[Federal Register Volume 60, Number 10 (Tuesday, January 17, 1995)]
[Rules and Regulations]
[Pages 3340-3344]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-1059]



=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Part 261a

[Docket No. R-0826]


Rules Regarding Access to Personal Information Under the Privacy 
Act

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: As part of its regulatory review and improvement process, the 
Board of Governors of the Federal Reserve System (Board) has revised 
and updated its Rules Regarding Access to Personal Information Under 
the Privacy Act (Access Rules).

EFFECTIVE DATE: February 16, 1995.

FOR FURTHER INFORMATION CONTACT: Elaine M. Boutilier, Senior Counsel 
(202/452-2418), Legal Division, Board of Governors of the Federal 
Reserve System, Washington, DC 20551. For the hearing impaired only, 
Telecommunication Device for the Deaf (TDD), Dorothea Thompson (202/
452-3544).

SUPPLEMENTARY INFORMATION: The Board's Access Rules implement the 
Privacy Act of 1974 (5 U.S.C. 552a). This revision of the Board's 
Access Rules is a part of the Board's ongoing program to review and 
update its existing regulations. There have been no substantive changes 
to the Privacy Act recently, accordingly, there is no need for 
substantive changes to the Board's Access Rules. The most significant 
change made to the Board's Access Rules is the establishment of special 
procedures for requesting access or amendment to records maintained by 
the Board's Office of the Inspector General, which was established in 
1989.
    Most other changes are procedural or administrative in nature. The 
revised regulation clarifies that the Secretary of the Board is the 
official custodian of records with the delegated authority to respond 
to requests for access or amendment, except for requests for records 
maintained by the Office of the Inspector General. The duplication fees 
to be charged for documents produced in response to a request for 
access under the Privacy Act are the same as those charged for 
documents produced in response to a request under the Freedom of 
Information Act (FOIA), because requests under the Privacy Act are 
likely to be processed also under FOIA. (No fees for search or review 
are established, because such fees are not authorized under the Privacy 
Act.)
    The Board has changed the special procedures for release of medical 
records to clarify that release of medical records through a licensed 
physician does not permit the licensed physician to withhold the 
medical records from the requester. Rather, the licensed physician is 
expected to provide access to the medical records while explaining 
sensitive or complex information contained in the medical records.
    Finally, the revised Access Rules specifically list the Board's 
systems of records that are exempt from certain provisions of the 
Privacy Act to the extent they contain either law enforcement 
information or reference information provided in confidence.
    The revised Access Rules were published for public comment on 
February 7, 1994 (59 FR 5548). The Board received only three comments 
on the proposed Rules--two favorable comments (one from a commercial 
bank and one from a Federal Reserve Bank), and one unfavorable comment 
from a trade association. The unfavorable comment did not object to the 
proposed Rules, but objected to an existing system of records, the 
Chain Banking Reference System. (The notice for this system of records 
was published on November 9, 1988, 53 FR 45392.) The commenter 
expressed concern that confidential information in the Chain Banking 
Reference System could be released to the public. This apprehension is 
misplaced, because information contained in this system of records is 
information that is contained elsewhere in Board records, and it is no 
more likely to be released from the system of records than it is from 
other Board records. In fact, it is less likely to be released from the 
system of records, because, in general, the Board is prohibited from 
releasing such Privacy Act information except with the consent of the 
individual concerned.
    One change has been made to the revised Access Rules since they 
were published for comment. The published Access Rules contained a 
delegation to the Secretary of authority to approve any new system of 
records or amend any existing system of records. Upon further 
consideration, the Board has changed this delegation to authorize the 
Secretary to approve or amend only non-exempt systems of records. An 
exempt system of records is one which is exempt from certain provisions 
of the Privacy Act, such as disclosure to the individual identified in 
the records. Any exempt system of records must be listed in the Board's 
Access Rules. Accordingly, adoption of a new system of records would 
require amendment of the Board's Access Rules to add it to the list, 
and this can not be done by the Secretary. Changes to an existing 
exempt system of records may also require changes to the Board's Rules. 
Accordingly, the Board has decided to delegate to the Secretary 
authority to approve or amend only non-exempt systems of records.
    As required by Regulatory Flexibility Act (5 U.S.C. 604(a)), a 
``succinct statement of the need for, and objectives of the rule'' is 
found elsewhere in this preamble. The provisions in this rule shall be 
applicable to all persons submitting requests for access to information 
under the Privacy Act of 1974 (5 U.S.C. 552a). An exemption for small 
entities is not appropriate because the Privacy Act protects the 
privacy of individuals from unauthorized access by any entity. This 
rule will not have any significant impact on small 
entities. [[Page 3341]] 

List of Subjects in 12 CFR Part 261a

    Federal Reserve System, Privacy.

    For the reasons set forth in the preamble, 12 CFR part 261a is 
revised to read as follows:

PART 261a--RULES REGARDING ACCESS TO PERSONAL INFORMATION UNDER THE 
PRIVACY ACT OF 1974

Subpart A--General Provisions

Sec.
261a.1  Authority, purpose and scope.
261a.2  Definitions.
261a.3  Custodian of records; delegations of authority.
261a.4  Fees.
Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains
Sec.
261a.5  Request for access to record.
261a.6  Board procedures for responding to request for access.
261a.7  Special procedures for medical records.
261a.8  Request for amendment to record.
261a.9  Agency review of request for amendment of record.
261a.10  Appeal of adverse determination of request for access or 
amendment.
Subpart C--Disclosure to Person Other than Individual to Whom Record 
Pertains
Sec.
261a.11  Restrictions on disclosure.
261a.12  Exceptions.

Subpart D--Exempt Records

Sec.
261a.13  Exemptions.

    Authority: 5 U.S.C. 552a.

Subpart A--General Provisions


Sec. 261a.1  Authority, purpose and scope.

    (a) Authority. This part is issued by the Board of Governors of the 
Federal Reserve System (the Board) pursuant to the Privacy Act of 1974 
(5 U.S.C. 552a).
    (b) Purpose. The purpose of this part is to implement the 
provisions of the Privacy Act of 1974 (5 U.S.C. 552a) with regard to 
the maintenance, protection, disclosure, and amendment of records 
contained within systems of records maintained by the Board.
    (c) Scope. This part covers requests for access to, or amendment 
of, records concerning individuals that are contained in systems of 
records maintained by the Board.


Sec. 261a.2  Definitions.

    For the purposes of this part, the following definitions apply:
    (a) Business day means any day except Saturday, Sunday or a legal 
Federal holiday.
    (b) Designated system of records means a system of records 
maintained by the Board that has been listed in the Federal Register 
pursuant to the requirements of 5 U.S.C. 552a(e).
    (c) Guardian means the parent of a minor, or the legal guardian of 
any individual who has been declared to be incompetent due to physical 
or mental incapacity or age by a court of competent jurisdiction.
    (d) Individual means a natural person who is either a citizen of 
the United States or an alien lawfully admitted for permanent 
residence.
    (e) Maintain includes maintain, collect, use, disseminate, or 
control.
    (f) Record means any item, collection, or grouping of information 
about an individual maintained by the Board that contains the 
individual's name, or the identifying number, symbol, or other 
identifying particular assigned to the individual, such as a 
fingerprint, voice print, or photograph.
    (g) Routine use means, with respect to disclosure of a record, the 
use of such record for a purpose that is compatible with the purpose 
for which it was collected or created.
    (h) System of records means a group of any records under the 
control of the Board from which information is retrieved by the name of 
the individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual.


Sec. 261a.3  Custodian of records; delegations of authority.

    (a) Custodian of records. The Secretary of the Board is the 
official custodian of all records of the Board in the possession or 
control of the Board.
    (b) Delegated authority of Secretary. With regard to this 
regulation, the Secretary of the Board is delegated the authority to:
    (1) Respond to requests for access or amendment to records 
contained in a system of records, except for such requests regarding 
systems of records maintained by the Board's Office of the Inspector 
General (OIG);
    (2) Approve the publication of new systems of records and amend 
existing systems of records, except systems of records exempted 
pursuant to Secs. 261a.13(b), (c) and (d);
    (3) File the biennial reports required by the Privacy Act.
    (c) Delegated authority of designee. Any action or determination 
required or permitted by this part to be done by the Secretary of the 
Board may be done by an Associate Secretary or other responsible 
employee of the Board who has been duly designated for this purpose by 
the Secretary.
    (d) Delegated authority of Inspector General. With regard to 
systems of records maintained by the OIG, the Inspector General is 
delegated the authority to respond to requests for access or amendment.


Sec. 261a.4  Fees.

    (a) Copies of records. Copies of records requested pursuant to 
Sec. 261a.5 of this part shall be provided at the same cost charged for 
duplication of records and/or production of computer output under the 
Board's Rules Regarding Availability of Information, Sec. 261.10 of 
this part.
    (b) No fee. Documents may be furnished without charge where total 
charges are less than $5.
    (c) Waiver of fees. In connection with any request by an employee, 
former employee, or applicant for employment, for records for use in 
prosecuting a grievance or complaint of discrimination against the 
Board, fees shall be waived where the total charges (including charges 
for information provided under the Freedom of Information Act) are $50 
or less; but the Secretary may waive fees in excess of that amount.

Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains


Sec. 261a.5  Request for access to record.

    (a) Procedures for making request. (1) Any individual (or guardian 
of an individual) other than a current Board employee desiring to learn 
of the existence of, or to gain access to, his or her record in a 
designated system of records shall submit a request in writing to the 
Secretary of the Board, Board of Governors of the Federal Reserve 
System, 20th and Constitution Avenue NW., Washington, DC 20551.
    (2) A request by a current Board employee for that employee's own 
personnel records may be made in person during regular business hours 
at the Division of Human Resources, Board of Governors of the Federal 
Reserve System, 20th and Constitution Avenue NW., Washington, DC 20551.
    (3) A request by a current Board employee for information other 
than personnel information may be made in person during regular 
business hours at the Freedom of Information Office, Board of Governors 
of the Federal Reserve System, 20th and Constitution Avenue NW., 
Washington, DC 20551.
    (4) Requests for information contained in a system of records 
maintained by the Board's OIG shall be submitted in writing to the 
Inspector General, Board of Governors of the Federal Reserve System, 
20th and Constitution Avenue NW., Washington, DC 20551. [[Page 3342]] 
    (b) Contents of request. A request made pursuant to paragraph (a) 
of this section shall include the following:
    (1) A statement that it is made pursuant to the Privacy Act of 
1974;
    (2) The name of the system of records expected to contain the 
record requested or a concise description of such system of records.
    (3) Necessary information to verify the identity of the requester 
pursuant to paragraph (c) of this section; and
    (4) Any other information that may assist in the rapid 
identification of the record for which access is being requested (e.g., 
maiden name, dates of employment, etc.).
    (c) Verification of identity. The Board shall require proof of 
identity from a requester and reserves the right to determine the 
adequacy of such proof. In general, the following shall be considered 
adequate proof of identity:
    (1) For a current Board employee, his or her Board identification 
card; or
    (2) For an individual other than a current Board employee, either:
    (i) Two forms of identification, one of which has a picture of the 
individual requesting access; or
    (ii) A notarized statement attesting to the identity of the 
requester.
    (d) Verification of identity not required. No verification of 
identity shall be required of individuals seeking access to records 
that are otherwise available to any person under 5 U.S.C. 552, Freedom 
of Information Act.
    (e) Request for accounting of previous disclosures. An individual 
making a request pursuant to paragraph (a) of this section may also 
include a request for an accounting (pursuant to 5 U.S.C. 552a(c)) of 
previous disclosures of records pertaining to such individual in a 
designated system of records.


Sec. 261a.6  Board procedures for responding to request for access.

    (a) Compliance with Freedom of Information Act. Every request made 
pursuant to Sec. 261a.5 of this part shall also be handled by the Board 
as a request for information pursuant to the Freedom of Information Act 
(5 U.S.C. 552), except that the time limits set forth in paragraph (b) 
of this section and the fees specified in Sec. 261a.4 of this part 
shall apply to such requests.
    (b) Time limits. Every request made pursuant to Sec. 261a.5 of this 
part shall be acknowledged or, where practicable, substantially 
responded to within 10 business days from receipt of the request.
    (c) Disclosure. (1) Information to be disclosed pursuant to this 
part and the Privacy Act, except for information maintained by the 
Board's OIG, shall be made available for inspection and copying during 
regular business hours at the Board's Freedom of Information Office.
    (2) Information to be disclosed that is maintained by the Board's 
OIG shall be made available for inspection and copying at the OIG.
    (3) When the requested record cannot reasonably be put into a form 
for individual inspection (e.g., computer tapes), or when the requester 
asks that the information be forwarded, copies of such information 
shall be mailed to the requester.
    (4) Access to or copies of requested information shall be promptly 
provided after the acknowledgement as provided in paragraph (b) of this 
section, unless good cause for delay is communicated to the requester.
    (d) Other authorized presence. The requester of information may be 
accompanied in the inspection of that information by a person of the 
requester's own choosing upon the requester's submission of a written 
and signed statement authorizing the presence of such person.
    (e) Denial of request. A denial of a request made pursuant to 
Sec. 261a.5 of this part shall include a statement of the reason(s) for 
denial and the procedures for appealing the denial.


Sec. 261a.7  Special procedures for medical records.

    Medical or psychological records requested pursuant to Sec. 261a.5 
of this part shall be disclosed directly to the requester unless such 
disclosure could, in the judgment of the Privacy Officer, in 
consultation with the Board's physician, have an adverse effect upon 
the requester. Upon such determination, the information shall be 
transmitted to a licensed physician named by the requester, who will 
disclose those records to the requester in a manner the physician deems 
appropriate.


Sec. 261a.8  Request for amendment of record.

    (a) Procedures for making request. (1) An individual desiring to 
amend a record in a designated system of records that pertains to him 
or her shall submit a request in writing to the Secretary of the Board 
(or to the Inspector General for records in a system of records 
maintained by the OIG) in an envelope clearly marked ``Privacy Act 
Amendment Request.''
    (2) Each request for amendment of a record shall:
    (i) Identify the system of records containing the record for which 
amendment is requested;
    (ii) Specify the portion of that record requested to be amended; 
and
    (iii) Describe the nature of and reasons for each requested 
amendment.
    (3) Each request for amendment of a record shall be subject to 
verification of identity under the procedures set forth in 
Sec. 261a.5(c) of this part, unless such verification has already been 
made in a related request for access or amendment.
    (b) Burden of proof. The request for amendment of a record shall 
set forth the reasons the individual believes the record is not 
accurate, relevant, timely, or complete. The burden of proof for 
demonstrating the appropriateness of the requested amendment rests with 
the requester, and the requester shall provide relevant and convincing 
evidence in support of the request.


Sec. 261a.9  Board review of request for amendment of record.

    (a) Time limits. The Board shall acknowledge a request for 
amendment of a record within 10 business days of receipt of the 
request. Such acknowledgement may request additional information 
necessary for a determination on the request for amendment. To the 
extent possible, a determination upon a request to amend a record shall 
be made within 10 business days after receipt of the request.
    (b) Contents of response to request for amendment. The response to 
a request for amendment shall include the following:
    (1) The decision to grant or deny, in whole or in part, the request 
for amendment; and
    (2) If the request is denied:
    (i) The reasons for denial of any portion of the request for 
amendment;
    (ii) The requester's right to appeal any denial; and
    (iii) The procedures for appealing the denial to the appropriate 
official.


Sec. 261a.10  Appeal of adverse determination of request for access or 
amendment.

    (a) Appeal. A requester may appeal a denial of a request made 
pursuant to Sec. 261a.5 or Sec. 261a.8 of this part to the Board, or 
any official designated by the chairman of the Board, within 10 
business days of issuance of notification of denial. The appeal shall:
    (1) Be made in writing to the Secretary of the Board, with the 
words ``PRIVACY ACT APPEAL'' written prominently on the first page;
    (2) Specify the previous background of the request; and
    (3) Provide reasons why the initial denial is believed to be in 
error.
    (b) Determination. The Board or an official designated by the 
Chairman of the Board shall make a determination [[Page 3343]] with 
respect to such appeal not later than 30 business days from its 
receipt, unless the time is extended for good cause shown.
    (1) If the Board or designated official grants an appeal regarding 
a request for amendment, the Board shall take the necessary steps to 
amend the record, and, when appropriate and possible, notify prior 
recipients of the record of the Board's action.
    (2) If the Board or designated official denies an appeal, the Board 
shall inform the requester of such determination, give a statement of 
the reasons therefor, and inform the requester of the right of judicial 
review of the determination.
    (c) Statement of disagreement. (1) Upon receipt of a denial of an 
appeal regarding a request for amendment, the requester may file a 
concise statement of disagreement with the denial. Such statement shall 
be maintained with the record the requester sought to amend, and any 
disclosure of the record shall include a copy of the statement of 
disagreement.
    (2) When practicable and appropriate, the Board shall provide a 
copy of the statement of disagreement to any person or other agency to 
whom the record was previously disclosed.

Subpart C--Disclosure to Person Other Than Individual to Whom 
Record Pertains


Sec. 261a.11  Restrictions on disclosure.

    No record contained in a designated system of records shall be 
disclosed to any person or agency without the prior written consent of 
the individual to whom the record pertains unless the disclosure is 
authorized by Sec. 261a.12 of this part.


Sec. 261a.12  Exceptions.

    The restrictions on disclosure in Sec. 261a.11 of this part do not 
apply to any disclosure:
    (a) To those officers and employees of the Board who have a need 
for the record in the performance of their duties;
    (b) That is required under the Freedom of Information Act (5 U.S.C. 
552);
    (c) For a routine use listed with respect to a designated system of 
records;
    (d) To the Bureau of the Census for purposes of planning or 
carrying out a census or survey or related activity pursuant to the 
provisions of title 13 of the United States Code;
    (e) To a recipient who has provided the Board with advance adequate 
written assurance that the record will be used solely as a statistical 
research or reporting record, and the record is to be transferred in a 
form that is not individually identifiable;
    (f) To the National Archives of the United States as a record that 
has sufficient historical or other value to warrant its continued 
preservation by the United States government, or for evaluation by the 
administrator of General Services or his designee to determine whether 
the record has such value;
    (g) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the Board specifying the particular portion 
desired and the law enforcement activity for which the record is 
sought;
    (h) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if upon such disclosure 
notification is transmitted to the last known address of such 
individual;
    (i) To either House of Congress, or, to the extent of matter within 
its jurisdiction, any committee or subcommittee thereof, any joint 
committee of Congress or subcommittee of any such joint committee;
    (j) To the Comptroller General, or any of his authorized 
representatives, in the course of the performance of the duties of the 
General Accounting Office;
    (k) Pursuant to the order of a court of competent jurisdiction; or
    (l) To a consumer reporting agency in accordance with 31 U.S.C. 
3711(f).

Subpart D--Exempt Records


Sec. 261a.13  Exemptions.

    (a) Information compiled for civil action. Nothing in this 
regulation shall allow an individual access to any information compiled 
in reasonable anticipation of a civil action or proceeding.
    (b) Law enforcement information. Pursuant to section (k)(2) of the 
Privacy Act of 1974 (5 U.S.C. 552a(k)(2)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively, 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4)(G), (H) and 
(I), and (f), and Secs. 261a.5, 261a.7 and 261a.8 of this part. 
Accordingly, the following designated systems of records are exempt 
from these provisions, but only to the extent that they contain 
investigatory materials compiled for law enforcement purposes:
    (1) BGFRS-1  Recruiting and Placement Records.
    (2) BGFRS-2 Personnel Background Investigation Reports.
    (3) BGFRS-4  General Personnel Records.
    (4) BGFRS-5  EEO Discrimination Complaint File.
    (5) BGFRS-9  Consultant and Staff Associate File.
    (6) BGFRS-16  Regulation G Reports.
    (7) BGFRS-18  Consumer Complaint Information System.
    (8) BGFRS-21  Supervisory Tracking and Reference System.
    (9) BGFRS/OIG-1  OIG Investigatory Records.
    (c) Confidential references. Pursuant to section (k)(5) of the 
Privacy Act of 1974 (5 U.S.C. 552a(k)(5)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively 5 U.S.C. 552a(c)b(3), (d), (e)(1), (e)(4)(G), (H) and (I), 
and (f), and Secs. 261a.5, 261a.7 and 261a.8 of this part. Accordingly, 
the following systems of records are exempt from these provisions, but 
only to the extent that they contain investigatory material compiled to 
determine an individual's suitability, eligibility, and qualifications 
for Board employment or access to classified information, and the 
disclosure of such material would reveal the identity of a source who 
furnished information to the Board under a promise of confidentiality.
    (1) BGFRS-1  Recruiting and Placement Records.
    (2) BGFRS-2  Personnel Background Investigation Reports.
    (3) BGFRS-4  General Personnel Records.
    (4) BGFRS-9  Consultant and Staff Associate File.
    (5) BGFRS-10  General File on Board Members.
    (6) BGFRS-11  Official General Files.
    (7) BGFRS-13  General File of Examiners and Assistant Examiners at 
Federal Reserve Banks.
    (8) BGFRS-14  General File of Federal Reserve Bank and Branch 
Directors.
    (9) BGFRS-15  General Files of Federal Reserve Agents, Alternates 
and Representatives at Federal Reserve Banks.
    (10) BGFRS/OIG-2  OIG Personnel Records.
    [[Page 3344]]
    
    (d) Criminal law enforcement information. Pursuant to 5 U.S.C. 
552a(j)(2), the Board has determined that portions of the OIG 
Investigatory Records (BGFRS/OIG-1) shall be exempt from any part of 
the Privacy Act (5 U.S.C. 552a), except the provisions regarding 
disclosure, the requirement to keep an accounting, certain publication 
requirements, certain requirements regarding the proper maintenance of 
systems of records, and the criminal penalties for violation of the 
Privacy Act, respectively, 5 U.S.C. 552a (b), (c)(1), and (2), (e)(4) 
(A) through (F), (e)(6), (e)(7), (e)(9), (e)(10), (e)(11) and (i). This 
designated system of records is maintained by the OIG, a Board 
component that performs as its principal function an activity 
pertaining to the enforcement of criminal laws. The exempt portions of 
the records consist of:
    (1) Information compiled for the purpose of identifying individual 
criminal offenders and alleged offenders;
    (2) Information compiled for the purpose of a criminal 
investigation, including reports of informants and investigators, and 
associated with an identifiable individual; or
    (3) Reports identifiable to an individual compiled at any stage of 
the process of enforcement of the criminal laws from arrest or 
indictment through release from supervision.

    By order of the Board of Governors of the Federal Reserve 
System, January 11, 1995.
William W. Wiles,
Secretary of the Board.
[FR Doc. 95-1059 Filed 1-13-95; 8:45 am]
BILLING CODE 6210-01-P