§ 4.25Disclosure of requested records to individuals.
(1) The responsible Privacy Officer shall act promptly upon each request. Every effort will be made to respond within ten working days (i.e., excluding Saturdays, Sundays and legal public holidays) of the date of receipt. If a response cannot be made within ten working days due to unusual circumstances, the Privacy Officer shall send an acknowledgment during that period providing information on the status of the request and asking for any further information that may be necessary to process the request. “Unusual circumstances” shall include circumstances in which:
(i) A search for and collection of requested records from inactive storage, field facilities or other establishments is required;
(ii) A voluminous amount of data is involved;
(iii) Information on other individuals must be separated or expunged from the particular record; or
(iv) Consultations with other agencies having a substantial interest in the determination of the request are necessary.
(2) If the Privacy Officer fails to send an acknowledgment within ten working days, as provided in paragraph (a)(1) of this section, the requester may ask the Assistant General Counsel for Administration to take corrective action. No failure of a Privacy Officer to send an acknowledgment shall confer administrative finality for purposes of judicial review.
(b) Grant of access: (1)Notification. An individual shall be granted access to a record pertaining to him or her, unless the provisions of paragraph (g)(1) of this section apply. The Privacy Officer shall notify the individual of a determination to grant access, and provide the following information:
(i) The methods of access, as set forth in paragraph (b)(2) of this section;
(ii) The place at which the record may be inspected;
(iii) The earliest date on which the record may be inspected and the period of time that the records will remain available for inspection. In no event shall the earliest date be later than thirty calendar days from the date of notification;
(iv) The estimated date by which a copy of the record will be mailed and the fee estimate pursuant to§ 4.31. In no event shall the estimated date be later than thirty calendar days from the date of notification;
(v) The fact that the individual, if he or she wishes, may be accompanied by another individual during personal access, subject to the procedures set forth in paragraph (f) of this section; and,
(vi) Any additional prerequisites for granting access to a specific record.
(2)Methods of access. The following methods of access to records by an individual may be available depending on the circumstances of a given situation:
(i) Inspection in person may be had in the office specified by the Privacy Officer granting access, during the hours indicated in Appendix A to this part;
(ii) Transfer of records to a Federal facility more convenient to the individual may be arranged, but only if the Privacy Officer determines that a suitable facility is available, that the individual's access can be properly supervised at that facility, and that transmittal of the records to that facility will not unduly interfere with operations of the Department or involve unreasonable costs, in terms of both money and manpower; and,
(iii) Copies may be mailed at the request of the individual, subject to payment of the fees prescribed in§ 4.31. The Department, at its own initiative, may elect to provide a copy by mail, in which case no fee will be charged the individual.
(c) Access to medical records is governed by the provisions of§ 4.26.
(d) The Department shall supply such other information and assistance at the time of access as to make the record intelligible to the individual.
(e) The Department reserves the right to limit access to copies and abstracts of original records, rather than the original records. This election would be appropriate, for example, when the record is in an automated data medium such as tape or disc, when the record contains information on other individuals, and when deletion of information is permissible under exemptions (for example,5 U.S.C. 552a(k)(2)). In no event shall original records of the Department be made available to the individual except under the immediate supervision of the Privacy Officer or his or her designee.
(f) Any individual who requests access to a record pertaining to that individual may be accompanied by another individual of his or her choice. “Accompanied” includes discussing the record in the presence of the other individual. The individual to whom the record pertains shall authorize the presence of the other individual in writing. The authorization shall include the name of the other individual, a specific description of the record to which access is sought, the Department control number assigned to the request, the date, and the signature of the individual to whom the record pertains. The other individual shall sign the authorization in the presence of the Privacy Officer. An individual shall not be required to state a reason or otherwise justify his or her decision to be accompanied by another individual during personal access to a record.
(g) Initial denial of access: (1)Grounds. Access by an individual to a record that pertains to that individual will be denied only upon a determination by the Privacy Officer that:
(i) The record is exempt under§ 4.33 or 4.34, or exempt by determination of another agency publishing notice of the system of records, as described in § 4.23(f);
(ii) The record is information compiled in reasonable anticipation of a civil action or proceeding;
(iii) The provisions of§ 4.26 pertaining to medical records have been invoked; or
(iv) The individual unreasonably has failed to comply with the procedural requirements of this part.
(2)Notification. The Privacy Officer shall give notice of denial of access to records to the individual in writing, and the notice shall include the following information:
(i) The Privacy Officer's name and title or position;
(ii) The date of the denial;
(iii) The reasons for the denial, including citation to the appropriate section of the Act and this part;
(iv) The individual's opportunities, if any, for further administrative consideration, including the identity and address of the responsible official. If no further administrative consideration within the Department is available, the notice shall state that the denial is administratively final; and,
(v) If stated to be administratively final within the Department, the individual's right to judicial review provided under 5 U.S.C.552a(g)(1), as limited by5 U.S.C. 552a(g)(5).
(3)Administrative review. If a Privacy Officer issues an initial denial of a request, the individual's opportunities for further consideration shall be as follows:
(i) As to denial under paragraph (g)(1)(i) of this section, two opportunities for further consideration are available in the alternative:
(A) If the individual contests the application of an exemption to the records, the review procedures in§ 4.25(g)(3)(ii) shall apply; or,
(B) If the individual challenges the validity of the exemption itself, the individual must file a petition for the issuance, amendment, or repeal of a rule under5 U.S.C. 553(e). If the exemption was determined by the Department, such petition shall be filed with the Assistant Secretary for Administration. If the exemption was determined by another agency (as described in § 4.23(f)), the Department will provide the individual with the name and address of the other agency and any relief sought by the individual shall be that provided by the regulations of the other agency. Within the Department, no such denial is administratively final until such a petition has been filed by the individual and disposed of on the merits by the Assistant Secretary for Administration.
(ii) As to denial under paragraphs (g)(1)(ii) of this section, (g)(1)(iv) of this section or (to the limited extent provided in paragraph (g)(3)(i)(A) of this section) paragraph (g)(1)(i) of this section, the individual may file for review with the Assistant General Counsel for Administration, as indicated in the Privacy Officer's initial denial notification. The individual and the Department shall follow the procedures in§ 4.28 to the maximum extent practicable.
(iii) As to denial under paragraph (g)(1)(iii) of this section, no further administrative consideration within the Department is available because the denial is not administratively final until expiration of the time period indicated in§ 4.26(a).
(h) If a request is partially granted and partially denied, the Privacy Officer shall follow the appropriate procedures of this section as to the records within the grant and the records within the denial.