[Congressional Bills 112th Congress]
[From the U.S. Government Publishing Office]
[S. 1732 Introduced in Senate (IS)]
112th CONGRESS
1st Session
S. 1732
To amend section 552a of title 5, United States Code (commonly referred
to as the Privacy Act), the E-Government Act of 2002 (Public Law 107-
347), and chapters 35 and 36 of title 44, United States Code, and other
provisions of law to modernize and improve Federal privacy laws.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
October 18, 2011
Mr. Akaka introduced the following bill; which was read twice and
referred to the Committee on Homeland Security and Governmental Affairs
_______________________________________________________________________
A BILL
To amend section 552a of title 5, United States Code (commonly referred
to as the Privacy Act), the E-Government Act of 2002 (Public Law 107-
347), and chapters 35 and 36 of title 44, United States Code, and other
provisions of law to modernize and improve Federal privacy laws.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Privacy Act Modernization for the
Information Age Act of 2011''.
SEC. 2. AMENDMENTS TO THE PRIVACY ACT.
(a) Definitions.--Section 552a(a) of title 5, United States Code
(commonly referred to as the Privacy Act), is amended--
(1) in paragraph (4), by striking ``that is maintained by
an agency, including, but not limited to, his'' and inserting
``, including'';
(2) by striking paragraph (5) and inserting the following:
``(5) the term `system of records' means a group of any
records maintained by, or otherwise under the control of any
agency that is used for any authorized purpose by or on behalf
of the agency;'';
(3) by striking paragraph (7) and inserting the following:
``(7) the term `routine use' means, with respect to the
disclosure of a record, the use of such record for a purpose
which, as determined by the agency, is compatible with the
purpose for which it was collected and is appropriate and
reasonably necessary for the efficient and effective conduct of
Government;''; and
(4) in paragraph (8)(A)(i)--
(A) by striking ``two or more automated systems of
records or a system of records with non-Federal
records'' and inserting ``data from a system of
records'';
(B) in subclause (I), by inserting ``or State''
after ``Federal''; and
(C) in subclause (II), by inserting ``or State''
after ``Federal''.
(b) Conditions of Disclosure.--Section 552a(b) of title 5, United
States Code, is amended--
(1) in paragraph (1), by inserting ``that is consistent
with, and related to, any purpose described under subsection
(e)(2)(D) of this section'' before the semicolon;
(2) in paragraph (3), by striking ``(e)(4)(D)'' and
inserting ``(e)(2)(D)(iv) or subsection (v)'';
(3) in paragraph (6), by inserting ``or for records
management inspections authorized by statute'' before the
semicolon;
(4) in paragraph (7), by inserting ``, notwithstanding any
requirements of a routine use as defined under subsection
(a)(7),'' before ``to another agency'';
(5) in paragraph (8), by striking ``upon such disclosure
notification is transmitted to the last known address of such
individual'' and inserting ``a reasonable attempt to notify the
individual is made promptly after the disclosure''; and
(6) by striking paragraph (9) and inserting the following:
``(9)(A) to either House of Congress;
``(B) to the extent of matter within its jurisdiction, any
committee or subcommittee thereof, any joint committee of
Congress or subcommittee of any such joint committee; or
``(C) to the office of a Member of Congress when that
office is requesting records about a specific individual on
behalf of that individual in response to a written request for
assistance by that individual;''.
(c) Accounting of Certain Disclosures.--Section 552a(c) of title 5,
United States Code, is amended by inserting ``whether in an electronic
or other format'' after ``system of records under its control''.
(d) Agency Requirements.--Section 552a of title 5, United States
Code, is amended by striking subsection (e) and inserting the
following:
``(e) Agency Requirements.--
``(1) Authorized purpose.--No agency shall use a record
except for an authorized purpose and as maintained in a system
of records under this section.
``(2) Requirements.--Each agency shall--
``(A) maintain in its records only such information
about an individual as is relevant and necessary to
accomplish any specified purpose of the agency required
to be accomplished by statute or by executive order of
the President, and only retain such information as long
as is necessary to fulfill that purpose or as otherwise
required by law;
``(B) collect information to the greatest extent
practicable directly from the subject individual when
the information may result in adverse determinations
about an individual's rights, benefits, and privileges;
``(C) inform each individual whom it asks to supply
information creating a record, at the time the
information is requested--
``(i) the authority (whether granted by
statute or by executive order of the President)
which authorizes the solicitation of the
information and whether disclosure of such
information is voluntary or required to receive
a right, benefit, or privilege;
``(ii) the principal purpose or purposes
for which the information is intended to be
used;
``(iii) the routine uses which may be made
of the information, as published under
subparagraph (D)(iv);
``(iv) any effects on that individual of
not providing all or any part of the requested
information;
``(v) the procedures and contact
information for accessing or correcting such
information; and
``(vi) a reference to learning how such
information will be used or disclosed,
including the simplest access to the current
system of records notice;
``(D) subject to the provisions of subparagraph
(K), publish in the Federal Register, make broadly
accessible to the public through a centralized website
maintained by the Office of Management and Budget, and
link to such centralized website from each agency's
website, upon establishment or revision a notice of the
existence and character of the system of records, which
notice shall include--
``(i) the name and location of the system;
``(ii) the categories of individuals on
whom records are maintained in the system;
``(iii) the categories of records
maintained in the system;
``(iv) any purpose for which the
information is intended to be used, including
each routine use;
``(v) the legal authority for any purpose
for which the information is utilized granted
by statute, executive order, or other
authorization;
``(vi) the policies and practices of the
agency regarding storage, retrievability,
access controls, retention, and disposal of the
records;
``(vii) the title and business address of
the agency official who is responsible for the
system of records;
``(viii) the agency procedures whereby an
individual can be notified at his request if
the system of records contains a record
pertaining to him, how he can gain access to
such a record, or contest its content; and
``(ix) the sources of records in the
system;
``(E) to the greatest extent practicable, ensure
that all records, including records from a third party
source, which are used by the agency in making any
determination about an individual are of such accuracy,
relevance, timeliness, and completeness as is
reasonably necessary to assure fairness to the
individual in the determination, and upon request of
the individual, provide documentation of the same;
``(F) prior to disseminating any record about an
individual to any person other than an agency, unless
the dissemination is made pursuant to subsection (b)(2)
of this section, make reasonable efforts to assure that
such records are accurate, complete, timely, and
relevant for agency purposes;
``(G) maintain no record describing how any
individual exercises rights guaranteed by the First
Amendment unless expressly authorized by statute or by
the individual about whom the record is maintained or
unless pertinent to, and within the scope of, an
authorized law enforcement activity;
``(H) make reasonable efforts to notify an
individual as promptly as practicable after the agency
receives compulsory legal process for any record on the
individual, unless that notification is prohibited by
law or court order;
``(I) establish rules of conduct for persons
involved in the design, development, operation, or
maintenance of any system of records, or in maintaining
any record, and instruct each such person with respect
to such rules and the requirements of this section,
including any other rules and procedures adopted
pursuant to this section and the penalties for
noncompliance;
``(J) establish appropriate administrative,
technical, and physical safeguards to insure the
security and confidentiality of records and to protect
against any anticipated threats or hazards to their
security or integrity which could result in substantial
harm, embarrassment, inconvenience, or unfairness to
any individual on whom information is maintained;
``(K) in regards to the establishment or revision
of a system of records under subparagraph (D)--
``(i) at least 30 days prior to creation or
modification of a system of records, publish
the entire text of the proposed system of
records notice in the Federal Register and on
the centralized website established under
subparagraph (D);
``(ii) provide an opportunity for
interested persons to submit written or
electronic data, views, or arguments to the
agency regarding the proposed system of records
notice;
``(iii) within 180 days after publication
of a proposed system of records notice, publish
on the centralized website established under
subparagraph (D), a response to the comments
received, along with notice of whether the
system of records notice as published has taken
effect; and
``(iv) provide a link to the centralized
website from the website of the agency,
unless the Director of the Office of Management and
Budget, through the Federal Chief Privacy Officer
grants an exception, and that exception is published
promptly in the Federal Register and on the centralized
website established under subparagraph (D), including a
link from the agency's website;
``(L) if such agency is a recipient agency or a
source agency in a matching program with a non-Federal
agency, with respect to any establishment or revision
of a matching program, at least 30 days prior to
conducting such program, publish in the Federal
Register notice of such establishment or revision;
``(M) shall--
``(i) maintain an inventory on the number
and scope of the systems of records of that
agency in a manner that clearly and fairly
describes activities of the agency to
individuals; and
``(ii) ensure that the inventory--
``(I) is annually updated and
published in the Federal Register, on
the website established under
subparagraph (D), and on the agency's
website; and
``(II) does not contain any
information that would be exempted from
disclosure under this section or
section 522 of this title; and
``(N) make reasonable efforts to limit disclosure
from a system of records to minimum information
necessary to accomplish the purpose of the
disclosure.''.
(e) Agency Rules.--Section 552a(f) of title 5, United States Code,
is amended in the last sentence--
(1) by striking ``biennially'' and inserting ``annually'';
(2) by striking ``subsection (e)(4)'' and inserting
``subsection (e)(2)(D)(iv)''; and
(3) by striking ``at low cost'' and inserting
``electronically, or at low cost physically''.
(f) Civil Remedies.--Section 552a(g)(4) is amended--
(1) by inserting ``and in which the complainant has
substantially prevailed'' after ``the agency acted in a manner
which was intentional or willful''; and
(2) in subparagraph (A), by striking ``, but in no case
shall a person entitled to recovery receive less than the sum
of $1,000'' and inserting ``or the sum of $1,000, whichever is
greater, except that in a class action the minimum for each
individual shall be reduced as necessary to ensure that the
total recovery in any class action or series of class actions
arising out of the same refusal or failure to comply by the
same agency shall not be greater than $10,000,000''.
(g) Criminal Penalties.--Section 552a(i) of title 5, United States
Code, is amended--
(1) in paragraph (1)--
(A) by inserting ``(A)'' before ``Any officer or
employee''; and
(B) by adding at the end the following:
``(B) A person who commits the offense described
under subparagraph (A) with the intent to sell,
transfer, or use an agency record for commercial
advantage, personal gain, or malicious harm shall be
fined not more than $250,000, imprisoned for not more
than 10 years, or both.''; and
(2) in paragraph (3), by striking ``misdemeanor and fined
not more than $5,000'' and inserting ``felony and fined not
more than $100,000, imprisoned for not more than 5 years, or
both''.
(h) General Exemptions.--Section 552a(j) of title 5, United States
Code, is amended by striking ``The head of any agency'' and inserting
``Notwithstanding any requirements of a routine use as defined under
subsection (a)(7), the head of any agency''.
(i) Specific Exemptions.--Section 552a(k) of title 5, United States
Code, is amended by striking ``The head of any agency'' and inserting
``Notwithstanding any requirements of a routine use as defined under
subsection (a)(7), the head of any agency''.
(j) Archival Records.--Section 552a(l) of title 5, United States
Code, is amended in paragraphs (2) and (3) by striking ``National
Archives of the United States'' each place that term appears and
inserting ``National Archives and Records Administration''.
(k) Government Contractors.--Section 552(m)(1) of title 5, United
States Code, is amended by striking ``for the operation by or on behalf
of the agency of a system of records to accomplish an agency function''
and inserting ``or other agreement, including with another agency, for
the maintenance of a system of records to accomplish an agency function
on behalf of the agency''.
(l) Office of Management and Budget Responsibilities.--Section
552a(v) of title 5, United States Code, is amended--
(1) in paragraph (1), by striking ``and'' after the
semicolon;
(2) in paragraph (2), by striking the period and inserting
``; and''; and
(3) by adding at the end the following:
``(3) establish and update a list of recommended standard
routine uses.''.
SEC. 3. AMENDMENTS TO THE E-GOVERNMENT ACT OF 2002.
Section 208 of the E-Government Act of 2002 (44 U.S.C. 3501 note;
Public Law 107-347) is amended--
(1) in subsection (b)--
(A) in paragraph (1)(A)--
(i) by striking clause (i) and inserting
the following:
``(i) developing, procuring, or otherwise
making use of information technology that
collects, maintains, or disseminates personally
identifiable information; or'';
(ii) in clause (ii)(II)--
(I) by striking ``information in an
identifiable form'' and inserting
``personally identifiable
information''; and
(II) by striking ``, other than
agencies, instrumentalities, or
employees of the Federal Government.''
and inserting ``; and''; and
(iii) by adding at the end the following:
``(iii) using personally identifiable
information purchased, or subscribed to for a
fee, from a commercial data source.''; and
(B) in paragraph (2)(B)--
(i) in clause (i), by striking
``information that is in an identifiable form''
and inserting ``personally identifiable
information''; and
(ii) in clause (ii)--
(I) in subclause (VI), by striking
``and'' at the end;
(II) in subclause (VII), by
striking the period and inserting ``;
and''; and
(III) by adding at the end the
following:
``(VIII) to what extent risks to
privacy protection are created by the
use of the information and what steps
have been taken to mitigate such
risks.''; and
(2) by striking subsection (d) and inserting the following:
``(d) Definition.--In this section, the term `personally
identifiable information' means any information about an individual
maintained by an agency, including--
``(1) any information that can be used to distinguish or
trace an individual's identity, such as name, social security
number, date and place of birth, mother's maiden name, or
biometric records; or
``(2) any other information that is linked or linkable to
an individual, such as medical, educational, financial, and
employment information.''.
SEC. 4. AMENDMENTS TO CHAPTERS 35 AND 36 OF TITLE 44, UNITED STATES
CODE.
(a) Office of Management and Budget.--Section 3504 of title 44,
United States Code, is amended--
(1) in subsection (a)(1)(A)--
(A) in clause (iv), by inserting ``and'' after the
semicolon;
(B) by striking clause (v); and
(C) by redesignating clause (vi) as clause (v);
(2) by striking subsection (g); and
(3) by redesignating subsection (h) as subsection (g).
(b) Federal Information Privacy Policy.--
(1) In general.--Chapter 35 of title 44, United States
Code, is amended by adding at the end the following:
``SUBCHAPTER IV--FEDERAL INFORMATION PRIVACY POLICY
``Sec. 3561. Purposes
``The purposes of this subchapter are to--
``(1) ensure the consistent application of privacy
protections to personally identifiable information collected,
maintained, and used by all agencies;
``(2) strengthen the responsibility and accountability of
the Office of Management and Budget for overseeing privacy
protection in agencies;
``(3) improve agency responses to privacy breaches to
better inform and protect the public from the misuse of
personally identifiable information;
``(4) strengthen the responsibility and accountability of
agency officials for ensuring effective implementation of
privacy protection requirements; and
``(5) ensure that agency use of commercial sources of
information and information system services provides adequate
information security and privacy protections.
``Sec. 3562. Definitions
``(a) In General.--Except as provided under subsection (b), the
definitions under section 3502 shall apply to this subchapter.
``(b) Additional Definitions.--In this subchapter--
``(1) the term `Council' means the Chief Privacy Officers
Council established under section 3567;
``(2) the term `personally identifiable information' means
any information about an individual maintained by an agency,
including--
``(A) any information that can be used to
distinguish or trace an individual's identity, such as
name, social security number, date and place of birth,
mother's maiden name, or biometric records; and
``(B) any other information that is linked or
linkable to an individual, such as medical,
educational, financial, and employment information; and
``(3) the term `data broker' means a person or entity that
for a fee regularly engages in the practice of collecting,
transmitting, or providing access to personally identifiable
information concerning more than 5,000 individuals who are not
the customers or employees of that person or entity (or an
affiliated entity) primarily for the purposes of providing such
information to non-affiliated third parties on an interstate
basis.
``Sec. 3563. Authority and functions of the Director
``(a) In fulfilling the responsibility to administer the functions
assigned under subchapter I, the Director of the Office of Management
and Budget shall comply with this subchapter with respect to the
specific matters covered by this subchapter.
``(b) The Director shall oversee agency privacy protection policies
and practices, including by--
``(1) developing and overseeing the implementation of
policies, principles, standards, and guidelines on privacy
protection;
``(2) providing direction and overseeing privacy,
confidentiality, security, disclosure, and sharing of
information;
``(3) overseeing agency compliance with laws relating to
privacy protection, including the requirements of this
subchapter, section 552a of title 5 (commonly referred to as
the Privacy Act), and section 208 of the E-Government Act of
2002;
``(4) coordinating privacy protection policies and
procedures with related information resources management
policies and procedures, including through ensuring that
privacy protection considerations are taken into account in
managing the collection of information and the control of
paperwork as provided under subchapter I; and
``(5) appointing a Federal Chief Privacy Officer under
section 3564.
``Sec. 3564. Specific responsibilities of the Federal Chief Privacy
Officer
``(a) Federal Chief Privacy Officer.--
``(1) Definitions.--In this section--
``(A) the term `Senior Executive Service position'
has the meaning given under section 3132(a)(2) of title
5; and
``(B) the term `noncareer appointee' has the
meaning given under section 3132(a)(7) of title 5.
``(2) Establishment.--There is established the position of
the Federal Chief Privacy Officer within the Office of
Management and Budget. The position shall be a Senior Executive
Service position. The Director shall appoint a noncareer
appointee to the position. The primary responsibilities of the
position shall be the responsibilities under subsection (b).
``(3) Qualifications.--The individual appointed to be the
Federal Chief Privacy Officer shall possess demonstrated
expertise in privacy protection policy and Government
information.
``(b) Responsibilities.--The Federal Chief Privacy Officer shall--
``(1) carry out the responsibilities of the Director under
this subchapter;
``(2) provide overall direction, consistent with the Office
of Management and Budget guidance, section 552a of title 5
(commonly referred to as the Privacy Act), and section 208 of
the E-Government Act of 2002, of privacy policy governing the
Federal Government's collection, use, sharing, disclosure,
transfer, storage, security, and disposition of personally
identifiable information;
``(3) to the extent that the Federal Chief Privacy Officer
considers appropriate, establish procedures to review and
approve privacy documentation before public dissemination;
``(4) serve as the principal advisor for Federal privacy
policy matters to the Executive Office of the President,
including the President, the Director, the National Security
Council, the Homeland Security Council, and the Office of
Science and Technology Policy;
``(5) coordinate with the Privacy and Civil Liberties
Oversight Board established under section 1061 of the
Intelligence Reform and Terrorism Prevention Act of 2004 (5
U.S.C. 601 note); and
``(6) every 2 years submit a report to Congress on the
protection of privacy by the United States Government,
including the status of implementation of requirements under
this subchapter and other privacy related laws and policies.
``Sec. 3565. Privacy breach requirements
``The Director shall establish and oversee policies and procedures
for agencies to follow in the event of a breach of information security
involving the disclosure of personally identifiable information and for
which harm to an individual could reasonably be expected to result,
including--
``(1) a requirement for timely notice to be provided to
those individuals whose personally identifiable information
could be compromised as a result of such breach, except no
notice shall be required if the breach does not create a
reasonable risk of identity theft, fraud, or other unlawful
conduct regarding such individual;
``(2) guidance on determining how timely notice is to be
provided;
``(3) guidance regarding whether additional actions are
necessary and appropriate, including data breach analysis,
fraud resolution services, identity theft insurance, and credit
protection or monitoring services; and
``(4) requirements for timely reporting by the agencies of
such breaches to the director and the Federal information
security incident center referred to in section 3546.
``Sec. 3566. Agency responsibilities
``(a) In General.--In addition to requirements under section 1062
of the National Security Intelligence Reform Act of 2004, and in
fulfilling the responsibilities under section 3506(g), the head of each
agency shall ensure compliance with laws relating to privacy
protection, including the requirements of this subchapter, section 552a
of title 5 (commonly referred to as the Privacy Act), and section 208
of the E-Government Act of 2002.
``(b) Chief Privacy Officers.--In the case of an agency that has
not designated a Chief Privacy Officer under section 522 of the
Transportation, Treasury, Independent Agencies and General Government
Appropriations Act, 2005 (42 U.S.C. 2000ee-2), the head of each agency
shall--
``(1) designate a senior official to be the chief privacy
officer of that agency; and
``(2) provide to the chief privacy officer such information
as the officer considers necessary.
``(c) Responsibilities of Agency Chief Privacy Officer.--Each chief
privacy officer shall have primary responsibility for assuring the
adequacy of privacy protections for personally identifiable information
collected, used, or disclosed by the agency, including--
``(1) ensuring that the use of technologies sustain, and do
not erode, privacy protections relating to the use, collection,
and disclosure of personal information, including through the
conduct of privacy impact assessments as provided by section
208 of the E-Government Act of 2002;
``(2) ensuring that personal information is handled in full
compliance with fair information practices under section 552a
of title 5 (commonly referred to as the Privacy Act) and other
applicable laws and policies;
``(3) evaluating legislative and regulatory proposals
involving collection, use, and disclosure of personally
identifiable information;
``(4) coordinating with the chief information officer to
ensure that privacy is adequately addressed in the agency
information security program, established under section 3544;
``(5) coordinating with other senior officials to ensure
programs, policies, and procedures involving civil rights,
civil liberties, and privacy considerations addressed in an
integrated and comprehensive manner; and
``(6) reporting periodically to the head of the agency on
agency privacy protection activities.
``Sec. 3567. Chief Privacy Officers Council
``(a) Establishment.--There is established in the executive branch
a Chief Privacy Officers Council.
``(b) Membership.--
``(1) In general.--The members of the Council shall be as
follows:
``(A) The Federal Chief Privacy Officer, who shall
serve as chairperson of the Council.
``(B) Chief Privacy Officers established under
section 522 of division H of the Consolidated
Appropriations Act, 2005 (42 U.S.C. 2000ee-2; Public
Law 108-447).
``(C) The chairperson of the Privacy and Civil
Liberties Oversight Board.
``(D) As designated by the chairperson of the
Council, any senior agency official designated to be a
chief privacy officer under section 3566.
``(E) The Administrator of the Office of Electronic
Government, as an ex-officio member.
``(F) The Administrator of the Office of
Information and Regulatory Affairs, as an ex-officio
member.
``(G) Any other officer or employee of the United
States designated by the chairperson.
``(2) Ex-officio members.--An ex-officio member may not
vote in Council proceedings.
``(c) Administrative Support.--The Administrator of the General
Services shall provide administrative and other support for the
Council.
``(d) Functions.--The Council shall--
``(1) be an interagency forum for establishing best
practices for agency privacy policy;
``(2) share, and promote the development of, best practices
to assure that the use of technologies sustains, and does not
erode, privacy protections relating to the use, collection, and
disclosure of personal information; assure that personal
information contained in systems of records are handled in full
compliance with fair information practices; and evaluate
legislative and regulatory proposals involving collection, use,
and disclosure of personal information by the Federal
Government; and
``(3) submit proposed improvements to privacy practices to
the Director.''.
(2) Technical and conforming amendment.--The table of
sections for chapter 35 of title 44, United States Code, is
amended by adding at the end the following:
``subchapter iv--federal information privacy policy
``Sec.
``3561. Purposes.
``3562. Definitions.
``3563. Authority and functions of the Director.
``3564. Specific responsibilities of the Chief Privacy Officer.
``3565. Privacy breach requirements.
``3566. Agency responsibilities.
``3567. Chief Privacy Officers Council.''.
(c) Electronic Government.--Section 3602(d) of title 44, United
States Code, is amended by inserting ``and the Federal Chief Privacy
Officer'' after ``Information and Regulatory Affairs''.
SEC. 5. AMENDMENTS TO SECTION 1062 OF THE NATIONAL INTELLIGENCE REFORM
ACT OF 2004.
Section 1062 of the National Intelligence Reform Act of 2004 (42
U.S.C. 2000ee-1) is amended--
(1) by redesignating subsection (d) through (h) as
subsections (e) through (i); and
(2) by striking subsection (c) and inserting the following:
``(c) Authority To Investigate.--
``(1) In general.--Each privacy officer or civil liberties
officer described under subsection (a) or (b) may--
``(A) have access to all records, reports, audits,
reviews, documents, papers, recommendations, and other
materials available to the Department, agency, or
element of the executive branch that relate to programs
and operations with respect to the responsibilities of
the senior official under this section;
``(B) make such investigations and reports relating
to the administration of the programs and operations of
the Department, agency, or element of the executive
branch as are, in the senior official's judgment,
necessary or desirable;
``(C) subject to the approval of the Secretary or
head of the agency or element of the executive branch,
require by subpoena the production, by any person other
than a Federal agency, of all information, documents,
reports, answers, records, accounts, papers, and other
data and documentary evidence necessary to performance
of the responsibilities of the senior official under
this section; and
``(D) administer to or take from any person an
oath, affirmation, or affidavit, whenever necessary to
performance of the responsibilities of the senior
official under this section.
``(2) Enforcement of subpoenas.--Any subpoena issued under
paragraph (1)(C) shall, in the case of contumacy or refusal to
obey, be enforceable by order of any appropriate United States
district court.
``(3) Effect of oaths.--Any oath, affirmation, or affidavit
administered or taken under paragraph (1)(D) by or before an
employee of the Privacy Office designated for that purpose by
the senior official appointed under subsection (a) shall have
the same force and effect as if administered or taken by or
before an officer having a seal of office.
``(d) Supervision and Coordination.--
``(1) In general.--Each privacy officer or civil liberties
officer described under subsection (a) or (b) shall--
``(A) report to, and be under the general
supervision of, the Secretary; and
``(B) coordinate activities with the Inspector
General of the Department in order to avoid duplication
of effort.
``(2) Coordination with the inspector general.--
``(A) In general.--Except as provided in
subparagraph (B), the senior official appointed under
subsection (a) may investigate any matter relating to
possible violations or abuse concerning the
administration of any program or operation of the
Department, agency, or element of the executive branch
relevant to the purposes under this section.
``(B) Coordination.--
``(i) Referral.--Before initiating any
investigation described under subparagraph (A),
the senior official shall refer the matter and
all related complaints, allegations, and
information to the Inspector General of the
Department, agency, or element of the executive
branch.
``(ii) Determinations and notifications by
the inspector general.--Not later than 30 days
after the receipt of a matter referred under
clause (i), the Inspector General shall--
``(I) make a determination
regarding whether the Inspector General
intends to initiate an audit or
investigation of the matter referred
under clause (i); and
``(II) notify the senior official
of that determination.''.
<all>