reports not meeting these standards or serving such purposes are not included in such records. (2) Prior to dissemination to an individual or agency outside DoD of any record about an individual (except for a Freedom of Information Act action or access by a subject individual under these rules) the disclosing DIS official will by review, make a reasonable effort to assure that such record is accurate, complete, timely, fair and relevant to the purpose for which they are maintained. (f) The defense central index of investigations (DCII). It is the policy of DIS, as custodian, that each DoD component or element that has direct access to or contributes records to the DCII (DIS 5-02), is individually responsible for compliance with The Privacy Act of 1974 and DoD Directive 5400.11 with respect to requests for notification, requests for access by subject individuals, granting of such access, request for amendment and corrections by subjects, making amendments or corrections, other disclosures, accounting for disclosures and the exercise of exemptions, insofar as they pertain to any record placed in the DCII by that component or element. Any component or element of the DoD that makes a disclosure of any record whatsoever to an individual or agency outside the DoD, from the DCII, is individually responsible to maintain an accounting of that disclosure as prescribed by The Privacy Act of 1974 and DoD Directive 5400.11 and to notify the element placing the record in the DCII of the disclosure. Use of and compliance with the procedures of the DCII Disclosure Accounting System will meet these requirements. Any component or element of DoD with access to the DCII that, in response to a request concerning an individual, discovers a record pertaining to that individual placed in the DCII by another component or element, may refer the requester to the DoD component that placed the record into the DCII without making an accounting of such referral, although it involves the divulging of the existence of that record. Generally, consultation with, and referral to, the component or element placing a record in the DCII should be effected by any component receiving a request pertaining to that record to insure appropriate exercise of amendment or exemption procedures. (g) Investigative operations. (1) DIS agents must be thoroughly familiar with and understand these rules and the authorities, purposes and routine uses of DIS investigative records, and be prepared to explain them and the effect of refusing information to all sources of investigative information, including subjects, during interview, in response to questions that go beyond the required printed and oral notices. Agents shall be guided by reference (f) §321.2, in this respect. (2) All sources may be advised that the subject of an investigative record may be given access to it, but that the identities of sources may be withheld under certain conditions. Such advisement will be made as prescribed in §321.2(f), and the interviewing agent may not urge a source to request a grant of confidentiality. Such pledges of confidence will be given sparingly and then only when required to obtain information relevant and necessary to the stated purpose of the investigative information being collected. (h) Non-system information on individuals. The following information is not considered part of personal records systems reportable under the Privacy Act of 1974 and may be maintained by DIS members for ready identification, contact, and property control purposes only. If at any time the information described in this paragraph is to be used for other than these purposes, that information must become part of a reported, authorized record system. No other information concerning individuals except that described in the records systems notice and this paragraph may be maintained within DIS. (1) Identification information at doorways, building directories, desks, lockers, nametags, etc. (2) Identification in telephone directories, locator cards and rosters. (3) Geographical or agency contact cards. (4) Property receipts and control logs for building passes, credentials, vehicles, weapons, etc. (5) Temporary personal working notes kept solely by and at the initiative of individual members of DIS to facilitate their duties. (i) Notification of prior recipients. Whenever a decision is made to amend a record, or a statement contesting a DIS decision not to amend a record is received from the subject individual, prior recipients of the record identified in disclosure accountings will be notified to the extent possible. In some cases, prior recipients cannot be loIcated due to reorganization or deactivations (e.g., U.S. Military Assistance Command, Vietnam). In these cases, the personnel security element of the receiving Defense Component will be sent the notification or statement for appropriate action. (j) Ownership of DIS Investigative Records. Personnel security investigative reports shall not be retained by DoD recipient organizations. Such reports are considered to be the property of the investigating organization and are on loan to the recipient organization for the purpose for which requested. All copies of such reports shall be destroyed within 120 days after the completion of the final personnel security determination and the completion of all personnel action necessary to implement the determination. Reports that are required for longer periods may be retained only with the specific written approval of the investigative organization. or (k) Consultation and referral. DIS system of records may contain records originated by other components agencies which may have claimed exemptions for them under the Privacy Act of 1974. When any action that may be exempted is initiated concerning such a record, consultation with the originating agency or component will be effected. Where appropriate such records will be referred to the originating component or agency for approval or disapproval of the action. [40 FR 55546, Nov. 28, 1975, as amended at 46 FR 35641, July 10, 1981. Redesignated at 56 FR 55631, Oct. 29, 1991, and amended at 56 FR 57803, Nov. 14, 1991] 322.3 Procedures for requests concerning individual records in a system of records. 322.4 Times, places and procedures for disclosures. 322.5 Medical or psychological records. 322.7 Procedures for amendment. 322.10 Specific exemptions. AUTHORITY: Pub. L. 93-579; 88 Stat. 1896 (5 U.S.C. 552a). SOURCE: 40 FR 44294, Sept. 25, 1975, unless otherwise noted. Redesignated at 56 FR 55631, Oct. 29, 1991. §322.1 Purpose and scope. (a) The purpose of this rule is to comply with and implement title 5 U.S.C. 552a, sections (f) and (k), hereinafter identified as the Privacy Act. It establishes the procedures by which an individual may be notified whether a system of records contains information pertaining to the individual; defines times, places and requirements for identification of the individual requesting records, for disclosure of requested records where appropriate; special handling for medical and psychological records; for amendment of records; appeal of denials of requests for amendment; and provides a schedule of fees to be charged for making copies of requested records. In addition, this rule contains the exemptions promulgated by the Director, NSA, pursuant to 5 U.S.C. 552a(k), to exempt Agency systems of records from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), (I); and (f) of section 552a. (b) The procedures established and exemptions claimed apply to systems of records for which notice has been published in the FEDERAL REGISTER pursuant to the Privacy Act. Requests from individuals for records pertaining to themselves will be processed in accordance with these procedures and consistent with the exemptions claimed. Requests for records which do not specify the statute pursuant to which they are made but which may be reasonably construed to be requests by an individual for records pertaining to that individual will also be processed in accordance with these procedures and consistent with exemptions claimed. To the extent appropriate, these procedures apply to records maintained by this Agency pursuant to system of records notices published by the Civil Service Commission. The primary category of records affected by a Commission notice is that maintained in conjunction with the CSC system identified as "CSC-Retirement Life Insurance and Health Benefits Records System." Authority pursuant to 44 U.S.C. 3101 to maintain each system of records for which notice has been published is implied in each "authority for maintenance of a system" of each systems notice. $322.2 Definitions. (a) Access to the NSA headquarters: means current and continuing daily access to those facilities making up the NSA headquarters. (b) Individual: means a natural person who is a citizen of the United States or an alien lawfully admitted for permanent residence. (c) Request: means a request in writing for records pertaining to the requester contained in a system of records and made pursuant to the Privacy Act or if no statute is identified considered by the Agency to be made pursuant to that Act. (d) System of Records: means a grouping of records maintained by the Agency for which notice has been published in the FEDERAL REGISTER pursuant to section 552a(e)(4) of Title 5 U.S.C. §322.3 Procedures for requests concerning individual records in a system of records. (a)(1) Notification. Any individual may be notified in response to a request if any system of records contains a record pertaining to the requester by sending a request addressed to: Information Officer, National Security Agency, Fort George G. Meade, Maryland 20755. Such request shall be in writing, shall be identified on the envelope and the request as a "Privacy Act Request," shall designate the system or systems of records using the names of the systems as published in the system notices, shall contain the full name, present address, date of birth, social security number and dates of affiliation or contact with NSA/CSS of the requester and shall be signed in full by the requester. (2) A request pertaining to records concerning the requester which does not specify the Act pursuant to which the request is made shall be processed as a Privacy Act request. A request which does not designate the system or systems of records to be searched shall be processed by checking the following systems of records: Applicants; Personnel; Health, Medical and Safety. (b)(1) Identification. Any individual currently not authorized access to the National Security Agency headquarters who requests disclosure of records shall provide the following information with the written request for disclosure: full name, present address, date of birth, social security number, and date of first affiliation or contact with NSA/CSS and date of last affiliation or contact with NSA/CSS. (2) Any individual currently authorized access to the National Security Agency headquarters shall provide the following information with the request for notification: full name, present organizational assignment, date of birth, social security number. (3) Such request shall be treated as a certification of the requester that the requester is the individual named. Individuals should be aware that the Privacy Act provides criminal penalties for any person who knowingly and willfully requests or obtains any rec- ords concerning an individual under false pretenses. § 322.4 Times, places and procedures for disclosures. (a) Individual not currently affiliated with NSA: (1) Request procedure. Any individual currently not authorized access to the National Security Agency headquarters shall make the request for notification in writing and shall include the required identifying data. Upon verification of the existence in systems of records pertaining to the requester, a copy of the records located shall be mailed to the requester subject to appropriate specific exemptions, applicable Public Laws, special procedures pertaining to medical rec- ords, including psychological records, and the exclusion for information compiled in reasonable anticipation of a civil action or proceeding. If the request cannot be processed within ten working days from the time of receipt of the request, an acknowledgment of receipt of the request will be sent to the requester. (2) Appointment of other individual. If a requester wishes another individual to obtain the requested records on his behalf, the requester shall provide a written, signed, notarized statement appointing that individual as his representative, certifying that the individual appointed may have access to the records of the requester and that such access shall not constitute an invasion of the privacy of the requester nor a violation of his rights under the Privacy Act of 1974. (b) Individual currently affiliated with NSA (1) Request procedure. Any individual currently authorized access to the National Security Agency headquarters may make the request for notification to the appropriate official delegated responsibility for a system of records pursuant to internal agency regulations pertaining to the Privacy Act of 1974. In the alternative, such individual may direct the request to the NSA Information Officer in writing in the same form and including the data required in §322.4(a)(1) above. In the case of any denial of notification by officials delegated responsibility for a system the request shall be referred to the NSA Information Officer for review. (2) Appointment of other individual. If the requester makes a request pursuant to this paragraph and wishes to designate another individual to accompany him, the same procedures as provided in paragraph (a)(2) of this section apply. If the individual appointed is currently authorized access to the National Security Agency headquarters, he may accompany the requester. If the individual appointed is not currently authorized access, a copy of the records located may be mailed to the appointed individual subject to appropriate specific exemptions, applicable Public Laws, special procedures pertaining to medical records including psychological records, and the exclusion for information compiled in reasonable anticipation of a civil action or proceeding. [40 FR 44294, Sept. 25, 1975. Redesignated at 56 FR 55631, Oct. 29, 1991, and amended at 56 FR 57803, Nov. 14, 1991] If the request includes records of a medical or psychological nature, and if an Agency doctor makes the determination that the records requested contain information which would have an adverse effect upon the requester, the requester will be advised to appoint a medical doctor in the appropriate discipline to receive the information. The appointment of the doctor shall be in the same form as that indicated in §322.4(a)(2) and shall include a certification that the doctor appointed is authorized to practice the appropriate specialty by virtue of a license to practice same in the state which granted the license. [40 FR 44294, Sept. 25, 1975. Redesignated at 56 FR 55631, Oct. 29, 1991, and amended at 56 FR 57803, Nov. 14, 1991] § 322.6 Parents or legal guardians acting on behalf of minor applicants and employees. Parents or legal guardians acting on behalf of minors who request records concerning NSA/CSS applicants or employees who are minors shall be subject to the same requirements contained in §322.4(a)(1) appointment of other individuals, including the requirement for written authorization. Requests by parents or legal guardians acting on behalf of minors will be processed in the same manner and in accordance with the procedures established herein for individuals not currently authorized access to the NSA headquarters. [40 FR 44294, Sept. 25, 1975. Redesignated at 56 FR 55631, Oct. 29, 1991, and amended at 56 FR 57803, Nov. 14, 1991] $322.7 Procedures for amendment. (a) Request procedure. Any request for amendment of a record or records contained in a system of records shall be in writing addressed to the Information Officer, National Security Agency, Fort George G. Meade, Md. 20755, Attention: Privacy Act Amendment, and shall contain sufficient details concerning the requested amendment, justification for the amendment, and a copy of the record(s) to be amended or sufficient identifying data concerning the affected record(s) to permit its timely retrieval. Such requests may not be used to accomplish actions for which other procedures have been established such as grievances, performance appraisal protests, etc. In such cases the requester will be advised of the appropriate procedures for such actions. (b) Initial determination: The NSA Information Officer may make an initial determination concerning the requested amendment within ten working days or shall acknowledge receipt of the amendment request within that period if a determination cannot be completed. The determination shall advise the requester of action taken to make the requested amendment or inform the requester of the rejection of the request, the reason(s) for the rejection and the procedures established by the Agency for review of rejected amendment requests. (c) Request on appeal: A requester may appeal the rejection by the NSA Information Officer of a request for amendment to the Executive for Staff Services. Such appeal shall be in writing, addressed to the Executive for Staff Services, National Security Agency, Fort George G. Meade, Md. 20755, Attention: Privacy Act Amendment Appeal. $322.8 Appeal determination. The Executive for Staff Services shall acknowledge receipt of the appeal within ten working days. A determination concerning the appeal shall be pro vided to the requester within 30 working days, unless the Director, National Security Agency, extends the period for good cause. The Executive for Staff Services shall advise the requester of the action taken to make the requested amendment or inform the requester of the rejection of the appeal, the right to submit for incorporation in the file containing the disputed record(s) a concise statement of disagreement, and notify the requester of the right of judicial review of the denial pursuant to subsection (g)(1)(A) of 5 U.S.C. 552a. $322.9 Fees. A fee may be charged for the reproduction of copies of any requested records, provided one copy is made available without charge where access is limited to mail service only. Fees shall be charged in accordance with The Uniform Schedule of Fees established by the Department of Defense pursuant to Pub. L. 93–502. § 322.10 Specific exemptions. (a)(1) The following National Security Agency systems of records, published in the FEDERAL REGISTER, are specifically exempted from the provisions of 5 U.S.C. 552a, subsections (c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I) and (f) pursuant to subsection (k) of section 552a to the extent that each system contains individual records or files within the category or categories provided by subsection (k). Notice is hereby given that individual records and files within each NSA system of records may be subject to specific provisions of Pub. L. 86-36, Pub. L. 88-290 and Title 18 U.S.C. 798 and other laws limiting access to certain types of information or application of laws to certain categories of information. (2) In addition, those records maintained pursuant to notice of systems of records published by the CSC are exempted pursuant to Title 5 U.S.C. 552a(k)(1) to the extent that they contain classified information in order to protect such information from unauthorized disclosure. Such records may also be subject to other specific exemptions pursuant to rules promulgated by the CSC. (b) Systems of records subject to specific exemptions: |