not be confused with, or limited to, the commonly recognized personnel system of records maintained by a civilian personnel office or a military assignment branch. The agency may be maintaining within a single system of records several categories of records relating to Federal personnel and other categories on non-Federal personnel, e.g., contractor personnel, applicants, dependents, etc. Some categories may be covered while others may not. Unlike "Federal personnel," the subjects of record of payroll record systems are easily discerned. (f) Matching purpose. The purpose of a Federal personnel or payroll records match must be to take some adverse action, financial, personnel, disciplinary, or other adverse action against Federal personnel. $317.92 Federal benefit matches. (a) Categories of subjects covered. The Privacy Act provisions cover only the following categories of subjects of record for Federal benefit matches. (1) Applicants for Federal benefit programs (i.e., individuals initially applying for benefits). (2) Program beneficiaries (i.e., individuals currently receiving or formerly receiving benefits). (3) Providers of services to support such programs (i.e., those deriving income from them such as health care providers). (b) Types of programs covered. Only Federal benefit programs providing cash or in-kind assistance to individuals are covered by the Privacy Act. State programs are not covered. Programs using records about subjects who are not "individuals". See definitions of this part (§ 317.3). (c) Matching purpose. A Federal benefit match must have as its purpose one or more of the following: (1) Establishing or verifying initial or continuing eligibility for Federal benefit programs. (2) Verifying compliance with the requirements, either statutory or regulatory, of such programs. (3) Recouping payments or delinquent debts under such Federal benefit programs. (d) Summary of basic requirements. Four basic elements: (1) Computerized comparison. (2) Categories of subjects. (3) Federal benefit program, and (4) Matching purpose, must all be present before a matching program is covered under the Privacy Act. §317.93 Matching program exclusions. The following are not included under the definition of a matching program. The agency is not required to comply with the computer matching provisions of the Privacy Act, although it may be required to comply with any other applicable provisions of the Act and this part. (a) Statistical matches whose purpose is solely to produce aggregate data stripped of personal identifiers. This does not mean that the data bases used in the match must be stripped prior to the match, but only that the results of the match must not contain data identifying any individual. Implicit in this exception is that this kind of match is not done to take action against specific individuals. (b) Statistical matches whose purpose is in support of any research or statistical project. The results of these matches need not be stripped of identifiers, but they must not be used to make decisions that affect the rights, benefits or privileges of specific individuals. (c) Pilot matches. This exclusion covers small scale sampling matches whose purpose is to gather cost-benefit data on which to premise a decision about engaging in a full-fledged matching program. Pilot matches must be retained in a statistical information gathering channel. It is at this point that the component can decide whether to conduct a statistical data gathering match without consequences to the subjects of record or a full-fledged program where results will be used to take specific action against them. To avoid possible misuse of pilot matches and to ensure full compliance with the Privacy Act, these matches must be approved by the Defense Data Integrity Board. (d) Law enforcement investigative matches whose purpose is to gather evidence against a named person or persons in an existing investigation. (1) To be eligible for the exclusion the match must be performed by an activity of a component whose principal function involves enforcement of criminal laws, i.e., an activity that is authorized to exempt certain of its systems of records under subsection (j)(2) of the Privacy Act. (2) The match must flow from an investigation already underway which focuses on a named person or persons. Subjects identified generically, e.g., "program beneficiaries," are not eligible. (3) The investigation may be into either criminal or civil law violations. (4) In the context of this exclusion only, person or persons could include subjects that are other than individuals as defined in the Privacy Act, such as corporations or other business entities. For example, a business entity could be named subject of the investigation and records matched could be those of customers or clients. (5) The match must be for the purpose of gathering evidence against the named person or persons. (e) Tax administration matches. (1) Matches involving disclosures of taxpayer return information to state or local tax officials pursuant to section 6103(d) of the Internal Revenue Code. (2) Tax refund offset matches accomplished pursuant to the Deficit Reduction Act of 1984. (3) Matches done for tax administration pursuant to section 6103(b)(4) of the Internal Revenue Code. (4) Tax refund offset matches conducted pursuant to other statutes provided approval of the Office of Management and Budget is obtained. (f) Routine administrative matches using Federal personnel records. These are matches between the agency and other Federal agencies or between the agency and non-Federal agencies for administrative purposes that use data bases that contain records predominantly relating to Federal personnel. The term "predominantly" means that the percentage of records in the system that are about Federal employees must be greater than of any other category contained therein. For the purpose of disclosing records subject to the Pri vacy Act, the Department of Defense is considered a single agency. (1) The purpose of the match must not be intended to result in an adverse action. Matches whose purpose is to take any adverse financial, personnel, disciplinary or other adverse action against Federal personnel whose records are involved in the match, are not excluded from the Act's coverage. (2) An example of a match that is excluded is an agency's disclosure of time and attendance information on all agency employees to the Department of the Treasury in order to prepare the agency's payroll. (3) This exclusion does not bring under the Act's coverage matches that may ultimately result in an adverse action. It only requires that their purpose not be intended to result in an adverse action. (g) Internal matches using only records from DoD systems of records. (1) Internal matches (conducted within the Department of Defense) are excluded on the same basis as Federal personnel record matching provided no adverse intent as to a Federal employee motivates the match. (2) This exclusionary provision does not disturb subsection (b)(1) of the Act permitting disclosure to DoD employees on an official need-to-know basis. (3) The purpose of the internal match must not be to take any adverse financial, personnel, disciplinary, or other adverse action against Federal personnel. (h) Background investigation and foreign counterintelligence matches. Matches done in the course of performing a background check for security clearances of Federal personnel or Federal contractor personnel are not covered. Matches done for the purpose of foreign counterintelligence are also not covered. $317.94 Conducting matching pro grams. (a) Source and recipient agencies. The agency, if undertaking a matching program, should consider if it will be a "source agency" or a "recipient agency" for the match and be prepared to meet the following requirements: (1) The recipient agency does the matching. It receives the data from system of records of other Federal agencies or data from state and local governments and actually performs the match by computer. (2) The recipient agency is responsible for publishing a notice in the FEDERAL REGISTER of the matching program. Where a state or local agency is the recipient, the Federal source agency is responsible for publishing the notice. (3) A Federal source agency discloses the data from a system of records for the match. A non-Federal agency may also be a source, but the record data will not be from a system of records. The "system of records" concept under the Privacy Act does not apply to the recordkeeping practices of state local governmental agencies. or (4) The recipient Federal agency, or the Federal source agency in a match performed by a non-Federal agency, is responsible for reporting the match. This agency must contact the other participants to gather the information necessary to make a unified report as required by § 317.100. (5) In some circumstances, a source agency may be the instigator and ultimate beneficiary of the matching program, as when an agency lacking computer resources uses another agency to perform the match; or when as a practical matter, an agency may not wish to release and disclose its data base to another agency as a source because of privacy safeguard considerations. (b) Compliance with the system of records and disclosure provisions. (1) The agency must ensure that it identifies the system(s) of records involved in the matching program and has published the necessary notice(s) in the FEDERAL REGISTER. (2) The Privacy Act does not itself authorize disclosures from system of records for the purpose of conducting a matching program. The agency must justify any disclosures outside the Department of Defense under subsection (b) of the Act. This means obtaining the written consent of the subjects of record for the disclosure or relying on one of the 12 non-consensual disclosures exceptions to the written consent rule. To rely on the routine use exception (b)(3), the agency must have already established the routine use (pub lished in the FEDERAL REGISTER), or in the alternative, must comply with subsections (e)(4)(d) and (e)(11) of the Act which means amending the record system notice to add an appropriate routine use for the match. An amendment requires publication in the FEDERAL REGISTER with a 30 day waiting period for public comment. (3) The routine use permitting disclosure for the match must be compatible with and related to the purpose for which the record was initially compiled. (4) The routine use for the match in a record system notice shall clearly indicate that it entails a computer matching program with a specific agency for an established purpose and intended objective. For purposes of matching, a routine use must state that a disclosure may be made for a matching program. The agency may not rely on an existing established routine use to meet the requirements of the Act unless it expressly permits disclosure for matching purposes. (c) Prior notice to record subjects. Subjects of record must receive prior notice that their records may be matched. This may be done by direct and/or constructive notice. (1) Direct notice may be given when there is some form of contact between the government and the subject. Information can be furnished to individuals on the application form when they apply for a benefit, in a notice that arrives with a benefit, or in correspondence they receive in the mail. Use of the advisory Privacy Act Statement is an acceptable manner to provide direct notice to subjects of record at the time of application. The agency shall provide direct notice for front-end eligibility verification matching programs whose purpose is to validate an applicant's initial eligibility for a benefit and later to determine continued eligibility using the Privacy Act Statement on the application form. Providers of services should be given notice (Privacy Act Statement) on the form on which they apply for reimbursement for services provided. Providing notice of matching programs using the Privacy Act Statement shall be part of the normal process of implementing a Federal benefits program. The agency shall insure records contain appropriate revisions. (2) Constructive notice can only be given by an appropriate routine use disclosure provision of the affected system of records to be used in the match. For purely internal matching program uses, amend the "Purpose(s)" element of the record system notice to specifically reflect those internal computer matches performed. The constructive notice method requires publication in the FEDERAL REGISTER. Examples of when constructive notice may be used: (i) For matching programs whose purpose is to locate individuals in order to recoup payments improperly granted to former beneficiaries, direct notice may well be impossible and constructive notice may have to suffice. (ii) The agency that discloses records to a state or local government in support of a non-Federal matching program is not obligated to provide direct notice to each subject of record. FEDERAL REGISTER publication in this instance is sufficient. (iii) Investigative matches where direct notice immediately prior to a match would provide the subject an opportunity to alter behavior. (3) The agency shall also provide periodic notice whenever an application is renewed, or at the least during the period the match is authorized to take place by providing notice accompanying the benefit as approved by the Defense Data Integrity Board. (d) Publication of the matching notice. (1) The matching agency is required to publish in the FEDERAL REGISTER a notice of any proposed matching program or alteration of an established program at least 30 days prior to conducting the match for any public comment. Only one notice is required. When a non-Federal agency is the matching agency, the source agency shall be responsible for the publication. The proposed matching notice for publication shall be submitted in FEDERAL REGISTER format and included in the agency report. The notice shall contain the customary preamble and contain the required information in sufficient detail describing the match so that the reader will easily understand the nature and purpose of the match, including any adverse consequences. (2) The preamble to the notice shall be prepared by the Defense Privacy Office, DA&M, and shall contain: (i) The date the transmittal letters to OMB and Congress are signed. (ii) A statement that the matching program is subject to review by OMB and Congress and shall not become effective until that review period has elapsed. (iii) A statement that a copy of the agreement shall be available upon request to the public. (3) The agency shall provide: (i) Name of participating agency or agencies. (ii) Identity of the source agency and the recipient agency, or in the case of an internal DoD matching, the Component(s) involved. (iii) Purpose of the match being conducted to include a description of the matching program and whether the program is a one-time or a continuing program. (iv) Legal authority for conducting the matching program. Do not cite the Privacy Act as it provides no independent authority for carrying out any matching activity. If at all possible, use the U.S. Code citations rather than the Public Law as access to the Public Laws is more difficult. Avoid citing housekeeping statutes such as 5 U.S.C. 301, but rather cite the underlying programmatic authority for collecting, maintaining, and using the information even if it results in citing the Code of Federal Regulations or a DoD directive or regulation. Whenever possible, the popular name or subject of the authority should be given, as well as a statute, public law, U.S. Code, or Executive Order number; for example: The Debt Collection Act of 1982 (Pub. L. 97365) 5 U.S.C. 5514, Installment deduction of indebtedness. (v) A complete description of the system(s) of records that will be used in the match. Include the system identification, name, and the official FEDERAL REGISTER citation, date published, including any published amendments thereto. Provide a positive statement that the system(s) contains an appropriate routine use provision authorizing the disclosure of the records for the purpose of conducting the computer matching program. (Note: In the case of internal DoD matches, the "purpose(s)" element of the system(s) involved.) If non-Federal records are involved, a complete description to include the specific source, address, and category of records to be used, e.g., Human Resources Administration Medicaid File, City of New York, Human Resources Administration, 250 Church Street, New York, NY 10013. (vi) A complete description of the category of records and individuals covered from the record system(s) to be used, the specific data elements to be matched, and the approximate number of records that will be matched. (vii) The projected start and ending dates for a one-time match or the inclusive dates for a continuing match. (viii) The address for receipt of any public comment or inquiries concerning the notice shall indicate: Director, Defense Privacy Office, 400 Army Navy Drive, Room 205, Arlington, VA 22202–2884. (a) Independent verification and notice. Subjects of record of matching programs shall be afforded certain due process procedures when a match uncovers any disqualifying or adverse information about them. No recipient agency, non-Federal agency, or source agency shall take any adverse action against an individual until such agency has independently verified such information and the individual has received a notice from the agency containing a statement of its findings and gives the individual the opportunity to contest the findings before making a final determination. The agency shall not take any adverse action based on the raw results of a computer matching program. Adverse information developed by a match must be investigated and verified prior to any action being taken. (b) Waiver of independent verification procedures. Program officials may request the Data Integrity Board waive the independent verification requirement after they have identified the type of matching data eligible for a waiver and conducted a thorough determination of the data's accuracy. The only data eligible for waiver is that which identifies the individual and the amount of benefits paid under a federal benefit program. The data must not be ambiguous. After the Data Integrity Board determines that the data qualifies for the waiver procedure, the program official must present convincing evidence to the Data Integrity Board of the recipient agency to permit the Board to assert a high degree of confidence in the accuracy of the data. The following elements are examples of evidence which will assist a Board in making such a determination: A description of the databases involved including how the information is acquired and maintained; the system manager's overall assessment of the reliability of the systems and the accuracy of the data they contain; the results of any assessments or audits conducted; any material or significant weaknesses under various statutes; security controls in place; previous security assessments; any historical data relating to program error rates; and any information relating to the currency of the data. If the Board approves the waiver, it will notify the source agency and the program officials. (c) Independent investigation. Conservation of resources dictates that the procedures for affording due process be flexible and suited to the data being verified and the consequences to the individual of making a mistake. If the source agency has established a high degree of confidence in the quality of its data and it can demonstrate that its quality control processes are rigorous, the recipient agency may choose to expend fewer resources in independently verifying the data. Absolute confirmation is not required. The agency should bring some degree of reasonableness to the process of verifying data. Some methods to consider are: (1) The individual subject of record who is the best source where practical, and (2) Researching source documents. (d) Notice and opportunity to contest. The agency is required to notify matching subjects of adverse information uncovered during a matching program and give them an opportunity to contest and explain before the agency |