[Federal Register Volume 59, Number 25 (Monday, February 7, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-2667]


[[Page Unknown]]

[Federal Register: February 7, 1994]


-----------------------------------------------------------------------


FEDERAL RESERVE SYSTEM
12 CFR Part 261a

[Docket No. R-0826]

 

Rules Regarding Access to Personal Information Under the Privacy 
Act

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: As part of its regulatory review and improvement process, the 
Board of Governors of the Federal Reserve System (Board) is proposing 
to revise and update its Rules Regarding Access to Personal Information 
Under the Privacy Act (Access Rules).

DATES: Comments should be received by March 9, 1994.

ADDRESSES: Comments, which should refer to Docket No. R-0826, may be 
mailed to Mr.William W. Wiles, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue, NW., 
Washington, DC 20551. Comments may also be delivered to the guard 
station in the Eccles Building courtyard entrance on 20th Street, NW. 
(between Constitution Avenue and C Street, NW.) between 8:45 a.m. and 
5:15 p.m. weekdays. Except as provided in the Board's Rules Regarding 
Availability of Information (12 CFR 261.8), comments received at the 
above address will be available for inspection and copying by any 
member of the public in the Freedom of Information Office, Room MP-500, 
between 9 a.m. and 5 p.m. weekdays.

FOR FURTHER INFORMATION CONTACT: Elaine M. Boutilier, Senior Attorney 
(202/452-2418), Legal Division, Board of Governors of the Federal 
Reserve System. For the hearing impaired only, Telecommunication Device 
for the Deaf (TDD), Dorothea Thompson (202/452-3544), Board of 
Governors of the Federal Reserve System, 20th Street and Constitution 
Avenue, NW., Washington, DC 20551.

SUPPLEMENTARY INFORMATION: The Board's Access Rules implement the 
Privacy Act of 1974 (5 U.S.C. 552a). This proposed revision of the 
Board's Access Rules is a part of the Board's ongoing program to review 
and update its existing regulations. There have been no substantive 
changes to the Privacy Act recently, accordingly, there is no need for 
substantive changes to the Board's Privacy Act Rules. The most 
significant change proposed to the Board's Privacy Act Rules is the 
establishment of special procedures for requesting access or amendment 
to records maintained by the Board's Office of the Inspector General, 
which was established in 1989.

    Most other proposed changes are procedural or administrative in 
nature. The proposed regulation clarifies that the Secretary of the 
Board is the official custodian of records with the delegated authority 
to respond to requests for access or amendment, except for requests for 
records maintained by the Office of the Inspector General. The 
duplication fees to be charged for documents produced in response to a 
request for access under the Privacy Act are proposed to be the same as 
those charged for documents produced in response to a request under the 
Freedom of Information Act (FOIA), because requests under the Privacy 
Act are likely to be processed also under FOIA. (No fees for search or 
review are proposed, because such fees are not authorized under the 
Privacy Act.)
    The Board proposes to change the special procedures for release of 
medical records to clarify that release of medical records through a 
licensed physician does not permit the licensed physician to withhold 
the medical records from the requester. Rather, the licensed physician 
is expected to provide access to the medical records while explaining 
sensitive or complex information contained in the medical records.
    Finally, the proposed rule specifically lists the Board's systems 
of records that are exempt from certain provisions of the Privacy Act 
to the extent they contain either law enforcement information or 
reference information provided in confidence. Following adoption of 
this proposed rule in final (after receipt and review of comments), the 
Board intends to review and update the Board's systems of records.
    As required by Regulatory Flexibility Act (5 U.S.C. 603(b)), a 
``description of the reasons why action by the agency is being 
considered'' and a ``succinct statement of the objectives or, and legal 
basis for, the proposed rule'' are found elsewhere in this preamble. 
The Board proposes that the provisions in this rule be applicable to 
all persons submitting requests for access to information under the 
Privacy Act of 1974 (5U.S.C. 552a). An exemption for small entities is 
not appropriate because the Privacy Act protects the privacy of 
individuals from unauthorized access by any entity. This proposed rule 
is not expected to have any significant impact on small entities.

List of Subjects in 12 CFR Part 261a

    Privacy.
    For the reasons set forth in the preamble, 12 CFR part 261a is 
proposed to be revised to read as follows:

PART 261a--RULES REGARDING ACCESS TO PERSONAL INFORMATION UNDER THE 
PRIVACY ACT OF 1974

Subpart A--General Provisions

Sec.
261a.1  Authority and purpose.
261a.2  Definitions.
261a.3  Custodian of records; delegations of authority.
261a.4  Fees.

Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains

Sec.
261a.5  Request for access to record.
261a.6  Board procedures for responding to request for access.
261a.7  Special procedures for medical records.
261a.8  Request for amendment to record.
261a.9  Agency review of request for amendment of record.
261a.10  Appeal of adverse determination of request for access or 
amendment.

Subpart C--Disclosure to Person Other than Individual to Whom Record 
Pertains

Sec.
261a.11  Restrictions on disclosure.
261a.12  Exceptions.

Subpart D--Exempt Records

Sec.
261a.13  Exemptions.

    Authority: 5 U.S.C. 552a.

Subpart A--General Provisions


Sec. 261a.1  Authority and purpose.

    (a) Authority. This part is issued by the Board of Governors of the 
Federal Reserve System (the Board) pursuant to the Privacy Act of 1974 
(5 U.S.C. 552a).
    (b) Purpose. The purpose of this part is to implement the 
provisions of the Privacy Act of 1974 (5 U.S.C. 552a) with regard to 
the maintenance, protection, disclosure, and amendment of records 
contained within systems of records maintained by the Board.


Sec. 261a.2  Definitions.

    For the purposes of this part, the following definitions apply:
    (a) Business day means any day except a Saturday, a Sunday or a 
legal Federal holiday.
    (b) Designated system of records means a system of records 
maintained by the Board that has been listed in the Federal Register 
pursuant to the requirements of 5 U.S.C. 552a(e).
    (c) Guardian means the parent of a minor, or the legal guardian of 
any individual who has been declared to be incompetent due to physical 
or mental incapacity or age by a court of competent jurisdiction.
    (d) Individual means a natural person who is either a citizen of 
the United States or an alien lawfully admitted for permanent 
residence.
    (e) Maintain includes maintain, collect, use, disseminate, or 
control.
    (f) Record means any item, collection, or grouping of information 
about an individual maintained by the Board that contains the 
individual's name, or the identifying number, symbol, or other 
identifying particular assigned to the individual, such as a 
fingerprint, voice print, or photograph.
    (g) Routine use means, with respect to disclosure of a record, the 
use of such record for a purpose that is compatible with the purpose 
for which it was collected or created.
    (h) System of records means a group of any records under the 
control of the Board from which information is retrieved by the name of 
the individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual.


Sec. 261a.3  Custodian of records; delegations of authority.

    (a) Custodian of records. The Secretary of the Board is the 
official custodian of all records of the Board in the possession or 
control of the Board.
    (b) Delegated authority of Secretary. With regard to this 
regulation, the Secretary of the Board is delegated the authority to:
    (1) Respond to requests for access or amendment, except for such 
requests regarding systems of records maintained by the Board's Office 
of the Inspector General;
    (2) Approve the publication of new systems of records and to amend 
existing systems of records;
    (3) File the biennial reports required by the Privacy Act.
    (c) Delegated authority of designee. Any action or determination 
required or permitted by this part to be done by the Secretary of the 
Board may be done by an Associate Secretary or other responsible 
employee of the Board who has been duly designated for this purpose by 
the Secretary.
    (d) Delegated authority of Inspector General. With regard to 
systems of records maintained by the Office of the Inspector General 
(OIG), the Inspector General is delegated the authority to respond to 
requests for access or amendment.


Sec. 261a.4  Fees.

    (a) Copies of records. Copies of records requested pursuant to 
Sec.  261a.5 of this part shall be provided at the same cost charged 
for duplication of records and/or production of computer output under 
Sec.  261.10 of this chapter.
    (b) No fee. Documents may be furnished without charge where total 
charges are less than $5.
    (c) Waiver of fees. In connection with any request by an employee, 
former employee, or applicant for employment, for records for use in 
prosecuting a grievance or complaint of discrimination against the 
Board, fees shall be waived where the total charges (including charges 
for information provided under the Freedom of Information Act) are $50 
or less; but the Secretary may waive fees in excess of that amount.

Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains


Sec. 261a.5  Request for access to record.

    (a) Procedures for making request.
    (1) Any individual (or guardian of an individual) other than a 
current Board employee desiring to learn of the existence of, or to 
gain access to, his or her record in a designated system of records 
shall submit a request in writing to the Secretary of the Board, Board 
of Governors of the Federal Reserve System, 20th Street and 
Constitution Avenue, NW., Washington, DC 20551.
    (2) A request by a current Board employee for that employee's own 
personnel records may be made in person during regular business hours 
at the Division of Human Resources, Board of Governors of the Federal 
Reserve System, 20th Street and Constitution Avenue, NW., Washington, 
DC 20551.
    (3) A request a by current Board employee for information other 
than personnel information may be made in person during regular 
business hours at the Freedom of Information Office, Board of Governors 
of the Federal Reserve System, 20th Street and Constitution Avenue, 
NW., Washington, DC 20551.
    (4) Requests for information contained in a system of records 
maintained by the Board's OIG shall be submitted in writing to the 
Inspector General, Board of Governors of the Federal Reserve System, 
20th Street and Constitution Avenue, NW., Washington, DC 20551.
    (b) Contents of request. A request made pursuant to paragraph (a) 
of this section shall include the following:
    (1) A statement that it is made pursuant to the Privacy Act of 
1974;
    (2) The name of the system of records expected to contain the 
record requested or a concise description of such system of records;
    (3) Necessary information to verify the identity of the requester 
pursuant to paragraph (c) of this section; and
    (4) Any other information that may assist in the rapid 
identification of the record for which access is being requested (e.g., 
maiden name, dates of employment, etc.).
    (c) Verification of identity. The Board shall require proof of 
identity from a requester and reserves the right to determine the 
adequacy of such proof. In general, the following shall be considered 
adequate proof of identity:
    (1) For a current Board employee, his or her Board identification 
card; or
    (2) For an individual other than a current Board employee, either:
    (i) Two forms of identification, one of which must have a picture 
of the individual requesting access; or
    (ii) A notarized statement attesting to the identity of the 
requester.
    (d) Verification of identity not required. No verification of 
identity shall be required of individuals seeking access to records 
that are otherwise available to any person under 5 U.S.C. 552, Freedom 
of Information Act.
    (e) Request for accounting of previous disclosures. An individual 
making a request pursuant to paragraph (a) of this section may also 
include a request for an accounting (pursuant to 5 U.S.C. 552a(c)) of 
previous disclosures of records pertaining to such individual in a 
designated system of records.


Sec. 261a.6  Board procedures for responding to request for access.

    (a) Compliance with Freedom of Information Act. Every request made 
pursuant to Sec.  261a.5 of this part shall also be handled by the 
Board as a request for information pursuant to the Freedom of 
Information Act (5 U.S.C. 552), except that the time limits set forth 
in paragraph (b) of this section and the fees specified in Sec.  261a.4 
of this part shall apply to such requests.
    (b) Time limits. Every request made pursuant to Sec.  261a.5 of 
this part shall be acknowledged or, where practicable, substantially 
responded to within 10 business days from receipt of the request.
    (c) Disclosure. (1) Information to be disclosed pursuant to this 
part and the Privacy Act, except for information maintained by the 
Board's OIG, shall be made available for inspection and copying during 
regular business hours at the Board's Freedom of Information Office.
    (2) Information to be disclosed that is maintained by the Board's 
OIG shall be made available for inspection and copying at the OIG.
    (3) When the requested record cannot reasonably be put into a form 
for individual inspection (e.g., computer tapes), or when the requester 
asks that the information be forwarded, copies of such information 
shall be mailed to the requester.
    (4) Access to or copies of requested information shall be promptly 
provided after the acknowledgement as provided in paragraph (b) of this 
section, unless good cause for delay is communicated to the requester.
    (d) Other authorized presence. The requester of information may be 
accompanied in the inspection of that information by a person of the 
requester's own choosing upon the requester's submission of a written 
and signed statement authorizing the presence of such person.
    (e) Denial of request. A denial of a request made pursuant to Sec.  
261a.5 of this part shall include a statement of the reason(s) for 
denial and the procedures for appealing such denial.


Sec. 261a.7  Special procedures for medical records.

    Medical or psychological records requested pursuant to Sec.  261a.5 
of this part shall be disclosed directly to the requester unless such 
disclosure could, in the judgment of the Privacy Officer, in 
consultation with the Board's physician, have an adverse effect upon 
the requester. Upon such determination, the information shall be 
transmitted to a licensed physician named by the requester, who will 
disclose those records to the requester in a manner the physician deems 
appropriate.


Sec. 261a.8  Request for amendment to record.

    (a) Procedures for making request.
    (1) An individual desiring to amend a record in a designated system 
of records that pertains to him or her shall submit a request in 
writing to the Secretary of the Board (or to the Inspector General for 
records in a system of records maintained by the OIG) in an envelope 
clearly marked ``Privacy Act Amendment Request.''
    (2) Each request for amendment of a record shall:
    (i) Identify the system of records containing the record for which 
amendment is requested;
    (ii) Specify the portion of that record requested to be amended; 
and
    (iii) Describe the nature of and reasons for each requested 
amendment.
    (3) Each request for amendment shall be subject to verification of 
identity under the procedures set forth in Sec.  261a.5(c) of this 
part, unless such verification has already been made in a related 
request for access or amendment.
    (b) Burden of proof. The request for amendment shall set forth the 
reasons the individual believes the record is not accurate, relevant, 
timely, or complete. The burden of proof for demonstrating the 
appropriateness of the requested amendment rests with the requester, 
and the requester shall provide relevant and convincing evidence in 
support of the request.


Sec. 261a.9  Board review of request for amendment of record.

    (a) Time limits. The Board shall acknowledge a request for 
amendment within 10 business days of receipt of the request. Such 
acknowledgement may request additional information necessary for a 
determination on the request for amendment. To the extent possible, a 
determination upon a request to amend a record shall be made within 10 
business days after receipt of the request.
    (b) Contents of response to request for amendment. The response to 
a request for amendment shall include the following:
    (1) The decision to grant or deny, in whole or in part, the request 
for amendment; and
    (2) If the request is denied:
    (i) The reasons for denial of any portion of the request for 
amendment;
    (ii) The requester's right to appeal any denial; and
    (iii) The procedures for appealing the denial to the appropriate 
official.


Sec. 261a.10  Appeal of adverse determination of request for access or 
amendment.

    (a) Appeal. A requester may appeal a denial of a request made 
pursuant to Sec.  261a.5 or Sec.  261a.8 of this part to the Board, or 
any official designated by the chairman of the Board, within 10 
business days of issuance of notification of denial. The appeal shall:
    (1) Be made in writing to the Secretary of the Board, with the 
words ``PRIVACY ACT APPEAL'' written prominently on the first page;
    (2) Specify the previous background of the request; and
    (3) Provide reasons why the initial denial is believed to be in 
error.
    (b) Determination. The Board or an official designated by the 
Chairman of the Board shall make a determination with respect to such 
appeal not later than 30 business days from its receipt, unless the 
time is extended for good cause shown.
    (1) If the Board or designated official grants an appeal regarding 
a request for amendment, the Board shall take the necessary steps to 
amend the record, and, when appropriate and possible, notify prior 
recipients of the record of the Board's action.
    (2) If the Board or designated official denies an appeal, the Board 
shall inform the requester of such determination, give a statement of 
the reasons therefore, and inform the requester of the right of 
judicial review of the determination.
    (c) Statement of disagreement. (1) Upon receipt of a denial of an 
appeal regarding a request for amendment, the requester may file a 
concise statement of disagreement with the denial. Such statement shall 
be maintained with the record the requester sought to amend, and any 
disclosure of the record shall include a copy of the statement of 
disagreement.
    (2) When practicable and appropriate, the Board shall provide a 
copy of the statement of disagreement to any person or other agency to 
whom the record was previously disclosed.

Subpart C--Disclosure to Person Other than Individual to Whom 
Record Pertains


Sec. 261a.11  Restrictions on disclosure.

    No record contained in a designated system of records shall be 
disclosed to any person or agency without the prior written consent of 
the individual to whom the record pertains unless the disclosure is 
authorized by Sec. 261a.12 of this part.


Sec. 261a.12  Exceptions.

    The restrictions on disclosure in Sec.  261a.11 of this part do not 
apply to any disclosure:
    (a) To those officers and employees of the Board who have a need 
for the record in the performance of their duties;
    (b) That is required under the Freedom of Information Act (5 U.S.C. 
552);
    (c) For a routine use listed with respect to a designated system of 
records;
    (d) To the Bureau of the Census for purposes of planning or 
carrying out a census or survey or related activity pursuant to the 
provisions of title 13 of the United States Code;
    (e) To a recipient who has provided the Board with advance adequate 
written assurance that the record will be used solely as a statistical 
research or reporting record, and the record is to be transferred in a 
form that is not individually identifiable;
    (f) To the National Archives of the United States as a record that 
has sufficient historical or other value to warrant its continued 
preservation by the United States government, or for evaluation by the 
administrator of General Services or his designee to determine whether 
the record has such value;
    (g) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the Board specifying the particular portion 
desired and the law enforcement activity for which the record is 
sought;
    (h) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if upon such disclosure 
notification is transmitted to the last known address of such 
individual;
    (i) To either House of Congress, or, to the extent of matter within 
its jurisdiction, any committee or subcommittee thereof, any joint 
committee of Congress or subcommittee of any such joint committee;
    (j) To the Comptroller General, or any of his authorized 
representatives, in the course of the performance of the duties of the 
General Accounting Office;
    (k) Pursuant to the order of a court of competent jurisdiction; or
    (l) To a consumer reporting agency in accordance with 31 U.S.C. 
3711(f).

Subpart D--Exempt Records


Sec. 261a.13  Exemptions.

    (a) Information compiled for civil action. Nothing in this 
regulation shall allow an individual access to any information compiled 
in reasonable anticipation of a civil action or proceeding.
    (b) Law enforcement information. Pursuant to section (k)(2) of the 
Privacy Act of 1974 (5 U.S.C. 552a(k)(2)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), 
and (f), and Secs.  261a.5, 261a.7 and 261a.8 of this part. 
Accordingly, the following designated systems of records are exempt 
from these provisions, but only to the extent that they contain 
investigatory materials compiled for law enforcement purposes:
    (1) BGFRS-1 Recruiting and Placement Records.
    (2) BGFRS-2 Personnel Background Investigation Reports.
    (3) BGFRS-4 General Personnel Records.
    (4) BGFRS-5 EEO Discrimination Complaint File.
    (5) BGFRS-9 Consultant and Staff Associate File.
    (6) BGFRS-16 Regulation G Reports.
    (7) BGFRS-18 Consumer Complaint Information System.
    (8) BGFRS-21 Supervisory Tracking and Reference System.
    (9) BGFRS/OIG-1 OIG Investigatory Records.
    (c) Confidential references. Pursuant to section (k)(5) of the 
Privacy Act of 1974 (5U.S.C. 552a(k)(5)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), 
and (f), and Secs.  261a.5, 261a.7 and 261a.8 of this part. 
Accordingly, the following systems of records are exempt from these 
provisions, but only to the extent that they contain investigatory 
material compiled to determine an individual's suitability, 
eligibility, and qualifications for Board employment or access to 
classified information, and the disclosure of such material would 
reveal the identity of a source who furnished information to the Board 
under a promise of confidentiality.
    (1) BGFRS-1 Recruiting and Placement Records.
    (2) BGFRS-2 Personnel Background Investigation Reports.
    (3) BGFRS-4 General Personnel Records.
    (4) BGFRS-9 Consultant and Staff Associate File.
    (5) BGFRS-10 General File on Board Members.
    (6) BGFRS-11 Official General Files.
    (7) BGFRS-13 General File of Examiners and Assistant Examiners at 
Federal Reserve Banks.
    (8) BGFRS-14 General File of Federal Reserve Bank and Branch 
Directors.
    (9) BGFRS-15 General Files of Federal Reserve Agents, Alternates 
and Representatives at Federal Reserve Banks.
    (10) BGFRS/OIG-2 OIG Personnel Records.
    (d) Criminal law enforcement information. Pursuant to 5 U.S.C. 
552a(j)(2), the Board has determined that portions of the OIG 
Investigatory Records (BGFRS/OIG-1) shall be exempt from any part of 
the Privacy Act (5 U.S.C. 552a), except the provisions regarding 
disclosure, the requirement to keep an accounting, certain publication 
requirements, certain requirements regarding the proper maintenance of 
systems of records, and the criminal penalties for violation of the 
Privacy Act, respectively, 5 U.S.C. 552a(b), (c)(1), and (2), (e)(4)(A) 
through (F), (e)(6), (e)(7), (e)(9), (e)(10), (e)(11) and (i). This 
designated system of records is maintained by the OIG, a Board 
component that performs as its principal function an activity 
pertaining to the enforcement of criminal laws, and the exempt portions 
of the records consist of:
    (1) Information compiled for the purpose of identifying individual 
criminal offenders and alleged offenders;
    (2) Information compiled for the purpose of a criminal 
investigation, including reports of informants and investigators, and 
associated with an identifiable individual; or
    (3) Reports identifiable to an individual compiled at any stage of 
the process of enforcement of the criminal laws from arrest or 
indictment through release from supervision.

    Board of Governors of the Federal Reserve System, February 1, 
1994.
William W. Wiles,
Secretary of the Board.
[FR Doc. 94-2667 Filed 2-4-94; 8:45 am]
BILLING CODE 6210-01-F