(B) Each document is covered by the exemption, because all parts of a system are not automatically exempt.

(C) No nonexempt parts can be reasonably segregated.

(ii) Medical records. If a practitioner believes that access to a medical record by the subject could harm that person's mental or physical health, ask the requester to name a practitioner to receive the record. If this requirement poses a hardship on the individual, offer the service of a military practitioner other than the one who provided treatment. If the individual refuses to name a recipient, the record will not be released. This is not a denial under the Privacy Act and is not appealable.

(iii) Third party information. Third party information may not be deleted from a record when the subject requests access to the record unless there is an established exemption published in § 806b.13. This is because all information in a file must be presumed to pertain to the subject of the file. However, personal data such as SSNS and home addresses of third parties usually do not pertain to the subject of the record and, therefore, need not be released. This is not a denial under the Privacy Act and cannot be appealed.

(iv) Information compiled for litigation. Records in a system compiled in connection with a civil action or other proceeding may be withheld. This includes any action where judicial or administrative adjudicatory proceedings may reasonably be anticipated. Attorney work products prepared in support of such proceedings are not usually released under the Privacy Act at any point before, during, or after termination of the action or proceeding.

(v) Denial authority action. (A) The MAJCOM or SOA Privacy Act officer reviews the proposed denial, asks for written advice from the servicing SJA and the office responsible for the program under which the record was created, and makes a recommendation to the denial authority.

(B) The denial authority sends the requester a letter stating whether or not access will be granted. If the denial authority decides to grant access, he or she instructs the local

system manager to release the record. If the denial authority denies access, he or she must tell the requester why, and that the decision may be appealed to SAF not later than 60 calendar days after receipt of the denial letter. Tell the requester to resubmit the original request and send any supporting material to the denial authority for forwarding to HQ USAF/DAQD for processing. The requester should be cautioned that failure to follow this procedure may delay the appeal.

(g) Amendment requests. Individuals may ask the Air Force to amend records about them that are in a system of records. The request must seek to change, delete, or add material to make a record accurate, timely, relevant, or complete. Requests for amendment of a record that is subjective, or involves a matter of opinion or interpretation will not be processed under this part. Return such a request and tell the individual to submit it either to the Air Force Board for the Correction of Military Records according to Part 865 Subpart A of this chapter, to follow grievance procedures in AFR 40-771. Coordinate these returns with the director of personnel. Record correction requests which have been denied by the Air Force Board for the Correction of Military Records, acting for the Secretary of the Air Force, are not subject to further consideration under this part.

(1) Requests for minor corrections may be made orally. All others must be written.

(2) Local system managers routinely correct any record if the requester can show it is factually wrong. After verifying identity, the local system manager makes the change, notifies all known recipients of the record, and informs the individual when the correction is made.

(3) If the local system manager decides not to amend or partially amend the record, he or she sends a copy of the request, a copy of the record (or records), and the reasons for this action to the denial authority through the base and the MAJCOM or SOA Privacy Act officers. SJA coordination is required. This must be done within 5 workdays from receipt of the request.

(i) The MAJCOM or SOA Privacy Act officer reviews the proposed denial, asks for written advice from the servicing SJA and the office responsible for the program under which the record was created and makes recommendation to the denial authority.

(ii) The denial authority sends the requester a letter stating whether or not the amendment or partial amendment will be granted. If the denial authority decides to amend or partially amend the record, he or she tells the local system manager to amend the record and notify all subsequent recipients of the change. If the denial authority denies the amendment request, he or she must tell the requester why, and that the decision may be appealed to SAF not later than 60 calendar days after receipt of the denial letter. The requester is told to resubmit the original request and to send any supporting material to the denial authority for forwarding to HQ USAF/DAQD for processing. The requester should be cautioned that failure to follow this procedure may delay the appeal.

(h) Appeals of denials to grant access or to amend records- (1) Request for Secretarial review. An individual may request a review of the denial by writing to SAF not later than 60 calendar days after the denial is received. The request should be addressed to SAF/ AA, and sent back to the denial authority for forwarding to HQ USAF/ DAQD for processing. The denial authority sends a complete file arranged as follows:

(i) The request for review.

(ii) The original request for access or amendment.

(iii) The original denial.

(iv) A copy of the record or portions in question.

(v) Any internal records or coordination actions that relate to the denial.

(vi) Denial authority comments on the appellant's arguments.

(vii) A legal review prepared by the SJA servicing the denial authority.

(2) Responsibilities for Review. (i) HQ USAF/DAQD reviews the denial and makes a recommendation to the Office of the Vice Chief of Staff (HQ

USAF/CV). HQ USAF/JACM coordination is required.

(ii) HQ USAF/CV decides whether to direct the denial authority to grant access or to amend the record. If HQ USAF/CV decides to uphold a denial, this recommendation is passed to SAF/AA through the Office of the General Counsel (SAF/GC) for final action.

(iii) SAF/AA considers the recommendation to uphold a denial, decides to grant or deny the appeal, and notifies both the individual and the denial authority of the decision. If SAF/AA upholds a denial to amend a record, the individual must be told of his or her right to send a statement of disagreement to the system manager.

(3) Requests for Secretarial review. These requests must be completed within 30 workdays after the date HQ USAF/DAQD received the appeal.

NOTE: Appeals for denial of access to law enforcement records subject to the (j)(2) exemption are processed under this part and Part 806 of this chapter since the original action should have been taken under both.

(i) Statements of disagreement. If an individual submits a statement of disagreement with a SAF/AA decision not to amend his or her record, the local system manager:

(1) Flags the record so that the disagreement may be seen by anyone who discloses or gains access to the record.

(2) Files the statement with the record. If this is not possible, the local system manager maintains it to allow ready retrieval when the disputed portion of the record is used.

(3) Tells previous recipients that the record has been disputed and, if they can be identified, gives them a copy of the statement.

(4) Lets subsequent users know that the record is disputed and gives them a copy of the statement along with the record. The system manager may include a brief summary of the reasons for not amending the record. Summaries are limited to the reasons SAF/ AA gave to the individual. The summary is treated as a part of the individual's record, but is not subject to the amendment procedures.

§ 806b.9 Disclosures to third parties and organizations.

The fact that the Air Force tells an individual why the information is collected and how it will be used does not imply consent for release. When deciding to release information as authorized in paragraph (a) through (c) of this section, first consider the consequences of that disclosure. Before releasing any information, make a reasonable effort to ensure that it is accurate.

a

(a) With consent of the subject. You may disclose information from system of records if the subject of the record asks you to do so or has given prior written consent. Make sure that no law or directive prohibits release. See AFR 11-24 on release of individual home telephone numbers and home addresses from unit locators.

(b) Without consent of the subject. An individual's records may be disclosed without his or her consent to:

(1) DOD officials and employees who need the record to perform their duties when the use is compatible with the purpose for which the record is maintained.

(2) The public, as required by the FOIA. See part 806 of this chapter.

(i) Some examples of information that may normally be released for individual military personnel without an unwarranted invasion of privacy are: Name; grade; marital status; number and sex of dependents; date of rank; gross pay (base pay and entitlements); present and past duty assignments and future assignments that are firm (except overseas); office and unit address and phone number; source of commission; professional miltiary education, civilian educational degrees and major areas of study, school, and year of graduation; promotion sequence number; awards and decorations; duty status at any given time; official photograph without the identification frame; and home of record, without street address. Lists of names, home and duty addresses, and telephone numbers of military members must not be provided in any form for solicitation regardless of the intent of the solicitation unless otherwise provided for by law or this part. See Federal Personnel Manual Supplement

990-1, part 294, on release of civilian personnel information.

(ii) A balancing test may be used to decide whether disclosure would be a clearly unwarranted invasion of individual privacy. Weigh the right of the subject to a reasonable expectation of privacy verus the public right to know. Consider the nature of the information to be disclosed. Do individuals usually expect this information to be kept private? Are the identities of the subject and the recipient already in the public eye? What is likely to happen to the individual as a result of the disclosure? How old is the information; is it still relevant? To what degree is the information already in the public domain?

(iii) Information may be released if the balancing test described above weighs in favor of disclosure. For example, home addresses may be disclosed to a requester who wants to enforce a court order for alimony or child support payments, or to local and state tax authorities to enforce tax laws.

(iv) Individuals must be allowed to decide if they wish their home addresses and phone numbers included in base directories.

(3) Agencies outside DOD for a routine use that has been listed in the notice describing the system of records published in the FEDERAL REGISTER. The routine use must be compatible with the purpose for which the information was collected.

(4) The Bureau of the Census to plan or carry out a census or survey under Title 13, U.S.C.

(5) A recipient for statistical research or reporting. The recipient must give advance written assurance that the record will be used solely as a statistical research or reporting record. The record must not be used, in whole or part, to make any decisions about the individual's rights, benefits, or entitlements. It must be sent in a form in which the identity of the individual cannot be found out through usual research methods.

(6) The National Archives of the United States as a record with enough value to warrant permanent retention, or for evaluation by the Archivist of the United States to see if the record

has such value. However, records sent to Federal Archives and Records Centers for storage stay under Air Force control. These transfers are not disclosures under this section and do not need an accounting.

(7) A Federal, state, or local agency outside DOD for a civil or criminal law enforcement activity authorized by law. The head of the agency or a designee must send a written request to the system manager. The request must specify the record or part needed and the law enforcement purpose for which it is wanted. A record may also be disclosed to a law enforcement agency if a criminal violation is suspected. This disclosure is a routine use for all Air Force systems of records and has been published in the FEDERAL REGISTER.

(8) Another individual or agency under compelling circumstances that affect the health or safety of an individual. The individual whose records are disclosed does not have to be the one in danger. For example, records on several individuals could be disclosed to identify individuals injured in an accident. When an individual record is disclosed in this way, the subject must be sent a notification of disclosure to the last known address.

(9) Either House of Congress (a congressional committee or subcommittee) for matters within their jurisdictions.

(10) A congressional office acting for a constituent who is the record subject. This disclosure is authorized by a published blanket routine use.

(11) The Comptroller General or any authorized representatives on business of the General Accounting Office.

(12) A court of competent jurisdiction that has ordered the disclosure of the record. When a record is disclosed, reasonable efforts must be made to notify the individual to whom the record pertains, if the legal process is a matter of public record.

(13) A consumer credit agency according to the Debt Collection Act. This provision applies to the Air Force Accounting and Finance Center only.

(14) A contractor who is operating a system of records under a contract to perform an Air Force function. In this case, the contractor is considered an

employee of the Air Force for Privacy Act purposes, and the system of records is considered an Air Force system. Disclosure of records to the contractor does not need the subject's consent nor does it require an accounting. Records maintained by the contractor for the management of contractor employees are not subject to the Privacy Act.

(c) Medical records of minors. The medical records of minors may be disclosed to the parents or legal guardians of the minor. However, the following conditions apply:

(1) The law of the state in which the records are located may protect certain types of medical records that deal with drug or alcohol abuse treatment, abortion, and birth control advice or devices. Such laws must be observed. Medical records custodians in the United States must be knowledgeable of local laws and coordinate any proposed local policies with their servicing SJA.

(2) Parents or guardians are not allowed to see the medical records of a minor when all four of the following conditions apply:

(i) The minor was between 15 and 17 years of age at the time he or she sought or consented to the treatment.

(ii) The treatment was sought in a program authorized by regulations or law to offer confidentiality of treatment records as a part of the program.

(iii) The minor specifically requested or indicated that he or she wished his or her treatment record to be handled with confidence and not released to a parent or guardian.

(iv) The parent or guardian seeking access does not have the written authorization of the minor or a valid court order for access.

Subpart E-Privacy Act Exemptions § 806b.10 Use of exemptions.

SAF can exempt systems of records from parts of the Privacy Act. The two kinds of exemption are: General and specific. The general exemption frees systems from most parts of the Privacy Act; the specific from only a few parts.

§ 806b.11 General exemptions.

(a) SAF has approved a general exemption for investigative systems used by activities whose principal function is criminal law enforcement. These include the SJA, and investigative and correctional activities. All records in such a system come under the exemption which will be observed and cannot be waived. This exemption is in subparagraph (j)(2) of the Privacy Act. It only applies to systems used to:

(1) Identify criminals and alleged criminals, with identity; arrests; type and disposition of charges; sentences, confinement and release records; and parole and probation status.

(2) Support criminal investigations (including efforts to prevent, reduce, or control crime) and reports of informants and investigators that identify an individual.

(3) Reports on an individual, compiled at any stage of the law enforcement process.

(b) The Air Force observes only subsections (b); (c)(1) and (2); (e)(4)(A) through (F); (e)(6), (7), (9), (10), and (11); and (i) of the Privacy Act.

§ 806b.12 Specific exemptions.

(a) SAF has approved specific exemptions for all classified and a few other systems. These exemptions must be observed and cannot be waived. The Privacy Act citation appears in parentheses after each type below.

(1) Classified information in any system of records. Before denying access, make sure that the record is currently and properly classified and cannot be declassified ((k)(1)).

(2) Law enforcement records (other than those covered by the general exemption). However, the Air Force must allow access to any record which was used to deny someone a right, privilege or benefit, unless doing so would reveal a confidential source ((k)(2)).

(3) Statistical records required by law. The data must be used only as statistics and not to make decisions on the rights, benefits, or entitlements of individuals ((k)(4)).

(4) Data to determine suitability, eligibility, or qualifications for Federal service or contracts, or access to classified information. The Air Force can

withhold this if access would reveal a confidential source ((k)(5)).

(5) Qualification tests for appointment or promotion in the federal service. The Air Force may withhold these if access would compromise the objectivity of the tests ((k)(6)).

(6) Information to determine promotability in the Armed Forces. The Air Force may withhold this if access would reveal a confidential source ((k)(7)).

(b) A specific exemption may free a system from any of the following parts of the Privacy Act: subsections (c)(3); (d); (e)(1); (e)(4) (G), (H), and (I); and (f).

§ 806b.13 General and specific exemptions.

(a) General exemption. The following systems of records are exempt under 5 U.S.C. 552a(j)(2):

(1) Counter Intelligence Operations and Collection Records, F124 AF A. (2) Criminal Records, F124 AF C. (3) Security Police Automated System (SPAS), F125 AF SP E.

(4) Investigative Support Records, F124 AF D.

(5) Correction and Rehabilitation Records, F125 AF A (that portion maintained by the 3320th Correction and Rehabilitation Squadron, but only for the period the individual is confined or in rehabilitation at an Air Force or Federal correctional facility). (6) Management Information and Research System (MIRS), F125 ATC A (but only for the period the individual is confined or in rehabilitation at an Air Force or Federal correctional facility).

(b) Specific exemptions. The following systems of records are subject to the specific exemptions shown:

(1) Classified records-(i) Exemption. All records in any systems of records that are properly classified according to Executive Orders 11652, 12065 or 12356, are exempt from 5 U.S.C. 552a(c)(3); (d); (e)(4)(G), (H), and (I); and (f), regardless of whether the entire system is otherwise exempt or not.

(ii) Authority. 5 U.S.C. 552a(k)(1).

(2) Admissions and Registrar Records (F053 AFA C)-(i) Exemption. Parts of this system of records (Liai