5 CFR § 9301.14 - Requests for access.

§ 9301.14 Requests for access.

(a) Requirement for written requests. An individual desiring to gain access to a record pertaining to him or her in a system of records maintained by SIGAR must submit his or her request in writing in accordance with the procedures set forth in paragraph (b) of this section. Individuals employed by the SIGAR may make their requests on a regularly scheduled workday (Monday through Friday, excluding legal Federal holidays) between the hours of 9:00 a.m. and 5:30 p.m. Such requests for access by individuals employed by SIGAR need not be made in writing.

(b) Procedures -

(1) Content of the request. The request for access to a record in a system of records shall be addressed to the Privacy Officer at the address cited above, and shall name the system of records or contain a concise description of such system of records. The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of such a statement, if the request is for a record pertaining to the person requesting access which is maintained by SIGAR in a system of records, the request will be considered under both the Privacy Act of 1974 and the Freedom of Information Act, depending on which would allow greater access to the records requested. The request should contain necessary information to verify the identity of the person requesting access (see paragraph (b)(2)(vi) of this section). In addition, such person should include any other information which may assist in the rapid identification of the record for which access is being requested (e.g., maiden name, dates of employment, etc.) as well as any other identifying information contained in and required by the SIGAR Notice of Systems of Records.

(i) If the request for access follows a prior request under § 9301.1, the same identifying information need not be included in the request for access if a reference is made to that prior correspondence or a copy of the SIGAR response to that request is attached. If the individual specifically desires a copy of the record, the request should so specify under § 9301.4.

(ii) [Reserved]

(2) SIGAR action on request. A request for access will ordinarily be answered within 10 days, except when the Privacy Officer determines otherwise, in which case the person making the request will be informed of the reasons for the delay and an estimated date by which the request will be answered. When the request can be answered within 10 days, it shall include the following:

(i) A statement that there is a record as requested or a statement that there is not a record in the systems of records maintained by SIGAR;

(ii) A statement as to whether access will be granted only by providing a copy of the record through the mail; or the address of the location and the date and time at which the record may be examined. In the event the person requesting access is unable to meet the specified date and time, alternative arrangements may be made with the Privacy Officer;

(iii) A statement, when appropriate, that examination in person will be the sole means of granting access only when the Privacy Officer has determined that it would not unduly impede the right of access of the person making the request.

(iv) The amount of fees charged, if any (see §§ 9301.6 and 9301.7). (Fees are applicable only to requests for copies);

(v) The name, title, and telephone number of the SIGAR official having operational control over the record; and

(vi) The documentation required by SIGAR to verify the identity of the person making the request. At a minimum, SIGAR verification standards include the following:

(A) Current or former SIGAR Employees. Current or former SIGAR employees requesting access to a record pertaining to them in a system of records maintained by SIGAR may, in addition to the other requirements of this section, and at the sole discretion of the official having operational control over the record, have his or her identity verified by visual observation. If the current or former SIGAR employee cannot be so identified by the official having operational control over the records, identification documentation will be required. The employee's common access card, annuitant identification, driver licenses, or the “employee copy” of any official personnel document in the record are examples of acceptable identification validation.

(B) Other than current or former SIGAR employees. Individuals other than current or former SIGAR employees requesting access to a record pertaining to them in a system of records maintained by SIGAR must produce identification documentation of the type described in paragraph (b)(2)(vi)(A) of this section, prior to being granted access. The extent of the identification documentation required will depend on the type of record for which access is requested. In most cases, identification verification will be accomplished by the presentation of two forms of identification. Any additional requirements will be specified in the system of records notices published by SIGAR pursuant to 5 U.S.C. 552a(e)(4).

(C) Access granted by mail. For records to be made accessible by mail, the Privacy Officer shall, to the extent possible, establish identity by a comparison of signatures in situations where the data in the record is not so sensitive that unauthorized access could cause harm or embarrassment to the individual to whom they pertain. No identification documentation will be required for the disclosure to a person making a request of information under the FOIA, 5 U.S.C. 552. When, in the opinion of the Privacy Officer the granting of access through the mail could reasonably be expected to result in harm or embarrassment if disclosed to a person other than the individual to whom the record pertains, a notarized statement of identity or some similar assurance of identity will be required.

(D) Unavailability of identification documentation. If an individual is unable to produce adequate identification documentation the individual will be required to sign a statement asserting identity and acknowledging that knowingly or willfully seeking or obtaining access to records about another person under false pretenses may result in a fine of up to $5,000. In addition, depending upon the sensitivity of the records to which access is sought, the official having operational control over the records may require such further reasonable assurances as may be considered appropriate; e.g., statements of other individuals who can attest to the identity of the person making the request.

(E) Access by the parent of a minor, or by a legal guardian. A parent of a minor, upon presenting suitable personal identification, may act on behalf of the minor to gain access to any record pertaining to the minor maintained by SIGAR in a system of records. A legal guardian may similarly act on behalf of an individual declared to be incompetent due to physical or mental incapacity or age by a court of competent jurisdiction, upon the presentation of the documents authorizing the legal guardian to so act, and upon suitable personal identification of the guardian.

(F) Granting access when accompanied by another individual. When an individual requesting access to his or her record in a system of records maintained by SIGAR wishes to be accompanied by another individual during the course of the examination of the record, the individual making the request shall submit to the official having operational control of the record, a signed statement authorizing that person access to the record.

(G) Granting access to individuals other than the subject of the record. SIGAR will not disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, pursuant to the Privacy Act of 1974.

(H) Denial of access for inadequate identification documentation. If the official having operation control over the records in a system of records maintained by SIGAR determines that an individual seeking access has not provided sufficient identification documentation to permit access, the official shall consult with the Privacy Officer prior to finally denying the individual access.

(vii) Medical records. The records in a system of records which are medical records shall be disclosed to the individual to whom they pertain in such manner and following such procedures as the Privacy Officer shall direct. When SIGAR in consultation with a physician, determines that the disclosure of medical information could have an adverse effect upon the individual to whom it pertains, SIGAR may transmit such information to a physician named by the individual.

(viii) Exceptions. Nothing in this section shall be construed to entitle an individual the right to access to any information compiled in reasonable anticipation of litigation.

The following state regulations pages link to this page.