United States Office of Information Management
Environmental Protection Information and Services
Agency Resources Management Division -
2190 - Privacy Act
Manual
1986 Edition
-------�
219tr
PRIVACY ACT MANUAL 1/28/86
CONTENTS OF CHAPTERS
CHAPTER CHAPTER
TITLES NUMBERS
POLICY AND RESPONSIBILITIES 1
PROCEDURES FOR CREATING, ALTERING, OR TERMINATING
A SYSTEM OF RECORDS 2
ACCESS AND AMENDMENT 3
PHYSICAL SAFEGUARDS 4
-------�
PRIVACY ACT MANUAL V28/86
CHAPTER 1 - POLICY AND RESPONSIBILITIES
Table of Contents
PARAGRAPH T>»T»»^B»T«
TITLES PARAGRAPH
TITLES NUMBERS .
Purpose .
Policy .*.'.'.'.*.* " j
scope !!!!!!!!!!!!!!!!!!!!!!!!! 3
Definitions !!!!!!!!!!!!!! " &
Legal Authority and Administrative Guidelines!!!!!!!!! •••••••
Basic Requirements of the Privacy Act g
Responsibilities !!
Penalties !!!!!!!!!!!! a
Existing Privacy Systems !!!!!!!!!!!!!!!!!!! 9
Other Pertinent EPA Directives... !!!!!!!!!!!!!!!!!!!!!!!! 10
FIGURE oror™,
TITLES PIGURE
NUMBERS
Definitions Applicable to the Privacy Act 1_1
Exceptions to the Privacy Act Prohibition Against Disclosure!! 1-2
EPA Systems of tecords .- m A f
-------�
2190
PRIVACY ACT MANUAL 1/28/86
EXCEPTIONS TO THE PRIVACY ACT PROHIBITION AGAINST DISCLOSURE
(See Chapter 1, paragraph 6g).
1. Internal Disclosures. The System Manager may make disclosures to officers
and employees of the Agency who have a need for the record in the performance of
their duties as determined by the System Manager. In some limited circumstances,
disclosures to EPA contractors may be considered internal disclosures. Employees
should consult with the Office of General Counsel if they have questions in
this area.
2. Disclosures Under the Freedom of Information Act. Disclosures may be made
when required by the Freedom of Information Act if there is a written Freedom of
Information Act request. However, when the Freedom of Information Act does not
require disclosure, but merely permits disclosure at the Agency's discretion, the
Privacy Act disclosure prohibition is applicable.
3. Routine Use. Disclosures may be made for a routine use as described and
published in the Federal Register notice describing the System of Records.
4. Bureau of the Census. Disclosures may be made to the Bureau of the Census
for purpose of planning or carrying out a census or survey or related activity.
5. Statistical Research/Reporting. Disclosures may be made to a recipient who
has provided the Agency with advance adequate written assurance that the record
will be used solely as a statistical research or reporting record, and that the
record is to be transferred in a form that is not individually identifiable.
6. Preservation of Records. Disclosure may be made to the National Archives of
the United States of a record which has sufficient historical or other value to
warrant its continued preservation by the United States Government, or for eval-
uation by the National Archives and Records Administration to determine whether
the record has such value.
7. Civil or Criminal Law Enforcement. Disclosures may be made to another agency
or to an instrumentality of any governmental jurisdiction within or under the
control of the United States for a civil or criminal law enforcement activity if
the activity is authorized by law, and if the head of the agency or instrumentality
has made a written request to the Agency specifying the particular portion of a
record desired and the law enforcement activity for which the record is sought.
8. Health or Safety. Disclosures may be made pursuant to a showing of compelling
circumstances affecting the health or safety of individuals if upon such disclosure
notification is transmitted to the last known address of such individual.
Figure 1-2/page 1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
9. Congressional Disclosures. Disclosures may be made to either House of Congress,
or, to the extent of matter within its jurisdiction, any connittee or subcomiittee
thereof, any joint conmittee of Congress or subconnittee of any such joint cormtittee.
This exception does not apply to disclosures to individual members of Congress with-
out consent of the individual.
10. General Accounting Office. Disclosures may be made to the General Accounting
Office for the purpose of carrying out the duties of that office.
11- Court Order. Disclosures may be made pursuant to the order of a court of
competent jurisdiction.
12. Debt Collection. Disclosure may be made to a consumer reporting agency in
accordance with Section 3(d) of the Federal Claims Collection Act of 1966 (31
U.S.C. 3701(a)(3)).
Figure 1-2/page 2
-------�
PRIVACY ACT MANUAL
2190
1/28/86
EPA SYSTEMS OF RECORDS
Following is a list of EPA documented Systems of
System No. and Name
EPA-1 - Payroll System
EPA-2 - Personnel Records
EPA-3 - Health Unit & Stress Lab Med Records
EPA-4 - Inspection Reports
EPA-5 - Personnel Security File
EPA-6 - Security Computer Program System
EPA-7 - Travel Voucher, Advance Cards &
Payee File System
EPA-8 - Confidential Statement of Employment
& Financial Interest
EP^_9 _ Freedom of Information Act File
•
EPA-10 - Parking Control File
EPA-11 - Terminated
EPA-12 - Terminated
EPA-13 - Time Accounting Information System
EPA-14 - Enforcement Case Support Expert
Resources Inventory System
Records:
Office
Payroll Accounts Office
Personnel Management Div.;
Local Personnel Officers
Personnel Management Div.
Office of Inspector General
Office of Inspector General
Office of Inspector General
Financial Management Div.
Office of General Counsel
Freedom of Information Offices;
Grants, Contracts and General
Admin. Div., OGC
Facilities & Support Services
Div.
Program Support Division,
Office of Pesticide Programs
Technical Support Branch,
Off. of Waste Prog. Enforcement
Figure 1-3/page 1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
CHAPTER 2 - PROCEDURES FOR CREATING,
ALTERING, OR TERMINATING A SYSTEM OF RECORDS
Table of Contents
PARAGRAPH PARAGRAPH
TITLES NUMBERS
Purpose 1
Responsibility 2
New System of Records 3
Significant Alteration of a System of Records 4
Documentation of New System or Significant Alteration of
Existing System 5
Requests for Waiver of OMB's Sixty Day Advance Notice Period 6
Minor Alterations to System of Records 7
Termination of System of Records 8
FIGURE FIGURE
TITLES NUMBERS
Documentation Instructions—New System and Major Alterations 2-1
Documentation Instructions—Termination of System 2-2
-------�
2190
PRIVACY ACT MANUAL 1/28/86
DOCUMENTATION INSTRUCTIONS' — NEW SYSTEMS AND MAJOR ALTERATIONS
Note: Complete documentation, consisting of both paper copy and floppy
disk, must be sent to the Chief, Information Management Branch
(PM-211-D), Information Management and Services Division, U.S.
Environmental Protection Agency, Washington, D.C. 20460.
1. Federal Register Notice. The Federal Register notice must be prepared in
accordance with the Federal Register Document Drafting Handbook and include the
signature element of the Assistant Administrator for Administration and Resources
Management. The following must be included in the notice:
a. System Name. Provide the name of the System of Records.
b. Security Classification. Identify the security classification of the
System of Records. (Primarily for use by the Defense Department.) If there is no
such classification, enter "none".
c. System Location. Specify each address at which the System is maintained.
Include'Headguarters and field locations and the address of contractors, if any,
who may maintain the System for EPA. If there are many locations, the list may
be added as an appendix.
d. Categories of Individuals in System. Describe the categories of indi-
viduals on whom records are maintained in sufficient detail to enable individuals
to determine if there is information on them in the System.
e. Categories of Records in System. Give a brief description of all of
the types of information in the System. For example, medical history, employment
history.
f. Authority for Maintenance of System. Cite the specific statute(s)
and/or Executive order(s) which authorize EPA to maintain the System.
g. Purpose(_s). State the reason(s) for creating the System and what the
System is designed to accomplish.
h. Routine Uses of Records Maintained in the System Including Categories of
Users and Purpose of Such Use. Describe each routine use which will be made of
the records, including the categories of users and the purpose of each use.
i. Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System.
Storage. List all media in which records in the System are maintained
(file folders, magnetic tape, microform, etc.). Briefly describe how
each median is stored.
Figure 2-1/page 1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
Retrievability. Describe how the records are indexed and retrieved.
Safeguards. Describe your security policies and the procedures taken
to prevent unauthorized disclosure of the records. Include the categories
of EPA employees to whom access will be limited.
Retention and Disposal. Indicate how long the EPA retains the records
in identifiable form. If the records are covered by a Records Control
Schedule, so state.
j. System Manager and Address. Give the title and complete business
address of the person responsible for the records. A contractor, consultant,
or anyone other than an EPA employee may not be designated as a System Manager.
k. Notification Procedure. Provide the procedural information necessary
for an individual to find out whether or not there are records about him/her in
the System. Provide the complete address of the System Manager to which requests
for notification may be presented. Do not include telephone numbers.
1. Record Access Procedures. Provide the procedural information necessary
for an individual to gain access to records about him/herself. Give name and
address of the System Manager whom the individuals should contact if they want to
gain access to any record about themselves in the System.
m. Contesting Records Procedures. Provide procedures for an individual to
contest the accuracy, relevancy, completeness and timeliness of records about
him/herself. Give name and address of the System Manager to be contacted.
n. Record Source Categories. Describe the sources from which the informa-
tion in the System is obtained. Sources include, but are not limited to, the
individual on whan the records are maintained, previous and current exployees,
other agencies, etc.
o. Systems Exempted from Certain Provisions of the Act. Under limited
circumstances, the Privacy Act permits agencies to exempt a System of Records
from compliance with certain provisions of the Act (see Chapter 3, par. 3 and
Figure 3-1). Identify the Privacy Act exemption(s), by subsection of the Act,
applicable to the System; the provisions of the Act being exempted and a brief
statement of the reason for invoking the exemption. Cite the Federal Register
issue and page number where the proposed rule creating the exemption was published.
If no exemptions are applicable, enter "none".
(NOTE: Attach a completed and signed Federal Register Typesetting Reguest,
EPA Form 2340-15, to the Federal Register notice. This form is available
through normal supply channels).
2. Narrative Report for OMB. This report, normally not more than two pages, must:
a. Describe the purpose of the System of Records.
b. Identify the authority under which the System of Records is to be
maintained.
Figure 2-1/page 2
-------�
2190
PRIVACY ACT MANUAL 1/28/86
b. Compelling circumstances for which a waiver request would be in the
public interest include the following examples: (1) the health and safety of
individuals are at serious risk, (2) the statute or Executive order authorizing
the program provides a specific date for compliance, (3) there would be serious
harm to a class of beneficiaries who are proposed to be included in the System.
7. MINOR ALTERATIONS TO SYSTEM OF RECORDS. Alterations that do not meet the
criteria of par. 4 above for significantly altered System of Records require
only the publication in the Federal Register of a revised notice. The thirty-
day public comment period and sixty-day advance notice to OMB are not required.
A draft notice is to be sent to the Chief, Information Management Branch, IMSD.
8. TERMINATION OF SYSTEM OF RECORDS. A System of Records is considered to be
terminated whenever the information is no longer accessed by individuals' names
or other identifiers, or whenever it is consolidated with another System of
Records. Terminating a System may involve the physical destruction of records;
it may involve purging the System of individual identifiers and maintaining the
data in another form, such as statistical data; and it may involve altering the
manner in which the records are accessed so that records are no longer accessed
by the name of the subject individuals or other personal identifiers. Because
records retired to a Federal Records Center (FRC) are still under the control
of EPA, the act of retiring an inactive System to the FRC does not in itself
constitute termination of that System. See Figure 2-2 for documentation guide-
lines.
2-3
-------�
2190
PRIVACY ACT MANUAL 1/28/86
c. Ctescribe briefly the steps the Agency has taken to minimize the risk
of unauthorized access to the System, and the higher or lower risk alternatives
which the Agency considered.
3- Privacy Act Statement. This statement must be in writing and must inform
the individual of the authority for collecting the information, the purpose
for which the information is being collected on him/her and the routine uses
which will be made of the information. The statement must also state whether
furnishing information is voluntary or mandatory and explain what the conse-
guences will be if an individual does not agree to furnish the information.
Figure 2-1/page 3
-------�
Sample Federal Register Notice -
New System
ENVIRONMENTAL PROTECTION
AGENCY-
tOA-FRL-275a-2)
Privacy Act of 1974; Proposed New
System of Records
AGENCY: Environmental Protection
Agency.
ACTION: Privacy Act of 1974. Proposed
new system of records.
SUMMARY: As required by law (5 L'.S.C.
552a) the U.S. Environmental Protection
Agency is publishing for comment a new
system of records that it is proposing lo
maintain. The proposed system is
"Enforcement Case Support Expert
Resources Inventory System." Agency
enforcement personnel will use the
records to aid in the identification and
selection of individuals with appropriate
expertise and qualifications to serve
either as expert consultants or as expert
witnesses in connection with hazardous
waste enforcement cases and in
maintaining a record of use of expert on
enforcement cases.
EFFECTIVE DATE: This system shall
become effective as proposed, without
further notice thirty days after
publication unless comments are
received which would result in contrary
determination.
FOR FURTHER INFORMATION CONTACT
Mike Kosakowski. Chief. TechnicaJ
Support Branch. Office of Waste
I'.-ograms Enforcfc:r.cr.! (WH-527). U.S.
Environmental Protection Agency. 401 M
Street, S.W., Washington. D.C 20460.
Telephone: 202-382-5611.
Howard M. Mesaner.
Assistant Adnir.istrctor for Administration
ctr.d Resources Management-
EPA-15
SYSTEM NAME:
Enforcement Case Support Expert
Resources Inventory System—EPA-14.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Office of Waste Programs
Enforcement (WH-527). U.S.
Environmental Protection Agency. 401 M
Street. SW.. Washington. D.C. 20460.
CATEGORIES OF INDIVIDUAL IN SYSTO*
Individuals included in the system are
experts in scientific and technical fields
2190
1/28/86
who KJVK appropriiite expertise und
sses^m
connection with hazardous waste
enforcement cases and who have n^r-ed
to be included in the s;. stem. .
CAT!GOBIES Of RECORDS iH SYSTEM:
Basic input to the system is selected
information from a professional resjrr.e
;ind supporting documents supplied by
the individual which contain such u-ita
as name, cur.uct poir.rs js-.d telephone
numbers, educational br.tKground.
disciplines, specialty areas, specific
subject knowledge, research ir.teros.s.
specific chemical knowledge.
membership in technical societies and
working groups, awards and honors,
consulting experience, background in
litigation, professional his'ory (with
periods of employment titles, narr.es of
employers, positions held, descriptions
of work), and similar information.
Certain of the information is entered in
summary form. Other input into the
system consists of records pertaining to
U S EPA's proposed and actual use of
the individual as an expert consultant or
an expert witness for enforcement
cases.
AUTHORITY FOB MAINTENANCE Of SYSTEM:
42 U.S.C. 9604. 9609. 9607
(Enforcement authority under
Comprehensive Environmental
Response. Compensation and Liability
Act)
42 U.S.C. 9628. 9673 (Enforcement
authority under Resource Conservation
and Recovery Act)
PURPOSE(S):
EPA enforcement personnel will use
the records to aid in the ide;.t-fi«:ation
and selection of potential expert
consultants and expert witnesses for
hazardous waste enforcement cases and
in maintaining a record of use experts
on cases.
HOUT1NE USES OF RECORDS MA.HTAINHO IN
THl SVST6M INCLUWNO CATEGORIES Of USERS
AND WRJKJSE3 OF SVC* USE
1. Records of individuals will be
disclosed on a case-by-case basis to the
U.S. Department of Justice P-J.S. DO])
attorneys who are members of the
negotiation/litigation team for the
purpose of enabling their participation
in the case and permitting their
assistance in the selection of expert
consultants and expert witnesses.
2. Records of individuals in the system
will bu disclosed on a case-by-case
basis to other scientific and technical
experts used by the U.S. EPA to
familiarize them with experts for use on
Ihe case or to obtain their assistance in
9-1 /r,
-------�
2190
1/28/86
ic-:r,:ify:r:y possible exjier! r..ir.si.!; :"' =
?r.d evpi.-rt witnesses.
3. R-.coi J;; in the sys!.;::i .-r.-r. ';•:
disclosed lo OVV!'£ enforce"'*."!!
conlrcrton- for the purpo;p of
subcontracting e.vperii i'loniif.'.-:: .r. ;he
systnrr. nr.d for the purpose of updating
or otherwise refining records in the
systerr.. Dy the terms of their contract.
enforc.er;-.°nt contractors are required to
maintjin the information in confi-jL.T."<;
and in acco.-Jance with the
T^'.;'C:;•-. — "-(s of the P:iv,i"y Ac '..
4. Records in the svste.i: .-v.u} be
disclosed to the U.S. DOJ when reldtr.i
to litigjtion or anticipa'ed litigation
imokir.g the iccords or the subject
mat'er of the records.
5. A'so see Prefatory Si.t'.'-rruT.t of
General Routine Uses! -11 FR WW
(September 15. 1976).
POLICIES AND PRACTICES FOR STORING,
fiETftlCVIMS, ACCESSING, Rf TAINIHC ANO
DISPOSING OF RECORDS IN THE SVSTEM:
STORAGE:
Various portions of the system are
maintained on computer disks, word-
processor disks, and in hard-copy files.
RETfllEVABILrrV:
Information is retrieved from the
computer database and word-processor
format by addressing selected data
items in the system which cross-
reference to an individual's name. The
n.".me is '.isrri to rr.ar.ually access
materials in alphabetized hard-copy
files.
SAFEGUARDS:
Only authorized individuals have
access to the system and it is
maintained under a c!assii't:..:)|:iin of
"Er.i'.ircL'rr.enl Confl-J-.'P.sifll." J'.;-rorJs cr.
the computer disks are protected from
access ky a unique identification code.
Hard-copy files and word-processor
disks, when not in use or in the
possession of an authorized inc'.vidujl.
are m;!in!.lined in a locked cabinet. Eoth
the compu'.sr and cabinet are in rooms
protected by door locks in a b'.iiMing
with restricted access.
RETENTION AND DISPOSAL."
Records are maintained ar.d
periodically updated until individuals
identified in the system request that
their own record be dclclnd. Other
reasons for deletion will be Jt the
discretion of the E\p-.v: Resij.'.-x.js
coordinator and the System M.inagor.
SYSTEM MANACCR{S) AND ADDRESS:
Chief. Technical Support r.r.i-i h.
Office of \Vsste Pi.'grarr-.s Fn'ort err.e.".t
(WH-527). U.S. Environmental
'.-: A.yrcy. -JOT M Strn^t. S\V..
""
NOTIFICATION PROCEDURES:
Ip.^uirics should be addressed to l'".e
S\ stem M;:n.iyer. Additional
ip.fo;rr.j;ior. .ind requ'iements will be
pro1, ideci.
RECORD ACCESS PROCEDURES:
Ir:L]u:rit>s should be addressed '-.-•> the
Systorr. Mar..iger. Additional
inforrr:Jtinn ;;rid requirements will b>>
pro\ idcd.
CONTESTING RECORDS PROCEDURES:
Inquiries should be addressed to !hi>
System Manager. The record and the
specific information being contested
should be identified. The corrects, e
action souyht and supporting
justification for the correction sho-jrJ be
provided by the individual. Additional
information and requirements will be
provided as necessary.
RECORD SOUACC CATEGORIES:
1. Records furnished by individuals
identified in the system. Information
may be entered into the system in
interpretive and summary form.
2. Records developed by U.S. EPA
personnel centering the proposed and
actual use of expert consultants and
expert witnesses.
SYSTEMS EXEMPTED FROM CERTAIN
PROVISIONS Of THE ACT
None.
Figure 2-1/page 5
-------�
2190
PRIVACY ACT MANUAL 1/28/86
DOCUMENTIATION INSTRUCTIONS — TERMINATION OF SYSTEM
Note: Documentation, consisting of both paper copy and floppy disk, must be
sent to the Chief, Information Management Branch (PM-211-D), Informa-
tion Management and Services Division, U.S. Environmental Protection
Agency, Washington, D.C. 20460.
Whenever one of the conditions in Chapter 2, par. 8, occur, actual termination
of a System of Records is accomplished, and a Federal Register notice is required.
A draft Federal Register notice must be sent to the Chief, Information Management
Branch, IMSD. The notice must describe the following:
1. System name.
2. Original Federal Register publication citation (volume, page number,
and date of publication).
3. Reason for termination.
4. Disposition of records.
(See Figure 2-2/page 2 for sample termination notice).
Figure 2-2/page 1
-------�
2190
1/28/86
Sample Federal Register Notice -
Termination
Privacy Act of 1974, Notification of
Deletion of System of Record*
SUMMARY: The Environmental Protection
Agency is deleting a system of records.
Statements of Known Financial Interests
(EPA-12). that is no longer in use.
DATE Effective July 29.1885.
KM FURTHER INFORMATION CONTACT:
Mr. Donnell Nantkes, Grants, Contracts.
and General Law Division. Office of
General Counsel (LE-132G).
Washington. D.C. 20460, telephone (202)
382-4550.
sumimcNTAMV INFORMATION: On
September 8.1978, and pursuant to the
provisions of the Privacy Act of 1974.
there was published in the Federal
Register (43 FR 40057) a notice of the
system of records. Statements of Known
Financial Interests (EPA-12). Section
207(c) of the Ethics in Government Act
(Pub. L 95-521) superseded the
requirement for this report. Accordingly.
this notice formally deletes this system
of records.
Dated: July 22. 1985.
Seymour D. Greenstone.
Acting Assistant Administrator for
Administration and Resources Management,
Figure 2-2/page 2
-------�
2190
PRIVACY ACT MANUAL 1/28/86
CHAPTER 3 - ACCESS AND AMENDMENT
Table of Contents
PARAGRAPH PARAGRAPH
TITLES NUMBERS
Purpose 1
Responsibility 2
Exemptions 3
Handling Requests for Access 4
Handling Requests for Correction or Amendment 5
Classifying and Reclassifying Privacy Act Records 6
FIGURE FIGURE
TITLES NUMBERS
Exempted Records 3-1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
CHAPTER 3—ACCESS AND AMENDMENT
1. PURPOSE. The purpose of this Chapter is to describe procedures and responsi-
bilities for responding to a request to access or amend information in a System of
Records.
2. ' RESPONSIBILITY. System Managers are responsible for making initial decisions
whether to release, amend or correct an individual's records, and whether to extend
the date for mailing initial determinations under the Privacy Act.
3. EXEMPTIONS. The Agency may exempt some Systems of Records from certain
Privacy Act requirements, including the requirements that an individual be granted
access to and be permitted to amend records pertaining to him/her. The exemption
must be established by formal rulemaking procedures, a Federal Register notice and
an opportunity for public comment. These exemptions primarily involve records
gathered in the course of investigations. A listing of the kinds of records which
may be exempted by EPA from compliance with access provisions of the Privacy Act is
found in Figure 3-1.
4. HANDLING REQUESTS FOR ACCESS.
a. Receipt and Acknowledgement.
(1) An individual who wishes to know if any System of Records maintained
by EPA contains information pertaining to him/her or wishes to request access to
the record, must submit a written Privacy Act request to the System Manager. The
request must include sufficient data to allow verification of his/her identity.
If the situation warrants it, the System Manager may require the individual to submit
a signed and notarized statement indicating that he/she is the individual to whom the
records pertain and that the individual understands that it is a misdemeanor punish-
able by a fine up to $5,000 to knowingly and willfully seek or obtain records about
another individual under false pretenses.
(2) Privacy Act requests will be date stamped and logged in as "Privacy
Act requests" by the System Manager.
(3) Privacy Act requests must be acknowledged by the System Manager
within ten working days of receipt. Whenever practicable, the acknowledgement
must indicate whether access will be granted. If access is granted, it should be
provided within thirty working days of the date the request was received in the
Agency.
(4) If the System Manager is unable to meet the thirty working day deadline,
he/she will inform the individual stating reasons for the delay and an estimate
of when access will be granted.
b. Means of Access. An individual may inspect the records at the System
location during specified business hours determined by the System Manager or
request that a copy be mailed.
3-1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
c. Granting Access to Records. If access is qranted, it should be provided
within thirty working days of the date the request was received. The individual
must be notified of the decision and informed of the following:
(1) If inspection rather than mailing copies is requested:
(a) Where the records may be inspected,
(b) The earliest date (generally no more than thirty working days
from date received) the records may be inspected and the times the records will
remain open for inspection, and
(c) In the case of an individual who requests that he/she be accom-
panied by another person during a personal inspection of records, that he/she may
be so accompanied if he/she submits a written statement authorizing disclosure in
the presence of the other person.
(2) If the individual wishes copies sent by mail, the estimated date
(generally no more than thirty working days from the date first received by the
System Manager) that the record and estimate of fees, if any, will be mailed.
d. Access to Medical Records. When the EPA receives a request from an
individual for access to or a copy of his/her medical record, the System Manager
must provide the record unless the System Manager has determined that disclosure
will be harmful to the individual. If such determination is made, the System
Manager must offer to send the records to a physician designated by the individual.
e. Fees. There is no charge to the individual for the first copy of a
record or portion of a record on that individual. Charge for reproducing additional
copies (paper copy of paper original) is twenty cents per page. Reproducing photo-
graphs, micoforms, magnetic tape, etc., is at actual cost to EPA. Fees can only
be charged for copies. The cost of searching for and reviewing records is
excluded.
f. Procedures for Denying Access. If the System Manager determines that all
or part of the requested records will not be provided, he/she must send a denial
letter that includes the following:
(1) Reason for denial of access, including any Privacy Act exemption
relied upon to deny access and the citation in 40 CFR 16 which contains the
published exemption.
(2) A statement that the individual has the right to appeal the denial
by writing to the EPA Privacy Appeals Officer (General Counsel)(LE-130), U.S.
Environmental Protection Agency, Washington, D.C. 20460.
3-2
-------�
&EPA TRANSMITTAL
CLASSIFICATION NO.: 2190
APPROVAL DATE: 1/28/86
AOORI EE
PRIVACY ACT MANUAL
1. PURPOSE. Tnis T>:an snittal issues a new EPA Privacy Act
Manual.
2. EXPLANATION. This Manual establishes policies and
proceduresfor protecting the privacy of individuals who are
identified in the Environmental Protection Agency informa-
tion systems.
3. FILING INSTRUCTIONS. Post receipt of Transmittal on
Checklist in front of Manual and file the attached in a
three-ring binder.
Jirecytor
Manag'ement and Organization Division
ORIGINATOR: information Management and Services Division/Office
of Information Resources Management
EPA Form 131&-1i (Ri~. 7-S3) REPLACES EPA FORMS 1315-1A AND THE PREVIOUS EDITION OF 1315-12.
-------�
2190
PRIVACY ACT MANUAL 1/28/86
q. Procedures on Appeal from Initial Denial for Access.
(1) The Privacy Appeals Officer must make an appeal determination within
ten working days of receipt of the appeal.
(2) If on administrative appeal, the initial denial is not upheld, the
Privacy Appeals Officer will inform the individual in writing that the requested
records will be forthcoming.
(3) If the initial denial is supported in whole or part, the Privacy
Appeals Officer must notify the individual in writing of (1) the decision to
uphold the initial denial and (2) the provision for judicial review under section
552a(q)(l) of the Privacy Act.
5. HANDLING REQUESTS FOR CORRECTION OR AMENDMENT.
a. An individual may request correction or amendment of any record pertaininq
to him/her in a System of Records maintained by EPA by submitting, in writinq,
the following:
(1) The name of the individual making the request.
(2) The name of the System, as described in the Federal Register, if
known.
(3) A description of the correction or amendment requested.
(4) Any additional information as specified in the Federal Register
notice or by the System Manaqer at the time the request is received.
b. Within ten working days of receiving a request, the System Manager must
acknowledge the request. Within thirty working days, he/she must take one of the
following actions:
(1) Make the correction, deletion, or addition; advise the individual of
the determination to do so; notify prior recipients outside EPA of the amendment
in accordance with the accounting requirements of the Privacy Act and make a notation
of the occurrence and substance of the correction/amendment in the accountinq (see
Chap. 1, par 6h); or
(2) Inform the individual that the request is denied, the reason for
denial, and that he/she can appeal in writinq to the Privacy Appeals Officer
(General Counsel). (See par 5d).
3-3
-------�
2190
PRIVACY ACT MANUAL 1/28/86
c. If the System Manager is unable to comply with par. 5b 1 and 2, above/
within thirty working days of receipt of the request, he/she will inform the
individual of that fact, the reasons for the delay and provide an estimate of
when a determination will be reached.
d. Procedures on Appeal from Initial Denial for Amendment.
(1) If, on administrative appeal, the initial denial is reversed, the
Privacy Appeals Officer shall inforn the individual and System Manager in
writing that the record or a portion of the record will be amended. The System
Manager shall make such amendment, notify prior recipients of the record outside
EPA of the amendment in accordance with the accounting requirements of the Privacy
Act, and make a notation of the occurrence and substance of the amendment in the
accounting. (See Chap. 1, par 6h.)
(2) If the denial is upheld in whole or in part, the Privacy Appeals
Officer will inform the individual:
(a) Of the determination and its basis.
(b) Of the individual's right to file a concise statement of reasons
for disagreeing with EPA's position and the procedures for doing so.
(c) That such statement of disagreement will be made available with
any later disclosures of the record, together with EPA's statement, if any,
summarizing its refusal, to amend the record.
(d) That prior recipients of the disputed record will be provided
with the statement described in par. 5d(2)(c) above. (The statement must be
provided to prior recipients only where an accounting of disclosures is required
to be maintained by section 552a(e)(3) of the Act.)
(e) Of his/her right to seek judicial review under Section 552a(g)
of the Privacy Act.
(3) The Privacy Appeals Officer will make a final determination on appeals
for correction or amendment not later than thirty working days from the date on
which the individual requests the review, unless, for good cause, he/she extends
the period and notifies the individual. This extension should be utilized only
in exceptional circumstances.
6. CLASSIFYING AND RECLASSIFYING PRIVACY ACT RECORDS. No document or record may
be classified or reclassified as national security information under Executive
order 12356, National Security Information, once a request for the document under
the Privacy Act has been received unless specifically authorized by the Administrator.
3-4
-------�
2190
PRIVACY ACT MANUAL 1/28/86
EXEMPTED RECORDS
(See Chapter 3, paragraph 3).
1. General Exemptions. Section 552a(j) of the Privacy Act permits an agency to
exempt a System of Records from compliance with certain provisions of the Act if
the information is maintained by a component of the Aqency whose principal func-
tion is criminal law enforcement and if the information consists of (a) information
compiled for the purpose of identifying alleged offenders, (b) criminal investi-
gative information including reports of informants and investigators, and is
associated with identifiable individuals, or (c) reports identifiable to an indi-
vidual compiled at any stage of the process of enforcement of the criminal laws.
a. EPA Privacy Act systems which meet the requirement of §552a(j) may be
exempted from several Privacy Act requirements, including the requirement that:
(1) The accounting of prior disclosures be made available to the indi-
vidual to whom the record pertains (§552a(c)(3))
(2) Prior recipients of a record in the System be informed of any correc-
tion or notation of dispute with respect to the record (§552a(c)(4))
(3) The Agency maintain in its Systems of Records information relevant and -
necessary to accomplish an Agency purpose (§552a(e)(1))
(4) The Agency collect information, to the greatest extent practicable,
from the individual to whom the record pertains (§552a(e)(2))
(5) The Agency furnish the individual to whom the record pertains a
written Privacy Act statement at the time information is collected from the individual
(§552a(e)(3))
2. Specific Exemptions. Section 552a(k) of the Privacy Act also permits an
agency to exempt a System of Records from compliance with certain provisions of
the Act if the information (a) relates to national defense or foreign policy and
is properly classified, (b) is investigatory and compiled for law enforcement
purposes, other than material covered by the general exemptions, (c) pertains to
protection of the President, (d) is required by statute to be maintained and used
as a statistical record only, (e) is investigatory and used for employee or
contractor suitability determinations, (f) is Federal service exam or test materials,
or (g) is armed services promotion evaluation materials.
a. EPA Privacy Systems which meet the requirement of §552a(k) may be exempted
from several Privacy Act requirements, including the requirement that:
(1) The accounting of prior disclosures be made available to the individual
o whom the record pertains ($552a(c)(3))
Figure 3-1/page 1
-------�
PRIVACY ACT MANUAL
their record's u£°
relevant
uals to access i
219.Q
1/28/86
a°C— tO thelr records *"d •—
°f te°°rtS "^ "fonnation
an Agency purpose (§552a(e) (1) )
the
.*es not authorize Individ-
Figure 3-1/page 2
-------�
2190,
PRIVACY ACT MANUAL 1/28/86
CHAPTER 4 - PHYSICAL SAFEGUARDS
Table of Contents
PARAGRAPH PARAGRAPH
TITLES NUMBERS
Purpose 1
Policy 2
Protection of Privacy Act Records 3
Transfer/Destruction of Privacy Act Records 4
-------�
2190
PRIVACY ACT MANUAL 1/28/86
CHAPTER 4—PHYSICAL SAFEGUARDS
1. PURPOSE. This Chapter prescribes policy and procedures regarding the
physical safeguards of information within EPA which has been identified as
being subject to the Privacy Act of 1974.
2. POLICY. It is EPA policy that all privacy information be safeguarded in
accordance with the requirements of the Privacy Act, the applicable Federal
Register notice for the System, the Security Volume, FSS Manual, Part III,
Chapter 13, and the procedures outlined in this Chapter.
3. PROTECTION OF PRIVACY ACT RECORDS.
a. Handling.
(1) Only EPA employees who require access to Privacy Act records
in the performance of their official duties shall be permitted to review such
documents.
(2) Privacy Act records, while in use, shall be controlled at all
times and never left in an unattended office.
(3) Internal distribution within the Agency shall be by hand-
carrying or transmitted within a sealed envelope and the intended recipient
properly identified on the envelope. In addition, the envelope should be
annotated "To be opened by addresssee only," or a similar notation.
b. Storage. All Privacy Act records shall be stored as outlined in the
current Federal Register notice for that System of Records. Guidelines for
storinq existina and future Systems, are outlined below:
(1) Within a keylocked cabinet within a keylocked room.
(2) When the office configuration does not permit a keylocked
room, the storage cabinet should have a bar and a three positioned changeable
combination padlock.
(3) Within a security cabinet with a built-in three positioned
changeable combination lock.
(4) Any other manner authorized by the Chief, General Services
Branch, Facilities and Support Services Division.
4-1
-------�
PRIVACY ACT MANUAL /0 _
1/28/86
4. TRANSFER/DESTRUCTION OF PRIVACY ACT RECORDS
test™ction' "he" authorized by EPA Schedules, must be by shreddina or
T ?, metha? that makes the data retrievable. (The SecSltt^nd
re available foc assistance concerning the proper
4-2
-------�
2190
PRIVACY ACT MANUAL 1/28/86
DEFINITIONS APPLICABLE
TO THE PRIVACY ACT
The following definitions are applicable to this Manual:
1. "Access" means availability of a record to a subject individual.
2. "Agency" means the U.S. Environmental Protection Agency.
3. "Disclosure" means the availability or release of a record to anyone other
than the subject individual.
4. "Individual" means a citizen of the U.S. or an alien lawfully admitted for
permanent residence. It does not include businesses or corporations and, in
certain circumstances, may not include sole proprietorships, partnerships, or
persons acting in a business capacity identified by the name of one or more persons.
5. "Maintain" means to collect, use, or disseminate when used in connection
with the term "record"; and, to have control over or responsibility for a System
of Records when used in connection with the term "System of Records".
6. "Personal identifier" is any individual number, symbol, or other identifying
designation assigned to an individual but not a name, number, symbol, or other
identifying designation that identifies a product, establishment, or action.
7. "Record" means any collection or grouping of information about an indi-
vidual that is maintained by the Agency, including but not limited to the indi-
vidual's education, financial transactions, medical history, and criminal or
employment history and that contains his/her name, or an identifying number,
symbol, or other identifying particular assigned to the individual, such as a
finger or voice print or photograph.
8. "Routine use" means, with respect to the disclosure of a record to a
person or agency other than EPA, the use of a record for a purpose which is
compatible with the purpose for which the record was collected. It includes
disclosures required to be made by statute other than the Freedom of Informa-
tion Act, 5 U.S.C. 552. It does not include other disclosures which are permitted
to be made without the consent of the subject individual pursuant to Section
552a(b) of the Privacy Act, such as disclosures to EPA employees who have
official need for the record, to the Bureau of the Census, to the General
Accounting Office or to the Congress.
9. "Subject individual" is the individual to whom a record pertains.
10. "System Manager" is the EPA employee designated as the responsible manager of a
System of Records.
Figure 1-1/paqe 1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
11. "System of Records" means any group of records under the control of the
Agency from which information is retrieved by a personal identifier such as the
name of the individual, or a number, symbol, or other unique identifier assigned
to the individual. Single Agency records or groups of records which are not
retrieved by a personal identifier are not part of a System of Records. Uncir-
culated personal records maintained by individual employees of the Agency which
are prepared, maintained, or discarded at the discretion of the employee and
which are not subject to the Federal Records Act, 44 U.S.C. 2901, do not constitute
.a System of Records; provided that such personal papers are not used by the
employee or the Agency to make any determination concerning the rights, benefits,
or privileges of individuals, and are not incorporated into an existing System
of Records. A System of Records comes under the provisions of the Privacy Act.
Figure 1-I/page 2
-------�
2190
PRIVACY ACT MANUAL • 1/28/86
CHATTER 1 - POLICY AND RESPONSIBILITIES
1. PURPOSE. This Manual establishes policy and procedures for protecting the
privacy of individuals who are identified in the Environmental Protection
Agency's information systems and informs Agency employees and officials of
their rights and responsibilities under the Privacy Act (5 U.S.C. 552a). It
supplements the EPA regulations in Part 16, Title 40, Code of Federal Regula-
tions (CFR).
2. POLICY. The Agency will safeguard personal privacy in its collection,
maintenance, use, and dissemination of information about individuals and make
such information available to the individual in accordance with the require-
ments of the Privacy Act.
3. SCOPE. This Manual applies to any records under the control of the Agency
from which information on a subject individual is retrieved by a personal
identifier assigned to the individual. The identifier may be the name of the
individual, a number, a symbol, or any other specific retriever assigned to
such individual. This Manual applies to such records maintained by the Agency
in-house or maintained by a contractor or grantee on behalf of the Agency to
accomplish an Agency function.
4. DEFINITIONS. Definitions applicable to this Manual are located at Figure
1-1, Definitions Applicable to the Privacy Act.
5. LEGAL AUTHORITY AND ADMINISTRATIVE GUIDELINES. The provisions of this
Manual are based on these authorities:
a. The Privacy Act of 1974, 5 U.S.C. 552a, as amended.
b. OMB Circular No. A-108 (as amended), Responsibilities for the Maintenance
of Records About Individuals by Federal Agencies.
c. OMB's Privacy Act Implementing Guidelines published at 40 Federal
Register 28948 and at 49 Federal Register 12338.
d. EPA's Privacy Act Regulations published at 40 CFR Part 16.
6. BASIC REQUIREMENTS OF THE PRIVACY ACT. The basic requirements of the
Privacy Act are summarized below:
a. At least sixty days prior to creation of a new System of Records or
significant alteration to an existing System, the Agency must submit documentation
to OMB and the Congress, and publish a notice of the System in the Federal
Register. (See Chapter 2 for details).
1-1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
.b* Bjch time the Aqency creates a new System of Records or requests that
an individual provide his/her social security number, the System Manager must
provide the individual with a written "privacy act statement." The statement
will inform the individual of the legal authority for collecting the informa-
tion; whether disclosure of such information by the individual is mandatory or
voluntary; the purpose for which the information is being collected and the
routine uses which may be made of the information; and the effect on the indi-
vidual if the individual does not provide the information.
m,,ct-C^ T°T Ilhe.q5e^teSt 6Xtent Practicable, information about an individual
must be collected directly from the individual if the information may be used
to make decisions with respect to the individual's rights, benefits, and privi-
leges under Federal programs. ' fnvi
m,,^d(L ^ information that the ^ency collects and maintains about individuals
must be relevant and necessary to the accomplishment of the Agency's purpose as
required by statute or Executive order. The office concerned must establish
the relevancy of and need for the information, as well as the authority to
COXXS
lt»
** J!' ^ inf°rmation that is maintained in a System of Records must be kept
to ' CUrrent' and COTPlete aS 1S P°SSible t0 aSSUre
.. from a subject individual, must notify the
that it is maintaining a record on him/her and must grant the indi-
pSS 2 P6 re°?rd Unl6SS the **>** has Pushed a rule exempting the
of Records from this requirement. In addition, the Aqency must amend
such record upon request, unless the Agency has published a rule exempting the
System from this requirement, whenever the subject individual proves that the
record is not accurate, relevant, current, or complete. If the Aqency does not
individ^?Sof >°r aTend,an individual's record upon request, it must inform the
individual of its refusal to grant access to or amend such record and advise him/her
ot cne appeal rights. (See Chapter 2 and 3 for details). nim/ner
n mUSt n0t disclose information from records maintained in a
, of . ^cord_s ' fc° anv Person or agency, except with the written consent of the
°H ^ 6 reC^ pertains' T**™ are, however, twelve exceptions
disclosures without consent of the individual. They are listed in
5°^.disclosures to EPA officials and employees with an official
£°_know and disclosures required to be made under the Freedom of Informa-
Act, an accounting of the disclosures that are made from a System of
1-2
-------�
2190
PRIVACY ACT MANUAL ' 1/28/86
Records must be maintained by the System Manaqer. Each accounting must include
the date, nature, and purpose of the disclosure, and the name and address of
the person or agency to whom the disclosure was made. The accounting must be
retained for the life of the record or for five years after disclosure, which-
ever is longer.
i. Each year, at the call of OMB, the Information Management Branch, IMSD,
must prepare and submit a report of Agency activities under the Privacy Act.
7. RESPONSIBILITIES.
a. Assistant Administrators, Inspector General, General Counsel, Associate
Administrators, Regional Administrators, Laboratory Directors, and Staff Office
Directors. These officials are responsible for implementing the Privacy Act
and the requirements specified in this Manual within their respective areas.
They are responsible for designating an appropriate EPA employee to serve as
System Manager for an existing or proposed System of Records.
b. Director, Information Management and Services Division, IMSD, Office
of Information Resources Management!This individual provides overall manage-
ment and policy guidance. The Chief, Information Management Branch, IMSD, is
the Privacy Policy Officer and is responsible for policy, procedures and over-
sight of the Act. He/she administers activities related to establishment,
alteration or termination of Systems.
c. General Counsel. The General Counsel is the EPA Privacy Appeals Officer
and is responsibile for interpreting 'the Act, reviewing Privacy Act notices,
regulations, policy statements and related documents for legal form and sub-
stance and deciding all written appeals of negative determinations.
d. Director, Personnel Management Division. The Director, Personnel
Management Division, is responsible for reviewing proposed or altered systems
for personnel management implications.
e. Managers and Supervisors. Managers and supervisors who maintain records
subject to the Privacy Act are responsible for implementing the provisions of
this Manual -within their respective areas.
f. System Manager. The EPA employee responsible for the application of
approved Privacy Act policies and procedures relating to an existing or proposed
System of Records and, when appropriate, implementing additional practices and
procedures to cover special conditions or situations that may arise within the
System of Records. In addition, the System Manager is responsible for:
(1) Preparing documentation required by the Privacy Act, including notices
of new, altered or terminated System of Records for publication in the Federal
Register. (See Chap. 2.)
(2) Making initial decisions whether to grant an individual access to
his/her records or amend such records, and whether to extend the date of initial
determination concerning requests for access to or amendment of records under
the Act. , 2
-------�
2190
PRIVACY ACT MANUAL 1/28/86
(3) Safeguarding the System under his/her jurisdiction. (See Chap. 4).
(4) Informing employees having official access to the System of the
penalties under the Privacy Act. (See par 8).
8. PENALTIES. The Privacy Act imposes criminal penalties directly on indi-
viduals if they violate certain provisions of the Act. Any Federal employee,
for instance, is subject to a misdmeanor charge and a fine of not more than
$5,000 whenever such employee:
a. Knowing that disclosure is prohibited, willfully discloses in any
manner records in a System of Records to any person or agency not entitled to
access to such records.
b. Willfully maintains a System of Records without publishing the pre-
scribed public notice on the System in the Federal Register.
c. Knowingly and willfully requests or obtains any record from any System
of Records under false pretenses. (The penalty for violation of this provision
is not limited to Federal employees).
(The System Manager is responsible for making employees working with a System
of Records fully aware of these provisions and the corresponding penalties).
9. EXISTING PRIVACY SYSTEMS. Figure 1-3 lists existing EPA Systems of Records
which have been documented. (Notice published in the Federal Register).
10. OTHER PERTINENT EPA DIRECTIVES. Additional guidance relevant to carrying
out the provisions of the Privacy Act is found in other EPA directives as
follows:
a. Forms Management Manual, Chapter 1, for forms developed in connection
with the Privacy Act.
b. Federal Acquisition Regulation Subpart 24.1 and EPA Acquisition Regulation
Subpart 15-24.1 for contracts involving collection and maintenance of information
on individuals.
c. Delegations Manual 1-33 for authority to make determinations on appeals
from the initial denial and to make determinations on correction or amendment.
d. Reports Management Manual, Chapter 4, for policy on collecting informa-
tion from the public.
e. Records Management Manual, Chapters 1 and 3, for management and disposal
of records.
1-4
-------�
2190
PRIVACY ACT MANUAL 1/28/86
f. EPA Order 1515.1C dated 8/23/78 for Freedom of Information Act proce-
dures .
g. Federal Register Document Drafting Handbook for preparation of Federal
Register documents.
h. Facilities and Support Services Manual.Security Volume, Part III, Chapter
13, for security requirements for Privacy Act data.
1-5
-------�
PRIVACY ACT MANUAL
2190
1/28/86
CHAPTER 2 - PROCEDURES FOR CREATING, ALTERING, OR TERMINATING A SYSTEM
' ~~ OF RECORDS' ' ~~~
1. PURPOSE. This Chapter outlines procedures for the creation, alteration, or
termination of a System of Records that meets the requirements of the Privacy
Act.
2. RESPONSIBILITY. Assistant Administrators, the Inspector General, the Gen-
eral Counsel, Associate Administrators, Regional Administrators, Laboratory
Directors, and Staff Office Directors are responsible for designating System
Managers to carry out procedures for creating, altering, or terminating a System
of Records.
3. NEW SYSTEM OF RECORDS. A new System of Records is one for which no public
notice has been published in the Federal Register. Specifically, a new System
is created whenever any one of the following criteria is met:
a. A program, authorized by either a new or an existing statute or Executive
order, requires for its successful accomplishment the creation and retrieval of
individually identifiable records.
b. There is a proposed new use of existing records that is incompatible
with the purpose for which the records were originally collected. In this
case, all individuals covered by the existing system of records must be notified
of the new purpose and routine uses for the records in the System and must be
provided with a new Privacy Act statement.
c. There is a new organization of records, resulting in consolidation of
two or more existing systems into one new ("umbrella") system, whenever the
consolidation cannot be classified under a current System notice.
d. It is discovered that records about individuals are being created and
used, and that this activity is not covered by a current, published System
notice. (This is a "found System"). OMB requires the temporary suspension of
data collection and disclosure in this case. (The period of suspension for a
found System begins as soon as the System is "found", and continues through the
advance notice period required for a new System).
e. A new organization (configuration) of existing records about individuals
which had not previously been subject to the Privacy Act (i.e., had not been a
System of Records) results in the creation of a System of Records.
4. SIGNIFICANT ALTERATION OF A SYSTEM OF RECORDS. A significant alteration to
an existing System occurs as a result of a change in the manner in which records
are organized or the manner in which records are indexed or retrieved, or a
change in the nature or scope of the records. A System of Records is considered
to be significantly altered when a change to the System will:
a. Increase or change the number or type of individuals on whom records
are maintained. (Changes involving the number, rather than the type, of
2-1
-------�
2190
PRIVACY ACT MANUAL 1/28/86
individuals about whom records are kept need only be reported when the chanqe
significantly alters the character and purpose of the System of Records.)
b. Expand the type or categories of information maintained. For example,
if an employee file is expanded to include data on education and training, this
would be considered an expansion of the "types or categories of information"
maintained.
c. Alter the manner in which the records are organized or the manner in which
the records are indexed or retrieved so as to change the nature or scope of
these records, such as splitting an existing System into two or more different
Systems such as might occur in a centralization or a decentralization of organi-
zational responsibilities.
d. Alter the purpose for which the information in the System is used.
e. Change the equipment configuration (that is, hardware or software on
which the System is operated so as to create the potential for either greater
or easier access).
f. Change procedures associated with the System in a manner which affects an
individual's exercise of his/her rights.
5. DOCUMENTATION OF NEW SYSTEM OR SIGNIFICANT ALTERATION OF EXISTING SYSTEM.
Documentation in support of a new System or significant alteration to an exist-
ing System must be sent to the Chief, Information Management Branch, IMSD,
OIRM, and consist of a draft of the following: (a) narrative report of the
System (for OMB); (b) Privacy Act Statement (for the individuals to whom the
records pertain); and (c) System notice (Federal Register notice). Documenta-
tion must reach the Information Management Branch, IMSD, in sufficient time for
Agency review, the sixty-day advance notice required by OMB prior to placing a
System in operation, and the thirty-day public Garment period after Federal Register
publication. Documentation guidelines are contained in Figure 2-1.
6. REQUESTS FOR WAIVER OF OMB'S SIXTY DAY ADVANCE NOTICE PERIOD. A waiver
from OMB of the sixty day advance notice requirement can be requested by the
Assistant Administrator for Administration and Resources Management in compel-
ling cases. Program requests should be made part of the documentation sent to
the Chief, Information Management Branch, IMSD.
a. The waiver must demonstrate that a delay of sixty days in establishing a
System of Records—or making significant alteration to an existing System—would
not be in the public interest by (1) showing how the public interest would be
adversely affected if the waiver were not granted, and explaining why the responsible
EPA organization was unable to provide earlier notice; or, (2) demonstrating that
suspending operation of a found System would adversely affect the public interest
and failure to report it was due to administrative oversight.
2-2
-------� |