it appropriate to
satisfy a record subject's access request.
(e) The ODNI exempts the following systems of records from the
requirements of subsections (c)(3); (d)(1), (2), (3), (4); (e)(1);
(e)(4)(G), (H), (I); and (f) of the Privacy Act, to the extent that
information in the system is subject to exemption pursuant to
subsections (k)(1) and (k)(2) of the Act:
(1) NCTC Knowledge Repository (SANCTUM) (ODNI/NCTC-004).
(2) NCTC Online (ODNI/NCTC-005).
(3) NCTC Terrorism Analysis Records (ODNI/NCTC-008).
(4) NCTC Terrorist Identities Records (ODNI/NCTC-009).
(f) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI as well as the recipient agency and could: result in release of
properly classified national security or foreign policy information;
compromise ongoing efforts to investigate a known or suspected
terrorist; reveal sensitive investigative or surveillance techniques;
or identify a confidential source. With this information, the record
subject could frustrate counterintelligence measures; impede an
investigation by destroying evidence or intimidating potential
witnesses; endanger the physical safety of sources, witnesses, and law
enforcement and intelligence personnel and their families; or evade
apprehension or prosecution by law enforcement personnel.
[[Page 121]]
(2) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because these provisions concern
individual access to and amendment of counterterrorism, investigatory
and intelligence records. Affording access and amendment rights could
alert the record subject to the fact and nature of an investigation or
the investigative interest of intelligence or law enforcement agencies;
permit the subject to frustrate such investigation, surveillance or
potential prosecution; compromise sensitive information classified in
the interest of national security; identify a confidential source or
disclose information which would reveal a sensitive investigative or
intelligence technique; and endanger the health or safety of law
enforcement personnel, confidential informants, and witnesses. In
addition, affording subjects access and amendment rights would impose
an impossible administrative burden to continuously reexamine
investigations, analyses, and reports.
(3) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible for intelligence or law
enforcement agencies to know in advance what information about an
encounter with a known or suspected terrorist will be relevant for the
purpose of conducting an operational response. Relevance and necessity
are questions of judgment and timing, and only after information is
evaluated can relevance and necessity be established. In addition,
information in the system of records may relate to matters under the
investigative jurisdiction of another agency, and may not readily be
segregated. Furthermore, information in these systems of records, over
time, aid in establishing patterns of criminal activity that can
provide leads for other law enforcement agencies.
(4) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects of the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published notice concerning notification,
access, and contest procedures because it may in certain circumstances
determine it appropriate to provide subjects access to all or a portion
of the records about them in a system of records.
(5) From subsection (e)(4)(I) (identifying sources of records in
the system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information. Additionally, exemption from this provision is necessary
to protect the privacy and safety of witnesses and sources of
information, including intelligence sources and methods and
investigatory techniques and procedures. Notwithstanding its proposed
exemption from this requirement, ODNI identifies record sources in
broad categories sufficient to provide general notice of the origins of
the information it maintains in its systems of records.
(6) From subsection (f) (agency rules for notifying subjects to the
existence of records about them, for accessing and amending records and
for assessing fees) because the system is exempt from subsection (d)
provisions regarding access and amendment of records by record
subjects. Nevertheless, the ODNI has published agency rules concerning
notification of a subject in response to his request if any system of
records named by the subject contains a record pertaining to him and
procedures by which the subject may access or amend the records.
Notwithstanding exemption, the ODNI may determine it appropriate to
satisfy a record subject's access request.
Sec. 1701.22 Exemption of Office of the National Counterintelligence
Executive (ONCIX) system of records.
(a) The ODNI exempts the following system of records from the
requirements of subsections (c)(3); (d)(1), (2), (3), (4); (e)(1); (e)
(4)(G), (H), (I); and (f) of the Privacy Act, to the extent that
information in the system is subject to exemption pursuant to
subsections (k)(1) and (k)(2) of the Act:
(1) ONCIX Counterintelligence Damage Assessment Records (ODNI/
ONCIX-001).
(2) [Reserved]
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI as well as the recipient agency and could: result in release of
properly classified national security or foreign policy information;
compromise ongoing efforts to investigate a known or suspected
terrorist; reveal sensitive investigative or surveillance techniques;
or identify a confidential source. With this information, the record
subject could frustrate counterintelligence measures; impede an
investigation by destroying evidence or intimidating potential
witnesses; endanger the physical safety of sources, witnesses, and law
enforcement and intelligence personnel and their families; or evade
apprehension or prosecution by law enforcement personnel.
(2) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because these provisions concern
individual access to and amendment of counterterrorism, investigatory
and intelligence records. Affording access and amendment rights could
alert the record subject to the fact and nature of an investigation or
the investigative interest of intelligence or law enforcement agencies;
permit the subject to frustrate such investigation, surveillance or
potential prosecution; compromise sensitive information classified in
the interest of national security; identify a confidential source or
disclose information which would reveal a sensitive investigative or
intelligence technique; and endanger the health or safety of law
enforcement personnel, confidential informants, and witnesses. In
addition, affording subjects access and amendment rights would impose
an impossible administrative burden to continuously reexamine
investigations, analyses, and reports.
(3) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible to know in advance what
information will be relevant to evaluate and mitigate damage to the
national security. Relevance and necessity are questions of judgment
and timing, and only after information is evaluated can relevance and
necessity be established. In addition, information in the system of
records may relate to matters under the investigative jurisdiction of
another agency, and may not readily be segregated. Furthermore,
information in these systems of records, over time, aid in establishing
patterns of criminal activity that can provide leads for other law
enforcement agencies.
(4) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects to the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published notice concerning notification,
access, and contest procedures because it may in certain circumstances
determine it appropriate to provide subjects access to all or a portion
of the records about them in a system of records.
(5) From subsection (e)(4)(I) (identifying sources of records in
the
[[Page 122]]
system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information. Additionally, exemption from this provision is necessary
to protect the privacy and safety of witnesses and sources of
information, including intelligence sources and methods and
investigatory techniques and procedures. Notwithstanding its proposed
exemption from this requirement, ODNI identifies record sources in
broad categories sufficient to provide general notice of the origins of
the information it maintains in its systems of records.
(6) From subsection (f) (agency rules for notifying subjects to the
existence of records about them, for accessing and amending records and
for assessing fees) because the system is exempt from subsection (d)
provisions regarding access and amendment of records by record
subjects. Nevertheless, the ODNI has published agency rules concerning
notification of a subject in response to his request if any system of
records named by the subject contains a record pertaining to him and
procedures by which the subject may access or amend the records.
Notwithstanding exemption, the ODNI may determine it appropriate to
satisfy a record subject's access request.
Sec. 1701.23 Exemption of Office of Inspector General (OIG) systems
of records.
(a) The ODNI exempts the following systems of records from the
requirements of subsections (c)(3); (d)(1),(2),(3) and (4); (e)(1);
(e)(4)(G),(H),(I); and (f) of the Privacy Act to the extent that
information in the system is subject to exemption pursuant subsections
(k)(1) and (k)(5) of the Act:
(1) OIG Human Resources Records (ODNI/OIG-001).
(2) OIG Experts Contact Records (ODNI/OIG-002).
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI or recipient agency and could result in release of properly
classified national security or foreign policy information.
(2) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because affording access and
amendment rights could alert the record subject to the investigative
interest of intelligence or law enforcement agencies or compromise
sensitive information classified in the interest of national security.
In the absence of a national security basis for exemption under
subsection (k)(1), records in this system may be exempted from access
and amendment pursuant to subsection (k)(5) to the extent necessary to
honor promises of confidentiality to persons providing information
concerning a candidate for position. Inability to maintain such
confidentiality would restrict the free flow of information vital to a
determination of a candidate's qualifications and suitability.
(3) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible to establish relevance and
necessity before all information is considered and evaluated in
relation to an intelligence concern. In the absence of a national
security basis for exemption under subsection (k)(1), records in this
system may be exempted from the relevance requirement pursuant to
subsection (k)(5) because it is not always possible to determine in
advance what exact information may assist in determining the
qualifications and suitability of a candidate for position. Seemingly
irrelevant details, when combined with other data, can provide a useful
composite for determining whether a candidate should be appointed.
(4) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects of the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published such a notice concerning
notification, access, and contest procedures because it may in certain
circumstances determine it appropriate to provide subjects access to
all or a portion of the records about them in a system of records.
(5) From subsection (e)(4)(I)(identifying sources of records in the
system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information, intelligence sources and methods and investigatory
techniques and procedures. Notwithstanding its proposed exemption from
this requirement, ODNI identifies record sources in broad categories
sufficient to provide general notice of the origins of the information
it maintains in its systems of records.
(6) From subsection (f) (agency rules for notifying subjects to the
existence of records about them, for accessing and amending records and
for assessing fees) because the system is exempt from subsection (d)
provisions regarding access and amendment of records by record
subjects. Nevertheless, the ODNI has published agency rules concerning
notification of a subject in response to his request if any system of
records named by the subject contains a record pertaining to him and
procedures by which the subject may access or amend the records.
Notwithstanding exemption, the ODNI may determine it appropriate to
satisfy a record subject's access request.
(c) The ODNI exempts the following system of records from the
requirements of subsections (c)(3) and (4); (d)(1),(2),(3),(4);
(e)(1),(2),(3),(5),(8) and (12); and (g) of the Privacy Act, to the
extent that information in the system is subject to exemption pursuant
to subsection (j)(2) of the Act. In addition, the following system of
records is exempted from the requirements of subsections (c)(3);
(d)(1),(2),(3)and (4); (e)(1); (e)(4)(G),(H)and (I); and (f) of the
Privacy Act, to the extent that information in the system is subject to
exemption pursuant to subsections (k)(1) and (k)(2) of the Act.
(1) OIG Investigation and Interview Records (ODNI/OIG-003).
(2) [Reserved]
(d) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (accounting of disclosures) because an
accounting of disclosures from records concerning the record subject
would specifically reveal an investigative interest on the part of the
ODNI as well as the recipient agency and could: result in release of
properly classified national security or foreign policy information;
compromise ongoing efforts to investigate a known or suspected
terrorist; reveal sensitive investigative or surveillance techniques;
or identify a confidential source. With this information, the record
subject could frustrate counterintelligence measures; impede an
investigation by destroying evidence or intimidating potential
witnesses; endanger the physical safety of sources, witnesses, and law
enforcement and intelligence personnel and their families; or evade
apprehension or prosecution by law enforcement personnel.
(2) From subsection (c)(4) (notice of amendment to record
recipients) because the system is exempted from the access and
amendment provisions of subsection (d).
(3) From subsections (d)(1), (2), (3) and (4) (record subject's
right to access and amend records) because these
[[Page 123]]
provisions concern individual access to and amendment of
counterterrorism, investigatory and intelligence records. Affording
access and amendment rights could alert the record subject to the fact
and nature of an investigation or the investigative interest of
intelligence or law enforcement agencies; permit the subject to
frustrate such investigation, surveillance or potential prosecution;
compromise sensitive information classified in the interest of national
security; identify a confidential source or disclose information which
would reveal a sensitive investigative or intelligence technique; and
endanger the health or safety of law enforcement personnel,
confidential informants, and witnesses. In addition, affording subjects
access and amendment rights would impose an impossible administrative
burden to continuously reexamine investigations, analyses, and reports.
(4) From subsection (e)(1) (maintain only relevant and necessary
records) because it is not always possible to know in advance what
information will be relevant for the purpose of conducting an
investigation. Relevance and necessity are questions of judgment and
timing, and only after information is evaluated can relevance and
necessity be established. In addition, information in the system of
records may relate to matters under the investigative jurisdiction of
another agency, and may not readily be segregated. Furthermore,
information in these systems of records, over time, aid in establishing
patterns of criminal activity that can provide leads for other law
enforcement agencies.
(5) From subsection (e)(2) (collection directly from the
individual) because application of this provision would alert the
subject of a counterterrorism investigation, study or analysis to that
fact, permitting the subject to frustrate or impede the activity.
Counterterrorism investigations necessarily rely on information
obtained from third parties rather than information furnished by
subjects themselves.
(6) From subsection (e)(3) (provide Privacy Act Statement to
subjects furnishing information) because the system is exempted from
the (e)(2) requirement to collect information directly from the
subject.
(7) From subsections (e)(4)(G) and (H) (publication of procedures
for notifying subjects of the existence of records about them and how
they may access records and contest contents) because the system is
exempted from subsection (d) provisions regarding access and amendment
and from the subsection (f) requirement to promulgate agency rules.
Nevertheless, the ODNI has published notice concerning notification,
access, and contest procedures because it may in certain circumstances
determine it appropriate to provide subjects access to all or a portion
of the records about them in a system of records.
(8) From subsection (e)(4)(I) (identifying sources of records in
the system of records) because identifying sources could result in
disclosure of properly classified national defense or foreign policy
information. Additionally, exemption from this provision is necessary
to protect the privacy and safety of witnesses and sources of
information, including intelligence sources and methods and
investigatory techniques and procedures. Notwithstanding its proposed
exemption from this requirement, ODNI identifies record sources in
broad categories sufficient to provide general notice of the origins of
the information it maintains in its systems of records.
(9) From subsection (e)(5) (maintain timely, accurate, complete and
up-to-date records) because many of the records in the system are
derived from other domestic and foreign agency record systems over
which ODNI exercises no control. In addition, in collecting information
for counterterrorism, intelligence, and law enforcement purposes, it is
not possible to determine in advance what information is accurate,
relevant, timely, and complete. With the passage of time and the
development of additional facts and circumstances, seemingly irrelevant
or dated information may acquire significance. The restrictions imposed
by (e)(5) would limit the ability of intelligence analysts to exercise
judgment in conducting investigations and impede development of
intelligence necessary for effective counterterrorism and law
enforcement efforts.
(10) From subsection (e)(8) (notice of compelled disclosures)
because requiring individual notice of legally compelled disclosure
poses an impossible administrative burden and could alert subjects of
counterterrorism, law enforcement, or intelligence investigations to
the previously unknown fact of those investigations.
(11) From subsection (e)(12) (public notice of matching activity)
because, to the extent such activities are not otherwise excluded from
the matching requirements of the Privacy Act, publishing advance notice
in the Federal Register would frustrate the ability of intelligence
analysts to act quickly in furtherance of analytical efforts.
(12) From subsection (f) (agency rules for notifying subjects to
the existence of records about them, for accessing and amending records
and for assessing fees) because the system is exempt from the
subsection (d) provisions regarding access and amendment of records by
record subjects. Nevertheless, the ODNI has published agency rules
concerning notification of a subject in response to his request if any
system of records named by the subject contains a record pertaining to
him and procedures by which the subject may access or amend the
records. Notwithstanding exemption, the ODNI may determine it
appropriate to satisfy a record subject's access request.
(13) From subsection (g) (civil remedies) to the extent that the
civil remedies relate to provisions of 5 U.S.C. 552a from which this
rule exempts the system.
Subpart C--Routine Uses Applicable to More Than One ODNI System of
Records
Sec. 1701.30 Policy and applicability.
(a) ODNI proposes the following general routine uses to foster
simplicity and economy and to avoid redundancy or error by duplication
in multiple ODNI systems of records and in systems of records
established hereafter by ODNI or by one of its components.
(b) These general routine uses may apply to every Privacy Act
system of records maintained by ODNI and its components, unless
specifically stated otherwise in the System of Records Notice for a
particular system. Additional general routine uses may be identified as
notices of systems of records are published.
(c) Routine uses specific to a particular System of Records are
identified in the System of Records Notice for that system.
Sec. 1701.31 General routine uses.
(a) Except as noted on Standard Forms 85 and 86 and supplemental
forms thereto (questionnaires for employment in, respectively, ``non-
sensitive'' and ``national security'' positions within the Federal
government), a record that on its face or in conjunction with other
information indicates or relates to a violation or potential violation
of law, whether civil, criminal, administrative or regulatory in
nature, and whether arising by general statute, particular program
statute, regulation, rule or order issued pursuant thereto, may be
disclosed as a routine use to an appropriate federal, state,
territorial, tribal, local law enforcement authority, foreign
government or international law enforcement authority, or to an
appropriate regulatory body
[[Page 124]]
charged with investigating, enforcing, or prosecuting such violations.
(b) A record from a system of records maintained by the ODNI may be
disclosed as a routine use, subject to appropriate protections for
further disclosure, in the course of presenting information or evidence
to a magistrate, special master, administrative law judge, or to the
presiding official of an administrative board, panel or other
administrative body.
(c) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to representatives of the Department of
Justice or any other entity responsible for representing the interests
of the ODNI in connection with potential or actual civil, criminal,
administrative, judicial or legislative proceedings or hearings, for
the purpose of representing or providing advice to: the ODNI; any staff
of the ODNI in his or her official capacity; any staff of the ODNI in
his or her individual capacity where the staff has submitted a request
for representation by the United States or for reimbursement of
expenses associated with retaining counsel; or the United States or
another Federal agency, when the United States or the agency is a party
to such proceeding and the record is relevant and necessary to such
proceeding.
(d) A record from a system of records maintained by the ODNI may be
disclosed as a routine use in a proceeding before a court or
adjudicative body when any of the following is a party to litigation or
has an interest in such litigation, and the ODNI, Office of General
Counsel, determines that use of such records is relevant and necessary
to the litigation: the ODNI; any staff of the ODNI in his or her
official capacity; any staff of the ODNI in his or her individual
capacity where the Department of Justice has agreed to represent the
staff or has agreed to provide counsel at government expense; or the
United States or another Federal agency, where the ODNI, Office of
General Counsel, determines that litigation is likely to affect the
ODNI.
(e) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to representatives of the Department of
Justice and other U.S. Government entities, to the extent necessary to
obtain advice on any matter within the official responsibilities of
such representatives and the responsibilities of the ODNI.
(f) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to a Federal, state or local agency or other
appropriate entities or individuals from which/whom information may be
sought relevant to: a decision concerning the hiring or retention of an
employee or other personnel action; the issuing or retention of a
security clearance or special access, contract, grant, license, or
other benefit; or the conduct of an authorized investigation or
inquiry, to the extent necessary to identify the individual, inform the
source of the nature and purpose of the inquiry, and identify the type
of information requested.
(g) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to any Federal, state, local, tribal or
other public authority, or to a legitimate agency of a foreign
government or international authority to the extent the record is
relevant and necessary to the other entity's decision regarding the
hiring or retention of an employee or other personnel action; the
issuing or retention of a security clearance or special access,
contract, grant, license, or other benefit; or the conduct of an
authorized inquiry or investigation.
(h) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to a Member of Congress or Congressional
staffer in response to an inquiry from that Member of Congress or
Congressional staffer made at the written request of the individual who
is the subject of the record.
(i) A record from a system of records maintained by the ODNI may be
disclosed to the Office of Management and Budget in connection with the
review of private relief legislation, as set forth in Office of
Management and Budget Circular No. A-19, at any stage of the
legislative coordination and clearance process as set forth in the
Circular.
(j) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to any agency, organization, or individual
for authorized audit operations, and for meeting related reporting
requirements, including disclosure to the National Archives and Records
Administration for records management inspections and such other
purposes conducted under the authority of 44 U.S.C. 2904 and 2906, or
successor provisions.
(k) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to individual members or staff of
Congressional intelligence oversight committees in connection with the
exercise of the committees' oversight and legislative functions.
(l) A record from a system of records maintained by the ODNI may be
disclosed as a routine use pursuant to Executive Order to the
President's Foreign Intelligence Advisory Board, the President's
Intelligence Oversight Board, to any successor organizations, and to
any intelligence oversight entity established by the President, when
the Office of the General Counsel or the Office of the Inspector
General determines that disclosure will assist such entities in
performing their oversight functions and that such disclosure is
otherwise lawful.
(m) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to contractors, grantees, experts,
consultants, or others when access to the record is necessary to
perform the function or service for which they have been engaged by the
ODNI.
(n) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to a former staff of the ODNI for the
purposes of responding to an official inquiry by a Federal, state, or
local government entity or professional licensing authority or
facilitating communications with a former staff of the ODNI that may be
necessary for personnel-related or other official purposes when the
ODNI requires information or consultation assistance, or both, from the
former staff regarding a matter within that person's former area of
responsibility.
(o) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to legitimate foreign, international or
multinational security, investigatory, law enforcement or
administrative authorities in order to comply with requirements imposed
by, or to claim rights conferred in, formal agreements and arrangements
to include those regulating the stationing and status in foreign
countries of Department of Defense military and civilian personnel.
(p) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to any Federal agency when documents or
other information obtained from that agency are used in compiling the
record and the record is relevant to the official responsibilities of
that agency, provided that disclosure of the recompiled or enhanced
record to the source agency is otherwise authorized and lawful.
(q) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to appropriate agencies, entities, and
persons when: The security or confidentiality of information in the
system of records has or may have been compromised; and the
[[Page 125]]
compromise may result in economic or material harm to individuals
(e.g., identity theft or fraud), or harm to the security or integrity
of the affected information or information technology systems or
programs (whether or not belonging to the ODNI) that rely upon the
compromised information; and disclosure is necessary to enable ODNI to
address the cause(s) of the compromise and to prevent, minimize, or
remedy potential harm resulting from the compromise.
(r) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to a Federal, state, local, tribal,
territorial, foreign, or multinational agency or entity or to any other
appropriate entity or individual for any of the following purposes: to
provide notification of a serious terrorist threat for the purpose of
guarding against or responding to such threat; to assist in
coordination of terrorist threat awareness, assessment, analysis, or
response; or to assist the recipient in performing authorized
responsibilities relating to terrorism or counterterrorism.
(s) A record from a system of records maintained by the ODNI may be
disclosed as a routine use for the purpose of conducting or supporting
authorized counterintelligence activities as defined by section 401a(3)
of the National Security Act of 1947, as amended, to elements of the
Intelligence Community, as defined by section 401a(4) of the National
Security Act of 1947, as amended; to the head of any Federal agency or
department; to selected counterintelligence officers within the Federal
government.
(t) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to a Federal, state, local, tribal,
territorial, foreign, or multinational government agency or entity, or
to other authorized entities or individuals, but only if such
disclosure is undertaken in furtherance of responsibilities conferred
by, and in a manner consistent with, the National Security Act of 1947,
as amended; the Counterintelligence Enhancement Act of 2002, as
amended; Executive Order 12333 or any successor order together with its
implementing procedures approved by the Attorney General; and other
provisions of law, Executive Order or directive relating to national
intelligence or otherwise applicable to the ODNI. This routine use is
not intended to supplant the other routine uses published by the ODNI.
Dated: December 8, 2007.
Ronald L. Burgess, Jr.,
Lieutenant General, USA, Director of the Intelligence Staff.
[FR Doc. E7-25331 Filed 12-31-07; 8:45 am]
BILLING CODE 3910-A7-P
