Book Read Free

Advanced Criminal Investigations and Intelligence Operations

Page 54

by Unknown


  396

  Appendix D: Consumer and Credit Data Privacy Laws

  (vi) matches performed for foreign counterintelligence pur-

  poses or to produce background checks for security

  clearances of Federal personnel or Federal contractor

  personnel;

  (vii) matches performed incident to a levy described in sec-

  tion 6103(k)(8) of the Internal Revenue Code of 1986; or

  (vi i) matches performed pursuant to section 202(x)(3) or

  1611(e)(1) of the Social Security Act (42 U.S.C. § 402(x)(3),

  § 1382(e)(1));

  (9) the term “recipient agency” means any agency, or contractor

  thereof, receiving records contained in a system of records from

  a source agency for use in a matching program;

  (10) the term “non-Federal agency” means any State or local govern-

  ment, or agency thereof, which receives records contained in a

  system of records from a source agency for use in a matching

  program;

  (11) the term “source agency” means any agency which discloses

  records contained in a system of records to be used in a match-

  ing program, or any State or local government, or agency thereof,

  which discloses records to be used in a matching program;

  (12) the term “Federal benefit program” means any program admin-

  istered or funded by the Federal Government, or by any agent

  or State on behalf of the Federal Government, providing cash or

  in-kind assistance in the form of payments, grants, loans, or loan

  guarantees to individuals; and

  (13) the term “Federal personnel” means officers and employees of

  the Government of the United States, members of the uniformed

  services (including members of the Reserve Components),

  individuals entitled to receive immediate or deferred retirement

  benefits under any retirement program of the Government of the

  United States (including survivor benefits).

  (b) Conditions of disclosure. No agency shall disclose any record

  which is contained in a system of records by any means of com-

  munication to any person, or to another agency, except pursuant

  to a written request by, or with the prior written consent of, the

  individual to whom the record pertains, unless disclosure of the

  record would be—

  (1) to those officers and employees of the agency which maintains

  the record who have a need for the record in the performance of

  their duties;

  (2) required under section 552 of this title;

  (3) for a routine use as defined in subsection (a)(7) of this section

  and described under subsection (e)(4)(D) of this section;

  Appendix D: Consumer and Credit Data Privacy Laws

  397

  (4) to the Bureau of the Census for purposes of planning or carrying

  out a census or survey or related activity pursuant to the provisions

  of Title 13;

  (5) to a recipient who has provided the agency with advance adequate

  written assurance that the record will be used solely as a statisti-

  cal research or reporting record, and the record is to be trans-

  ferred in a form that is not individually identifiable;

  (6) to the National Archives and Records Administration as a record

  which has sufficient historical or other value to warrant its

  continued preservation by the United States Government, or

  for evaluation by the Archivist of the United States or the des-

  ignee of the Archivist to determine whether the record has

  such value;

  (7) to another agency or to an instrumentality of any governmental

  jurisdiction within or under the control of the United States for a

  civil or criminal law enforcement activity if the activity is autho-

  rized by law, and if the head of the agency or instrumentality has

  made a written request to the agency which maintains the record

  specifying the particular portion desired and the law enforce-

  ment activity for which the record is sought;

  (8) to a person pursuant to a showing of compelling circumstances

  affecting the health or safety of an individual if upon such dis-

  closure notification is transmitted to the last known address of

  such individual;

  (9) to either House of Congress, or, to the extent of matter within

  its jurisdiction, any committee or subcommittee thereof, any

  joint committee of Congress or subcommittee of any such joint

  committee;

  (10) to the Comptroller General, or any of his authorized represen-

  tatives, in the course of the performance of the duties of the

  General Accounting Office;

  (11) pursuant to the order of a court of competent jurisdiction; or

  (12) to a consumer reporting agency in accordance with section

  3711(e) of Title 31.

  (c) Accounting of Certain Disclosures. Each agency, with respect to

  each system of records under its control, shall—

  (1) except for disclosures made under subsections (b)(1) or (b)(2) of

  this section, keep an accurate accounting of—

  (A) the date, nature, and purpose of each disclosure of a record

  to any person or to another agency made under subsection

  (b) of this section; and

  (B) the name and address of the person or agency to whom the

  disclosure is made;

  398

  Appendix D: Consumer and Credit Data Privacy Laws

  (2) retain the accounting made under paragraph (1) of this subsec-

  tion for at least five years or the life of the record, whichever is

  longer, after the disclosure for which the accounting is made;

  (3) except for disclosures made under subsection (b)(7) of this sec-

  tion, make the accounting made under paragraph (1) of this

  subsection available to the individual named in the record at his

  request; and

  (4) inform any person or other agency about any correction or nota-

  tion of dispute made by the agency in accordance with subsection

  (d) of this section of any record that has been disclosed to the

  person or agency if an accounting of the disclosure was made.

  (d) Access to records. Each agency that maintains a system of records

  shall—

  (1) upon request by any individual to gain access to his record or

  to any information pertaining to him which is contained in the

  system, permit him and upon his request, a person of his own

  choosing to accompany him, to review the record and have a

  copy made of all or any portion thereof in a form comprehen-

  sible to him, except that the agency may require the individual to

  furnish a written statement authorizing discussion of that indi-

  vidual’s record in the accompanying person’s presence;

  (2) permit the individual to request amendment of a record pertain-

  ing to him and—

  (A) not later than 10 days (excluding Saturdays, Sundays, and

  legal public holidays) after the date of receipt of such request,

  acknowledge in writing such receipt; and

  (B) promptly, either—

  (i) make any correction of any portion thereof which the

  individual believes is not accurate, relevant, timely, or

  complete; or

  (ii) inform the individual of its refusal to amend the record

  in accor
dance with his request, the reason for the

  refusal, the procedures established by the agency for

  the individual to request a review of that refusal by the

  head of the agency or an officer designated by the head

  of the agency, and the name and business address of

  that official;

  (3) permit the individual who disagrees with the refusal of the

  agency to amend his record to request a review of such refusal,

  and not later than 30 days (excluding Saturdays, Sundays, and

  legal public holidays) from the date on which the individual

  requests such review, complete such review and make a final

  determination unless, for good cause shown, the head of the

  Appendix D: Consumer and Credit Data Privacy Laws

  399

  agency extends such 30-day period; and if, after his review,

  the reviewing official also refuses to amend the record in

  accordance with the request, permit the individual to file

  with the agency a concise statement setting forth the rea-

  sons for his disagreement with the refusal of the agency, and

  notify the individual of the provisions for judicial review of

  the reviewing official’s determination under subsection (g)(1)

  (A) of this section;

  (4) in any disclosure, containing information about which the indi-

  vidual has filed a statement of disagreement, occurring after

  the filing of the statement under paragraph (3) of this subsec-

  tion, clearly note any portion of the record which is disputed and

  provide copies of the statement and, if the agency deems it

  appropriate, copies of a concise statement of the reasons of the

  agency for not making the amendments requested, to persons

  or other agencies to whom the disputed record has been dis-

  closed; and

  (5) nothing in this section shall allow an individual access to any

  information compiled in reasonable anticipation of a civil action

  or proceeding.

  (e) Agency requirements. Each agency that maintains a system of

  records shall—

  (1) maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency

  required to be accomplished by statute or by Executive order of

  the President;

  (2) collect information to the greatest extent practicable directly

  from the subject individual when the information may result

  in adverse determinations about an individual’s rights, benefits,

  and privileges under Federal programs;

  (3) inform each individual whom it asks to supply information, on

  the form which it uses to collect the information or on a separate

  form that can be retained by the individual—

  (A) the authority (whether granted by statute, or by Executive

  order of the President) which authorizes the solicitation of

  the information and whether disclosure of such information

  is mandatory or voluntary;

  (B) the principal purpose or purposes for which the information

  is intended to be used;

  (C) the routine uses which may be made of the information, as

  published pursuant to paragraph (4)(D) of this subsection; and

  (D) the effects on him, if any, of not providing all or any part of

  the requested information;

  400

  Appendix D: Consumer and Credit Data Privacy Laws

  (4) subject to the provisions of paragraph (11) of this subsection,

  publish in the Federal Register upon establishment or revision

  a notice of the existence and character of the system of records,

  which notice shall include—

  (A) the name and location of the system;

  (B) the categories of individuals on whom records are maintained

  in the system;

  (C) the categories of records maintained in the system;

  (D) each routine use of the records contained in the sys-

  tem, including the categories of users and the purpose of

  such use;

  (E) the policies and practices of the agency regarding storage,

  retrievability, access controls, retention, and disposal of the

  records;

  (F) the title and business address of the agency official who is

  responsible for the system of records;

  (G) the agency procedures whereby an individual can be noti-

  fied at his request if the system of records contains a record

  pertaining to him;

  (H) the agency procedures whereby an individual can be notified

  at his request how he can gain access to any record pertain-

  ing to him contained in the system of records, and how he

  can contest its content; and

  (I) the categories of sources of records in the system;

  (5) maintain all records which are used by the agency in making

  any determination about any individual with such accuracy, rel-

  evance, timeliness, and completeness as is reasonably necessary

  to assure fairness to the individual in the determination;

  (6) prior to disseminating any record about an individual to any

  person other than an agency, unless the dissemination is made

  pursuant to subsection (b)(2) of this section, make reasonable

  efforts to assure that such records are accurate, complete, timely,

  and relevant for agency purposes;

  (7) maintain no record describing how any individual exercises

  rights guaranteed by the First Amendment unless expressly

  authorized by statute or by the individual about whom the record

  is maintained or unless pertinent to and within the scope of an

  authorized law enforcement activity;

  (8) make reasonable efforts to serve notice on an individual when

  any record on such individual is made available to any person

  under compulsory legal process when such process becomes a

  matter of public record;

  Appendix D: Consumer and Credit Data Privacy Laws

  401

  (9) establish rules of conduct for persons involved in the design,

  development, operation, or maintenance of any system of records,

  or in maintaining any record, and instruct each such person with

  respect to such rules and the requirements of this section, includ-

  ing any other rules and procedures adopted pursuant to this sec-

  tion and the penalties for noncompliance;

  (10) establish appropriate administrative, technical and physical

  safeguards to insure the security and confidentiality of records

  and to protect against any anticipated threats or hazards to their

  security or integrity which could result in substantial harm,

  embarrassment, inconvenience, or unfairness to any individual

  on whom information is maintained;

  (11) at least 30 days prior to publication of information under

  paragraph (4)(D) of this subsection, publish in the Federal

  Register notice of any new use or intended use of the informa-

  tion in the system, and provide an opportunity for interested

  persons to submit written data, views, or arguments to the

  agency; and

  (12) if such agency is a recipient agency or a source agency in a

  matching program with a non-Federal agency, with respect to

  any establishment or revision of a matching program, at least 30

  days prior to conducting such program, publ
ish in the Federal

  Register notice of such establishment or revision.

  (f) Agency rules. In order to carry out the provisions of this section, each agency that maintains a system of records shall promulgate rules, in

  accordance with the requirements (including general notice) of sec-

  tion 553 of this title, which shall—

  (1) establish procedures whereby an individual can be notified in

  response to his request if any system of records named by the

  individual contains a record pertaining to him;

  (2) define reasonable times, places, and requirements for identifying

  an individual who requests his record or information pertaining

  to him before the agency shall make the record or information

  available to the individual;

  (3) establish procedures for the disclosure to an individual upon his

  request of his record or information pertaining to him, including

  special procedure, if deemed necessary, for the disclosure to an

  individual of medical records, including psychological records,

  pertaining to him;

  (4) establish procedures for reviewing a request from an individual

  concerning the amendment of any record or information per-

  taining to the individual, for making a determination on the

  402

  Appendix D: Consumer and Credit Data Privacy Laws

  request, for an appeal within the agency of an initial adverse

  agency determination, and for whatever additional means may

  be necessary for each individual to be able to exercise fully his

  rights under this section; and

  (5) establish fees to be charged, if any, to any individual for mak-

  ing copies of his record, excluding the cost of any search for and

  review of the record.

 

‹ Prev