may relate to the jurisdiction of other cooperating agencies. (7) From subsection (e)(4) (G) through (H) because this system of records is exempt from the access provisions of subsection (d). (8) From subsection (f) because the agency's rules are inapplicable to those portions of the system that are exempt and would place the burden on the agency of either confirming or denying the existence of a record pertaining to a requesting individual might in itself provide an answer to that individual relating to an on-going investigation. The conduct of a successful investigation leading to the indictment of a criminal offender precludes the applicability of established agency rules relating to verification of record, disclosure of the record to that individual, and record amendment procedures for this record system. (g) System Identifier: CIG-16. (1) System name: DOD Hotline Program Case Files. (2) Exemption: Any portions of this system of records which fall under the provisions of 5 U.S.C. 552a(k)(2) and (k)(5) may be exempt from the following subsections of 5 U.S.C. 552a: (c)(3), (d), (e)(1), (e)(4)(G), (H), and (f). (3) Authority: 5 U.S.C. 552a(k)(2) and (k)(5). (4) Reasons: From subsection (c)(3) because disclosures from this system could interfere with the just, thorough and timely resolution of the complaint or inquiry, and possibly enable individuals to conceal their wrongdoing or mislead the course of the investigation by concealing, destroying or fabricating evidence or documents. (5) From subection (d) because disclosures from this system could interfere with the just, thorough and timely resolution of the complaint or inquiry, and possibly enable individuals to conceal their wrongdoing or mislead the course of the investigation by concealing, destroying or fabricating evidence or documents. Disclosures could also subject sources and witnesses to harassment or intimidation which jeopardize the safety and well-being of themselves and their families. (6) From subsection (e)(1) because the nature of the investigation functions creates unique problems in prescribing specific paramenters in a particular case as to what information is relevant or necessary. Due to close liaison and working relationships with other Federal, state, local, and foreign country law enforcement agencies, information may be received which may relate to a case under the investigative jurisdiction of another government agency. It is necessary to maintain this information in order to provide leads for appropriate law enforcment purposes and to establish patterns of activity which may relate to the jurisdiction of other cooperating agencies. (7) From subsection (e)(4)(G) through (H) because this system of records is exempt from the access provisions of subsection (d). (8) From subsection (f) because the agency's rules are inapplicable to those portions of the system that are exempt and would place the burden on the agency of either confirming or denying the existence of a record pertaining to a requesting individual might in itself provide an answer to that individual relating to an on-going investigation. The conduct of a successful investigation leading to the indictment of a criminal offender precludes the applicability of established agency rules relating to verification of record, disclosure of the record to that individual, and record amendment procedures for this record system. [56 FR 51976, Oct. 17, 1991, as amended at 57 FR 24547, June 10, 1992; 61 FR 2916, Jan. 30, 1996] $312.13 Ownership of OIG investigative records. (a) Criminal and or civil investigative reports shall not be retained by DoD recipient organizations. Such reports are the property of OIG and are on loan to the recipient organization for the purpose for which requested or provided. All copies of such reports shall be destroyed within 180 days after the completion of the final action by the requesting organization. (b) Investigative reports which require longer periods of retention may be retained only with the specific written approval of OIG. $312.14 Referral of records. An OIG system of records may contain records other DoD Components or Federal agencies originated, and who may have claimed exemptions for them under the Privacy Act of 1974. When any action is initiated on a portion of any several records from another agency which may be exempt, consultation with the originating agency or component will be affected. Documents located within OIG system of records coming under the cognizance of another agency will be referred to that agency for review and direct response to the requester. PART 313-THE CHAIRMAN OF THE JOINT CHIEFS OF STAFF AND THE JOINT STAFF PRIVACY PROGRAM AUTHORITY: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a). §313.1 Source of regulations. The Office of the Joint Chiefs of Staff is governed by the Privacy Act implementation regulations of the Office of the Secretary of Defense, 32 CFR part 311. [40 FR 55535, Nov. 28, 1975. Redesignated at 56 FR 55631, Oct. 29, 1991, as amended at 56 FR 57802, Nov. 14, 1991] PART 314-DEFENSE ADVANCED RESEARCH PROJECTS AGENCY, PRIVACY ACT OF 1974 AUTHORITY: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a). §314.1 Source of regulations. The Defense Advanced Research Projects Agency is governed by the Privacy Act implementation regulations of the Office of the Secretary of Defense, 32 CFR part 311. [40 FR 55535, Nov. 28, 1975. Redesignated at 56 FR 55631, Oct. 29, 1991, and amended at 56 FR 57802, Nov. 14, 1991] System Manager: The DCA official who is responsible for policies and procedures governing a DCA System of Record. His title and duty address will be found in the paragraph entitled Sysmanager in DCA's Record System Notices which are published in the FEDERAL REGISTER in compliance with provisions of the Privacy Act of 1974. [40 FR 55535, Nov. 28, 1975. Redesignated and amended at 57 FR 6074, Feb. 20, 1992] §316.5 Policy. It is the policy of DCA: (a) To preserve the personal privacy of individuals, to permit an individual to know what records exist pertaining to him in the DCA, and to have access to and have a copy made of all or any portion of such records and to correct or amend such records. (b) To collect, maintain, use, or disseminate any record of identifiable personal information in a manner that assures that such action is for a necessary and lawful purpose; that the information is timely and accurate for its intended use; and that adequate safeguards are provided to prevent misuse of such information. (a) The Counsel, DCA, is hereby designated the Privacy Act Officer for DCA and is responsible for insuring that an internal DCA Privacy Program is established and maintained. He will also insure that all echelons of DCA effectively comply with and implement 32 CFR part 310. (b) The Civilian Assistant to the Chief of Staff will be responsible for the annual reporting requirements contained in 32 CFR 310.5. (c) DCA System Managers and other appropriate DCA officials will: (1) Insure compliance with the provisions of 32 CFR 310.9. (2) Comply with the provisions of 32 CFR 286a.11. In this area the Assistant to the Director for Administration will provide assistance. (3) Adhere to the following: (i) Within DCA, the System Manager of any record system will assure that records pertaining to an individual will be disclosed, upon request, to the individual to whom the record pertains. The individual need not state a reason or otherwise justify the need to gain access. A person of the individual's choosing may accompany the individual when the record is disclosed. The System Manager may require the individual to furnish a written statement authorizing discussion of the individual's records in the presence of the accompanying person. If requested, the System Manager will have a copy made of all or any portion of the record pertaining to the individual in a form comprehensible to the requester. (ii) The System Manager may release records to the individual's representative who has the written consent of the individual. The System Manager will require reasonable identification of individuals to assure that records are disclosed to the proper person. No verification of identity will be required of an individual seeking access to records which are otherwise available to any member of the public under the Freedom of Information Act. Identification requirements should be consistent with the nature of the records being disclosed. For disclosure of records to an individual in person, the System Manager will require that the individual show some form of identification. For records disclosed to an individual in person or by mail, the System Manager may require whatever identifying information is needed to locate the record; i.e., name, social security number, date of birth. If the sensitivity of the data warrants, the System Manager may require a signed notarized statement of identity. The System Manager may compare the signatures of the requester with those in the records to verify identity. An individual will not be denied access to his record for refusing to disclose his social security number unless disclosure is required by statute or by regulation adopted before 1 January 1975. An individual will not be denied access to records pertaining to him because the records are exempted from disclosure under the provisions of the Freedom of Information Act. (iii) The System Manager will not deny access to a record or a copy thereof to an individual solely because its physical presence is not readily available (i.e. on magnetic tape) or because the context of the record may disclose sensitive information about another individual. To protect the personal privacy of other individuals who may be identified in a record, the System Manager shall prepare an extract to delete only that information which would not be releasable to the requesting individual under the Freedom of Information Act. (iv) When the System Manager is of the opinion that the disclosure of medical information could have an adverse effect upon the individual to whom it pertains, the System Manager will promptly request the individual to submit the name and address of a doctor who will determine whether the medical record may be disclosed directly to the individual. The System Manager will then request the opinion of the doctor named by the individual on whether a medical record may be disclosed to the individual. The System Manager shall disclose the medical record to the individual to whom it pertains unless, in the judgment of the doctor, access to the record could have an adverse effect upon the individual's physical or mental health. In this event the System Manager will transmit the record to the doctor and immediately inform the individual. (v) The fees to be charged, if any, to an individual for making copies of his record, excluding the cost of any search for and review of the record, will be in accordance with the "Schedule of Fees" as set forth in 32 CFR 286.5 and 286.10. (vi) The System Manager of the record will permit an individual to request amendment of a record pertaining to the individual. Requests to amend records shall be in person or in writing and shall be submitted to the System Manager who maintains the records. Such requests should contain as a minimum, identifying information needed to locate the record, a brief description of the item or items of information to be amended, and the reason for the requested change. (vii) The System Manager will provide a written acknowledgment of the receipt of a request to amend a record to the individual who requested the amendment within 10 days (excluding Saturdays, Sundays, and legal public holidays) after the date of receipt of such request. Such an acknowledgment may, if necessary, request any additional information needed to make a determination. No acknowledgment is required if the request can be reviewed and processed and the individual notified of compliance or denial within the 10 day period. (viii) The System Manager will promptly take one of the following actions on requests to amend records: (A) Refer the request to the agency or office that has control of and maintains the record in those instances where the record requested remains the property of the controlling office or agency. (B) In accordance with existing statute, regulation, or administrative procedure, make any correction of any portion thereof which the individual believes is not accurate, relevant, timely or complete, or (C) Inform the individual of the System Manager's refusal to amend the record in accordance with the individual's request, the reason for the refusal, and the individual's right to request a review of the refusal by the Director, DCA, through the DCA Privacy Act Board. (ix) The DCA Privacy Act Board will be comprised of the DCA Counsel, as Chairman; the Assistant to the Director for Administration, and the Assistant to the Director for Personnel; or in their absence, their authorized representatives. The individual who disagrees with the refusal of the System Manager to amend his record may request a review of this refusal by the DCA Privacy Act Board. The request for the review may be made orally or in writing and shall be made to the System Manager. The System Manager will promptly forward the request for review to the Chairman of the Board to make a proper review. The Board will promptly review the matter. If, after review, the Board is unanimous in its decision that the record be amended in accordance with the request of the individual then the Chairman of the Board shall so notify the System Manager. The System Manager will immediately make the necessary corrections to the record and will promptly notify the individual. The System Manager 167-123 0-96-26 will, if an accounting of disclosure of the record has been made, advise all previous recipients of the record, which was corrected, of the correction and its substance. This will be done in all instances when a record is amended. If, after review, the Board decides that the request for amendment should be denied, it will promptly forward its recommendation to the Director, DCA. A majority vote of the members of the Board will constitute a recommendation to the Director. (x) The Director, DCA, upon receipt of the Board's recommendation, will complete the review and make a final determination. (xi) If the Director, DCA, after his review, agrees with the individual's request to amend the record, he will, through the DCA Counsel, so advise the individual in writing. The System Manager will receive a copy of the Director's decision and will assure that the record is corrected accordingly and that if an accounting of disclosure of the record has been made, advise all previous recipients of the record which was corrected of the correction and its substance. (xii) If, after his review, the Director refuses to amend the records as the individual requested, he will, through the DCA Counsel, advise the individual of his refusal and the reasons for it; of the individual's right to file a concise statement setting forth the reasons for the individual's disagreement with the decision of the Director, DCA; that the statement which is filed will be made available to anyone to whom the record is subsequently disclosed together with, at the discretion of the Agency, a brief statement by the Agency summarizing its reasons for refusing to amend the record; that prior recipients of the disputed record will be provided a copy of any statement of dispute to the extent that an accounting of disclosures was maintained; and of the individual's right to seek judicial review of the Agency's refusal to amend a record. (xiii) The Director's final determination on the individual's request for a review of the System Manager's initial refusal to amend the record must be concluded within 30 days (excluding Saturdays, Sundays, and legal public holidays) from the date on which the individual requested such review unless the Director determines that a fair and equitable review cannot be made within that time. If additional time is required, the individual will be informed in writing of reasons for the delay and of the approximate date on which the review is expected to be completed. (xiv) After the Director, DCA has refused to amend a record and the individual has filed a statement setting forth the reasons for the individual's disagreement with the decision of the Director, the System Manager will clearly note any portion of the record which is disputed. The System Manager's notation should make clear that the record is disputed and this should be apparent to anyone who may subsequently have access to, use, or disclose the record. When the System Manager has previously disclosed or will subsequently disclose that portion of the record which is disputed he will note that that portion of the record is disputed and will provide the recipients of the record with a copy of the individual's statement setting forth the reasons for the individual's disagreement with the decision of the Director not to amend the record. The System Manager will also provide recipients of the disputed record with a brief summary of the Director's reasons for not making the requested amendments to the record. (xv) Nothing herein shall allow an individual access to any information compiled in reasonable anticipation of a civil action or proceeding. (xvi) Any requests by an individual for access to or copies of his records shall be processed in accordance with this part and 32 CFR part 310. (d) DCA System Managers will be: (1) Responsible for complying with the provisions contained in 32 CFR 310.8 relating to the disclosure to others of personal records, obtaining the written consent of individuals to whom the record pertains, and for keeping an accurate accounting of each disclosure of a record. (2) Responsible for providing to the Civilian Assistant to the Chief of Staff the information requested in 32 CFR 310.5. However, the information will be reported on a quarterly basis with the |