OFFICE OF ENVIRONMENTAL INFORMATION Privacy Act Manual EPA 2190, December 2005 ------- til* Privacy Act Manual Abstract U.S. EPA Directive 2190 - Privacy Act Manual (Revised December 2005) establishes policy and procedures for protecting the privacy of individuals who are identified in the Environmental Protection Agency's information systems and informs Agency employees and officials of their rights and responsibilities under the Privacy Act (5 U.S.C. 552a). Quick Table of Contents Chapter 1 - Policy and Responsibilities Chapter 2 - Procedures for Creating, Altering, or Terminating a System of Records Chapter 3 - Access and Amendment (Revised December 2005) Chapter 4 - Physical Safeguards Full Table of Contents Chapter 1 - Policy and Responsibilities 1. Purpose 2. Policy 3. Scope 4. Definitions 5. Legal Authority and Administrative Guidelines 6. Basic Requirements of the Privacy Act 7. Responsibilities 8. Penalties 9. Existing Privacy Systems 10. Other Pertinent EPA Directives Figures 1-1. Definitions Applicable to the Privacy Act 1-2. Exceptions to the Privacy Act Prohibition Against Disclosure 1-3. EPA Systems of Records Chapter 2 - Procedures for Creating, Altering, or Terminating a System of Records 1. Purpose 2. Responsibility 3. New System of Records 4. Significant Alteration of a System of Records 5. Documentation of New System or Significant Alteration of Existing System 6. Requests for Waiver of OMB's Sixty Day Advance Notice Period 7. Minor Alterations to System of Records 8. Termination of System of Records Figures 2-1. Documentation InstructionsNew System and Major Alterations ------- til* 2-2. Documentation InstructionsTermination of System Chapter 3 - Access and Amendment (Revised December 2005) 1. Purpose 2. Processing Requests for Access 3. Processing Access Appeals 4. Processing Requests for Amendments 5. Establishing Privacy Act Case Files Figures 3-1. Sample Privacy Act Request Letter Chapter 4 - Physical Safeguards 1. Purpose 2. Policy 3. Protection of Privacy Act Records 4. Transfer/Destruction of Privacy Act Records Chapter 1. Policy and Responsibilities 1. PURPOSE. This Manual establishes policy and procedures for protecting the privacy of individuals who are identified in the Environmental Protection Agency's information systems and informs Agency employees and officials of their rights and responsibilities under the Privacy Act (5 U.S.C. 552a). It supplements the EPA regulations in Part 16, Title 40, Code of Federal Regulations (CFR). 2. POLICY. The Agency will safeguard personal privacy in its collection, maintenance, use, and dissemination of information about individuals and make such information available to the individual in accordance with the requirements of the Privacy Act. 3. SCOPE. This Manual applies to any records under the control of the Agency from which information on a subject individual is retrieved by a personal identifier assigned to the individual. The identifier may be the name of the individual, a number, a symbol, or any other specific retriever assigned to such individual. This Manual applies to such records maintained by the Agency in-house or maintained by a contractor or grantee on behalf of the Agency to accomplish an Agency function. 4. DEFINITIONS. Definitions applicable to this Manual are located at Figure 1-1, Definitions Applicable to the Privacy Act. 5. LEGAL AUTHORITY AND ADMINISTRATIVE GUIDELINES. The provisions of this Manual are based on these authorities: a. The Privacy Act of 1974, 5 U.S.C. 552a, as amended. b. OMB Circular No. A-108 (as amended), Responsibilities for the Maintenance of Records About Individuals by Federal Agencies. c. OMB's Privacy Act Implementing Guidelines published at 40 Federal Register 28948 and at 49 Federal Register 12338. d. EPA's Privacy Act Regulations published at 40 CFR Part 16. 6. BASIC REQUIREMENTS OF THE PRIVACY ACT. The basic requirements of the Privacy Act are summarized below: ------- til* a. At least sixty days prior to creation of a new System of Records or significant alteration to an existing System, the Agency must submit documentation to OMB and the Congress, and publish a notice of the System in the Federal Register. (See Chapter 2 for details.) b. Each time the Agency creates a new System of Records or requests that an individual provide his/her social security number, the System Manager must provide the individual with a written "privacy act statement." The statement will inform the individual of the legal authority for collecting the information; whether disclosure of such information by the individual is mandatory or voluntary; the purpose for which the information is being collected and the routine uses which may be made of the information; and the effect on the individual if the individual does not provide the information. c. To the greatest extent practicable, information about an individual must be collected directly from the individual if the information may be used to make decisions with respect to the individual's rights, benefits, and privileges under Federal programs. d. The information that the Agency collects and maintains about individuals must be relevant and necessary to the accomplishment of the Agency's purpose as required by statute or Executive order. The office concerned must establish the relevancy of and need for the information, as well as the authority to collect it. e. The information that is maintained in a System of Records must be kept as accurate, relevant, current, and complete as is possible to assure fairness to the individual. f. The Agency, upon request from a subject individual, must notify the individual that it is maintaining a record on him/her and must grant the individual access to the record unless the Agency has published a rule exempting the System of Records from this requirement. In addition, the Agency must amend such record upon request, unless the Agency has published a rule exempting the System from this requirement, whenever the subject individual proves that the record is not accurate, relevant, current, or complete. If the Agency does not grant access to or amend an individual's record upon request, it must inform the individual of its refusal to grant access to or amend such record and advise him/her of the appeal rights. (See Chapters 2 and 3 for details.) g. The Agency must not disclose information from records maintained in a System of Records to any person or agency, except with written consent of the individual to whom the record pertains. There are, however, twelve exceptions which permit disclosures without consent of the individual. They are listed in Figure 1-2. Any other disclosure of the records (other than to the subject individual) is unauthorized. h. Except for disclosures to EPA officials and employees with an official need to know and disclosures required to be made under the Freedom of Information Act, an accounting of the disclosures that are made from a System of Records must be maintained by the System Manager. Each accounting must include the date, nature, and purpose of the disclosure, and the name and address of the person or agency to whom the disclosure was made. The accounting must be retained for the life of the record or for five years after disclosure, whichever is longer. i. Each year, at the call of OMB, the Information Management Branch, IMSD, must prepare and submit a report of Agency activities under the Privacy Act. 7. RESPONSIBILITIES. a. Assistant Administrators, Inspector General, General Counsel, Associate Administrators, Regional Administrators, Laboratory Directors, and Staff Office Directors. These officials are responsible for implementing the Privacy Act and the requirements specified in this Manual within their respective areas. They are responsible for designating an appropriate EPA employee to serve as System Manager for an existing or proposed System of Records. ------- til* b. Director, Information Management and Services Division, IMSD, Office of Information Resources Management. This individual provides overall management and policy guidance. The Chief, Information Management Branch, IMSD, is the Privacy Policy Officer and is responsible for policy, procedures and oversight of the Act. He/she administers activities related to establishment, alteration or termination of Systems. c. General Counsel. The General Counsel is the EPA Privacy Appeals Officer and is responsible for interpreting the Act, reviewing Privacy Act notices, regulations, policy statements and related documents for legal form and substance and deciding all written appeals of negative determinations. d. Director, Personnel Management Division. The Director, Personnel Management Division, is responsible for reviewing proposed or altered systems for personnel management implications. e. Managers and Supervisors. Managers and supervisors who maintain records subject to the Privacy Act are responsible for implementing the provisions of this Manual within their respective areas. f. System Manager. The EPA employee responsible for the application of approved Privacy Act policies and procedures relating to an existing or proposed System of Records and, when appropriate, implementing additional practices and procedures to cover special conditions or situations that may arise within the System of Records. In addition, the System Manager is responsible for: 1. Preparing documentation required by the Privacy Act, including notices of new, altered or terminated Systems of Records for publication in the Federal Register. (See Chapter 2.) 2. Making initial decisions whether to grant an individual access to his/her records or amend such records, and whether to extend the date of initial determination concerning requests for access to or amendment of records under the Act. 3. Safeguarding the System under his/her jurisdiction. (See Chapter 4.) 4. Informing employees having official access to the System of the penalties under the Privacy Act. (See par. 8.) 8. PENALTIES. The Privacy Act imposes criminal penalties directly on individuals if they violate certain provisions of the Act. Any Federal employee, for instance, is subject to a misdemeanor charge and a fine of not more than $5,000 whenever such employee: a. Knowing that disclosure is prohibited, willfully discloses in any manner records in a System of Records to any person or agency not entitled to access to such records. b. Willfully maintains a System of records without publishing the prescribed public notice on the System in the Federal Register. c. Knowingly and willfully requests or obtains any record from any System of Records under false pretenses. (The penalty for violation of this provision is not limited to Federal Employees.) (The System Manager is responsible for making employees working with a System of Records fully aware of these provisions and the corresponding penalties.) 9. EXISTING PRIVACY SYSTEMS. Figure 1-3 lists existing EPA Systems of Records which have been documented. (Notice published in the Federal Register.) 10. OTHER PERTINENT EPA DIRECTIVES. Additional guidance relevant to carrying out the provisions of the Privacy Act is found in other EPA directives as follows: a. Forms Management Manual, Chapter 1, for forms developed in connection with the Privacy Act. ------- b. Federal Acquisition Regulation Subpart 24.1 and EPA Acquisition Regulation Subpart 15- 24.1 for contracts involving collection and maintenance of information on individuals. c. Delegations Manual 1-33 for authority to make determinations on appeals from the initial denial and to make determinations on correction or amendment. d. Reports Management Manual, Chapter 4, for policy on collecting information from the public. e. Records Management Manual, Chapters 1 and 3, for management and disposal of records. f. EPA Order 1515.1C dated 8/23/78 for Freedom of Information Act procedures. g. Federal Register Document Drafting Handbook for preparation of Federal Register documents. h. Facilities and Support Services Manual, Security Volume, Part III, Chapter 13, for security requirements for Privacy Act data. Figure 1-1: Definitions Applicable to the Privacy Act The following definitions are applicable to this Manual: 1. "Access" means availability of a record to a subject individual. 2. "Agency" means the U.S. Environmental Protection Agency. 3. "Disclosure" means the availability or release of a record to anyone other than the subject individual. 4. "Individual" means a citizen of the U.S. or an alien lawfully admitted for permanent residence. It does not include businesses or corporations and, in certain circumstances, may not include sole proprietorships, partnerships, or persons acting in a business capacity identified by the name of one or more persons. 5. "Maintain" means to collect, use, or disseminate when used in connection with the term "record"; and, to have control over or responsibility for a System of Records when used in connection with the term "System of Records". 6. "Personal identifier" is any individual number, symbol, or other identifying designation assigned to an individual but not a name, number, symbol, or other identifying designation that identifies a product, establishment, or action. 7. "Record" means any collection or grouping of information about an individual that is maintained by the Agency, including but not limited to the individual's education, financial transactions, medical history, and criminal or employment history and that contains his/her name, or an identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or photograph. 8. "Routine use" means, with respect to the disclosure of a record to a person or agency other than EPA, the use of a record for a purpose which is compatible with the purpose for which the record was collected. It includes disclosures required to be made by statute other than the Freedom of Information Act, 5 U.S.C. 552. It does not include other disclosures which are permitted to be made without the consent of the subject individual pursuant to Section 552a(b) of the Privacy Act, such as disclosures to EPA employees who have official need for the record, to the Bureau of the Census, to the General Accounting Office or to the Congress. 9. "Subject individual" is the individual to whom a record pertains. 10. "System Manager" is the EPA employee designated as the responsible manager of a System of Records. ------- 11. "System of Records" means any group of records under the control of the Agency from which information is retrieved by personal identifier such as the name of the individual, or a number, symbol, or other unique identifier assigned to the individual. Single Agency records or groups of records which are not retrieved by a personal identifier are not part of a System of Records. Uncirculated personal records maintained by individual employees of the Agency which are prepared, maintained, or discarded at the discretion of the employee and which are not subject to the Federal Records Act, 44 U.S.C. 3101, do not constitute a System of Records; provided that such personal papers are not used by the employee or the Agency to make any determination concerning the rights, benefits, or privileges of individuals, and are not incorporated into an existing System of Records. A System of Records comes under the provisions of the Privacy Act. Figure 1-2: Exceptions to the Privacy Act Prohibition against Disclosure 1. Internal Disclosures. The System Manager may make disclosures to officers and employees of the Agency who have a need for the record in the performance of their duties as determined by the System Manager. In some limited circumstances, disclosures to EPA contractors may be considered internal disclosures. Employees should consult with the Office of General Counsel if they have questions in this area. 2. Disclosures Under the Freedom of Information Act. Disclosures may be made when required by the Freedom of Information Act if there is a written Freedom of Information Act request. However, when the Freedom of Information Act does not require disclosure, but merely permits disclosure at the Agency's discretion, the Privacy Act disclosure prohibition is applicable. 3. Routine Use. Disclosures may be made for a routine use as described and published in the Federal Register notice describing the System or Records. 4. Bureau of the Census. Disclosures may be made to the Bureau of the Census for the purpose of planning or carrying out a census or survey or related activity. 5. Statistical Research/Reporting. Disclosures may be made to a recipient who has provided the Agency with advanced adequate written assurance that the record will be used solely as a statistical research or reporting record, and that the record is to be transferred in a form that is not individually identifiable. 6. Preservation of Records. Disclosures may be made to the National Archives of the United States of a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the National Archives and Records Administration to determine whether the record has such value. 7. Civil or Criminal Law Enforcement. Disclosures may be made to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the Agency specifying the particular portion of a record desired and the law enforcement activity for which the record is sought. 8. Health or Safety. Disclosures may be pursuant to a showing of compelling circumstances affecting the health or safety of individuals if upon such disclosure notification is transmitted to the last known address of such individual. 9. Congressional Disclosures. Disclosures may be made to either House of Congress, or to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee or any such joint committee. This exception does not apply to disclosures to individual members of Congress without consent of the individual. ------- 10. General Accounting Office. Disclosures may be made to the General Accounting Office for the purpose of carrying out the duties of that office. 11. Court Order. Disclosures may be made pursuant to the order of a court of competent jurisdiction. 12. Debt Collection. Disclosure may be made to a consumer reporting agency in accordance with Section 3(d) of the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). Figure 1-3: EPA Systems of Records Following is a list of EPA documented Systems of Records: System No. and Name EPA-1 - Payroll System EPA-2 - Personnel Records EPA-3 - Health Unit & Stress Lab Med Records EPA-4 - Inspection Reports EPA-5 - Personnel Security File EPA-6 - Security Computer Program System EPA-7 - Travel Voucher, Advance Cards & Payee File System EPA-8 - Confidential Statement of Employment & Financial Interest EPA-9 - Freedom of Information Act File EPA-10 - Parking Control File EPA-11 - Terminated EPA-12 - Terminated EPA-13 - Time Accounting Information System EPA-14 - Enforcement Case Support Expert Resources Inventory System Office Payroll Accounts Office Personnel Management Div.; Local Personnel Officers Personnel Management Div. Office of Inspector General Office of Inspector General Office of Inspector General Financial Management Div. Office of General Counsel Freedom of Information Offices; Grants, Contracts and General Admin. Div., OGC Facilities & Support Services Div. Program Support Division, Office of Pesticide Programs Technical Support Branch, Off. of Waste Prog. Enforcement ------- til* Chapter 2. Procedures for Creating, Altering or Terminating a System of Records 1. PURPOSE. This Chapter outlines procedures for the creation, alteration, or termination of a System of Records that meets the requirements of the Privacy Act. 2. RESPONSIBILITY. Assistant Administrators, the Inspector General, the General Counsel, Associate Administrators, Regional Administrators, Laboratory Directors, and Staff Office Directors are responsible for designating System Managers to carry out procedures for creating, altering, or terminating a System of Records. 3. NEW SYSTEM OF RECORDS. A new System of Records is one for which no public notice has been published in the Federal Register. Specifically, a new System is created whenever any one of the following criteria is met: a. A program, authorized by either a new or an existing statute or Executive order, requires for its successful accomplishment the creation and retrieval of individually identifiable records. b. There is a proposed new use of existing records that is incompatible with the purpose for which the records were originally collected. In this case, all individuals covered by the existing System of Records must be notified of the new purpose and routine uses for the records in the System and must be provided with a new Privacy Act statement. c. There is a new organization of records, resulting in consolidation of two or more existing systems into one new ("umbrella") system, whenever the consolidation cannot be classified under a current System notice. d. It is discovered that records about individuals are being created and used, and that this activity is not covered by a current, published System notice. (This is a "found System.") OMB requires the temporary suspension of data collection and disclosure in this case. (The period of suspension for a found System begins as soon as the System is "found," and continues through the advance notice period required for a new System.) e. A new organization (configuration) of existing records about individuals which had not previously been subject to the Privacy Act (i.e., had not been a System of Records) results in the creation of a System of Records. 4. SIGNIFICANT ALTERATION OF A SYSTEM OF RECORDS. A significant alteration to an existing System occurs as a result of a change in the manner in which records are organized or the manner in which records are indexed or retrieved, or a change in the nature or scope of the records. A System of Records is considered to be significantly altered when a change to the System will: a. Increase or change the number or type of individuals on whom records are maintained. (Changes involving the number, rather than the type, of individuals about whom records are kept need only be reported when the change significantly alters the character and purpose of the System of Records.) b. Expand the type or categories of information maintained. For example, if an employee file is expanded to include data on education and training, this would be considered an expansion of the "types or categories of information" maintained. c. Alter the manner in which the records are organized or the manner in which the records are indexed or retrieved so as to change the nature or scope of these records, such as splitting an existing System into two or more different Systems such as might occur in a centralization or a decentralization of organizational responsibilities. d. Alter the purpose for which information in the System is used. ------- til* e. Change the equipment configuration (that is, hardware or software on which the System is operated so as to create the potential for either greater or easier access). f. Change procedures associated with the System in a manner which affects an individual's exercise of his/her rights. 5. DOCUMENTATION OF NEW SYSTEM OR SIGNIFICANT ALTERATION OF EXISTING SYSTEM. Documentation in support of a new System or significant alteration to an existing System must be sent to the Chief, Information Management Branch, IMSD, OIRM, and consist of a draft of the following: (a) narrative report of the System (for OMB); (b) Privacy Act Statement (for the individuals to whom the records pertain); and (c) System notice (Federal Register notice). Documentation must reach the Information Management Branch, IMSD, in sufficient time for Agency review, the sixty-day advance notice required by OMB prior to placing a System in operation, and the thirty-day public comment period after Federal Register publication. Documentation guidelines are contained in Figure 2-1. 6. REQUESTS FOR WAIVER OF OMB'S SIXTY DAY ADVANCE NOTICE PERIOD. A waiver from OMB of the sixty day advance notice requirement can be requested by the Assistant Administrator for Administration and Resource Management in compelling cases. Program requests should be made part of the documentation sent to the Chief, Information Management Branch, IMSD. a. The waiver must demonstrate that a delay of sixty days in establishing a System of Recordsor making significant alteration to an existing Systemwould not be in the public interest by (1) showing how the public interest would be adversely affected if the waiver were not granted, and explaining why the responsible EPA organization was unable to provide earlier notice; or, (2) demonstrating that suspending operation of a found System would adversely affect the public interest and failure to report it was due to administrative oversight. b. Compelling circumstances for which a waiver request would be in the public interest include the following examples: (1) the health and safety of individuals are at serious risk, (2) the statute or Executive order authorizing the program provides a specific date for compliance, (3) there would be serious harm to a class of beneficiaries who are proposed to be included in the System. 7. MINOR ALTERATIONS TO SYSTEM OF RECORDS. Alterations that do not meet the criteria of par. 4 above for significantly altered System of Records require only the publication in the Federal Register of a revised notice. The thirty-day public comment period and sixty-day advance notice to OMB are not required. A draft notice is to be sent to the Chief, Information Management Branch, IMSD. 8. TERMINATION OF SYSTEM OF RECORDS. A System of Records is considered to be terminated whenever the information is no longer accessed by individuals' names or other identifiers, or whenever it is consolidated with another System of Records. Terminating a System may involve the physical destruction of records; it may involve purging the System of individual identifiers and maintaining the data in another form, such as statistical data; and it may involve altering the manner in which the records are accessed so that records are no longer accessed by the name of the subject individuals or other personal identifiers. Because records retired to a Federal Records Center (FRC) are still under the control of EPA, the act of retiring an inactive System to the FRC does not in itself constitute termination of the System. See Figure 2-2 for documentation guidelines. ------- til* Figure 2-1: Documentation Instructions -- New Systems and Major Alterations Note: Complete documentation, consisting of both paper copy and floppy disk, must be sent to the Chief, Information Management Branch (PM-211-D), Information Management and Services Division, U.S. Environmental Protection Agency, Washington, D.C. 20460. 1. Federal Register Notice. The Federal Register notice must be prepared in accordance with the Federal Register Document Drafting Handbook and include the signature element of the Assistant Administrator for Administration and Resources Management. The following must be included in the notice: a. System Name. Provide the name of the System of Records. b. Security Classification. Identify the security classification of the System of Records. (Primarily for use by the Defense Department.) If there is no such classification, enter "none." c. System Location. Specify each address at which the System is maintained. Include Headquarters and field locations and the address of contractors, if any, who may maintain the System for EPA. If there are many locations, the list may be added as an appendix. d. Categories of Individuals in System. Describe the categories of individuals on whom records are maintained in sufficient detail to enable individuals to determine if there is information on them in the System. e. Categories of Records in System. Give a brief description of all of the types of information in the System. For example, medical history, employment history. f. Authority for Maintenance of System. Cite the specific statute(s) and/or Executive order(s) which authorize EPA to maintain the System. g. Purpose(s). State the reason(s) for creating the System and what the System is designed to accomplish. h. Routine Uses of Records Maintained in the System Including Categories of Users and Purpose of Such Use. Describe each routine use which will be made of the records, including the categories of users and the purpose of each use. i. Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System. Storage. List all media in which records in the System are maintained (file folders, magnetic tape, microform, etc.). Briefly describe how each medium is stored. Retrievability. Describe how the records are indexed and retrieved. Safeguards. Describe your security policies and the procedures taken to prevent unauthorized disclosure of the records. Include the categories of EPA employees to whom access will be limited. Retention and Disposal. Indicate how long the EPA retains the records in identifiable form. If the records are covered by a Records Control Schedule, so state. j. System Manager and Address. Give the title and complete business address of the person responsible for the records. A contractor, consultant, or anyone other than an EPA employee may not be designated as a System Manager. k. Notification Procedure. Provide the procedural information necessary for an individual to find out whether or not there are records about him/her in the System. Provide the complete address of the System Manager to which requests for notification may be presented. Do not include telephone numbers. I. Record Access Procedures. Provide the procedural information necessary for an individual to gain access to records about him/herself. Give name and address of the ------- System Manager whom the individuals should contact if they want to gain access to any record about themselves in the System. m. Contesting Records Procedures. Provide procedures for an individual to contest the accuracy, relevancy, completeness and timeliness of records about him/herself. Give name and address of the System Manager to be contacted. n. Record Source Categories. Describe the sources from which the information in the System is obtained. Sources include, but are not limited to, the individual on whom the records are maintained, previous and current employees, other agencies, etc. o. Systems Exempted from Certain Provisions of the Act. Under limited circumstances, the Privacy Act permits agencies to exempt a System of Records from compliance with certain provisions of the Act. (See Chapter 3, par. 3 and Figure 3-1.) Identify the Privacy Act exemption(s), by subsection of the Act, applicable to the System; the provisions of the Act being exempted and a brief statement of the reason for invoking the exemption. Cite the Federal Register issue and page number where the proposed rule creating the exemption was published. If no exemptions are applicable, enter "none." (NOTE: Attach a completed and signed Federal Register Typesetting Request, EPA Form 2340-15, to the Federal Register notice. This form is available through normal supply channels). 2. Narrative Report for OMB. This report, normally not more than two pages, must: a. Describe the purpose of the System Records. b. Identify the authority under which the System of Records is to be maintained. c. Describe briefly the steps the Agency has taken to minimize the risk of unauthorized access to the System, and the higher or lower risk alternatives which the Agency considered. 3. Privacy Act Statement. This statement must be in writing and must inform the individual of the authority for collecting the information, the purpose for which the information is being collected on him/her and the routine uses which will be made of the information. The statement must also state whether furnishing information is voluntary or mandatory and explain what the consequences will be if an individual does not agree to furnish the information. Sample Federal Register Notice -- New System ENVIRONMENTAL PROTECTION AGENCY [OA-FRL-2768-2] Privacy Act of 1974; Proposed New System of Records AGENCY: Environmental Protection Agency. ACTION: Privacy Act of 1974, Proposed new system of records. SUMMARY: As required by law (5 U.S.C.552a) the U.S. Environmental Protection Agency is publishing for comment a new system of records that it is proposing to maintain. The proposed system is "Enforcement Case Support Expert Resources Inventory System." Agency enforcement personnel will use the records to aid in the identification and selection of individuals with appropriate expertise and qualifications to serve either as expert consultants or as expert witnesses in connection with hazardous waste enforcement cases and in maintaining a record of use of experts on enforcement cases. EFFECTIVE DATE: This system shall become effective as proposed, without further notice thirty days after publication unless comments are received which would result in contrary determination. FOR FURTHER INFORMATION CONTACT: Mike Kosakowski, Chief, Technical Support Branch, Office of Waste Programs Enforcement (WH-527), U.S. Environmental Protection Agency, 401 M Street, S.W., Washington, D.C. 20460. Telephone: 202-382-5611. ------- til* Howard M. Messner, Assistant Administrator for Administration and Resources Management. EPA-15 SYSTEM NAME: Enforcement Case Support Expert Resources Inventory SystemEPA-14. SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Office of Waste Programs Enforcement (WH- 527), U.S. Environmental Protection Agency, 401 M Street, S.W., Washington, D.C. 20460. CATEGORIES OF INDIVIDUALS IN SYSTEM: Individuals included in the system are experts in scientific and technical fields who have appropriate expertise and qualifications to serve either as consultants or expert witnesses in connection with hazardous waste enforcement cases and who have agreed to be included in the system. CATEGORIES OF RECORDS IN SYSTEM: Basic input to the system is selected information from a professional resume and supporting documents supplied by the individual which contain such data as name, contact points and telephone numbers, educational background, disciplines, specialty areas, specific subject knowledge, research interests, specific chemical knowledge, membership in technical societies and working groups, awards and honors, consulting experience, background in litigation, professional history (with periods of employment, titles, names of employers, positions held, descriptions of work), and similar information. Certain information is entered in summary form. Other input into the system consists of records pertaining to U.S. EPA's proposed and actual use of the individual as an expert consultant or an expert witness for enforcement cases. AUTHORITY FOR MAINTENANCE OF SYSTEM: 42 U.S.C. 9604, 9606, 9607 (Enforcement authority under Comprehensive Environmental Response, Compensation and Liability Act); 42 U.S.C. 9628, 9673 (Enforcement authority under Resource Conservation and Recovery Act). PURPOSE(S): EPA enforcement personnel will use the records to aid in the identification and selection of potential expert consultants and expert witnesses for hazardous waste enforcement cases and in maintaining a record of use experts on cases. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USE: 1. Records of individuals will be disclosed on a case-by-case basis to the U.S. Department of Justice (U.S. DOJ) attorneys who are members of the negotiation/litigation team for the purpose of enabling their participation in the case and permitting their assistance in the selection of expert consultants and expert witnesses. 2. Records of individuals in the system will be disclosed on a case-by-case basis to other scientific and technical experts used by the U.S. EPA to familiarize them with experts for use on the case or to obtain their assistance in identifying possible expert consultants and expert witnesses. 3. Records in the system may be disclosed to OWPE enforcement contractors for the purpose of subcontracting experts identified in the system and for the purpose of updating or otherwise refining records in the system. By the terms of the contract, enforcement contractors are required to maintain the information in confidence and in accordance with the requirements of the Privacy Act. 4. Records in the system may be disclosed to the U.S. DOJ when related to litigation or anticipated litigation involving the records or the subject matter of the records. 5. Also see Prefatory Statement of General Routine Uses 41 FR 39689 (September 15, 1976). POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Various portions of the system are maintained on computer disks, word-processor disks, anH in harH-i~r»nw filoc and in hard-copy files. ------- RETRIEVABILITY: Information is retrieved from the computer database and word-processor format by addressing selected data items in the system which cross-reference to an individual's name. The name is used to manually access materials in alphabetized hard-copy files. SAFEGUARDS: Only authorized individuals have access to the system and it is maintained under a classification of "Enforcement Confidential." Records on the computer disks are protected from access by a unique identification code. Hard-copy files and word-processor disks, when not in use or in the possession of an authorized individual, are maintained in a locked cabinet. Both the computer and cabinets are in rooms protected by door locks in a building with restricted access. RETENTION AND DISPOSAL: Records are maintained and periodically updated until individuals identified in the system request that their own record be deleted. Other reasons for deletion will be at the discretion of the Expert Resources coordinator and the System Manager. SYSTEM MANAGER(S) AND ADDRESS: Chief, Technical Support Branch, Office of Waste Programs Enforcement (WH-527), U.S. Environmental Protection Agency, 401 M Street, S.W., Washington, D.C. 20460. NOTIFICATION PROCEDURES: Inquiries should be addressed to the System Manager. Additional information and requirements will be provided. RECORD ACCESS PROCEDURES: Inquiries should be addressed to the System Manager. Additional information and requirements will be provided. CONTESTING RECORDS PROCEDURES: Inquiries should be addressed to the System Manager. The record and the specific information being contested should be identified. The corrective action sought and supporting justification for the correction should be provided by the individual. Additional information and requirements will be provided as necessary. RECORD SOURCE CATEGORIES: 1. Records furnished by individuals identified in the system. Information may be entered into the system in interpretive and summary form. 2. Records developed by U.S. EPA personnel concerning the proposed and actual use of expert consultants and expert witnesses. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None. Figure 2-2: Documentation Instructions -- Termination of System Note: Documentation, consisting of both paper copy and floppy disk, must be sent the Chief, Information Management Branch (PM-211-D), Information Management and Services Division, U.S. Environmental Protection Agency, Washington, D.C. 20460. Whenever one of the conditions in Chapter 2, par. 8, occurs, actual termination of a System of Records is accomplished, and a Federal Register notice is required. A draft Federal Register notice must be sent to the Chief, Information Management Branch, IMSD. The notice must describe the following: 1. System name. 2. Original Federal Register publication citation (volume, page number, and date of publication). 3. Reason for termination. 4. Disposition of records ------- Sample Federal Register Notice -- Termination Privacy Act of 1974, Notification of Deletion of System of Records SUMMARY: The Environmental Protection Agency is deleting a system of records, Statements of Known Financial Interests (EPA-12), that is no longer in use. DATE: Effective July 29, 1985 FOR FURTHER INFORMATION CONTACT: Mr. Donnell Nantkes, Grants, Contracts, and General Law Division, Office of General Counsel (LE-132G), Washington, D.C. 20460, telephone (202) 382-4550. SUPPLEMENTARY INFORMATION: On September 8, 1978, and pursuant to the provisions of the Privacy Act of 1974, there was published in the Federal Register (43 FR 40057) a notice of the system of records, Statements of Known Financial Interests (EPA-12) Section 207(c) of the Ethics in Government Act (Pub. L. 95-521) superseded the requirement for this report. Accordingly, this notice formally deletes this system of records. Dated: July 22, 1985 Seymour D. Greenstone, Acting Assistant Administrator for Administration and Resources Management. Chapter 3. Access and Amendment (Revised December 2005) PURPOSE The purpose of this Chapter is to describe procedures and responsibilities for responding to a request to access or amend information in a System of Records. This Chapter has been revised to reflect changes in the Agency's process for responding to these types of requests. PROCESSING REQUESTS FOR ACCESS 3.1 Individual Access to Personal Information The Privacy Act permits individuals to gain access to records about themselves that EPA maintains in its systems of records, unless the records are covered by an exemption. Individuals also may request that the Agency change or amend incorrect or incomplete information. System managers, or their designees, make initial decisions to release, amend or correct individuals' records, and to extend the date for mailing initial determinations under the Privacy Act. 3.2 Individual Requests for Access Individuals will address requests for access or amendment to personal information in a Privacy Act system of records to the EPA Privacy Act officer through EPA's Freedom of Information Act (FOIA) Office according to instructions in the relevant Privacy Act notice. A requester who cannot determine which system of records applies should write to the EPA Privacy Act officer. The FOIA Office will assign the request a tracking number and send the individual a letter acknowledging receipt of the request by the Agency 3.2.1 Time Limits The Agency FOIA Office will acknowledge requests for access within 10 working days after receipt and forward the request to the manager of the system of records to which the request pertains, who will determine whether to grant access to the record. If the system manager cannot make a determination within 30 working days, he or she will inform the requester of the reasons for the delay, and estimate when he or she will make a decision. ------- 3.3 Relationship Between the Privacy Act and the Freedom of Information Act (FOIA) The Privacy Act provides seven specific exemptions to apply to systems of records. Individuals can use FOIA to seek access to records that are exempt from disclosure under the Privacy Act. The EPA FOIA Office will process Privacy Act requests under both statutes. The EPA FOIA Office will: Process requests by individuals for access to records pertaining to themselves made under FOIA. Process requests by individuals for access to records pertaining to themselves made under the Privacy Act of 1974. Process requests by individuals for access to records pertaining to themselves that cite both FOIA and the Privacy Act except: When FOIA access provisions provide a greater degree of access; or When access to the information is controlled by another federal statute. If the former applies, the FOIA staff will follow its access provisions. If the latter applies, the FOIA staff will follow the access procedures established under the controlling statute. Process requests by individuals for access to records pertaining to themselves in system of records that do not cite either FOIA or the Privacy Act under the procedures established by FOIA and its implementing regulations. The system manager must cite the specific provisions of the Privacy Act or FOIA when responding to such requests. He or she may not deny individuals access to personal information concerning themselves that would otherwise be released to them under either Act solely because they fail to cite either Act or cite the wrong Act, regulation or instruction. Furthermore, the system manager must explain to the requester which Act or procedure he or she used when granting or denying access. 3.4 Verification of Identity All Privacy Act requests must include sufficient information to verify an individual's identity. According to 40 CFR 16.3(0. an individual who cannot provide sufficient identification as listed in 40 CFR 16.4(b) must submit a signed and notarized statement indicating that he or she is the individual to whom the records pertain, and that he or she understands that it is a misdemeanor punishable by a fine up to $5,000 to knowingly and willfully seek or obtain records about another individual under false pretenses. See Figure 1 below for a sample Privacy Act request letter that the Privacy Act officer or system manager can provide to individuals who need help preparing a request or have not provided sufficient information. Figure 1: Sample Privacy Act Request Letter Privacy Act officer [or Freedom of Information officer] U.S. Environmental Protection Agency [Street address] [City, state, zip code] Re: Privacy Request for Access Dear: This is a request under the Privacy Act of 1974. I request a copy of any records [or specifically named records] about me maintained at EPA. These records are contained in a Privacy Act system of records titled [name of system]. [Optional] To assist with your search for these records, I am providing the following additional information: [for example: full name, Social Security number, date and place of birth]. Also, I have the ------- following contacts with your Agency: [for example: job applications, periods of employment, loans or Agency programs applied for, etc.]. [Optional] Please consider this request is also made under the Freedom of Information Act. Please provide any additional information that may be available under the FOIA. If you determine that any portions of these documents are exempt under either of these statutes, I will expect you to release the non-exempt portions to me as the law requires. I reserve the right to appeal any decision to withhold information. [Optional] Enclosed is [a notarized signature or other identifying document] that will verify my identity. I look forward to receiving your reply. Thank you for your consideration. Sincerely, [Name] [Address] [City, state, zip code] Acceptable identity verification for individuals seeking physical access to their records includes employee and military identification cards, drivers' licenses, other licenses, permits or passes used for routine identification purposes. When an individual requests access by mail, the individual must provide his or her full name, date and place of birth, or other personal information necessary to locate the record he or she seeks. Additional identifying data and notarization may be required for sensitive information. If an individual requests that he or she be accompanied by another person during a personal inspection of records or to have the records released directly to another person, he or she must submit a written statement authorizing disclosure in the presence of another person. Furthermore, the individual is not required to explain or justify his or her need for access to any record under this guidance. (The system manager must not use identification procedures to discourage legitimate requests or to burden needlessly or delay the amendment process. He or she may not refuse access to an individual's records solely because he or she refuses to divulge his or her Social Security number, unless that is the only method by which he or she can retrieve the records.) Only an EPA system manager may deny access. The denial must be in writing and contain the individuals' rights in accordance with 40 CFR 16.6(a)(2). 3.5 Fees According to 40 CFR 16.9. EPA charges no fees for providing a copy of the first 100 pages of a record or any portion of a record to an individual to whom the record pertains. The fee schedule for reproducing additional pages is the same as that for FOIA requests. Since Privacy Act requests are also processed as FOIA requests, the fee schedule is governed by FOIA regulations. (See 40 CFR 2.107.^) 3.6 Granting Access to Records The system manager should grant individuals access to the original record or an exact copy of the original record pertaining to themselves without any changes or deletions, unless they have been made according to the Privacy Act's exemption rules. An amended record is considered original for the purpose of granting access. The system manager should clearly explain to the individual any amendments and deletions to records or portions of records. If the system manager grants access, he or she notifies the Headquarters FOIA office and the individual of the decision. The individual is told: Where the records may be inspected; The earliest date (i.e., generally no more than 30 working days from the date the Agency receives the request) the records may be inspected; and, ------- The times the records will remain open for inspection. If the individual requests copies by mail, the system manager must notify him or her of the estimated date - no more than 30 working days from the date the Agency receives the request - that the record will be mailed. 3.6.1 Illegible, Incomplete or Partially Exempt Records The system manager cannot deny an individual access to a record or a copy of a record solely because the physical condition or format of the record does not make it readily available. He or she must recopy or prepare an extract of the record within the stated time limits. If a portion of a record contains information exempt from access, the system manager must provide an extract or summary containing all of the releasable information in the record, including a clear, written explanation to the individual of all deletions or changes to the records. 3.6.2 Access to Medical Records Medical records maintained by EPA are not exempt from access provisions, although the Privacy Act authorizes special provisions for them under 552a(f)(3). The system manager may deny an individual direct access to medical or psychological records if he or she, in consultation with a medical doctor, determines that direct disclosure would harm the individual's physical or mental health. In this case, the system manager must offer to send the records to a physician the individual selects. If the system manager denies direct access, he or she sends the record to the individual's physician, explaining why access without proper professional supervision could be harmful to the individual, unless it is obvious from the record. If the individual refuses or fails to designate a physician, the system manager will not provide the record. Such refusal of access is not considered a denial for Privacy Act reporting purposes. 3.6.3 Access to Information Compiled in Anticipation of Civil Action The Privacy Act limits access to any information compiled in reasonable anticipation of a civil proceeding under 5 U.S.C. 552a(dX5V The system manager is not required to disclose to an individual any information compiled in reasonable anticipation of a civil action or proceeding, which includes quasi-judicial and pretrial judicial proceedings. However, he or she is not required to implement this exemption by regulation. Attorney work products prepared in conjunction with quasi-judicial, pretrial and trial proceedings, including those prepared to advise EPA officials of the possible legal consequences of a given course of action are also protected. 3.6.4 Access to Investigatory Records The system manager will process requests by individuals for access to investigatory records pertaining to themselves and compiled for law enforcement purposes that have been incorporated into exempt system of records under the Privacy Act or FOIA. depending on which regulation gives the requester the greatest degree of access. The system manager may not deny an individual access to a record solely because it is in the exempt system. The Agency Privacy Act officer and FOIA officer will collaborate, when appropriate, to give the individual optimal access. The system manager must refer individual requests for access to exempt investigatory records that are temporarily in the possession of a non-investigatory element for settlement or personnel actions to the originating investigating agency. He or she must inform the individual in writing of these referrals. 3.7 Denial of Access The system manager may deny an individual access to a record pertaining to him or her for the following reasons and for the reasons itemized under Section 3.7.1, "Other Reasons to Deny Access." If the record: Was compiled in reasonable anticipation of civil action; ------- til* Is in a system of records that has been exempted from the access provisions of this guidance under one of the permitted exemptions; Contains classified information that has been exempted from the access provision of this regulation under the blanket exemption for such material claimed for all EPA records systems; or Is contained in a system of records for which access may be denied under some other federal statute. The system manager may only deny access to portions of records if the denial serves a legitimate purpose. 3.7.1 Other Reasons to Deny Access The system manager may also deny access if: The individual does not describe the record well enough for employees familiar with the file to locate it with a reasonable amount of effort; or The individual fails or refuses to comply with the established procedural requirements, such as refusing to name a physician to receive medical records when required or refusing to pay fees. The system manager must explain to the individual the specific reason he or she was refused access, and how he or she may obtain it. 3.7.2 Notifying the Individual of Denial of Access Denials of access must be in writing and include: The name, title and signature of the designated denial authority; The date of the denial; The specific reason for the denial, including the specific citation from the Privacy Act or FOIA; Notice to the individual of his or her right to appeal the denial within the 30-calendar-day time limit; and The title and address of the Agency Privacy Act officer. PROCESSING ACCESS APPEALS 3.8 Access Appeal Procedures The Agency must establish internal appeal procedures that provide for: Review by OGC or DIG for systems of records maintained by them, of any appeal by an individual from a denial of access to EPA records. Formal written notification to the individual from the system manager that must include: o The exact reason for denying the appeal, including specific citation to the provisions of the Privacy Act or other statute; o The date of the appeal determination; o The name, title and signature of the appeal authority; and o A statement informing the applicant of his or her right to seek judicial relief. If OGC or DIG grants the appeal, it must notify the individual and provide access to the requested records. The written appeal notification granting or denying access is the final Agency action regarding access. The individual must file any appeals from denial of access within 30 calendar days of receipt of notification. The system manager must process all appeals within 30 days of receipt unless he or she determines that he or she cannot make a fair and equitable review within that period. The system manager must notify the appellant in writing if additional time is required for the appellate review. He ------- or she must also include the reasons for the delay and the date when the individual may expect an answer to the appeal. 3.8.1 Denial of Appeals by Failure to Act A requester may consider his or her appeal formally denied if the appeal authority fails: To act on the appeal within 30 days; To provide the requester with a notice of extension within 30 days; or To act within the time limits established in the notice of extension. PROCESSING REQUESTS FOR AMENDMENTS 3.9 Requests for Amendment An individual may request the amendment of any record contained in a system of records pertaining to him or her, unless the system of records has been exempted specifically from the amendment procedures of this guidance. Normally, amendments under this guidance are limited to correcting factual matters and not matters of official judgment, such as performance ratings, promotion potential and job performance appraisals. The individual's request for amendment must in writing and sent to the EPA Privacy Act Officer. The Privacy Act Officer will assign the request a tracking number. The system manager must not use the written requirement to discourage individuals from requesting valid amendments. A request for amendment must include: A description of the item or items to be amended; The specific reason for the amendment; The type of amendment action sought, i.e., deletion, correction or addition; and Copies of available documentary evidence supporting the request. 3.9.1 Burden of Proof Under 40 CFR 16.5. an individual must support his or her request for amendment adequately for the system manager to approve an amendment request. The individual must submit the request in writing, including his or her name, the name of the system of records, a detailed description of the information they seek to correct or amend, the specific reasons for the correction or amendment and sufficient documentation of identity. 3.9.2 Limits on Previously Submitted Judicial Evidence Individuals may not use this amendment process to alter evidence presented in the course of judicial or quasi-judicial proceedings. The system manager amends these records through specific procedures established for the amendment of such records. This process does not allow a system manager to amend information that has already been the subject of a judicial or quasi-judicial determination. However, an individual may challenge the accuracy of the official recording of that determination. 3.9.3 Sufficiency of a Request to Amend The system manager must consider the following factors when evaluating the sufficiency of a request to amend: The accuracy of the information itself; and The relevancy, timeliness, completeness and necessity of the recorded information for accomplishing an assigned mission or purpose. ------- til* 3.9.4 Time Limits The EPA Privacy Act officer must acknowledge a request to amend in writing within 10 working days of its receipt. There is no need to acknowledge a request if the action is completed within 10 working days and the individual is so informed. The letter of acknowledgment will clearly identify the request and advise the individual when he or she may expect a determination of amendment of his or her records. Only under the most exceptional circumstances will more than 30 days be required to reach a decision on a request to amend. The system manager must also document fully in the Privacy Act case file any such decision that takes more than 30 days to resolve. 3.10 Agreement to Amendments If the system manager decides to grant all or part of an amendment request, he or she will amend the record accordingly and notify the requesting individual. 3.10.1 Notification of Previous Recipients The system manager must notify all previous recipients of the information, as reflected in the Privacy Act case file, of the specific nature and substance of the amendment. (See Section 3.13: Privacy Act Case Files) The system manager must inform the individual of these notifications and honor his or her requests to notify specific federal agencies of the amendment action. 3.11 Denying Amendments If the system manager denies the request for amendment in whole or in part, he or she must promptly notify the individual of the denial in writing, including: The specific reason and authority for denying amendment; Notification that the individual may request further review of the decision by OGC or DIG, as appropriate, not later than 30 working days from the date on which he or she requests such review (5 U.S.C. 552a(d)(3)); The procedures for appealing the decision, citing the position and address of the official to whom he or she must address the appeal; and Where he or she can receive assistance in filing the appeal. 3.12 Amendment Appeal Procedures The Agency must establish procedures to ensure prompt, complete and independent review of each amendment denial appealed by an individual. These procedures must ensure that the reviewing official, i.e., OGC or DIG, receives the appeal, along with all supporting materials, including those sent to the individual and those contained in Agency records. If OGC or DIG denies the appeal completely or in part, it notifies the individual in writing that: It has denied the amendment appeal and the specific reason and authority for the denial; and If filed properly, it will include the statement of disagreement in the record. The individual will also be informed that: He or she may file a statement of disagreement with the EPA office in control of the record, and the procedures for filing this statement; and He or she may seek a judicial review of the decision not to amend. If the record is amended, the system manager must ensure that: He or she promptly notifies the individual of the decision; He or she notifies all prior known recipients and retainers of the records of the decision and the specific nature of the amendment; and He or she notifies the individual which EPA offices and federal agencies have been told of the amendment. ------- til* OGC or DIG, as appropriate, must process all appeals within 30 days unless it determines that it cannot make a fair review within this time limit. If OGC or DIG needs additional time, it must notify the individual in writing of the delay, the reason for the delay and when the individual may expect a final decision on the appeal. OGC or DIG must update the Privacy Act case file to document the reason for the delay. 3.12.1 Statements of Disagreement If OGC or DIG refuses to amend the record, the individual may submit a concise statement of disagreement, setting forth his or her reasons for disagreeing with the decision not to amend. If the individual files a statement of disagreement, the system manager must annotate the record accordingly and furnish copies of the statement to all future recipients of the disputed information, and to all prior recipients known to hold the disputed record in their systems of records. OGC or DIG should incorporate the statement of disagreement into the record. If this is not possible, it must ensure that it is apparent from the record that the individual filed a statement of disagreement. The system manager must maintain the statement so that it can be obtained readily when the disputed information is used or disclosed. He or she must annotate automated record systems that are not programmed to accept statements of disagreement so that they clearly indicate that a statement of disagreement is on file and identify the statement with the disputed information in the system. The system manager also must provide a copy of the statement of disagreement whenever he or she discloses the disputed information for any purpose. 3.12.2 EPA Summaries of Reasons for Refusing to Amend OGC or DIG may, at its discretion, include a summary of reasons for refusing to amend any record for which a requester filed a statement of disagreement. OGC or DIG should only include the reasons it gave the individual for not amending the record, and not include comments on the statement of disagreement itself. OGC or DIG must file the summary and statement of disagreement together. When disclosing information for which an individual filed a summary, the system manager may include a copy of the summary in the file. ESTABLISHING PRIVACY ACT CASE FILES 3.13 Privacy Act Case Files All Agency offices involved in the amendment or access process should establish Privacy Act case files to retain the documentation they receive and generate for each unique record request. The Privacy Act case file will contain: The request for amendment or access; Copies of the EPA office's reply granting or denying the request; Any appeals from the individual; Copies of the action regarding the appeal with supporting documentation not in the basic file; and Any other correspondence generated in processing the appeal, including coordination documentation. The system manager should include only the items listed below in the system of records challenged for amendment or for which access is sought. He or she must not retain copies of unamended records in the basic system of records if OGC or DIG grants a request for amendment. The system manager must include these items relating to an amendment request in the disputed record system: Copies of the amended record; The individual's statement of disagreement; ------- til* Program office summaries; and Documentation the individual submits. The system manager may include the following items relating to an access request in the basic records system: Copies of the request; Program office's action granting or denying total access; Appeals filed; and Replies to the appeal. Chapter 4. Physical Safeguards 1. PURPOSE. This Chapter prescribes policy and procedures regarding the physical safeguards of information within EPA which has been identified as being subject to the Privacy Act of 1974. 2. POLICY. It is EPA policy that all privacy information be safeguarded in accordance with the requirements of the Privacy Act, the applicable Federal Register notice for the System, the Security Volume, FSS Manual, Part III, Chapter 13, and the procedures outlined in this Chapter. 3. PROTECTION OF PRIVACY ACT RECORDS. a. Handling. 1. Only EPA employees who require access to Privacy Act records in the performance of their official duties shall be permitted to review such documents. 2. Privacy Act records, while in use, shall be controlled at all times and never left in an unattended office. 3. Internal distribution within the Agency shall be by hand-carrying or transmitted within a sealed envelope and the intended recipient properly identified on the envelope. In addition, the envelope should be annotated "To be opened by addressee only," or a similar notation. b. Storage. All Privacy Act records shall be stored as outlined in the current Federal Register notice for that System of Records. Guidelines for storing existing and future Systems are outlined below: 1. Within a keylocked cabinet within a keylocked room. 2. When the office configuration does not permit a keylocked room, the storage cabinet should have a bar and a three positioned changeable combination padlock. 3. Within a security cabinet with a built-in three position changeable combination lock. 4. Any other manner authorized by the Chief, General Services Branch, Facilities and Support Services Division. 4. TRANSFER/DESTRUCTION OF PRIVACY ACT RECORDS. a. System Managers contemplating transfer to the Federal Records Center or destruction of information in a System of Records should determine that such data is eligible for transfer/destruction under authorized retention periods in the EPA Records Control Schedules. b. Destruction, when authorized by EPA Schedules, must be by shredding or pulping or other method that makes the data unretrievable. (The Security and Records staffs are available for assistance concerning the proper method of destruction.) ------- |