[Federal Register Volume 65, Number 98 (Friday, May 19, 2000)]
[Proposed Rules]
[Pages 31864-31869]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-12624]


=======================================================================
-----------------------------------------------------------------------

NATIONAL FOUNDATION ON THE ARTS AND THE HUMANITIES

45 CFR Part 1159

RIN 3135-AA16


Implementation of the Privacy Act of 1974

AGENCY: National Endowment for the Arts, NFAH

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The National Endowment for the Arts (Endowment) proposes to 
amend its Privacy Act regulations to reflect administrative changes at 
the agency and to comply with the President's Memorandum on Plain 
Language in Government Writing. These regulations establish procedures 
by which an individual may determine whether a system of records 
maintained by the Endowment contains a record pertaining to him or her; 
gain access to such records; and request correction or amendment of 
such records. These regulations also establish exemptions from certain 
Privacy Act requirements for all or part of certain systems of records 
maintained by the Endowment.

DATES: Written comments on these regulations must be received by June 
19, 2000.

ADDRESSES: Interested persons should submit written comments concerning 
these regulations to Karen Elias, Deputy General Counsel, National 
Endowment for the Arts, 1100 Pennsylvania Avenue NW, Room 518, 
Washington, DC 20506. Written comments may also be sent to Ms. Elias by 
telefax at (202) 682-5572 or by electronic mail at 
[email protected].

FOR FURTHER INFORMATION CONTACT: Karen Elias, (202) 682-5418.

SUPPLEMENTARY INFORMATION: The Endowment operates as part of the 
National Foundation on the Arts and the Humanities under the National 
Foundation on the Arts and the Humanities Act of 1965, as amended (20 
U.S.C. 951 et seq). The corresponding regulations published at 45 CFR 
Chapter XI, Subchapter A apply to the entire Foundation, while the 
regulations published at 45 CFR Chapter XI, Subchapter B apply only to 
the Endowment.
    This proposed rule adds Privacy Act regulations to Subchapter B (45 
CFR part 1159), replacing existing regulations in Subchapter A (45 CFR 
part 1115) with regard to the Endowment. The new regulations reflect 
administrative changes at the Endowment. In addition, the new 
regulations' question-and-answer format and increased detail as to 
several provisions of the Privacy Act are intended to increase 
understanding of the Endowment's Privacy Act policies. The Endowment is 
authorized to propose the new regulations under 5 U.S.C. 552a(f) of the 
Privacy Act.

Regulatory Impact

Executive Order 12866, Regulatory Planning and Review

    This proposed rule is not classified as a significant rule under 
Executive Order 12866 because it will not result in: (1) an annual 
effect on the economy of $100 million or more; (2) a major increase in 
costs or prices for consumers, individual industries, geographic 
regions, or Federal, State, or local government agencies; or (3) 
significant adverse effects on competition, employment, investment, 
productivity, innovation, or the ability of United States-based 
enterprises to compete with foreign-based enterprises in domestic or 
foreign markets. Accordingly, no regulatory impact assessment is 
required. In addition, based on the assessments noted in this 
paragraph, this proposed rule is not a ``major rule'' as defined at 5 
U.S.C. 804(2).

Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires that 
a regulation that has a significant economic impact on a substantial 
number of small entities, small

[[Page 31865]]

businesses, or small organizations include an initial regulatory 
flexibility analysis describing the regulation's impact on small 
entities. Such an analysis need not be undertaken if the agency 
certifies, under 5 U.S.C. 605(b), that the regulation will not have a 
significant economic impact on a substantial number of small entities. 
The Endowment has considered the impact of this proposed rule under the 
Regulatory Flexibility Act and certifies that this proposed rule is not 
likely to have a significant economic impact on a substantial number of 
small entities.

Paperwork Reduction Act

    The Endowment certifies that this proposed rule does not require 
additional reporting under the criteria of the Paperwork Reduction Act 
(44 U.S.C. 3501 et seq).

Unfunded Mandates Reform Act of 1995

    This proposed rule does not include a Federal mandate that may 
result in the expenditure by the private sector or by State, local, and 
tribal governments (in the aggregate) of $100 million or more in any 
one year. Therefore, a statement under 2 U.S.C. 1532 is not required.

Submission to Congress and the OMB

    This rule is hereby submitted for printing in the Federal Register, 
pursuant to 5 U.S.C. 552a(f). Copies of this proposed rule have been 
sent to the Committee on Government Reform of the House of 
Representatives, the Committee on Governmental Affairs of the Senate, 
and the OMB, in accordance with 5 U.S.C. 552a(r).

List of Subjects in 45 CFR Part 1159

    Privacy.

    For the reasons set out in this preamble, the Endowment proposes to 
add Title 45, Code of Federal Regulations, part 1159, as follows:

PART 1159--IMPLEMENTATION OF THE PRIVACY ACT OF 1974

Sec.
1159.1  What definitions apply to these regulations?
1159.2  What is the purpose of these regulations?
1159.3  Where should individuals send inquiries about the 
Endowment's systems of records or implementation of the Privacy Act?
1159.4  How will the public receive notification of the Endowment's 
systems of records?
1159.5  What government entities will the Endowment notify of 
proposed changes to its systems of records?
1159.6  What limits exists as to the contents of the Endowment's 
systems of records?
1159.7  Will the Endowment collect information from me for its 
records?
1159.8  How can I acquire access to Endowment records pertaining to 
me?
1159.9  What identification will I need to show when I request 
access to Endowment records pertaining to me?
1159.10  How can I pursue amendments to or corrections of an 
Endowment record?
1150.11  How can I appeal a refusal to amend or correct an Endowment 
record?
1159.12  Will the Endowment charge me fees to locate, review, or 
copy records?
1159.13  In what other situations will the Endowment disclose its 
records?
1159.14  Will the Endowment maintain a written account of 
disclosures made from its systems of records?
1159.15  Who has the responsibility for maintaining adequate 
technical, physical, and security safeguards to prevent unauthorized 
disclosure or destruction of manual and automatic record systems?
1159.16  Will the Endowment take steps to ensure that its employees 
involved with its systems of records are familiar with the 
requirements and implications of the Privacy Act?
1150.17  Which of the Endowment's systems of records are covered by 
exemptions in the Privacy Act?
1159.18  What are the penalties for obtaining an Endowment record 
under false pretenses?
1159.19  What restrictions exist regarding the release of mailing 
lists?

    Authority 5 U.S.C. 552a(f).


Sec. 1159.1  What definitions apply to these regulations?

    The definitions of the Privacy Act apply to this part. In addition, 
as used in this part:
    (a) Agency means any executive department, military department, 
government corporation, or other establishment in the executive branch 
of the Federal government, including the Executive Office of the 
President or any independent regulatory agency.
    (b) Business day means a calendar day, excluding Saturdays, 
Sundays, and legal public holidays.
    (c) Chairperson means the Chairperson of the Endowment, or his or 
her designee;
    (d) Endowment means the National Endowment for the Arts;
    (e) Endowment system means a system of records maintained by the 
Endowment;
    (f) General Counsel means the General Counsel of the Endowment, or 
his or her designee.
    (g) Individual means any citizen of the United States or an alien 
lawfully admitted for permanent residence;
    (h) Maintain means to collect, use, store, or disseminate records, 
as well as any combination of these recordkeeping functions. The term 
also includes exercise of control over and, therefore, responsibility 
and accountability for, systems of records;
    (i) Privacy Act means the Privacy Act of 1974, as amended (5 U.S.C. 
552a);
    (j) Record means any item, collection, or grouping of information 
about an individual that is maintained by an agency and contains the 
individual's name or another identifying particular, such as a number 
or symbol assigned to the individual, or his or her fingerprint, voice 
print or photograph. The term includes, but is not limited to, 
information regarding an individual's education, financial 
transactions, medical history, and criminal or employment history;
    (k) Routine use means, with respect to the disclosure of a record, 
the use of a record for a purpose that is compatible with the purpose 
for which it was collected;
    (l) Subject individual means the individual to whom a record 
pertains. Uses of the terms ``I'', ``you'', ``me'', and other 
references to the reader of the regulations in this part are meant to 
apply to subject individuals as defined in this paragraph (l); and
    (m) System of records means a group of records under the control of 
any agency from which information is retrieved by use of the name of 
the individual or by some number symbol, or other identifying 
particular assigned to the individual.


Sec. 1159.2  What is the purpose of these regulations?

    The regulations in this part set forth the Endowment's procedures 
under the Privacy Act, as required by 5 U.S.C. 552a(f), with respect to 
systems of records maintained by the Endowment. These regulations 
establish procedures by which an individual may exercise the rights 
granted by the Privacy Act to determine whether an Endowment system 
contains a record pertaining to him or her, to gain access to such 
records; and to request correction or amendment of such records. These 
regulations also set identification requirements, prescribe fees to be 
charged for copying records, and establish exemptions from certain 
requirements of the Act for certain Endowment systems or components 
thereof.


Sec. 1159.3  Where should individuals send inquiries about the 
Endowment's system of records or implementation of the Privacy Act?

    Inquiries about the Endowment's systems of records or 
implementation of the Privacy Act should be sent to the following 
address: National Endowment for the Arts, Office of the General 
Counsel, 1100 Pennsylvania Avenue NW, Room 518, Washington, DC 20506.

[[Page 31866]]

Sec. 1159.4  How will the public receive notification of the 
Endowment's systems of records?

    (a) As required by the Privacy Act, the Endowment shall publish 
annually a notice of its systems of records in the Federal Register. 
Such publication shall not be made for those systems of records 
maintained by other agencies while in the temporary custody of the 
Endowment.
    (b) At least 30 days prior to publication of information under 
paragraph (a) of this section, the Endowment shall publish in the 
Federal Register a notice of its intention to establish any new routine 
uses of any of its systems of records, thereby providing the public an 
opportunity to comment on such uses. This notice published by the 
Endowment shall contain the following;
    (1) The name of the system of records for which the routine use is 
to be established;
    (2) The authority for the system;
    (3) The purpose for which the record is to be maintained;
    (4) The proposed routine use(s);
    (5) The purpose of the routine(s); and
    (6) The categories of recipients of such use.
    (c) Any request for additions to the routine uses of Endowment 
systems should be sent to the Office of the General Counsel (see 
Sec. 1159.3 of this part).
    (d) Any individual who wishes to know whether an Endowment system 
contains a record pertaining to him or her should write to the Office 
of the General Counsel (see Sec. 1159.3 of this part). Such individuals 
may also call the Office of the General Counsel at (202) 682-5418 on 
business days, between the hours of 9 a.m. and 5:30 p.m., to schedule 
an appointment to make an inquiry in person. In either case, inquiries 
should be presented in writing and should specifically identify the 
Endowment systems involved. The Endowment will attempt to respond to an 
inquiry as to whether a record exists within 10 business days of 
receiving the inquiry.


Sec. 1159.5  What government entities will the Endowment notify of 
proposed changes to its systems of records?

    When the Endowment proposes to establish or significantly changes 
any of its systems of records, it shall provide adequate advance notice 
of such proposal to the Committee on Government Reform of the House of 
Representatives, the Committee on Governmental Affairs of the Senate, 
and the Office of Management and Budget (OMB), in order to permit an 
evaluation of the probable or potential effect of such proposal on the 
privacy or other rights of individuals. This report will be submitted 
in accordance with guidelines provided by the OMB.


Sec. 1159.6  What limits exist as to the contents of the Endowment's 
systems of records?

    (a) The Endowment shall maintain only such information about an 
individual as is relevant and necessary to accomplish a purpose of the 
agency required by statute or by executive order of the President. In 
addition, the Endowment shall maintain all records that are used in 
making determinations about any individual with such accuracy, 
relevance, timelines, and completeness as is reasonably necessary to 
ensure fairness to that individual in the making of any determination 
about him or her. However, the Endowment shall not be required to 
update retired records.
    (b) The Endownment shall not maintain any record about any 
individual with respect to or describing how such individual exercises 
rights guaranteed by the First Amendment of the Constitution of the 
United States, unless expressly authorized by statute or by the subject 
individual, or unless pertinent to and within the scope of an 
authorized law enforcement activity.


Sec. 1159.7  Will the Endowment collect information from me for its 
records?

    The Endowment shall collect information, to the greatest extent 
practicable, directly from you when the information may result in 
adverse determinations about your rights, benefits, or privileges under 
Federal programs. In addition, the Endowment shall inform you of the 
following, either on the form it uses to collect the information or on 
a separate form that you can retain, when it asks you to supply 
information:
    (a) The statutory or executive order authority that authorizes the 
solicitation of the information;
    (b) Whether disclosure of such information is mandatory or 
voluntary;
    (c) The principle purpose(s) for which the information is intended 
to be used;
    (d) The routine uses that may be made of the information, as 
published pursuant to Sec. 1159.4 of this part; and
    (e) Any effects on you of not providing all or any part of the 
required or requested information.


Sec. 1159.8  How can I acquire access to Endowment records pertaining 
to me?

     The following procedures apply to records that are contained in an 
Endowment system:
    (a) You may request review of records pertaining to you by writing 
to the Office of the General Counsel (see Sec. 1159.3 of this part). 
You may also call the Office of the General Counsel at (202) 682-5418 
on business days, between the hours of 9 a.m. and 5:30 p.m., to 
schedule an appointment to make such a request in person. In either 
case, your request should be presented in writing and should 
specifically identify the Endowment systems involved.
    (b) Access to the record, or to any other information pertaining to 
you that is contained in the system, shall be provided if the 
identification requirements of Sec. 1159.9 of this part are satisfied 
and the record is otherwise determined to be releasable under the 
Privacy Act and these regulations. The Endowment shall provide you an 
opportunity to have a copy made of any such record about you. Only one 
copy of each requested record will be supplied, based on the fee 
schedule in Sec. 1159.12 of this part.
    (c) The Endowment will comply promptly with requests made in person 
at scheduled appointments, if the requirements of this section are met 
and the records sought are immediately available. The Endowment will 
acknowledge mailed requests, or personal requests for documents that 
are not immediately available, within 10 business days, and the 
information requested will be provided promptly thereafter.
    (d) If you make your request in person at a scheduled appointment, 
you may, upon your request, be accompanied by a person of your choice 
to review your record. The Endowment may require that you furnish a 
written statement authorizing discussion of your record in the 
accompanying person's presence. A record may be disclosed to a 
representative chosen by you upon your proper written consent.
    (e) Medical or psychological records pertaining to you shall be 
disclosed to you unless, in the judgment of the Endowment, access to 
such records might have an adverse effect upon you. When such 
determination has been made, the Endowment may refuse to disclose such 
information directly to you. The Endowment will, however, disclose this 
information to a licensed physician designated by you in writing.


Sec. 1159.9  What identification will I need to show when I request 
access to Endowment records pertaining to me?

    The Endowment shall require reasonable identification of all 
individuals who request access to records in an Endowment system to

[[Page 31867]]

ensure that they are disclosed to the proper person.
    (a) The amount of personal identification required will of 
necessity vary with the sensitivity of the record involved. In general, 
if you request disclosure in person, you shall be required to show an 
identification card, such as a driver's license, containing your 
photograph and sample signature. However, with regard to records in 
Endowment systems that contain particularly sensitive and/or detailed 
personal information, the Endowment reserves the right to require 
additional means of identification as are appropriate under the 
circumstances. These means include, but are not limited to, requiring 
you to sign a statement under oath as to your identity, acknowledging 
that you are aware of the penalties for improper disclosure under the 
provisions of the Privacy Act.
    (b) If you request disclosure by mail, the Endowment will request 
such information as may be necessary to ensure that you are properly 
identified. Authorized means to achieve this goal include, but are not 
limited to, requiring that a mail request include certification that a 
duly commissioned notary public of any State or territory (or a similar 
official, if the request is made outside of the United States) received 
an acknowledgment of identity from you.
    (c) If you are unable to provide suitable documentation or 
identification, the Endowment may require a signed, notarized statement 
asserting your identity and stipulating that you understand that 
knowingly or willfully seeking or obtaining access to records about 
another person under false pretenses is punishable by a fine of up to 
$5,000.


Sec. 1159.10  How can I pursue amendments to or corrections of an 
Endowment record?

    (a) You are entitled to request amendments to or corrections of 
records pertaining to you pursuant to the provisions of the Privacy 
Act, including 5 U.S.C. 552a(d)(2). Such a request should be made in 
writing and addressed to the Office of the General Counsel (see 
Sec. 1159.3 of this part).
    (b) Your request for amendments or corrections should specify the 
following:
    (1) The particular record that you are seeking to amend or correct;
    (2) The Endowment system from which the record was retrieved;
    (3) The precise correction or amendment you desire, preferably in 
the form of an edited copy of the record reflecting the desired 
modification; and
    (4) Your reasons for requesting amendment or correction of the 
record.
    (c) The Endowment will acknowledge a request for amendment or 
correction of a record within 10 business days of its receipt, unless 
the request can be processed and the individual informed of the General 
Counsel's decision on the request within that 10-day period.
    (d) If after receiving and investigating your request, the General 
Counsel agrees that the record is not accurate, timely, or complete, 
based on a preponderance of the evidence, then the record will be 
corrected or amended promptly. The record will be deleted without 
regard to its accuracy, if the record is not relevant or necessary to 
accomplish the Endowment function for which the record was provided or 
is maintained. In either case, you will be informed in writing of the 
amendment, correction, or deletion. In addition, if accounting was made 
of prior disclosures of the record, all previous recipients of the 
record will be informed of the corrective action taken.
    (e) If after receiving and investigating your request, the General 
Counsel does not agree that the record should be amended or corrected, 
you will be informed promptly in writing of the refusal to amend or 
correct the record and the reason for this decision. You will also be 
informed that you may appeal this refusal in accordance with 
Sec. 1159.11 of this part.
    (f) Requests to amend or correct a record governed by the 
regulations of another agency will be forwarded to such agency for 
processing, and you will be informed in writing of this referral.


Sec. 1159.11  How can I appeal a refusal to amend or correct an 
Endowment record?

    (a) You may appeal a refusal to amend or correct a record to the 
Chairperson. Such appeal must be made in writing within 10 business 
days of your receipt of the initial refusal to amend or correct your 
record. Your appeal should be sent to the Office of the General Counsel 
(see Sec. 1159.3 of this part), should indicate that it is an appeal, 
and should include the basis for the appeal.
    The Chairperson will review your request to amend or correct the 
record, the General Counsel's refusal, and any other pertinent material 
relating to the appeal. No hearing will be held.
    (c) The Chairperson shall render his or her decision on your appeal 
within 30 business days of its receipt by the Endowment, unless the 
Chairperson, for good cause shown, extends the 30-day period. Should be 
Chairperson extend the appeal period, you will be informed in writing 
of the extension and the circumstances of the delay.
    (d) If the Chairperson determines that the record that is the 
subject of the appeal should be amended or corrected, the record will 
be so modified, and you will be informed in writing of the amendment or 
correction. Where an accounting was made of prior disclosures of the 
record, all previous recipients of the record will be informed of the 
corrective action taken.
    (e) If your appeal is denied, you will be informed in writing of 
the following:
    (1) The denial and the reasons for the denial;
    (2) That you may submit to the Endowment a concise statement 
setting forth the reasons for your disagreement as to the disputed 
record. Under the procedures set forth in paragraph (f) of this 
section, your statement will be disclosed whenever the disputed record 
is disclosed; and
    (3) That you may seek judicial review of the Chairperson's 
determination under 5 U.S.C. 552a(g)(1)(a).
    (f) Whenever you submit a statement of disagreement to the 
Endowment in accordance with paragraph (e)(2) of this section, the 
record will be annotated to indicate that it is disputed. In any 
subsequent disclosure, a copy of your statement of disagreement will be 
disclosed with the record. If the Endowment deems it appropriate, a 
concise statement of the Chairperson's reasons for denying your appeal 
may also be disclosed with the record. While you will have access to 
this statement of the Chairperson's reasons for denying your appeal, 
such statement will not be subject to correction or amendment. Where an 
accounting was made of prior disclosures of the record, all previous 
recipients of the record will be provided a copy of your statement of 
disagreement, as well as any statement of the Chairperson's reasons for 
denying your appeal.


Sec. 1159.12  Will the Endowment charge me fees to locate, review, or 
copy records?

    (a) The Endowment shall charge no fees for search time or for any 
other time expended by the Endowment to review a record. However, the 
Endowment may charge fees where you request that a copy be made of a 
record to which you have been granted access. Where a copy of the 
record must be made in order to provide access to the record (e.g., 
computer printout where no screen reading is available), the copy will 
be made available to you without cost.
    (b) Copies of records made by photocopy or similar process will be 
charged to you at the rate of $0.10 per page. Where records are not 
susceptible to photocopying (e.g., punch cards, magnetic tapes, or 
oversize materials),

[[Page 31868]]

you will be charged actual cost as determined on a case-by-case basis. 
A copying fee totaling $3.00 or less shall be waived, but the copying 
fees for contemporaneous requests by the same individual shall be 
aggregated to determine the total fee.
    (c) Special and additional services provided at your request, such 
as certification or authentication, postal insurance, and special 
mailing arrangement costs, will be charged to you.
    (d) A copying fee shall not be charged or, alternatively, it may be 
reduced, when the General Counsel determines, based on a petition, that 
the petitioning individual is indigent and that the Endowment's 
resources permit a waiver of all or part of the fee.
    (e) All fees shall be paid before any copying request is 
undertaken. Payments shall be made by check or money order payable to 
the ``National Endowment for the Arts.''


Sec. 1159.13  In what other situations will the Endowment disclose its 
records?

    (a) The Endowment shall not disclose any record that is contained 
in a system of records to any person or to another agency, except 
pursuant to a written request by or with the prior written consent of 
the subject individual, unless disclosure of the record is:
    (1) To those officers or employees of the Endowment who maintain 
the record and who have a need for the record in the performance of 
their official duties;
    (2) Required under the provisions of the Freedom of Information Act 
(5 U.S.C. 552). Records required to be made available by the Freedom of 
Information Act will be released in response to a request to the 
Endowment formulated in accordance with the National Foundation on the 
Arts and the Humanities regulations published at 45 CFR part 1100;
    (3) For a routine use as published in the annual notice in the 
Federal Register;
    (4) To the Census Bureau for purposes of planning or carrying out a 
census, survey, or related activity pursuant to the provisions of Title 
13 of the United States Code;
    (5) To a recipient who has provided the Endowment with adequate 
advance written assurance that the record will be used solely as a 
statistical research or reporting record, and the record is to be 
transferred in a form that is not individually identifiable;
    (6) To the National Archives and Records Administration as a record 
that has sufficient historical or other value to warrant its continued 
preservation by the United States government, or for evaluation by the 
Archivist of the United States, or his or her designee, to determine 
whether the record has such value;
    (7) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity, if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the Endowment for such records specifying the 
particular portion desired and the law enforcement activity for which 
the record is sought. The Endowment may also disclose such a record to 
a law enforcement agency on its own initiative in situations in which 
criminal conduct is suspected, provided that such disclosure has been 
established as a routine use, or in situations in which the misconduct 
is directly related to the purpose for which the record is maintained;
    (8) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if, upon such 
disclosure, notification is transmitted to the last known address of 
such individual;
    (9) To either House of Congress, or, to the extent of matter within 
its jurisdiction, any committee or subcommittee thereof, any joint 
committee of Congress, or subcommittee of any such joint committee;
    (10) To the Comptroller General, or any of his or her authorized 
representatives, in the course of the performance of official duties of 
the General Accounting Office;
    (11) To a consumer reporting agency in accordance with 31 U.S.C. 
3711(e); or
    (12) Pursuant to an order of a court of competent jurisdiction. In 
the event that any record is disclosed under such compulsory legal 
process, the Endowment shall make reasonable efforts to notify the 
subject individual after the process becomes a matter of public record.
    (b) Before disseminating any record about any individual to any 
person other than an Endowment employee, the Endowment shall make 
reasonable efforts to ensure that such records are, or at the time they 
were collected were, accurate, complete, timely, and relevant for 
Endowment purposes. This paragraph (b) does not apply to disseminations 
made pursuant to the provisions of the Freedom of Information Act (5 
U.S.C. 552) and paragraph (a)(2) of this section.


Sec. 1159.14  Will the Endowment maintain a written account of 
disclosures made from its systems of records?

    (a) The Office of the General Counsel shall maintain a written log 
containing the date, nature, and purpose of each disclosure of a record 
to any person or to another agency. Such accounting shall also contain 
the name and address of the person or agency to whom each disclosure 
was made. This log need not include disclosures made to Endowment 
employees in the course of their official duties, or pursuant to the 
provisions of the Freedom of Information Act (5 U.S.C. 552).
    (b) The Endowment shall retain the accounting of each disclosure 
for at least five years after the accounting is made or for the life of 
the record that was disclosed, whichever is longer.
    (c) The Endowment shall make the accounting of disclosures of a 
record pertaining to you available to you at your request. Such a 
request should be made in accordance with the procedures set forth in 
Sec. 1159.8 of this part. This paragraph (c) does not apply to 
disclosures made for law enforcement purposes under 5 U.S.C. 552a(b)(7) 
and Sec. 1159.13(a)(7) of this part.


Sec. 1159.15   Who has the responsibility for maintaining adequate 
technical, physical, and security safeguards to prevent unauthorized 
disclosure or destruction of manual and automatic record systems?

    The Deputy Chairman for Management and Budget has the 
responsibility of maintaining adequate technical, physical, and 
security safeguards to prevent unauthorized disclosure or destruction 
of manual and automatic record systems. These security safeguards shall 
apply to all systems in which identifiable personal data are processed 
or maintained, including all reports and outputs from such systems that 
contain identifiable personal information. Such safeguards must be 
sufficient to prevent negligent, accidental, or unintentional 
disclosure, modification or destruction of any personal records or 
data, and must furthermore minimize, to the extent practicable, the 
risk that skilled technicians or knowledgeable persons could improperly 
obtain access to modify or destroy such records or data and shall 
further insure against such casual entry by unskilled persons without 
official reasons or data.
    (a) Manual systems. (1) Records contained in a system of records as 
defined herein may be used, held or stored only where facilities are 
adequate to prevent unauthorized access by persons within or outside 
the Endowment.

[[Page 31869]]

    (2) All records, when not under the personal control of the 
employees authorized to use the records, must be stored in a locked 
metal filing cabinet. Some systems of records are not of such 
confidential nature that their disclosure would constitute a harm to an 
individual who is the subject of such record. However, records in this 
category shall also be maintained in locked metal filing cabinets or 
maintained in a secured room with a locking door.
    (3) Access to and use of a system of records shall be permitted 
only to persons whose duties require such access within the Endowment, 
for routine uses as defined in Sec. 1159.1 as to any given system, or 
for such other uses as may be provided herein.
    (4) Other than for access within the Endowment to persons needing 
such records in the performance of their official duties or routine 
uses as defined in Sec. 1159.1, or such other uses as provided herein, 
access to records within a system of records shall be permitted only to 
the individual to whom the record pertains or upon his or her written 
request to the General Counsel.
    (5) Access to areas where a system of records is stored will be 
limited to those persons whose duties required work in such areas. 
There shall be an accounting of the removal of any records from such 
storage areas utilizing a written log, as directed by the Deputy 
Chairman for Management and Budget. The written log shall be maintained 
at all times.
    (6) The Endowment shall ensure that all persons whose duties 
require access to and use of records contained in a system of records 
are adequately trained to protect the security and privacy of such 
records.
    (7) The disposal and destruction of records within a system of 
records shall be in accordance with the rules promulgated by the 
General Services Administration.
    (b) Automated systems. (1) Identifiable personal information may be 
processed, stored or maintained by automated data systems only where 
facilities or conditions are adequate to prevent unauthorized access to 
such systems in any form. Whenever such data, whether contained in 
punch cards, magnetic tapes or discs, are not under the personal 
control of an authorized person, such information must be stored in a 
locked or secured room, or in such other facility having greater 
safeguards than those provided for herein.
    (2) Access to and use of identifiable personal data associated with 
automated data systems shall be limited to those persons whose duties 
require such access. Proper control of personal data in any form 
associated with automated data systems shall be maintained at all 
times, including maintenance of accountability records showing 
disposition of input and output documents.
    (3) All persons whose duties require access to processing and 
maintenance of identifiable personal data and automated systems shall 
be adequately trained in the security and privacy of personal data.
    (4) The disposal and disposition of identifiable personal data and 
automated systems shall be done by shredding, burning nor in the case 
of tapes or discs, degaussing, in accordance with my regulations now or 
hereafter proposed by the General Services Administration or other 
appropriate authority.


Sec. 1159.16  Will the Endowment take steps to ensure that its 
employees involved with its systems of records are familiar with the 
requirements and implications of the Privacy Act?

    (a) The Chairperson shall ensure that all persons involved in the 
design, development, operation or maintenance of any Endowment system 
are informed of all requirements necessary to protect the privacy of 
subject individuals. The Chairperson shall also ensure that all 
Endowment employees having access to records receive adequate training 
in their protection, and that records have adequate and proper storage 
with sufficient security to assure the privacy of such records.
    (b) All employees shall be informed of the civil remedies provided 
under 5 U.S.C. 552a(g)(1) and other implications of the Privacy Act, 
and the fact that the Endowment may be subject to civil remedies for 
failure to comply with the provisions of the Privacy Act and these 
regulations.


Sec. 1159.17  Which of the Endowment's systems of records are covered 
by exemptions in the Privacy Act?

    (a) Pursuant to and limited by 5 U.S.C. 552a(j)(2), the Endowment 
system entitled ``Office of the Inspector General Investigative Files'' 
shall be exempted from the provisions of 5 U.S.C. 552a, except for 
subsections (b); (c)(1) and (2); (e)(4)(A) through (F); (e)(6), (7), 
(9), (10), and (11); and (i), insofar as that Endowment system contains 
information pertaining to criminal law enforcement investigations.
    (b) Pursuant to and limited by 5 U.S.C. 552a(k)(2), the Endowment 
system entitled ``Office of the Inspector General Investigative Files'' 
shall be exempted from 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), 
(H), and (I); and (f), insofar as that Endowment system consists of 
investigatory material compiled for law enforcement purposes, other 
than material within the scope of the exemption at 5 U.S.C. 552a(j)(2).
    (c) The Endowment system entitled ``Office of the Inspector General 
Investigative Files'' is exempt from the above-noted provisions of the 
Privacy Act because their application might alert investigation 
subjects to the existence or scope of investigations; lead to 
suppression, alteration, fabrication, or destruction of evidence, 
disclose investigative techniques or procedures, reduce the 
cooperativeness or safety of witnesses; or otherwise impair 
investigations.


Sec. 1159.18  What are the penalties for obtaining an Endowment record 
under false pretenses?

    (a) Under 5 U.S.C. 552a(i)(3), any person who knowingly and 
willfully requests or obtains any record concerning an individual from 
the Endowment under false pretenses shall be guilty of a misdemeanor 
and fined not more than $5,000.
    (b) A person who falsely or fraudulently attempts to obtain records 
under the Privacy Act may also be subject to prosecution under other 
statutes, including 18 U.S.C. 494, 495, and 1001.


Sec. 1159.19  What restrictions exist regarding the release of mailing 
lists?

    The Endowment may not sell or rent an individual's name and address 
unless such action is specifically authorized by law. This section 
shall not be construed to require the withholding of names and 
addresses otherwise permitted to be made public.

    Dated: May 10, 2000.
Karen Elias,
Deputy General Counsel.
[FR Doc. 00-12624 Filed 5-18-00; 8:45 am]
BILLING CODE 7537-01-M