65 FR 146 pgs. 46371-46376 - Implementation of the Privacy Act of 1974
Type: RULEVolume: 65Number: 146Pages: 46371 - 46376
FR document: [FR Doc. 00-19052 Filed 7-27-00; 8:45 am]
Agency: National Foundation on the Arts and the Humanities
Official PDF Version: PDF Version
NATIONAL FOUNDATION ON THE ARTS AND THE HUMANITIES
45 CFR Part 1159
Implementation of the Privacy Act of 1974
National Endowment for the Arts.
The National Endowment for the Arts (Endowment) has amended its Privacy Act regulations to reflect administrative changes at the agency and to comply with the President's Memorandum on Plain Language in Government Writing. These regulations establish procedures by which an individual may determine whether a system of records maintained by the Endowment contains a record pertaining to him or her; gain access to such records; and request correction or amendment of such records. These regulations also establish exemptions from certain Privacy Act requirements for all or part of certain systems of records maintained by the Endowment.
July 28, 2000.
FOR FURTHER INFORMATION CONTACT:
Karen Elias, Deputy General Counsel, at (202) 682-5418.
The Endowment operates as part of the National Foundation on the Arts and the Humanities under the National Foundation on the Arts and the Humanities Act of 1965, as amended (20 U.S.C. 951 et seq. ). The corresponding regulations published at 45 CFR Chapter XI, Subchapter A apply to the entire Foundation, while the regulations published at 45 CFR Chapter XI, Subchapter B apply only to the Endowment. The proposed rule was published by the Endowment in the Federal Register on May 19, 2000. The Endowment received no comments on the proposed rule.
This final rule adds Privacy Act regulations to Subchapter B (45 CFR part 1159), replacing the existing regulations in Subchapter A (45 CFR part 1115) with regard to the Endowment. The new regulations reflect administrative changes at the Endowment. In addition, the new regulations' question-and-answer format and increased detail as to several provisions of the Privacy Act are intended to increase understanding of the Endowment's Privacy Act policies. The Endowment is authorized to propose the new regulations under 5 U.S.C. 552a(f) of the Privacy Act.
Executive Order 12866, Regulatory Planning and Review
This final rule is not classified as a significant rule under Executive Order 12866 because it will not result in (1) An annual effect on the economy of $100 million or more; (2) a major increase in costs or prices for consumers, individual industries, geographic regions, or Federal, State, or local government agencies; or (3) significant adverse effects on competition, employment, investment, productivity, innovation, or the ability of United States-based enterprises to compete with foreign-based enterprises in domestic or foreign markets. Accordingly, no regulatory impact assessment is required. In addition, based on the assessments noted in this paragraph, this proposed rule is not a "major rule" as defined at 5 U.S.C. 804(2).
Regulatory Flexibility Act
The Regulatory Flexibility Act (5 U.S.C. 601 et seq. ) requires that a regulation that has a significant economic impact on a substantial number of small entities, small businesses, or small organizations include an initial regulatory flexibility analysis describing the regulation's impact on small entities. Such an analysis need not be undertaken if the agency certifies, under 5 U.S.C. 605(b), that the regulation will not have a significant economic impact on a substantial number of small entities. The Endowment has considered the impact of this final rule under the Regulatory Flexibility Act and certifies that this final rule is not likely to have a significant economic impact on a substantial number of small entities.
Paperwork Reduction Act
The Endowment certifies that this final rule does not require additional reporting under the criteria of the Paperwork Reduction Act (44 U.S.C. 3501 et seq. ).
Unfunded Mandates Reform Act of 1995
This final rule does not include a Federal mandate that may result in the expenditure by the private sector or by State, local, and tribal governments (in the aggregate) of $100 million or more in any one year. Therefore, a statement under 2 U.S.C. 1532 is not required.
List of Subjects in 45 CFR Part 1159
For the reasons set out in this preamble, the Endowment amends Title 45, Code of Federal Regulations, by adding Part 1159 to read as follows:
PART 1159-IMPLEMENTATION OF THE PRIVACY ACT OF 1974
Sec. 1159.1 What definitions apply to these regulations?1159.2 What is the purpose of these regulations?1159.3 Where should individuals send inquiries about the Endowment's systems of records or implementation of the Privacy Act?1159.4 How will the public receive notification of the Endowment's systems of records?1159.5 What government entities will the Endowment notify of proposed changes to its systems of records?1159.6 What limits exist as to the contents of the Endowment's systems of records?1159.7 Will the Endowment collect information from me for its records?1159.8 How can I acquire access to Endowment records pertaining to me?1159.9 What identification will I need to show when I request access to Endowment records pertaining to me?1159.10 How can I pursue amendments to or corrections of an Endowment record?1150.11 How can I appeal a refusal to amend or correct an Endowment record?1159.12 Will the Endowment charge me fees to locate, review, or copy records?1159.13 In what other situations will the Endowment disclose its records?1159.14 Will the Endowment maintain a written account of disclosures made from its systems of records?1159.15 Who has the responsibility for maintaining adequate technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of manual and automatic record systems?1159.16 Will the Endowment take steps to ensure that its employees involved with its systems of records are familiar with the requirements and implications of the Privacy Act?1150.17 Which of the Endowment's systems of records are covered by exemptions in the Privacy Act?1159.18 What are the penalties for obtaining an Endowment record under false pretenses?1159.19 What restrictions exist regarding the release of mailing lists?
5 U.S.C. 552a(f)
§ 1159.1 What definitions apply to these regulations?
The definitions of the Privacy Act apply to this part. In addition, as used in this part:
(a) Agency means any executive department, military department, government corporation, or other establishment in the executive branch of the Federal government, including the Executive Office of the President or any independent regulatory agency.
(b) Business day means a calendar day, excluding Saturdays, Sundays, and legal public holidays.
(c) Chairperson means the Chairperson of the Endowment, or his or her designee;
(d) Endowment means the National Endowment for the Arts;
(e) Endowment system means a system of records maintained by the Endowment;
(f) General Counsel means the General Counsel of the Endowment, or his or her designee.
(g) Individual means any citizen of the United States or an alien lawfully admitted for permanent residence;
(h) Maintain means to collect, use, store, or disseminate records, as well as any combination of these recordkeeping functions. The term also includes exercise of control over and, therefore, responsibility and accountability for, systems of records;
(i) Privacy Act means the Privacy Act of 1974, as amended (5 U.S.C. 552a);
(j) Record means any item, collection, or grouping of information about an individual that is maintained by an agency and contains the individual's name or another identifying particular, such as a number or symbol assigned to the individual, or his or her fingerprint, voice print, or photograph. The term includes, but is not limited to, information regarding an individual's education, financial transactions, medical history, and criminal or employment history;
(k) Routine use means, with respect to the disclosure of a record, the use of a record for a purpose that is compatible with the purpose for which it was collected;
(l) Subject individual means the individual to whom a record pertains. Uses of the terms "I", "you", "me", and other references to the reader of the regulations in this part are meant to apply to subject individuals as defined in this paragraph (l); and
(m) System of records means a group of records under the control of any agency from which information is retrieved by use of the name of the individual or by some number, symbol, or other identifying particular assigned to the individual.
§ 1159.2 What is the purpose of these regulations?
The regulations in this part set forth the Endowment's procedures under the Privacy Act, as required by 5 U.S.C. 552a(f), with respect to systems of records maintained by the Endowment. These regulations establish procedures by which an individual may exercise the rights granted by the Privacy Act to determine whether an Endowment system contains a record pertaining to him or her; to gain access to such records; and to request correction or amendment of such records. These regulations also set identification requirements, prescribe fees to be charged for copying records, and establish exemptions from certain requirements of the Act for certain Endowment systems or components thereof.
§ 1159.3 Where should individuals send inquiries about the Endowment's systems of records or implementation of the Privacy Act?
Inquiries about the Endowment's systems of records or implementation of the Privacy Act should be sent to the following address: National Endowment for the Arts; Office of the General Counsel; 1100 Pennsylvania Avenue, NW; Room 518; Washington, DC 20506.
§ 1159.4 How will the public receive notification of the Endowment's systems of records?
(a) From time to time, the Endowment shall review its systems of records in the Federal Register , and publish, if necessary, any amendments to those systems of records. Such publication shall not be made for those systems of records maintained by other agencies while in the temporary custody of the Endowment.
(b) At least 30 days prior to publication of information under paragraph (a) of this section, the Endowment shall publish in the Federal Register a notice of its intention to establish any new routine uses of any of its systems of records, thereby providing the public an opportunity to comment on such uses. This notice published by the Endowment shall contain the following:
(1) The name of the system of records for which the routine use is to be established;
(2) The authority for the system;
(3) The purpose for which the record is to be maintained;
(4) The proposed routine use(s);
(5) The purpose of the routine use(s); and
(6) The categories of recipients of such use.
(c) Any request for additions to the routine uses of Endowment systems should be sent to the Office of the General Counsel (see § 1159.3 of this part).
(d) Any individual who wishes to know whether an Endowment system contains a record pertaining to him or her should write to the Office of the General Counsel (see § 1159.3 of this part). Such individuals may also call the Office of the General Counsel at (202) 682-5418 on business days, between the hours of 9 a.m. and 5:30 p.m., to schedule an appointment to make an inquiry in person. In either case, inquiries should be presented in writing and should specifically identify the Endowment systems involved. The Endowment will attempt to respond to an inquiry as to whether a record exists within 10 business days of receiving the inquiry.
§ 1159.5 What government entities will the Endowment notify of proposed changes to its systems of records?
When the Endowment proposes to establish or significantly changes any of its systems of records, it shall provide adequate advance notice of such proposal to the Committee on Government Reform of the House of Representatives, the Committee on Governmental Affairs of the Senate, and the Office of Management and Budget (OMB), in order to permit an evaluation of the probable or potential effect of such proposal on the privacy or other rights of individuals. This report will be submitted in accordance with guidelines provided by the OMB.
§ 1159.6 What limits exist as to the contents of the Endowment's systems of records?
(a) The Endowment shall maintain only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required by statute or by executive order of the President. In addition, the Endowment shall maintain all records that are used in making determinations about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to that individual in the making of any determination about him or her. However, the Endowment shall not be required to update retired records.
(b) The Endowment shall not maintain any record about any individual with respect to or describing how such individual exercises rights guaranteed by the First Amendment of the Constitution of the United States, unless expressly authorized by statute or by the subject individual, or unless pertinent to and within the scope of an authorized law enforcement activity.
§ 1159.7 Will the Endowment collect information from me for its records?
The Endowment shall collect information, to the greatest extent practicable, directly from you when the information may result in adverse determinations about your rights, benefits, or privileges under Federal programs. In addition, the Endowment shall inform you of the following, either on the form it uses to collect the information or on a separate form that you can retain, when it asks you to supply information:
(a) The statutory or executive order authority that authorizes the solicitation of the information;
(b) Whether disclosure of such information is mandatory or voluntary;
(c) The principal purpose(s) for which the information is intended to be used;
(d) The routine uses that may be made of the information, as published pursuant to § 1159.4 of this part; and
(e) Any effects on you of not providing all or any part of the required or requested information.
§ 1159.8 How can I acquire access to Endowment records pertaining to me?
The following procedures apply to records that are contained in an Endowment system:
(a) You may request review of records pertaining to you by writing to the Office of the General Counsel (see § 1159.3 of this part). You may also call the Office of the General Counsel at (202) 682-5418 on business days, between the hours of 9 a.m. and 5:30 p.m., to schedule an appointment to make such a request in person. In either case, your request should be presented in writing and should specifically identify the Endowment systems involved.
(b) Access to the record, or to any other information pertaining to you that is contained in the system, shall be provided if the identification requirements of § 1159.9 of this part are satisfied and the record is otherwise determined to be releasable under the Privacy Act and these regulations. The Endowment shall provide you an opportunity to have a copy made of any such record about you. Only one copy of each requested record will be supplied, based on the fee schedule in § 1159.12 of this part.
(c) The Endowment will comply promptly with requests made in person at scheduled appointments, if the requirements of this section are met and the records sought are immediately available. The Endowment will acknowledge mailed requests, or personal requests for documents that are not immediately available, within 10 business days, and the information requested will be provided promptly thereafter.
(d) If you make your request in person at a scheduled appointment, you may, upon your request, be accompanied by a person of your choice to review your record. The Endowment may require that you furnish a written statement authorizing discussion of your record in the accompanying person's presence. A record may be disclosed to a representative chosen by you upon your proper written consent.
(e) Medical or psychological records pertaining to you shall be disclosed to you unless, in the judgment of the Endowment, access to such records might have an adverse effect upon you. When such determination has been made, the Endowment may refuse to disclose such information directly to you. The Endowment will, however, disclose this information to a licensed physician designated by you in writing.
§ 1159.9 What identification will I need to show when I request access to Endowment records pertaining to me?
The Endowment shall require reasonable identification of all individuals who request access to records in an Endowment system to ensure that they are disclosed to the proper person.
(a) The amount of personal identification required will of necessity vary with the sensitivity of the record involved. In general, if you request disclosure in person, you shall be required to show an identification card, such as a driver's license, containing your photograph and sample signature. However, with regard to records in Endowment systems that contain particularly sensitive and/or detailed personal information, the Endowment reserves the right to require additional means of identification as are appropriate under the circumstances. These means include, but are not limited to, requiring you to sign a statement under oath as to your identity, acknowledging that you are aware of the penalties for improper disclosure under the provisions of the Privacy Act.
(b) If you request disclosure by mail, the Endowment will request such information as may be necessary to ensure that you are properly identified. Authorized means to achieve this goal include, but are not limited to, requiring that a mail request include certification that a duly commissioned notary public of any State or territory (or a similar official, if the request is made outside of the United States) received an acknowledgment of identity from you.
(c) If you are unable to provide suitable documentation or identification, the Endowment may require a signed, notarized statement asserting your identity and stipulating that you understand that knowingly or willfully seeking or obtaining access to records about another person under false pretenses is punishable by a fine of up to $5,000.
§ 1159.10 How can I pursue amendments to or corrections of an Endowment record?
(a) You are entitled to request amendments to or corrections of records pertaining to you pursuant to the provisions of the Privacy Act, including 5 U.S.C. 552a(d)(2). Such a request should be made in writing and addressed to the Office of the General Counsel (see § 1159.3 of this part).
(b) Your request for amendments or corrections should specify the following:
(1) The particular record that you are seeking to amend or correct;
(2) The Endowment system from which the record was retrieved;
(3) The precise correction or amendment you desire, preferably in the form of an edited copy of the record reflecting the desired modification; and
(4) Your reasons for requesting amendment or correction of the record.
(c) The Endowment will acknowledge a request for amendment or correction of a record within 10 business days of its receipt, unless the request can be processed and the individual informed of the General Counsel's decision on the request within that 10-day period.
(d) If after receiving and investigating your request, the General Counsel agrees that the record is not accurate, timely, or complete, based on a preponderance of the evidence, then the record will be corrected or amended promptly. The record will be deleted without regard to its accuracy, if the record is not relevant or necessary to accomplish the Endowment function for which the record was provided or is maintained. In either case, you will be informed in writing of the amendment, correction, or deletion. In addition, if accounting was made of prior disclosures of the record, all previous recipients of the record will be informed of the corrective action taken.
(e) If after receiving and investigating your request, the General Counsel does not agree that the record should be amended or corrected, you will be informed promptly in writing of the refusal to amend or correct the record and the reason for this decision. You will also be informed that you may appeal this refusal in accordance with § 1159.11 of this part.
(f) Requests to amend or correct a record governed by the regulations of another agency will be forwarded to such agency for processing, and you will be informed in writing of this referral.
§ 1150.11 How can I appeal a refusal to amend or correct an Endowment record?
(a) You may appeal a refusal to amend or correct a record to the Chairperson. Such appeal must be made in writing within 10 business days of your receipt of the initial refusal to amend or correct your record. Your appeal should be sent to the Office of the General Counsel (see § 1159.3 of this part), should indicate that it is an appeal, and should include the basis for the appeal.
(b) The Chairperson will review your request to amend or correct the record, the General Counsel's refusal, and any other pertinent material relating to the appeal. No hearing will be held.
(c) The Chairperson shall render his or her decision on your appeal within 30 business days of its receipt by the Endowment, unless the Chairperson, for good cause shown, extends the 30-day period. Should the Chairperson extend the appeal period, you will be informed in writing of the extension and the circumstances of the delay.
(d) If the Chairperson determines that the record that is the subject of the appeal should be amended or corrected, the record will be so modified, and you will be informed in writing of the amendment or correction. Where an accounting was made of prior disclosures of the record, all previous recipients of the record will be informed of the corrective action taken.
(e) If your appeal is denied, you will be informed in writing of the following:
(1) The denial and the reasons for the denial;
(2) That you may submit to the Endowment a concise statement setting forth the reasons for your disagreement as to the disputed record. Under the procedures set forth in paragraph (f) of this section, your statement will be disclosed whenever the disputed record is disclosed; and
(3) That you may seek judicial review of the Chairperson's determination under 5 U.S.C. 552a(g)(1)(a).
(f) Whenever you submit a statement of disagreement to the Endowment in accordance with paragraph (e)(2) of this section, the record will be annotated to indicate that it is disputed. In any subsequent disclosure, a copy of your statement of disagreement will be disclosed with the record. If the Endowment deems it appropriate, a concise statement of the Chairperson's reasons for denying your appeal may also be disclosed with the record. While you will have access to this statement of the Chairperson's reasons for denying your appeal, such statement will not be subject to correction or amendment. Where an accounting was made of prior disclosures of the record, all previous recipients of the record will be provided a copy of your statement of disagreement, as well as any statement of the Chairperson's reasons for denying your appeal.
§ 1159.12 Will the Endowment charge me fees to locate, review, or copy records?
(a) The Endowment shall charge no fees for search time or for any other time expended by the Endowment to review a record. However, the Endowment may charge fees where you request that a copy be made of a record to which you have been granted access. Where a copy of the record must be made in order to provide access to the record ( e.g., computer printout where no screen reading is available), the copy will be made available to you without cost.
(b) Copies of records made by photocopy or similar process will be charged to you at the rate of $0.10 per page. Where records are not susceptible to photocopying ( e.g., punch cards, magnetic tapes, or oversize materials), you will be charged actual cost as determined on a case-by-case basis. A copying fee totaling $3.00 or less shall be waived, but the copying fees for contemporaneous requests by the same individual shall be aggregated to determine the total fee.
(c) Special and additional services provided at your request, such as certification or authentication, postal insurance, and special mailing arrangement costs, will be charged to you.
(d) A copying fee shall not be charged or, alternatively, it may be reduced, when the General Counsel determines, based on a petition, that the petitioning individual is indigent and that the Endowment's resources permit a waiver of all or part of the fee.
(e) All fees shall be paid before any copying request is undertaken. Payments shall be made by check or money order payable to the "National Endowment for the Arts."
§ 1159.13 In what other situations will the Endowment disclose its records?
(a) The Endowment shall not disclose any record that is contained in a system of records to any person or to another agency, except pursuant to a written request by or with the prior written consent of the subject individual, unless disclosure of the record is:
(1) To those officers or employees of the Endowment who maintain the record and who have a need for the record in the performance of their official duties;
(2) Required under the provisions of the Freedom of Information Act (5 U.S.C. 552). Records required to be made available by the Freedom of Information Act will be released in response to a request to the Endowment formulated in accordance with the National Foundation on the Arts and the Humanities regulations published at 45 CFR part 1100;
(3) For a routine use as published in the annual notice in the Federal Register ;
(4) To the Census Bureau for purposes of planning or carrying out a census, survey, or related activity pursuant to the provisions of Title 13 of the United States Code;
(5) To a recipient who has provided the Endowment with adequate advance written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;
(6) To the National Archives and Records Administration as a record that has sufficient historical or other value to warrant its continued preservation by the United States government, or for evaluation by the Archivist of the United States, or his or her designee, to determine whether the record has such value;
(7) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity, if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the Endowment for such records specifying the particular portion desired and the law enforcement activity for which the record is sought. The Endowment may also disclose such a record to a law enforcement agency on its own initiative in situations in which criminal conduct is suspected, provided that such disclosure has been established as a routine use, or in situations in which the misconduct is directly related to the purpose for which the record is maintained;
(8) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if, upon such disclosure, notification is transmitted to the last known address of such individual;
(9) To either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress, or subcommittee of any such joint committee;
(10) To the Comptroller General, or any of his or her authorized representatives, in the course of the performance of official duties of the General Accounting Office;
(11) To a consumer reporting agency in accordance with 31 U.S.C. 3711(e); or
(12) Pursuant to an order of a court of competent jurisdiction. In the event that any record is disclosed under such compulsory legal process, the Endowment shall make reasonable efforts to notify the subject individual after the process becomes a matter of public record.
(b) Before disseminating any record about any individual to any person other than an Endowment employee, the Endowment shall make reasonable efforts to ensure that such records are, or at the time they were collected were, accurate, complete, timely, and relevant for Endowment purposes. This paragraph (b) does not apply to disseminations made pursuant to the provisions of the Freedom of Information Act (5 U.S.C. 552) and paragraph (a)(2) of this section.
§ 1159.14 Will the Endowment maintain a written account of disclosures made from its systems of records?
(a) The Office of the General Counsel shall maintain a written log containing the date, nature, and purpose of each disclosure of a record to any person or to another agency. Such accounting shall also contain the name and address of the person or agency to whom each disclosure was made. This log need not include disclosures made to Endowment employees in the course of their official duties, or pursuant to the provisions of the Freedom of Information Act (5 U.S.C. 552).
(b) The Endowment shall retain the accounting of each disclosure for at least five years after the accounting is made or for the life of the record that was disclosed, whichever is longer.
(c) The Endowment shall make the accounting of disclosures of a record pertaining to you available to you at your request. Such a request should be made in accordance with the procedures set forth in § 1159.8 of this part. This paragraph (c) does not apply to disclosures made for law enforcement purposes under 5 U.S.C. 552a(b)(7) and § 1159.13(a)(7) of this part.
§ 1159.15 Who has the responsibility for maintaining adequate technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of manual and automatic record systems?
The Deputy Chairman for Management and Budget has the responsibility of maintaining adequate technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of manual and automatic record systems. These security safeguards shall apply to all systems in which identifiable personal data are processed or maintained, including all reports and outputs from such systems that contain identifiable personal information. Such safeguards must be sufficient to prevent negligent, accidental, or unintentional disclosure, modification or destruction of any personal records or data, and must furthermore minimize, to the extent practicable, the risk that skilled technicians or knowledgeable persons could improperly obtain access to modify or destroy such records or data and shall further insure against such casual entry by unskilled persons without official reasons for access to such records or data.
(a) Manual systems.
(1) Records contained in a system of records as defined herein may be used, held or stored only where facilities are adequate to prevent unauthorized access by persons within or outside the Endowment.
(2) All records, when not under the personal control of the employees authorized to use the records, must be stored in a locked metal filing cabinet. Some systems of records are not of such confidential nature that their disclosure would constitute a harm to an individual who is the subject of such record. However, records in this category shall also be maintained in locked metal filing cabinets or maintained in a secured room with a locking door.
(3) Access to and use of a system of records shall be permitted only to persons whose duties require such access within the Endowment, for routine uses as defined in § 1159.1 as to any given system, or for such other uses as may be provided herein.
(4) Other than for access within the Endowment to persons needing such records in the performance of their official duties or routine uses as defined in § 1159.1, or such other uses as provided herein, access to records within a system of records shall be permitted only to the individual to whom the record pertains or upon his or her written request to the General Counsel.
(5) Access to areas where a system of records is stored will be limited to those persons whose duties require work in such areas. There shall be an accounting of the removal of any records from such storage areas utilizing a written log, as directed by the Deputy Chairman for Management and Budget. The written log shall be maintained at all times.
(6) The Endowment shall ensure that all persons whose duties require access to and use of records contained in a system of records are adequately trained to protect the security and privacy of such records.
(7) The disposal and destruction of records within a system of records shall be in accordance with rules promulgated by the General Services Administration.
(b) Automated systems.
(1) Identifiable personal information may be processed, stored or maintained by automated data systems only where facilities or conditions are adequate to prevent unauthorized access to such systems in any form. Whenever such data, whether contained in punch cards, magnetic tapes or discs, are not under the personal control of an authorized person, such information must be stored in a locked or secured room, or in such other facility having greater safeguards than those provided for herein.
(2) Access to and use of identifiable personal data associated with automated data systems shall be limited to those persons whose duties require such access. Proper control of personal data in any form associated with automated data systems shall be maintained at all times, including maintenance of accountability records showing disposition of input and output documents.
(3) All persons whose duties require access to processing and maintenance of identifiable personal data and automated systems shall be adequately trained in the security and privacy of personal data.
(4) The disposal and disposition of identifiable personal data and automated systems shall be done by shredding, burning or in the case of tapes or discs, degaussing, in accordance with any regulations now or hereafter proposed by the General Services Administration or other appropriate authority.
§ 1159.16 Will the Endowment take steps to ensure that its employees involved with its systems of records are familiar with the requirements and implications of the Privacy Act?
(a) The Chairperson shall ensure that all persons involved in the design, development, operation or maintenance of any Endowment system are informed of all requirements necessary to protect the privacy of subject individuals. The Chairperson shall also ensure that all Endowment employees having access to records receive adequate training in their protection, and that records have adequate and proper storage with sufficient security to assure the privacy of such records.
(b) All employees shall be informed of the civil remedies provided under 5 U.S.C. 552a(g)(1) and other implications of the Privacy Act, and the fact that the Endowment may be subject to civil remedies for failure to comply with the provisions of the Privacy Act and these regulations.
§ 1150.17 Which of the Endowment's systems of records are covered by exemptions in the Privacy Act?
(a) Pursuant to and limited by 5 U.S.C. 552a(j)(2), the Endowment system entitled "Office of the Inspector General Investigative Files" shall be exempted from the provisions of 5 U.S.C. 552a, except for subsections (b); (c)(1) and (2); (e)(4)(A) through (F); (e)(6), (7), (9), (10), and (11); and (i), insofar as that Endowment system contains information pertaining to criminal law enforcement investigations.
(b) Pursuant to and limited by 5 U.S.C. 552a(k)(2), the Endowment system entitled "Office of the Inspector General Investigative Files" shall be exempted from 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f), insofar as that Endowment system consists of investigatory material compiled for law enforcement purposes, other than material within the scope of the exemption at 5 U.S.C. 552a(j)(2).
(c) The Endowment system entitled "Office of the Inspector General Investigative Files" is exempt from the above-noted provisions of the Privacy Act because their application might alert investigation subjects to the existence or scope of investigations; lead to suppression, alteration, fabrication, or destruction of evidence; disclose investigative techniques or procedures; reduce the cooperativeness or safety of witnesses; or otherwise impair investigations.
§ 1159.18 What are the penalties for obtaining an Endowment record under false pretenses?
(a) Under 5 U.S.C. 552a(i)(3), any person who knowingly and willfully requests or obtains any record concerning an individual from the Endowment under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.
(b) A person who falsely or fraudulently attempts to obtain records under the Privacy Act may also be subject to prosecution under other statutes, including 18 U.S.C. 494, 495, and 1001.
§ 1159.19 What restrictions exist regarding the release of mailing lists?
The Endowment may not sell or rent an individual's name and address unless such action is specifically authorized by law. This section shall not be construed to require the withholding of names and addresses otherwise permitted to be made public.
Dated: July 24, 2000.
Deputy General Counsel.
[FR Doc. 00-19052 Filed 7-27-00; 8:45 am]
BILLING CODE 7536-01-P