Privacy Act of 1974 Privacy Act Regulation
The Board of Governors of the Federal Reserve System (Board) proposes to amend its regulation implementing the Privacy Act of 1974. The primary proposed changes concern the waiver of copying fees charged to current or former Board employees for access to records under the Privacy Act, and the special procedures for release of medical records. In addition, the Board is proposing to make minor editorial and technical changes.
Comment must be received on or before July 7, 2004.
You may submit comments, identified by Docket No. R-1200, by any of the following methods:
• Agency Web Site:http://www.federalreserve.gov. Follow the instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
• Federal eRulemaking Portal:http://www.regulations.gov. Follow the instructions for submitting comments.
• E-mail:regs.commentsfederalreserve.gov. Include docket number in the subject line of the message.
• FAX: 202/452-3819 or 202/452-3102.
• Mail: Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, N.W., Washington, DC 20551.
All public comments are available from the Board's web site at www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as submitted, except as necessary for technical reasons. Accordingly, your comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room MP-500 of the Board's Martin Building (20th and C Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
For further information contact:
Elaine M. Boutilier, Managing Senior Counsel, (202/452-2418), Legal Division. For the hearing impaired only, contact Telecommunications Device for the Deaf (TDD)(202/263-4869).
The Board's Privacy Act Regulation was last revised in 1995 (60 FR 3341, January 17, 1995). In its ongoing review of regulations, the Board has determined that certain changes should be made to the regulation to adopt better procedures.
The first substantive change concerns waivers of the fee charged for copying records. The Privacy Act (5 U.S.C. 552a(f)(5)) permits an agency to assess copying fees for providing access to records. Section 261a.4(a) of the Board's current regulation states that the duplication fee for Privacy Act requests will be the same as that charged for duplication of records in response to a Freedom of Information Act request (currently $.10/page). Section 261a.4(c) states that, in the connection with a request by an employee for records to use in prosecuting a grievance or complaint of discrimination against the Board, fees totaling less than $50 will be waived, but the Secretary of the Board also may waive fees exceeding that amount. A review of current Board practice revealed that copies of personnel files are routinely provided to an employee upon request without assessing a copying fee, and copies of records relied upon in an adverse action must be provided to the subject employee without charge. Accordingly, the Board proposes to waive all fees for providing copies of information from systems of records to current or former employees.
The second substantive change concerns the special procedures for disclosing medical records. Currently, section 261a.7 of the Privacy Act Regulation permits the privacy officer, in consultation with the Board's physician, to determine that disclosure of medical records directly to the requester could have an adverse effect on the requester. In that situation, the Board would transmit the records to a licensed physician named by the requester, and the physician would disclose the records to the requester in a manner deemed appropriate by the physician. The Board proposes to expand the scope of these special procedures to cover records maintained in the Board's Employee Assistance Program (EAP) system of records. These records also may contain material that could have an adverse effect if disclosed directly to the requester, so the proposed change would permit a similar indirect disclosure through a licensed physician or other appropriate representative named by the requester. It is contemplated that such “appropriate representative” could be a psychologist, social worker, or even a parent or other relative.
The remaining proposed changes are technical or editorial in nature and should not have a substantive effect on persons.
Initial Regulatory Flexibility Analysis
The Privacy Act Regulation sets forth the procedures by which individuals may request access and amendment to records maintained in systems of records at the Board. The Board certifies that this rule will not have a significant economic impact on a substantial number of small entities, because it does not apply to business entities.
List of subjects in 12 cfr part 261a
For the reasons set forth in the preamble, the Board proposes to revise 12 CFR part 261a as follows:
Part 261a—privacy act regulation
Subpart a—general provisionsSec. 261a.1 261a.2 261a.3 261a.4
Subpart b—procedures for requests by individual to whom record pertainsSec. 261a.5 261a.6 261a.7 261a.8 261a.9 261a.10
Subpart c—disclosure to person other than individual to whom record pertainsSec. 261a.11 261a.12
Subpart d—exempt recordsSec. 261a.13
Subpart a—general provisions§ 261a.1
(a)Authority. This part is issued by the Board of Governors of the Federal Reserve System (the Board) pursuant to the Privacy Act of 1974 (5 U.S.C 552a).
(b)Purpose and scope. This part implements the provisions of the Privacy Act of 1974 (5 U.S.C. 552a) with regard to the maintenance, protection, disclosure, and amendment of records contained within systems of records maintained by the Board. It sets forth the procedures for requests for access to, or amendment of, records concerning individuals that are contained in systems of records maintained by the Board.§ 261a.2
For the purposes of this part, the following definitions apply:
(a)Business day means any day except Saturday, Sunday or a legal federal holiday.
(b)Designated system of records means a system of records maintained by the Board that has been published in the Federal Register pursuant to the requirements of 5 U.S.C. 552a(e).
(c)Guardian means the parent of a minor, or the legal guardian of any individual who has been declared to be incompetent due to physical or mental incapacity or age by a court of competent jurisdiction.
(d)Individual means a natural person who is either a citizen of the United States or an alien lawfully admitted for permanent residence.
(e)Maintain includes maintain, collect, use, disseminate, or control.
(f)Record means any item, collection, or grouping of information about an individual maintained by the Board that contains the individual's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint, voice print, or photograph.
(g)Routine use means, with respect to disclosure of a record, the use of such record for a purpose that is compatible with the purpose for which it was collected or created.
(h)System of records means a group of any records under the control of the Board from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.§ 261a.3
(a)Custodian of records. The Secretary of the Board is the official custodian of all records of the Board in the possession or control of the Board.
(b)Delegated authority of Secretary. With regard to this part, the Secretary of the Board is delegated the authority to—
(1) Respond to requests for access to, accounting of, or amendment of records contained in a system of records, except for such requests regarding systems of records maintained by the Board's Office of the Inspector General (OIG);
(2) Approve the publication of new systems of records and amend existing systems of records, except systems of records exempted pursuant to § 261a.13(b), (c) and (d);
(3) File the biennial reports required by the Privacy Act.
(c)Delegated authority of designee. Any action or determination required or permitted by this part to be done by the Secretary of the Board may be done by a responsible employee of the Board who has been duly designated for this purpose by the Secretary.
(d)Delegated authority of inspector general. With regard to systems of records maintained by the OIG, the Inspector General is delegated the authority to respond to requests for access or amendment.§ 261a.4
(a)Copies of records. Copies of records requested pursuant to § 261a.5 shall be provided at the same cost charged for duplication of records and/or production of computer output under the Board's Rules Regarding Availability of Information, 12 CFR 261.17.
(b)No fee. Documents will be furnished without charge where total charges are less than $5.
(c)Waiver of fees. No fees will be charged in connection with any request by an employee or former employees of the Board for access to information pertaining to that employee or former employee.
Subpart b—procedures for requests by individual to whom record pertains§ 261a.5
(a)Procedures for making request.
(1) Except as provided in paragraph (a)(2) of this section, any individual (or guardian of an individual) desiring to learn of the existence of, or to gain access to, his or her record in a designated system of records shall submit a request in writing to the Secretary of the Board, Board of Governors of the Federal Reserve System, 20th and Constitution Avenue, NW, Washington, DC 20551.
(2) A request by a current Board employee for that employee's personnel records may be made in person during regular business hours at the Human Resources Function of the Management Division, Board of Governors of the Federal Reserve System, 20th and Constitution Avenue, NW, Washington, DC 20551.
(3) Requests for information contained in a system of records maintained by the Board's OIG shall be submitted in writing to the Inspector General, Board of Governors of the Federal Reserve System, 20th and Constitution Avenue, N.W., Washington, D.C. 20551.
(b)Contents of request. A request made pursuant to paragraph (a) of this section shall include the following:
(1) A statement that it is made pursuant to the Privacy Act of 1974;
(2) The name of the system of records expected to contain the record requested or a concise description of such system of records;
(3) Information necessary to verify the identity of the requester pursuant to paragraph (c) of this section; and
(4) Any other information that may assist in the rapid identification of the record to which access is being requested (e.g., maiden name, dates of employment, etc.).
(c)Verification of identity. The Board may require proof of identity from a requester and reserves the right to determine the adequacy of such proof. In general, the following shall be considered adequate proof of identity:
(1) For a current Board employee, his or her Board identification card; or
(2) For an individual other than a current Board employee, either—
(i) Two forms of identification, one of which has a picture of the individual requesting access; or
(ii) A notarized statement attesting to the identity of the requester.
(d)Verification of identity not required. No verification of identity shall be required of individuals seeking access to records that are otherwise available to any person under the Freedom of Information Act, 5 U.S.C. 552.
(e)Request for accounting of previous disclosures. An individual may request an accounting of previous disclosures of records pertaining to such individual in a designated system of records as provided in 5 U.S.C. 552a(c).§ 261a.6
(a)Compliance with Freedom of Information Act. Every request made pursuant to § 261a.5 shall also be handled by the Board as a request for information pursuant to the Freedom of Information Act (5 U.S.C. 552), except that the time limits set forth in paragraph (b) of this section and the fees specified in § 261a.4 shall apply to such requests.
(b)Time limits. Every request made pursuant to § 261a.5 shall be acknowledged or, where practicable, substantially responded to within 20 business days from receipt of the request.
(c)Disclosure.(1) Information to be disclosed pursuant to this part, except for information maintained by the Board's OIG, shall be made available for inspection and copying during regular business hours at the Board's Freedom of Information Office, or upon request, shall be sent to the requester.
(2) Information to be disclosed that is maintained by the Board's OIG shall be made available for inspection and copying by the OIG.
(3) The requester may be accompanied in the inspection of information by a person of the requester's own choosing upon the requester's submission of a written and signed statement authorizing the presence of such person.
(d)Denial of request. A denial of a request made pursuant to § 261a.5 shall include a statement of the reason(s) for denial and the procedures for appealing the denial.§ 261a.7
Medical or psychological records requested pursuant to § 261a.5 shall be disclosed directly to the requester unless such disclosure could, in the judgment of the privacy officer, in consultation with the Board's physician or Employee Assistance Program counselor, have an adverse effect upon the requester. Upon such determination, the information shall be transmitted to a licensed physician or other appropriate representative named by the requester, who will disclose those records to the requester in a manner the physician or representative deems appropriate.§ 261a.8
(a)Procedures for making request.(1) An individual desiring to amend a record in a designated system of records that pertains to him or her shall submit a request in writing to the Secretary of the Board (or to the Inspector General for records in a system of records maintained by the OIG) in an envelope clearly marked “Privacy Act Amendment Request.”
(2) Each request for amendment of a record shall—
(i) Identify the system of records containing the record for which amendment is requested;
(ii) Specify the portion of that record requested to be amended; and
(iii) Describe the nature of and reasons for each requested amendment.
(3) Each request for amendment of a record shall be subject to verification of identity under the procedures set forth in § 261a.5(c), unless such verification has already been made in a related request for access or amendment.
(b)Burden of proof. The request for amendment of a record shall set forth the reasons the individual believes the record is not accurate, relevant, timely, or complete. The burden of proof for demonstrating the appropriateness of the requested amendment rests with the requester, and the requester shall provide relevant and convincing evidence in support of the request.§ 261a.9
(a)Time limits. The Board shall acknowledge a request for amendment of a record within 10 business days of receipt of the request. Such acknowledgment may request additional information necessary for a determination on the request for amendment. A determination on a request to amend a record shall be made promptly.
(b)Contents of response to request for amendment. The response to a request for amendment shall include the following:
(1) The decision to grant or deny, in whole or in part, the request for amendment; and
(2) If the request is denied:
(i) The reasons for denial of any portion of the request for amendment;
(ii) The requester's right to appeal any denial; and
(iii) The procedures for appealing the denial to the appropriate official.§ 261a.10
(a)Appeal. A requester may appeal a denial of a request made pursuant to § 261a.5 or § 261a.8 to the Board within 10 business days of issuance of notification of denial. The appeal shall—
(1) Be made in writing to the Secretary of the Board, with the words “PRIVACY ACT APPEAL” written prominently on the first page;
(2) Specify the background of the request; and
(3) Provide reasons why the initial denial is believed to be in error.
(b)Determination. The Board shall make a determination with respect to such appeal not later than 30 business days from its receipt, unless the time is extended for good cause shown.
(1) If the Board grants an appeal regarding a request for amendment, the Board shall take the necessary steps to amend the record, and, when appropriate and possible, notify prior recipients of the record of the Board's action.
(2) If the Board denies an appeal, the Board shall inform the requester of such determination, give a statement of the reasons therefor, and inform the requester of the right of judicial review of the determination.
(c)Statement of disagreement.(1) Upon receipt of a denial of an appeal regarding a request for amendment, the requester may file a concise statement of disagreement with the denial. Such statement shall be maintained with the record the requester sought to amend, and any disclosure of the record shall include a copy of the statement of disagreement.
(2) When practicable and appropriate, the Board shall provide a copy of the statement of disagreement to any person or other agency to whom the record was previously disclosed.
Subpart c—disclosure to person other than individual to whom record pertains§ 261a.11
No record contained in a designated system of records shall be disclosed to any person or agency without the prior written consent of the individual to whom the record pertains unless the disclosure is authorized by § 261a.12.§ 261a.12
The restrictions on disclosure in § 261a.11 do not apply to any disclosure—
(a) To those officers and employees of the Board who have a need for the record in the performance of their duties;
(b) That is required under the Freedom of Information Act (5 U.S.C. 552);
(c) For a routine use listed with respect to a designated system of records;
(d) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of title 13 of the United States Code;
(e) To a recipient who has provided the Board with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;
(f) To the National Archives of the United States as a record that has sufficient historical or other value to warrant its continued preservation by the United States government, or for evaluation by the administrator of General Services or his designee to determine whether the record has such value;
(g) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the Board specifying the particular portion desired and the law enforcement activity for which the record is sought;
(h) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual;
(i) To either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee;
(j) To the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office;
(k) Pursuant to the order of a court of competent jurisdiction; or
(l) To a consumer reporting agency in accordance with 31 U.S.C. 3711(e).
Subpart d—exempt records§ 261a.13
(a)Information compiled for civil action. Nothing in this part shall allow an individual access to any information compiled in reasonable anticipation of a civil action or proceeding.
(b)Law enforcement information. Pursuant to section (k)(2) of the Privacy Act of 1974 (5 U.S.C. 552a(k)(2)), the Board has deemed it necessary to exempt certain designated systems of records maintained by the Board from the requirements of the Privacy Act concerning access to accountings of disclosures and to records, maintenance of only relevant and necessary information in files, and certain publication provisions, respectively, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), and (f), and §§ 261a.5, 261a.7, and 261a.8. Accordingly, the following designated systems of records are exempt from these provisions, but only to the extent that they contain investigatory materials compiled for law enforcement purposes:
(1) BGFRS-1Recruiting and Placement Records
(2) BGFRS-4General Personnel Records
(3) BGFRS-5EEO Discrimination Complaint File
(4) BGFRS-9Consultant and Staff Associate File
(5) BGFRS-21Supervisory Tracking and Reference System
(6) BGFRS/OIG-1 OIGInvestigatory Records
(7) BGFRS-31Protective Information System
(8) BGFRS-32Visitor Log
(c)Confidential references. Pursuant to section (k)(5) of the Privacy Act of 1974 (5 U.S.C. 552a(k)(5)), the Board has deemed it necessary to exempt certain designated systems of records maintained by the Board from the requirements of the Privacy Act concerning access to accountings of disclosures and to records, maintenance of only relevant and necessary information in files, and certain publication provisions, respectively 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), and (f), and §§ 261a.5, 261a.7, and 261a.8. Accordingly, the following systems of records are exempt from these provisions, but only to the extent that they contain investigatory material compiled to determine an individual's suitability, eligibility, and qualifications for Board employment or access to classified information, and the disclosure of such material would reveal the identity of a source who furnished information to the Board under a promise of confidentiality.
(1) BGFRS-1Recruiting and Placement Records
(2) BGFRS-4General Personnel Records
(3) BGFRS-9Consultant and Staff Associate File
(4) BGFRS-10General File on Board Members
(5) BGFRS-11Official General Files
(6) BGFRS-15General Files of Federal Reserve Agents, Alternates and Representatives at Federal Reserve Banks
(7) BGFRS/OIG-2 OIGPersonnel Records
(8) BGFRS-25Multi-Rater Feedback Records
(d)Criminal law enforcement information. Pursuant to 5 U.S.C. 552a(j)(2), the Board has determined that portions of the OIG Investigatory Records (BGFRS/OIG-1) shall be exempt from any part of the Privacy Act (5 U.S.C. 552a), except the provisions regarding disclosure, the requirement to keep an accounting, certain publication requirements, certain requirements regarding the proper maintenance of systems of records, and the criminal penalties for violation of the Privacy Act, respectively, 5 U.S.C. 552a(b), (c)(1), and (2), (e)(4)(A) through (F), (e)(6), (e)(7), (e)(9), (e)(10), (e)(11) and (i). This designated system of records is maintained by the OIG, a Board component that performs as its principal function an activity pertaining to the enforcement of criminal laws. The exempt portions of the records consist of—
(1) Information compiled for the purpose of identifying individual criminal offenders and alleged offenders;
(2) Information compiled for the purpose of a criminal investigation, including reports of informants and investigators, and associated with an identifiable individual; or
(3) Reports identifiable to an individual compiled at any stage of the process of enforcement of the criminal laws from arrest or indictment through release from supervision.
By order of the Board of Governors of the Federal Reserve System, June 1, 2004.Robert deV. Frierson, Deputy Secretary of the Board.