[Federal Register: May 22, 2003 (Volume 68, Number 99)]
[Rules and Regulations]
[Page 27891-27897]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr22my03-1]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
Prices of new books are listed in the first FEDERAL REGISTER issue of each
week.
========================================================================
[[Page 27891]]
OFFICE OF GOVERNMENT ETHICS
5 CFR Part 2606
RIN 3209-AA18
Privacy Act; Implementation
AGENCY: Office of Government Ethics (OGE).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Office of Government Ethics is adopting as final, with two
minor changes, a proposed rule establishing procedures relating to
access, maintenance, disclosure, and amendment of records which are in
OGE systems of records under the Privacy Act of 1974. This rule also
establishes rules of conduct for OGE personnel who have
responsibilities under that Act.
EFFECTIVE DATE: May 22, 2003.
FOR FURTHER INFORMATION CONTACT: Elaine Newton, Attorney Advisor,
Office of Government Ethics, Suite 500, 1201 New York Avenue, NW.,
Washington, DC 20005-3917; telephone: 202-208-8000; TDD: 202-208-8025;
FAX: 202-208-8037.
SUPPLEMENTARY INFORMATION: In this rulemaking document, OGE is adopting
final rules under the Privacy Act, 5 U.S.C. 552a. On January 22, 2003,
at 68 FR 2923-2929, OGE published a proposed rule that would establish
procedures relating to OGE systems of records under the Privacy Act,
for codification at 5 CFR part 2606. The proposed rule invited comments
from the public, to be received by OGE on or before March 24, 2003. No
comments were received. After consultation with the Office of
Management and Budget during the course of Executive Order 12866 review
of this final rule, OGE has determined that only two minor changes are
needed to the proposed rule in adopting it as final. The first change
is that OGE is dropping the proposed reference in Sec. 2606.203(c) to
any possible fee for certified copies of records when such are
provided. Instead, the section simply provides that OGE and concerned
agencies generally will not furnish certified copies of records. The
second change is that OGE is clarifying in Sec. 2606.206(a)(2)(ii)(B)
that only a previous failure to timely pay a Privacy Act fee can serve
as an alternate basis for the possible requirement of an advance
payment for additional copies of records being provided under the
Privacy Act.
In addition, OGE published in the Federal Register on January 22,
2003 (in a separate part II), at 68 FR 3097-3109, a notice of proposed
new and revised systems of records under the Privacy Act. Public
comments were invited, to be received by OGE by March 24, 2003.
Likewise, OGE did not receive any comments on the notice. Pursuant to
that notice, the new and revised records systems will become effective
on May 22, 2003 without change (except for the correction of some minor
errors, see 68 FR 24744 (May 8, 2003)). Therefore, OGE is making this
final rule effective on the same date, May 22, 2003.
Administrative Procedure Act
Pursuant to 5 U.S.C. 553(d), as Director of the Office of
Government Ethics, I find good cause exists for waiving the 30-day
delay in effectiveness as to this final rule. The delayed effective
date provision is being waived in part because this final OGE Privacy
Act rule makes only two minor changes to the previously published
proposed rule (as explained above). Furthermore, it is in the public
interest that this OGE Privacy Act regulation become effective on the
same date, May 22, 2003, as OGE's new and revised Privacy Act systems
of records.
Executive Order 12866
In promulgating this final rule, the Office of Government Ethics
has adhered to the regulatory philosophy and the applicable principles
of regulation set forth in section 1 of Executive Order 12866,
Regulatory Planning and Review. This regulation has also been approved
by the Office of Management and Budget under the Executive order.
Executive Order 12988
As Director of the Office of Government Ethics, I have reviewed
this final rule in light of section 3 of Executive Order 12988, Civil
Justice Reform, and certify that it meets the applicable standards
provided therein.
Regulatory Flexibility Act
As Director of the Office of Government Ethics, I certify under the
Regulatory Flexibility Act (5 U.S.C. chapter 6) that this regulation
will not have a significant economic impact on a substantial number of
small entities, because it will primarily affect current and former
executive branch Federal employees.
Unfunded Mandates Reform Act
For purposes of the Unfunded Mandates Reform Act of 1995 (2 U.S.C.
chapter 25, subpart II), this regulation would not significantly or
uniquely affect small governments and would not result in increased
expenditures by State, local, and tribal governments, in the aggregate,
or by the private sector, of $100 million or more (as adjusted for
inflation) in any one year.
Paperwork Reduction Act
The Paperwork Reduction Act (44 U.S.C. chapter 35) does not apply
to this regulation because it does not contain information collection
requirements that require the approval of the Office of Management and
Budget.
Congressional Review Act
The Office of Government Ethics has determined that this regulation
involves a nonmajor rule under the Congressional Review Act (5 U.S.C.
chapter 8) and will submit a report thereon to the U.S. Senate, House
of Representatives and General Accounting Office in accordance with
that law at the same time this rulemaking document is sent to the
Office of the Federal Register for publication in the Federal Register.
List of Subjects in 5 CFR Part 2606
Administrative practice and procedure, Archives and records,
Conflict of interests, Government employees, Privacy Act.
Approved: May 16, 2003.
Amy L. Comstock,
Director, Office of Government Ethics.
0
Accordingly, for the reasons set forth in the preamble, the Office of
Government Ethics is amending subchapter A of chapter XVI of title 5 of
[[Page 27892]]
the Code of Federal Regulations by adding part 2606 to read as follows:
PART 2606--PRIVACY ACT RULES
Subpart A--General Provisions
Sec.
2606.101 Purpose.
2606.102 Definitions.
2606.103 Systems of records.
2606.104 OGE and agency responsibilities.
2606.105 Rules for individuals seeking to ascertain if they are the
subject of a record.
2606.106 OGE employee Privacy Act rules of conduct and
responsibilities.
Subpart B--Access to Records and Accounting of Disclosures
2606.201 Requests for access.
2606.202 OGE or other agency action on requests.
2606.203 Granting access.
2606.204 Request for review of an initial denial of access.
2606.205 Response to a request for review of an initial denial of
access.
2606.206 Fees.
2606.207 Accounting of disclosures.
Subpart C--Amendment of Records
2606.301 Requests to amend records.
2606.302 OGE or other agency action on requests.
2606.303 Request for review of an initial refusal to amend a record.
2606.304 Response to a request for review of an initial refusal to
amend; disagreement statements.
Authority: 5 U.S.C. 552a, 5 U.S.C. App. (Ethics in Government
Act of 1978).
Subpart A--General Provisions
Sec. 2606.101 Purpose.
This part sets forth the regulations of the Office of Government
Ethics (OGE) implementing the Privacy Act of 1974, as amended (5 U.S.C.
552a). It governs access, maintenance, disclosure, and amendment of
records contained in OGE's executive branch Governmentwide and internal
systems of records, and establishes rules of conduct for OGE employees
who have responsibilities under the Act.
Sec. 2606.102 Definitions.
For the purpose of this part, the terms listed below are defined as
follows:
Access means providing a copy of a record to, or allowing review of
the original record by, the data subject or the requester's authorized
representative, parent or legal guardian;
Act means the Privacy Act of 1974, as amended, 5 U.S.C. 552a;
Amendment means the correction, addition, deletion, or destruction
of a record or specific portions of a record;
Data subject means the individual to whom the information pertains
and by whose name or other individual identifier the information is
maintained or retrieved;
He, his, and him include she, hers and her.
Office or OGE means the U.S. Office of Government Ethics;
System manager means the Office or other agency official who has
the authority to decide Privacy Act matters relative to a system of
records;
System of records means a group of any records containing personal
information controlled and managed by OGE from which information is
retrieved by the name of an individual or by some personal identifier
assigned to that individual;
Working day as used in calculating the date when a response is due
means calendar days, excepting Saturdays, Sundays, and legal public
holidays.
Sec. 2606.103 Systems of records.
(a) Governmentwide systems of records. The Office of Government
Ethics maintains two executive branch Governmentwide systems of
records: the OGE/GOVT-1 system of records, comprised of Executive
Branch Personnel Public Financial Disclosure Reports and Other Name-
Retrieved Ethics Program Records; and the OGE/GOVT-2 system of records,
comprised of Executive Branch Confidential Financial Disclosure
Reports. These Governmentwide systems of records are maintained by OGE,
and through Office delegations of authority, by Federal executive
branch departments and agencies with regard to their own employees,
applicants for employment, individuals nominated to a position
requiring Senate confirmation, candidates for a position, and former
employees.
(b) OGE Internal systems of records. The Office of Government
Ethics internal systems of records are under OGE's physical custody and
control and are established and maintained by the Office on current and
former OGE employees regarding matters relating to the internal
management of the Office. These systems of records consist of the OGE/
INTERNAL-1 system, comprised of Pay, Leave and Travel Records; the OGE/
INTERNAL-2 system, comprised of Telephone Call Detail Records; the OGE/
INTERNAL-3 system, comprised of Grievance Records; the OGE/INTERNAL-4
system, comprised of Computer Systems Activity and Access Records; and
the OGE/INTERNAL-5 system, comprised of Employee Locator and Emergency
Notification Records.
Sec. 2606.104 OGE and agency responsibilities.
(a) The procedures in this part apply to:
(1) All initial Privacy Act access and amendment requests regarding
records contained in an OGE system of records.
(2) Administrative appeals from an Office or agency denial of an
initial request for access to, or to amend, records contained in an OGE
system of records.
(b) For records contained in an OGE Governmentwide system of
records, each agency is responsible (unless specifically excepted by
the Office) for responding to initial requests for access or amendment
of records in its custody and administrative appeals of denials
thereof.
(c) For records and material of another agency that are in the
custody of OGE, but not under its control or ownership, OGE may refer a
request for the records to that other agency, consult with the other
agency prior to responding, or notify the requester that the other
agency is the proper agency to contact.
Sec. 2606.105 Rules for individuals seeking to ascertain if they are
the subject of a record.
An individual seeking to ascertain if any OGE system of records
contains a record pertaining to him must follow the access procedures
set forth at Sec. 2606.201(a) and (b).
Sec. 2606.106 OGE employee Privacy Act rules of conduct and
responsibilities.
Each OGE employee involved in the design, development, operation,
or maintenance of any system of records, or in maintaining any record
covered by the Privacy Act, shall comply with the pertinent provisions
of the Act relating to the treatment of such information. Particular
attention is directed to the following provisions of the Privacy Act:
(a) 5 U.S.C. 552a(e)(7). The requirement to maintain in a system of
records no record describing how any individual exercises rights
guaranteed by the First Amendment of the Constitution of the United
States unless expressly authorized by statute or by the individual
about whom the record is maintained or unless pertinent to and within
the scope of an authorized law enforcement activity.
(b) 5 U.S.C. 552a(b). The requirement that no agency shall disclose
any record which is contained in a system of records by any means of
communication to any person or to another agency, except pursuant to a
written request by, or with the prior written consent of, the
individual to whom the record pertains, except under certain limited
conditions specified in subsections (b)(1) through (b)(12) of the
Privacy Act.
[[Page 27893]]
(c) 5 U.S.C. 552a(e)(1). The requirement for an agency to maintain
in its systems of records only such information about an individual as
is relevant and necessary to accomplish a purpose of the agency
required to be accomplished by statute or by Executive order.
(d) 5 U.S.C. 552a(e)(2). The requirement to collect information to
the greatest extent practicable directly from the subject individual
when the information may result in adverse determinations about an
individual's rights, benefits, and privileges under Federal programs.
(e) 5 U.S.C. 552a(e)(3). The requirement to inform each individual
asked to supply information to be maintained in a system of records the
authority which authorizes the solicitation of the information and
whether disclosure of such information is mandatory or voluntary; the
principal purpose or purposes for which the information is intended to
be used; the routine uses which may be made of the information; and the
effects on the individual, if any, of not providing all or any part of
the requested information.
(f) 5 U.S.C. 552a(b) and (e)(10). The requirement to comply with
established safeguards and procedures to ensure the security and
confidentiality of records and to protect personal data from any
anticipated threats or hazards to their security or integrity which
could result in substantial harm, embarrassment, inconvenience, or
unfairness to an individual on whom information is maintained in a
system of records.
(g) 5 U.S.C. 552a(c)(1), (c)(2) and (c)(3). The requirement to
maintain an accounting of specified disclosures of personal information
from systems of records in accordance with established Office
procedures.
(h) 5 U.S.C. 552a(e)(5) and (e)(6). The requirements to maintain
all records in a system of records which are used by the agency in
making any determination about an individual with such accuracy,
relevance, timeliness, and completeness as is reasonably necessary to
assure fairness to the individual in the determination; and to make
reasonable efforts to assure that such records are accurate, complete,
timely, and relevant for agency purposes, prior to disseminating any
record about an individual to any person other than an agency (unless
the dissemination is required by the Freedom of Information Act, 5
U.S.C. 552).
(i) 5 U.S.C. 552a(d)(1), (d)(2) and (d)(3). The requirement to
permit individuals to have access to records pertaining to themselves
in accordance with established Office procedures and to have an
opportunity to request that such records be amended.
(j) 5 U.S.C. 552a(c)(4) and (d)(4). The requirement to inform any
person or other agency about any correction or notation of dispute made
by the agency in accordance with subsection (d) of the Act of any
record that has been disclosed to the person or agency if an accounting
of the disclosure was made; and, in any disclosure of information about
which an individual has filed a statement of disagreement, to note
clearly any portion of the record which is disputed and to provide
copies of the statement (and if the agency deems it appropriate, copies
of a concise statement of the reasons of the agency for not making the
amendments requested) to persons or other agencies to whom the disputed
record has been disclosed.
(k) 5 U.S.C. 552a(n). The requirement for an agency not to sell or
rent an individual's name or address, unless such action is
specifically authorized by law.
(l) 5 U.S.C. 552a(i). The criminal penalties to which an employee
may be subject for failing to comply with certain provisions of the
Privacy Act.
Subpart B--Access to Records and Accounting of Disclosures
Sec. 2606.201 Requests for access.
(a) Records in an OGE Governmentwide system of records. An
individual requesting access to records pertaining to him in an OGE
Governmentwide system of records should submit a written request, which
includes the words ``Privacy Act Request'' on both the envelope and at
the top of the request letter, to the appropriate system manager as
follows:
(1) Records filed directly with OGE by non-OGE employees: The
Deputy Director, Office of Agency Programs, Office of Government
Ethics, Suite 500, 1201 New York Avenue, NW., Washington, DC 20005-
3917;
(2) Records filed with a Designated Agency Ethics Official (DAEO)
or the head of a department or agency: The DAEO at the department or
agency concerned; or
(3) Records filed with the Federal Election Commission by
candidates for President or Vice President: The General Counsel, Office
of General Counsel, Federal Election Commission, 999 E Street, NW.,
Washington, DC 20463.
(b) Records in an OGE Internal System of Records. An individual
requesting access to records pertaining to him in an OGE internal
system of records should submit a written request, which includes the
words ``Privacy Act Request'' on both the envelope and at the top of
the request letter, to the Deputy Director, Office of Administration
and Information Management, Office of Government Ethics, Suite 500,
1201 New York Avenue, NW., Washington, DC 20005-3917.
(c) Content of request. (1) A request should contain a specific
reference to the OGE system of records from which access to the records
is sought. Notices of OGE systems of records subject to the Privacy Act
are published in the Federal Register, and copies of the notices are
available on OGE's Web site at http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.usoge.gov, or upon request
from OGE's Office of General Counsel and Legal Policy. A biennial
compilation of such notices also is made available online and published
by the Office of Federal Register at the GPO Access Web site (http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml
) in accordance with 5
U.S.C. 552a(f) of the Act.
(2) If the written inquiry does not refer to a specific system of
records, it should include other information that will assist in the
identification of the records for which access is being requested. Such
information may include, for example, the individual's full name
(including her maiden name, if pertinent), dates of employment, social
security number (if any records in the system include this identifier),
current or last place and date of Federal employment. If the request
for access follows a prior request to determine if an individual is the
subject of a record, the same identifying information need not be
included in the request for access if a reference is made to that prior
correspondence, or a copy of the response to that request is attached.
(3) The request should state whether the requester wants a copy of
the record, or wants to examine the record in person.
Sec. 2606.202 OGE or other agency action on requests.
A response to a request for access should include the following:
(a) A statement that there is a record or records as requested or a
statement that there is not a record in the system of records;
(b) The method of access (if a copy of all the records requested is
not provided with the response);
(c) The amount of any fees to be charged for copies of records
under Sec. 2606.206 of this part or other agencies' Privacy Act
regulations as referenced in that section;
[[Page 27894]]
(d) The name, title, and telephone number of the official having
operational control over the record; and
(e) If the request is denied in whole or in part, or no record is
found in the system, a statement of the reasons for the denial, or a
statement that no record has been found, and notice of the procedures
for appealing the denial or no record finding.
Sec. 2606.203 Granting access.
(a) The methods for allowing access to records, when such access
has been granted by OGE or the other agency concerned are:
(1) Examination in person in a designated office during the hours
specified by OGE or the other agency;
(2) Providing photocopies of the records; or
(3) Transfer of records at the option of OGE or the other agency to
another more convenient Federal facility.
(b) When a requester has not indicated whether he wants a copy of
the record, or wants to examine the record in person, the appropriate
system manager may choose the means of granting access. However, the
means chosen should not unduly impede the data subject's right of
access. A data subject may elect to receive a copy of the records after
having examined them.
(c) Generally, OGE or the other agency concerned will not furnish
certified copies of records. When copies are to be furnished, they may
be provided as determined by OGE or the other agency concerned.
(d) When the data subject seeks to obtain original documentation,
the Office and the other agencies concerned reserve the right to limit
the request to copies of the original records. Original records should
be made available for review only in the presence of the appropriate
system manager or his designee.
Note to paragraph (d) of Sec. 2606.203: Section 2071(a) of
title 18 of the United States Code makes it a crime to conceal,
remove, mutilate, obliterate, or destroy any record filed in a
public office, or to attempt to do so.
(e) Identification requirements--(1) Access granted in person--(i)
Current or former employees. Current or former employees requesting
access to records pertaining to them in a system of records may, in
addition to the other requirements of this section, and at the sole
discretion of the official having operational control over the record,
have their identity verified by visual observation. If the current or
former employee cannot be so identified by the official having
operational control over the records, adequate identification
documentation will be required, e.g., an employee identification card,
driver's license, passport, or other officially issued document with a
picture of the person requesting access.
(ii) Other than current or former employees. Individuals other than
current or former employees requesting access to records pertaining to
them in a system of records must produce adequate identification
documentation prior to being granted access. The extent of the
identification documentation required will depend on the type of
records to be accessed. In most cases, identification verification will
be accomplished by the presentation of two forms of identification with
a picture of the person requesting access (such as a driver's license
and passport). Any additional requirements are specified in the system
notices published pursuant to subsection (e)(4) of the Act.
(2) Access granted by mail. For records to be accessed by mail, the
appropriate system manager shall, to the extent possible, establish
identity by a comparison of signatures in situations where the data in
the record is not so sensitive that unauthorized access could cause
harm or embarrassment to the individual to whom they pertain. No
identification documentation will be required for the disclosure to the
data subject of information required to be made available to the public
by 5 U.S.C. 552, the Freedom of Information Act. When, in the opinion
of the system manager, the granting of access through the mail could
reasonably be expected to result in harm or embarrassment if disclosed
to a person other than the individual to whom the record pertains, a
notarized statement of identity or some similar assurance of identity
may be required.
(3) Unavailability of identification documentation. If an
individual is unable to produce adequate identification documentation,
the individual will be required to sign a statement asserting identity
and acknowledging that knowingly or willfully seeking or obtaining
access to records about another person under false pretenses may result
in a criminal fine of up to $5,000 under subsection (i)(3) of the Act.
In addition, depending upon the sensitivity of the records sought to be
accessed, the appropriate system manager or official having operational
control over the records may require such further reasonable assurances
as may be considered appropriate, e.g., statements of other individuals
who can attest to the identity of the data subject. No verification of
identity will be required of data subjects seeking access to records
which are otherwise available to any person under 5 U.S.C. 552.
(4) Inadequate identification. If the official having operational
control over the records in a system of records determines that an
individual seeking access has not provided sufficient identification
documentation to permit access, the official shall consult with the
appropriate system manager prior to denying the individual access.
Whenever the system manager determines, in accordance with the
procedures herein, that access will not be granted, the response will
also include a statement of the procedures to obtain a review of the
decision to deny access in accordance with Sec. 2606.205.
(f) Access by the parent of a minor, or legal guardian. A parent of
a minor, upon presenting suitable personal identification as otherwise
provided under this section, may access on behalf of the minor any
record pertaining to the minor in a system of records. A legal
guardian, upon presentation of documentation establishing guardianship
and suitable personal identification as otherwise provided under this
section, may similarly act on behalf of a data subject declared to be
incompetent due to physical or mental incapacity or age by a court of
competent jurisdiction. Minors are not precluded from exercising on
their own behalf rights given to them by the Privacy Act.
(g) Accompanying individual. A data subject requesting access to
his records in a system of records may be accompanied by another
individual of the data subject's choice during the course of the
examination of the record. The official having operational control of
the record may require the data subject making the request to submit a
signed statement authorizing the accompanying individual's access to
the record.
(h) Access to medical records. When a request for access involves
medical or psychological records that the appropriate system manager
believes requires special handling, the data subject should be advised
that the material will be provided only to a physician designated by
the data subject. Upon receipt of the designation and upon verification
of the physician's identity as otherwise provided under this section,
the records will be made available to the physician, who will disclose
those records to the data subject.
(i) Exclusion. Nothing in these regulations permits a data
subject's access to any information compiled in reasonable anticipation
of a civil action
[[Page 27895]]
or proceeding (see subsection (d)(5) of the Act).
(j) Maximum access. This regulation is not intended to preclude
access by a data subject to records that are available to that
individual under other processes, such as the Freedom of Information
Act (5 U.S.C. 552) or the rules of civil or criminal procedure,
provided that the appropriate procedures for requesting access
thereunder are followed.
Sec. 2606.204 Request for review of an initial denial of access.
(a)(1) A data subject may submit a written appeal of the decision
by OGE or the other agency to deny an initial request for access to
records or a no record response.
(i) For records filed directly with OGE, the appeal must be
submitted to the Director, Office of Government Ethics, Suite 500, 1201
New York Avenue, NW., Washington, DC 20005-3917.
(ii) For records in OGE's executive branch Governmentwide systems
of records that are filed directly with an agency (including the
Federal Election Commission) other than OGE, the appeal must be
submitted to the Privacy Act access appeals official as specified in
the agency's own Privacy Act regulations or the respective head of the
agency concerned if it does not have any Privacy Act regulations.
(2) The words ``Privacy Act Appeal'' should be included on the
envelope and at the top of the letter of appeal.
(b) The appeal should contain a brief description of the records
involved or copies of the correspondence from OGE or the agency in
which the initial request for access was denied. The appeal should
attempt to refute the reasons given by OGE or the other agency
concerned in its decision to deny the initial request for access or the
no record finding.
Sec. 2606.205 Response to a request for review of an initial denial
of access.
(a) If the OGE Director or agency reviewing official determines
that access to the records should be granted, the response will state
how access will be provided if the records are not included with the
response.
(b) Any decision that either partially or fully affirms the initial
decision to deny access shall inform the requester of the right to seek
judicial review of the decision in accordance with 5 U.S.C. 552a(g) of
the Privacy Act.
Sec. 2606.206 Fees.
(a) Fees for records filed with OGE--(1) Services for which fees
will not be charged:
(i) The search and review time expended by OGE to produce a record;
(ii) The first copy of the records provided; or
(iii) The Office of Government Ethics making the records available
to be personally reviewed by the data subject.
(2) Additional copies of records. When additional copies of records
are requested, an individual may be charged $.15 per page.
(i) Notice of anticipated fees in excess of $25.00. If the charge
for these additional copies amounts to more than $25.00, the requester
will be notified and payment of fees may be required before the
additional copies are provided, unless the requester has indicated in
advance his willingness to pay fees as high as those anticipated.
(ii) Advance payments. An advance payment before additional copies
of the records are made will be required if:
(A) The Office estimates or determines that the total fee to be
assessed under this section is likely to exceed $250.00. When a
determination is made that the allowable charges are likely to exceed
$250.00, the requester will be notified of the likely cost and will be
required to provide satisfactory assurance of full payment where the
requester has a history of prompt payment of Privacy Act fees, or will
be required to submit an advance payment of an amount up to the full
estimated charges in the case of requesters with no history of payment;
or
(B) The requester has previously failed to pay a Privacy Act fee
charged in a timely fashion (i.e., within 30 days of the date of the
billing). In such cases, the requester may be required to pay the full
amount owed plus any applicable interest as provided by paragraph
(a)(2)(iii) of this section, and to make an advance payment of the full
amount of the estimated fee before the Office begins to process a new
request.
(iii) Interest charges. Interest charges on an unpaid bill may be
assessed starting on the 31st day following the day on which the
billing was sent. Interest shall be at the rate prescribed in 31 U.S.C.
3717 and shall accrue from the date of billing. To collect unpaid
bills, the Office will follow the provisions of the Debt Collection Act
of 1982, as amended (96 Stat. 1749 et seq.) and the Debt Collection
Improvement Act of 1996 (110 Stat. 1321-358 et seq.), including the use
of consumer reporting agencies, collection agencies, and offset.
(iv) Remittance. Remittance should be made by either a personal
check, bank draft or a money order that is payable to the Department of
the Treasury of the United States.
(b) Fees for records filed with agencies other than OGE. An agency
shall apply its own Privacy Act fee schedule for records in OGE's
executive branch Governmentwide systems that are filed directly with
the agency. An agency that does not have a Privacy Act fee schedule may
apply the fee schedule in this section.
Sec. 2606.207 Accounting of disclosures.
(a) The Office of Government Ethics or the other agency concerned
will maintain an accounting of disclosures in cases where records about
the data subject are disclosed from OGE's system of records except--
(1) When the disclosure is made pursuant to the Freedom of
Information Act, as amended (5 U.S.C. 552); or
(2) When the disclosure is made to those officers and employees of
OGE or the other agency which maintains the records who have a need for
the records in the performance of their duties.
(b) This accounting of disclosures will be retained for at least
five years or for the life of the record, whichever is longer, and will
contain the following information:
(1) A brief description of the record disclosed;
(2) The date, nature, and purpose for the disclosure; and
(3) The name and address of the individual, agency, or other entity
to whom the disclosure is made.
(c) Under sections 102 and 105 of the Ethics in Government Act, 18
U.S.C. 208(d) and 5 CFR parts 2634 and 2640 of OGE's executive branch
regulations, a requester other than the data subject must submit a
signed, written application on the OGE Form 201 or agency equivalent
form to inspect or receive copies of certain records, such as SF 278
Public Financial Disclosure Reports, Certificates of Divestiture, 18
U.S.C. 208(b)(1) and (b)(3) waivers, and OGE certified qualified blind
and diversified trust instruments and other publicly available
qualified trust materials. The written application requests the name,
occupation and address of the requester as well as lists the
prohibitions on obtaining or using the records. These applications are
used as the accounting of disclosures for these records.
(d) Except for the accounting of a disclosure made under subsection
(b)(7) of the Privacy Act for a civil or criminal law enforcement
activity that is authorized by law, the accounting of disclosures will
be made available to the data subject upon request in accordance with
the access procedures of this part.
[[Page 27896]]
Subpart C--Amendment of Records
Sec. 2606.301 Requests to amend records.
(a) Amendment request. A data subject seeking to amend a record or
records that pertain to him in a system of records must submit his
request in writing in accordance with the following procedures, unless
this requirement is waived by the appropriate system manager. Records
not subject to the Privacy Act will not be amended in accordance with
these provisions.
(b) Addresses--(1) Records in an OGE Governmentwide system of
records. A request to amend a record in an OGE Governmentwide system of
records should be sent to the appropriate system manager as follows:
(i) Records filed directly with OGE by non-OGE employees: The
Deputy Director, Office of Agency Programs, Office of Government
Ethics, Suite 500, 1201 New York Avenue, NW., Washington, DC 20005-
3917;
(ii) Records filed with a Designated Agency Ethics Official (DAEO)
or the head of a department or agency: The DAEO at the department or
agency concerned; or
(iii) Records filed with the Federal Election Commission by
candidates for President or Vice President: The General Counsel, Office
of General Counsel, Federal Election Commission, 999 E Street, NW.,
Washington, DC 20463.
(2) Records in an OGE internal system of records. A request to
amend a record in an OGE internal system of records should include the
words ``Privacy Act Amendment Request'' on both the envelope and at the
top of the request letter, and should be sent to the Deputy Director,
Office of Administration and Information Management, Office of
Government Ethics, Suite 500, 1201 New York Avenue, NW., Washington, DC
20005-3917.
(c) Contents of request. (1) A request to amend a record in an OGE
Governmentwide system of records or an OGE internal system of records
should include the words ``Privacy Act Amendment Request'' on both the
envelope and at the top of the request letter.
(2) The name of the system of records and a brief description of
the record(s) proposed for amendment must be included in any request
for amendment. In the event the request to amend the record(s) is the
result of the data subject's having gained access to the record(s) in
accordance with the provisions concerning access to records as set in
subpart B of this part, copies of previous correspondence between the
requester and OGE or the agency will serve in lieu of a separate
description of the record.
(3) The exact portion of the record(s) the data subject seeks to
have amended should be indicated clearly. If possible, proposed
alternative language should be set forth, or, at a minimum, the reasons
why the data subject believes his record is not accurate, relevant,
timely, or complete should be set forth with enough particularity to
permit OGE or the other agency concerned not only to understand the
data subject's basis for the request, but also to make an appropriate
amendment to the record.
(d) Burden of proof. The data subject has the burden of proof when
seeking the amendment of a record. The data subject must furnish
sufficient facts to persuade the appropriate system manager of the
inaccuracy, irrelevance, untimeliness, or incompleteness of the record.
(e) Identification requirement. When the data subject's identity
has been previously verified pursuant to Sec. 2606.203, further
verification of identity is not required as long as the communication
does not suggest a need for verification. If the data subject's
identity has not been previously verified, the appropriate system
manager may require identification validation as described in Sec.
2606.203.
Sec. 2606.302 OGE or other agency action on requests.
(a) Time limit for acknowledging a request for amendment. To the
extent possible, OGE or the other agency concerned will acknowledge
receipt of a request to amend a record or records within 10 working
days.
(b) Initial determination on an amendment request. The decision of
OGE or the other agency in response to a request for amendment of a
record in a system of records may grant in whole, or deny any part of
the request to amend the record(s).
(1) If OGE or the other agency concerned grants the request, the
appropriate system manager will amend the record(s) and provide a copy
of the amended record(s) to the data subject. Where an accounting of
disclosure has been maintained, the system manager shall advise all
previous recipients of the record that an amendment has been made and
give the substance of the amendment. Where practicable, the system
manager shall send a copy of the amended record to previous recipients.
(2) If OGE or the other agency concerned denies the request in
whole or in part, the reasons for the denial will be stated in the
response letter. In addition, the response letter will state:
(i) The name and address of the official with whom an appeal of the
denial may be lodged; and
(ii) A description of any other procedures which may be required of
the data subject in order to process the appeal.
Sec. 2606.303 Request for review of an initial refusal to amend a
record.
(a)(1) A data subject may submit a written appeal of the initial
decision by OGE or an agency denying a request to amend a record in an
OGE system of records.
(i) For records which are filed directly with OGE, the appeal must
be submitted to the Director, Office of Government Ethics, Suite 500,
1201 New York Avenue, NW., Washington, DC 20005-3917.
(ii) For records which are filed directly with an agency (including
the Federal Election Commission) other than OGE, the appeal must be
submitted to the Privacy Act amendments appeals official as specified
in the agency's own Privacy Act regulations, or to the respective head
of the agency concerned if it does not have Privacy Act regulations.
(2) The words ``Privacy Act Appeal'' should be included on the
envelope and at the top of the letter of the appeal.
(b) The request for review should contain a brief description of
the record(s) involved or copies of the correspondence from OGE or the
agency in which the request to amend was denied, and the reasons why
the data subject believes that the disputed information should be
amended.
Sec. 2606.304 Response to a request for review of an initial refusal
to amend; disagreement statements.
(a) The OGE Director or agency reviewing official should make a
final determination in writing not later than 30 days from the date the
appeal was received. The 30-day period may be extended for good cause.
Notice of the extension and the reasons therefor will be sent to the
data subject within the 30-day period.
(b) If the OGE Director or agency reviewing official determines
that the record(s) should be amended in accordance with the data
subject's request, the OGE Director or agency reviewing official will
take the necessary steps to advise the data subject, and to direct the
appropriate system manager:
(1) To amend the record(s), and
(2) To notify previous recipients of the record(s) for which there
is an accounting of disclosure that the record(s) have been amended.
[[Page 27897]]
(c) If the appeal decision does not grant in full the request for
amendment, the decision letter will notify the data subject that he
may:
(1) Obtain judicial review of the decision in accordance with the
terms of the Privacy Act at 5 U.S.C. 552a(g); and
(2) File a statement setting forth his reasons for disagreeing with
the decision.
(d)(1) A data subject's disagreement statement must be concise. The
appropriate system manager has the authority to determine the
``conciseness'' of the statement, taking into account the scope of the
disagreement and the complexity of the issues.
(2) In any disclosure of information about which an individual has
filed a statement of disagreement, the appropriate system manager will
clearly note any disputed portion(s) of the record(s) and will provide
a copy of the statement to persons or other agencies to whom the
disputed record or records has been disclosed and for whom an
accounting of disclosure has been maintained. A concise statement of
the reasons for not making the amendments requested may also be
provided.
[FR Doc. 03-12856 Filed 5-21-03; 8:45 am]
BILLING CODE 6345-02-P