under an express promise that the (iii) From subsections (d) and (f) because requiring DSS to grant access to records and agency rules for access and amendment of records would unfairly impede the agency's investigation of allegations of unlawful activities. To require DSS to confirm or deny the existence of a record pertaining to a requesting individual may in itself provide an answer to that individual relating to an on-going investigation. The investigation of possible unlawful activities would be jeopardized by agency rules requiring verification of record, disclosure of the record to the subject, and record amendment procedures. (g) System identifier: V5-04. (1) System name: Counterintelligence Issues Database (CII-DB). (2) Exemption: (i) Information specifically authorized to be classified under E.O. 12958, as implemented by DoD 5200.1-R, may be exempt pursuant to 5 U.S.C. 552a(k)(1). (ii) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source. (iii) Records maintained in connection with providing protective services to the President and other individuals under 18 U.S.C. 3506, may be exempt pursuant to 5 U.S.C. 552a(k)(3). (iv) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source. (v) Any portion of this system that falls within the provisions of 5 U.S.C. 552a(k)(1), (k)(2), (k)(3) and (k)(5) may be exempt from the following subsections (c)(3); (d)(1) through (d)(5); (e)(1); (e)(4)(G), (H), and (I); and (f). (3) Authority. 5 U.S.C. 552a(k)(1), (k)(2), (k)(3) and (k)(5). (4) Reasons. (i) From subsection (c)(3) because giving the individual access to the disclosure accounting could alert the subject of an investigation to the existence and nature of the investigation and reveal investigative or prosecutive interest by other agencies, particularly in a joint-investigation situation. This would seriously impede or compromise the investigation and case preparation by prematurely revealing its existence and nature; compromise or interfere with witnesses or make witnesses reluctant to cooperate with the investigators; lead to suppression, alteration, fabrication, or destruction of evidence; and endanger the physical safety of confidential sources, witnesses, law enforcement personnel and their families. (ii) From subsection (d) because the application of these provisions could impede or compromise an investigation or prosecution if the subject of an investigation had access to the records or were able to use such rules to learn of the existence of an investigation before it would be completed. In addition, the mere notice of the fact of an investigation could inform the subject and others that their activities are under or may become the subject of an investigation and could enable the subjects to avoid detection or apprehension, to influence witnesses improperly, to destroy evidence, or to fabricate testimony. (iii) From subsection (e)(1) because during an investigation it is not always possible to detect the relevance or necessity of each piece of information in the early stages of an investigation. In some cases, it is only after the information is evaluated in light of other evidence that its relevance and necessity will be clear. In other cases, what may appear to be a relevant and necessary piece of information may become irrelevant in light of further investigation. In addition, during the course of an investigation, the investigator may obtain information that related primarily to matters under the investigative jurisdiction of another agency, and that information may not be reasonably segregated. In the interest of effective law enforcement, DSS investigators should retain this information, since it can aid in establishing patterns of criminal activity and can provide valuable leads for Federal and other law enforcement agencies. (iv) From subsections (e)(4)(G), (e)(4)(H), (e)(4)(I) and (f) because this system is exempt from subsection (d) of the Act, concerning access to records. These requirements are inapplicable to the extent that these records will be exempt from these subsections. However, DSS has published information concerning its notification and access procedures, and the records source categories because under certain circumstances, DSS could decide it is appropriate for an individual to have access to all or a portion of his/her records in this system of records. §321.14 DSS implementation policies. (a) General. The implementation of the Privacy Act of 1974 within DSS is as prescribed by DoD Directive 5400.11. This section provides special rules and information that extend or amplify DoD policies with respect to matters of particular concern to the Defense Security Service. (b) Privacy Act rules application. Any request which cites neither Act, concerning personal record information in a system or records, by the individual to whom such information pertains, for access, amendment, correction, accounting of disclosures, etc., will be governed by the Privacy Act of 1974, DoD Directive 5400.11 and these rules exclusively. Requests for like information which cite only the Freedom of Information Act will be governed by the Freedom of Information Act, DoD Regulation 5400.7R2. Any denial or exemption of all or part of a record from notification, access, disclosure, amendment or other provision, will also be processed under these rules, unless court order or other competent authority directs otherwise. (c) First amendment rights. No DSS official or element may maintain any information pertaining to the exercise by 2 See footnote 1 to 321.1. an individual of his rights under the First Amendment without the permission of that individual unless such collection is specifically authorized by statute or necessary to and within the scope of an authorized law enforcement activity. (d) Standards of accuracy and validation of records. (1) All individuals or elements within DSS which create or maintain records pertaining to individuals will insure that they are reasonably accurate, relevant, timely and complete to serve the purpose for which they are maintained and to assure fairness to the individual to whom they pertain. Information that is not pertinent to a stated purpose of a system of records will not be maintained within those records. Officials compiling investigatory records will make every reasonable effort to assure that only reports that are impartial, clear, accurate, complete, fair and relevant with respect to the authorized purpose of such records are included, and that reports not meeting these standards or serving such purposes are not included in such records. (2) Prior to dissemination to an individual or agency outside DoD of any record about an individual (except for a Freedom of Information Act action or access by a subject individual under these rules) the disclosing DSS official will by review, make a reasonable effort to assure that such record is accurate, complete, timely, fair and relevant to the purpose for which they are maintained. (e) The Defense Clearance and Investigations Index (DCII). It is the policy of DSS, as custodian, that each DoD component or element that has direct access to or contributes records to the DCII (V5-02), is individually responsible for compliance with the Privacy Act of 1974 and DoD Directive 5400.11 with respect to requests for notification, requests for access by subject individuals, granting of such access, request for amendment and corrections by subjects, making amendments or corrections, other disclosures, accounting for disclosures and the exercise of exemptions, insofar as they pertain to any record placed in the DCII by that component or element. Any component or element of the DoD that makes a disclosure of any record whatsoever to an individual or agency outside the DoD, from the DCII, is individually responsible to maintain an accounting of that disclosure as prescribed by the Privacy Act of 1974 and DoD Directive 5400.11 and to notify the element placing the record in the DCII of the disclosure. Use of and compliance with the procedures of the DCII Disclosure Accounting System will meet these requirements. Any component or element of DoD with access to the DCII that, in response to a request concerning an individual, discovers a record pertaining to that individual placed in the DCII by another component or element, may refer the requester to the DoD component that placed the record into the DCII without making an accounting of such referral, although it involves the divulging of the existence of that record. Generally, consultation with, and referral to, the component or element placing a record in the DCII should be effected by any component receiving a request pertaining to that record to insure appropriate exercise of amendment or exemption procedures. (f) Investigative operations. (1) DSS agents must be thoroughly familiar with and understand these rules and the authorities, purposes and routine uses of DSS investigative records, and be prepared to explain them and the effect of refusing information to all sources of investigative information, including subjects, during interview, in response to questions that go beyond the required printed and oral notices. Agents shall be guided by DSS Handbook for Personnel Security Investigations in this respect. (2) All sources may be advised that the subject of an investigative record may be given access to it, but that the identities of sources may be withheld under certain conditions. Such advisement will be made as prescribed in DSS Handbook for Personnel Security Investigations, and the interviewing agent may not urge a source to request a grant of confidentiality. Such pledges of confidence will be given sparingly and then only when required to obtain information relevant and necessary to the stated purpose of the investigative information being collected. (g) Non-system information on individuals. The following information is not considered part of personal records systems reportable under the Privacy Act of 1974 and may be maintained by DSS members for ready identification, contact, and property control purposes only. If at any time the information described in this paragraph is to be used for other than these purposes. that information must become part of a reported, authorized record system. No other information concerning individuals except that described in the records systems notice and this paragraph may be maintained within DSS. (1) Identification information at doorways, building directories, desks, lockers, name tags, etc. (2) Identification in telephone directories, locator cards and rosters. (3) Geographical or agency contact cards. (4) Property receipts and control logs for building passes, credentials, vehicles, weapons, etc. (5) Temporary personal working notes kept solely by and at the initiative of individual members of DSS to facilitate their duties. (h) Notification of prior recipients. Whenever a decision is made to amend a record, or a statement contesting a DSS decision not to amend a record is received from the subject individual, prior recipients of the record identified in disclosure accountings will be noti fied to the extent possible. In some cases, prior recipients cannot be located due to reorganization or deactivations. In these cases, the personnel security element of the receiving Defense Component will be sent the notification or statement for appropriate action. (i) Ownership of DSS Investigative Records. Personnel security investigative reports shall not be retained by DoD recipient organizations. Such reports are considered to be the property of the investigating organization and are on loan to the recipient organization for the purpose for which requested. All copies of such reports shall be destroyed within 120 days after the completion of the final personnel security determination and the completion of all personnel action necessary to implement the determination. Reports $322.1 Purpose and scope. (a) The purpose of this rule is to comply with and implement title 5 U.S.C. 552a, sections (f) and (k), hereinafter identified as the Privacy Act. It establishes the procedures by which an individual may be notified whether a system of records contains information pertaining to the individual; defines times, places and requirements for identification of the individual requesting records, for disclosure of requested records where appropriate; special handling for medical and psychological records; for amendment of records; appeal of denials of requests for amendment; and provides a schedule of fees to be charged for making copies of requested records. In addition, this rule contains the exemptions promulgated by the Director, NSA, pursuant to 5 U.S.C. 552a(k), to exempt Agency systems of records from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), (I); and (f) of section 552a. (b) The procedures established and exemptions claimed apply to systems of records for which notice has been published in the FEDERAL REGISTER pursuant to the Privacy Act. Requests from individuals for records pertaining to themselves will be processed in accordance with these procedures and consistent with the exemptions claimed. Requests for records which do not specify the statute pursuant to which they are made but which may be reasonably construed to be requests by an individual for records pertaining to that individual will also be processed in accordance with these procedures and consistent with exemptions claimed. To the extent appropriate, these procedures apply to records maintained by this Agency pursuant to system of records notices published by the Civil Service Commission. The primary category of records affected by a Commission notice is that maintained in conjunction with the CSC system identified as "CSC-Retirement Life Insurance and Health Benefits Records System." Authority pursuant to 44 U.S.C. 3101 to maintain each system of records for which notice has been published is implied in each "authority for maintenance of a system" of each systems notice. §322.2 Definitions. (a) Access to the NSA headquarters: means current and continuing daily access to those facilities making up the NSA headquarters. (b) Individual: means a natural person who is a citizen of the United States or an alien lawfully admitted for permanent residence. (c) Request: means a request in writing for records pertaining to the requester contained in a system of records and made pursuant to the Privacy ct or if no statute is identified considred by the Agency to be made pursuat to that Act. (d) System of Records: means a groupg of records maintained by the Agenfor which notice has been published the FEDERAL REGISTER pursuant to ➡tion 552a(e)(4) of Title 5 U.S.C. 22.3 Procedures for requests concerning individual records in a system of records. a)(1) Notification. Any individual y be notified in response to a reest if any system of records contains ecord pertaining to the requester by ding a request addressed to: Infortion Officer, National Security ency, Fort George G. Meade, Maryd20755. Such request shall be in Cing, shall be identified on the enve- and the request as a "Privacy Act uest," shall designate the system ystems of records using the names ne systems as published in the sysnotices, shall contain the full e, present address, date of birth, al security number and dates of afion or contact with NSA/CSS of requester and shall be signed in full ■e requester. A request pertaining to records erning the requester which does pecify the Act pursuant to which equest is made shall be processed Privacy Act request. A request ■ does not designate the system or ms of records to be searched shall ocessed by checking the following ms of records: Applicants; Per1; Health, Medical and Safety. ) Identification. Any individual ■tly not authorized access to the al Security Agency headrs who requests disclosure of s shall provide the following in-ion with the written request for ure: full name, present address, f birth, social security number, te of first affiliation or contact SA/CSS and date of last affilir contact with NSA/CSS. ny individual currently authorcess to the National Security headquarters shall provide the ng information with the request fication: full name, present orEonal assignment, date of birth, ecurity number. 32 CFR Ch. 1 (7-1-00 Edition) (3) Such request shall be treated as a $322.4 Times, places and procedures (a) Individual not currently affiliated (1) Request procedure. Any individual currently not authorized access to the National Security Agency headquarters shall make the request for notification in writing and shall include the required identifying data. Upon verification of the existence in systems of records pertaining to the requester, a copy of the records located shall be mailed to the requester subject to appropriate specific exemptions, applicable Public Laws, special procedures pertaining to medical records, including psychological records, and the exclusion for information compiled in reasonable anticipation of a civil action or proceeding. If the request cannot be processed within ten working days from the time of receipt of the request, an acknowledgment of receipt of the request will be sent to the requester. (2) Appointment of other individual. If a requester wishes another individual to obtain the requested records on his behalf, the requester shall provide a written, signed, notarized statement appointing that individual as his representative, certifying that the individual appointed may have access to the records of the requester and that such access shall not constitute an invasion of the privacy of the requester nor a violation of his rights under the Privacy Act of 1974. (b) Individual currently affiliated with NSA (1) Request procedure. Any individual currently authorized access to the National Security Agency headquarters may make the request for notification to the appropriate official delegated responsibility for a system of records pursuant to internal agency regulations pertaining to the Privacy 930 Office of the Secretary of Act of 1974. In the alternat dividual may direct the re NSA Information Officer i the same form and includi required in §322.4(a)(1) ab case of any denial of notific ficials delegated responsib system the request shall be the NSA Information Offi view. (2) Appointment of other it the requester makes a req ant to this paragraph and designate another individua pany him, the same proced vided in paragraph (a)(2) of apply. If the individual a currently authorized access tional Security Agency he he may accompany the re the individual appointed i rently authorized access, a records located may be ma appointed individual subjec priate specific exemptions, Public Laws, special proce taining to medical records psychological records, and sion for information compi sonable anticipation of a civ proceeding. [40 FR 44294, Sept. 25, 1975. Red 56 FR 55631, Oct. 29, 1991, as a FR 57803, Nov. 14, 1991] $322.5 Medical If the request includes r medical or psychological na an Agency doctor makes mination that the records contain information which an adverse effect upon the the requester will be advised a medical doctor in the discipline to receive the in The appointment of the doc in the same form as that i $322.4(a)(2) and shall includ cation that the doctor appo thorized to practice the specialty by virtue of a lice tice same in the state whi the license. [40 FR 44294, Sept. 25, 1975. Red 56 FR 55631, Oct. 29, 1991, as a FR 57803, Nov. 14, 1991] |