43 CFR 2.51 - Assuring integrity of records.

§ 2.51 Assuring integrity of records.
(a) Statutory requirement. The Privacy Act requires that records subject to the Act be maintained with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained, 5 U.S.C. 552a(e)(10).
(b) Records maintained in manual form. When maintained in manual form, records subject to the Privacy Act shall be maintained in a manner commensurate with the sensitivity of the information contained in the system of records. The following minimum safeguards, or safeguards affording comparable protection, are applicable to Privacy Act systems of records containing sensitive information:
(1) Areas in which the records are maintained or regularly used shall be posted with an appropriate warning stating that access to the records is limited to authorized persons. The warning also shall summarize the requirements of § 2.52 and state that the Privacy Act contains a criminal penalty for the unauthorized disclosure of records to which it applies.
(2) During working hours, (i) the area in which the records are maintained or regularly used shall be occupied by authorized personnel or (ii) access to the records shall be restricted by their storage in locked metal file cabinets or a locked room.
(3) During non-working hours, access to the records shall be restricted by their storage in locked metal file cabinets or a locked room.
(4) Where a locked room is the method of security provided for a system, the bureau responsible for the system shall supplement that security by (i) providing lockable file cabinets or containers for the records or (ii) changing the lock or locks for the room so that they may not be opened with a master key. For the purposes of this paragraph, a master key is a key which may be used to open rooms other than the room containing records subject to the Privacy Act, unless those rooms are utilized by officials or employees authorized to have access to the records subject to the Privacy Act.
(c) Records maintained in computerized form. When maintained in computerized form, records subject to the Privacy Act shall be maintained, at a minimum, subject to safeguards based on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements thereto, which are adequate and appropriate to assuring the integrity of records in the system.
(d) Office of Personnel Management personnel records. A system of records made up of Office of Personnel Management personnel records shall be maintained under the security requirements set out in 5 CFR 293.106 and 293.107.
(e) Bureau responsibility.
(1) The bureau responsible for a system of records shall be responsible for assuring that specific procedures are developed to assure that the records in the system are maintained with security meeting the requirements of the Act and this section.
(2) These procedures shall be in writing and shall be posted or otherwise periodically brought to the attention of employees working with the records contained in the system.
[40 FR 44505, Sept. 26, 1975, as amended at 48 FR 56583, Dec. 22, 1983]
Beta! The text on the eCFR tab represents the unofficial eCFR text at ecfr.gov.
§ 2.51 What if the bureau needs clarification about fee issues?

(a) If your FOIA request does not contain sufficient information for the bureau to determine your proper fee category or leaves another fee issue unclear, the bureau may ask you to provide additional clarification. If it does so, the bureau will notify you that it will not be able to comply with your FOIA request unless you provide the clarification requested.

(b) If the bureau asks you to provide clarification, the 20-workday statutory time limit for the bureau to respond to the request is temporarily suspended.

(1) If the bureau receives a written response within 20 workdays after the bureau has requested the additional clarification, the 20-workday statutory time limit for processing the request will resume (see § 2.16 of this part).

(2) If you still have not provided sufficient information to resolve the fee issue, the bureau may ask you again to provide additional clarification and notify you that it will not be able to comply with your FOIA request unless you provide the additional information requested within 20 workdays after the bureau has requested the additional clarification.

(3) If the bureau asks you again for additional clarification, the statutory time limit for response will be temporarily suspended again and will resume again if the bureau receives a written response from you within 20 workdays after the bureau has requested the additional clarification.

(c) If the bureau asks for clarification about a fee issue and does not receive a written response from you within 20 workdays after the bureau has requested the additional clarification, it will presume that you are no longer interested and will close the file on the request.

[77 FR 76906, Dec. 31, 2012; 78 FR 6216, Jan. 30, 2013; 81 FR 11130, Mar. 3, 2016]

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code