s a final determination. Recipilready receiving benefits may not them suspended or reduced pendpiration of the contest period. Inals have 30 days to respond to a of adverse action, unless a stat- regulation grants a longer peThe period runs from the date of tice until 30 calendar days. The shall allow an additional five or mailing time before ending the period. If an individual contacts ency within the notice period (35 and indicates his or her acceptf the validity of the adverse inion, the agency may take immection to deny or terminate. The may also take action if the pepires without a response. ombining verification and notice ments. It may be appropriate to e the verification and notice reents into a single step, espeIf the subject of record is the urce for verification. In this , the adverse finding and notice opportunity to contest are cominto a single action. This methependent upon the confidence, ty and quality of the data. thought should be given as to apply this method. It may be ole in special cases, but should considered as a routine process. re that this consideration takes shall be the responsibility of ense Data Integrity Board to formal determination as to is appropriate to compress the ion and notice into a single pe ividual status pending due proc- 886 purposes of the Privacy Act, provided (g) Exclusion. (1) If the agency deter- (2) In such cases, the agency shall include the possibility of suspension of due process for this reason in its matching program agreement. $317.96 Matching program agreement. (a) Requirements. The agency should allow sufficient lead time to ensure that a matching agreement between the participants can be negotiated and signed in time to secure the Defense Data Integrity Board decision before the match begins. The agency, if receiving records from or disclosing records to a non-Federal agency for use in a matching program, is responsible for preparing the matching agreement and should solicit relevant data from the non-Federal agency where necessary. Both Federal source and recipient agencies must have the matching agreement approved by their respective Data Integrity Boards. In cases where matching takes place entirely within the Department of Defense, the agency may satisfy the matching agreement requirements by preparing a Memorandum of Understanding (MOU) between the systems of records managers involved. Before the agency may participate in a matching program the Defense Data Integrity Board must have evaluated the proposed match and approved the terms of the matching agreement or MOU. (b) Agreements or MOUs must contain the following elements (1) Purpose and legal authority. Citation of the Federal or state statutory or regulatory authority for undertaking the matching program. Do not cite the Privacy Act. (2) Justification and expected results. A full explanation of why a computer matching program, as opposed to some other form of activity, is being proposed and what the expected results will be, including a specific estimate of any savings. (3) Records description. A (4) Dates. An indication (5) Prior notice to subjects description of the direct an tive notice procedures affor jects of record. Copies of th applicable record system volved and all applicable taining the appropriate H Statement being used by pants of the proposed matc provided. (6) Verification procedures scription of the methods will use to independently ve formation obtained through ing program. (7) Disposition of matche statement that the inform erated as a result of the ma gram will be destroyed as has served the matching purpose and any legal re quirements the agency est conjunction with the Na chives and Records Admin other cognizant authority. (8) Security procedures. A of the administrative, te physical safeguards to be tecting the information. 7 be commensurate with the sitivity of the data. (9) Records usage, duplica closure restrictions. A descri specific restrictions impose the source agency or by sta ulation on collateral us records used in the matchi Recipient agencies may n records obtained for a ma gram under a matching ag any other purpose unless th cific statutory authority o direct essential connection duct of the matching prog ments shall specify how 1 cipient agency may keep vided for a matching pr 190-117 D-00--29 (3) Records description. A full identification of the system of records (FEDERAL REGISTER Citations) or nonFederal records, number of subjects of record, and what data elements will be included in the match. (4) Dates. An indication of whether the match is a one-time or continuing program (not to exceed 18 months) and the projected starting and completion dates for the match. (5) Prior notice to subjects of record. A description of the direct and constructive notice procedures afforded the subjects of record. Copies of the published applicable record system notices involved and all applicable forms containing the appropriate Privacy Act Statement being used by the participants of the proposed match should be provided. (6) Verification procedures. A full description of the methods the agency will use to independently verify the information obtained through the matching program. (7) Disposition of matched items. A statement that the information generated as a result of the matching program will be destroyed as soon as it has served the matching program's purpose and any legal retention requirements the agency establishes in conjunction with the National Archives and Records Administration or other cognizant authority. (8) Security procedures. A description of the administrative, technical and physical safeguards to be used in protecting the information. They should be commensurate with the level of sensitivity of the data. (9) Records usage, duplication and disclosure restrictions. A description of any specific restrictions imposed by either the source agency or by statute or regulation on collateral uses of the records used in the matching program. Recipient agencies may not use the records obtained for a matching program under a matching agreement for any other purpose unless there is a specific statutory authority or there is a direct essential connection to the conduct of the matching program. Agreements shall specify how long the recipient agency may keep records provided for a matching program and when they will be returned to the source agency or destroyed. (10) Records accuracy assessments. A description of any information relating to the quality of the records to be used in the matching program such as the error rate percentage of the data entry for the affected records. The worse the quality of the data, the less likely the matching program will have a costbeneficial result. (11) Disclosure Accounting. A certification by the agency participating in a matching program as a source agency for disclosures outside the Department of Defense that a disclosure accounting shall be maintained on the subjects of record as required by the Privacy Act. (12) Access by the Comptroller General. A statement that the Comptroller General may have access to all records of a recipient DoD component or non-Federal agency necessary to monitor or verify compliance with the agreement. In this instance, the Comptroller General may inspect state or local government records used in matching programs. (c) Non-Federal agencies. Non-Federal agencies intending to participate in covered matching programs are required to do the following: (1) Execute matching agreements prepared by a Federal agency or agencies involved in the matching program. (2) Provide data to Federal agencies on the costs and benefits of matching programs. (3) Certify that they will not take adverse action against an individual as a result of any information developed in a matching program unless the information has been independently verified and until the applicable number of days after the individual has been notified of the findings and given an opportunity to contest them has elapsed. (4) For renewals of matching programs, certify that the terms of the agreement have been followed. (d) Duration of matching programs. Matching agreements will remain in force only as long as necessary to fulfill their specific purposes. They will automatically expire 18 months after their approval unless the Defense Data Integrity Board grants an extension of up to one year at least three months prior to the actual expiration date. The 190-117 D-00--29 n must remain unchanged if an on is to be granted. Each party agreement must certify that the m has been conducted in complith the matching agreement. Refor extensions shall be subthrough channels to the Board. tered matching program. (1) An matching program is one that dy established, but with such a ant change proposed that it rerevision of the matching notice proval of the Defense Data In Board, OMB and Congress. A ant change is one which does more of the following: anges the purpose for which the was established. anges the matching population by including new categories of - of record, or by greatly inthe numbers of records thorized computer matching program §317.97 Cost-benefit analysis. (a) Purpose. The requirement for a cost-benefit analysis by the Act is to assist the agency in determining whether or not to conduct or participate in a matching program. Its application is required in two places: As an agency conclusion in the matching agreement containing the justification and specific estimate of savings; and in the Data Integrity Board review process where it is forwarded as part of the matching proposal. The intent of this requirement is not to create a presumption that when agencies balance individual rights and cost savings, the latter should inevitably prevail. Rather, it is to ensure that sound management practices are followed when agencies use records from Privacy Act systems in matching programs. It is not in the government's interest to engage in matching activities that drain agency resources that could be better spent elsewhere. Agencies should use the cost-benefit requirement as an opportunity to re-examine programs and weed out those that produce only marginal results. 888 (b) Cost-benefit analysis. The agency, when proposing matching programs, must provide the Board with all information which is relevant and necessary to allow the Board to make an informed decision including a cost-benefit analysis. The Defense Data Integrity Board shall not approve any matching agreement unless the Board finds the cost-benefit analysis demonstrates the program is likely to be cost effective. (1) The Board may waive the costbenefit analysis requirement if it determines in writing that submission of such an analysis is not required. (2) If a matching program is required by a specific statute, then a cost-benefit analysis is not required. However, any renegotiation of such a matching agreement shall be accompanied by a cost-benefit analysis. The f not be favorable. The inte case, is to provide Congress mation to help it evaluate tiveness of statutory match ments. (3) The Board must find ments conform to the provi Act and appropriate guideli tions, and statutes. $317.98 Appeals of denials (a) Disapproval by the Bo Defense Data Integrity approves a matching ag party to the agreement may disapproval to the Director fice of Management and Bu ington, DC 20503. Appeals mu within 30 days after the De Integrity Board's written d The appealing party shall s its appeal the following: (1) Copies of all docume companying the initial agreement proposal. (2) A copy of the Defense rity Board's disapproval and (3) Evidence supporting th efit effectiveness of the mat (4) Any other relevant i e.g., timing considerations terest served by the match, (b) OMB approval. If the the Office of Management approves a matching prog not become effective until 3 the Director reports his Congress. (c) Recourse by the Inspe If the Defense Data Inte and the Director of the Of agement and Budget both matching program propose spector General of the de the Inspector General may disapproval to the head of of Defense and to the Cong $317.99 Proposals for ma (a) Who initiates the act cipient DoD component ( component source agency conducted by a non-Federa the recipient activity with component for internal ma cost-benefit analysis. The finding need not be favorable. The intent, in this case, is to provide Congress with information to help it evaluate the effectiveness of statutory matching requirements. (3) The Board must find that agreements conform to the provisions of the Act and appropriate guidelines, regulations, and statutes. $317.98 Appeals of denials of matching agreements. (a) Disapproval by the Board. If the Defense Data Integrity Board disapproves a matching agreement, a party to the agreement may appeal the disapproval to the Director of the Office of Management and Budget, Washington, DC 20503. Appeals must be made within 30 days after the Defense Data Integrity Board's written disapproval. The appealing party shall submit with its appeal the following: (1) Copies of all documentation accompanying the initial matching agreement proposal. (2) A copy of the Defense Data Integrity Board's disapproval and reasons. (3) Evidence supporting the cost-benefit effectiveness of the match. (4) Any other relevant information, e.g., timing considerations, public interest served by the match, etc. (b) OMB approval. If the Director of the Office of Management and Budget approves a matching program it will not become effective until 30 days after the Director reports his decision to Congress. (c) Recourse by the Inspector General. If the Defense Data Integrity Board and the Director of the Office of Management and Budget both disapprove a matching program proposed by the Inspector General of the denial agency, the Inspector General may report that disapproval to the head of Department of Defense and to the Congress. $317.99 Proposals for matching programs. sponsible for reporting the match for Board approval. The responsible official should contact the other participants to gather the information necessary to make a unified report. (b) New or altered matching programs. Determine if the match is a new program or an existing one. A new match is one for which no public notice has been published in the FEDERAL REGISTER. An altered matching program is an established (published public notice) match with such a significant change that it requires amendment. An altered matching program should not be confused with a request for an unchanged extension of an established program. (c) Contents of report (original and one copy). (1) A proposed new matching program report shall consist of an agency letter of transmittal with the following attached documents: (i) Completed agreement between the participants. (ii) Benefit/cost analysis. (iii) Proposed FEDERAL REGISTER matching notice for public review and comment. (iv) Copies of all the appropriate forms (e.g., applications) of the participating parties providing direct notice to the individual or any other means of communication used. (v) Copy or copies of the appropriate FEDERAL REGISTER System(s) of record notice(s) containing an appropriate routine use providing constructive notice to the individual. (2) A report on a proposed alteration to an established matching program shall consist of an agency letter of transmittal with the following attached documents: (i) A report containing the significant change(s) and the following additional information: (A) What alternatives to matching the agencies considered and why a matching program was chosen. (B) The date the match was approved by each participating Federal agency's Data Integrity Board. (C) Whether a cost-benefit analysis was required and, if so, whether it projected a favorable ratio. (a) Who initiates the action. The recipient DoD component (or the DoD component source agency in a match conducted by a non-Federal agency); or the recipient activity within the DoD component for internal matches, is re- comment. (ii) Proposed FEDERAL REGISTER matching notice for public review and (3) A report requesting an extension beyond 18 months of an established unchanged matching program must be received by the Defense Privacy Office, DA&M, at least four months prior to the actual expiration date and consist of an agency letter of transmittal with the following attached: (i) Justification for the extension (not to exceed one year). (ii) Certification by the participants that the program has been conducted in compliance with the matching agreement. (d) Who receives the reports. All reports shall be submitted to, and reviewed by, the agency Privacy Advisor and forwarded to the Defense Privacy Office, DA&M, for consideration by the Defense Data Integrity Board. or dis (e) Action by the Defense Privacy Office. The Defense Privacy Office, DA&M, shall present proposals before the Defense Data Integrity Board which shall either approve approve proposals on their merits. Any inaction based on insufficient data, justification, or supporting documentation shall be returned for any further corrective action deemed necessary. Any disapproved proposals are returned with the stated reasons. Board approved proposals are coordinated with the Office of the Assistant Secretary of Defense (Legislative Affairs) and the Office of the General Counsel, Department of Defense. The Defense Privacy Office prepares for the signature of the Chairman of the Board (Director of Administration and Management (DA&M)), transmittal letters sent to Congress and OMB and concurrently submits the proposed FEDERAL REGISTER matching notice for publication. (f) Time restrictions on the initiation of new or altered matching programs. (1) All time periods begin from the date the Chairman of the Board signs the transmittal letters. (2) At least 30 days must elapse before the matching program may become operational. (3) The 30 day period for OMB and Congressional review and the 30 day notice and comment period for the Matching Notice may run concurrently. §317.111 Civil court actions. After exhausting all administrative remedies, an individual may file suit (5 U.S.C 552a(y)) in the Federal court against the agency for any of the following acts: (a) Denial of an amendment request. The Assistant Director, Resources, or designee refuses the individual's request for review of the initial denial of an amendment or, after review, refuses to amend the record. (b) Denial of access. The agency refuses to allow the individual to review the record or denies his or her request for a copy of the record. (c) Failure to meet recordkeeping standards. The agency fails to maintain the individual's record with the accuracy, relevance, timeliness, and completeness necessary to assure fairness in any determination about the individual's rights, benefits, or privileges and, in |