[Federal Register Volume 69, Number 109 (Monday, June 7, 2004)]
[Proposed Rules]
[Pages 31767-31771]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-12727]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Part 261a

[Docket No. R-1200]


Privacy Act of 1974 Privacy Act Regulation

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
proposes to amend its regulation implementing the Privacy Act of 1974. 
The primary proposed changes concern the waiver of copying fees charged 
to current or former Board employees for access to records under the 
Privacy Act, and the special procedures for release of medical records. 
In addition, the Board is proposing to make minor editorial and 
technical changes.

DATES: Comment must be received on or before July 7, 2004.

ADDRESSES: You may submit comments, identified by Docket No. R-1200, by 
any of the following methods:
     Agency Web Site: http://www.federalreserve.gov. Follow the 
instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     E-mail: [email protected]. Include docket 
number in the subject line of the message.
     FAX: 202/452-3819 or 202/452-3102.
     Mail: Jennifer J. Johnson, Secretary, Board of Governors 
of the Federal Reserve System, 20th Street and Constitution Avenue, 
N.W., Washington, DC 20551.

[[Page 31768]]

    All public comments are available from the Board's web site at 
www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as submitted, 
except as necessary for technical reasons. Accordingly, your comments 
will not be edited to remove any identifying or contact information. 
Public comments may also be viewed electronically or in paper in Room 
MP-500 of the Board's Martin Building (20th and C Streets, NW.) between 
9 a.m. and 5 p.m. on weekdays.

FOR FURTHER INFORMATION CONTACT: Elaine M. Boutilier, Managing Senior 
Counsel, (202/452-2418), Legal Division. For the hearing impaired only, 
contact Telecommunications Device for the Deaf (TDD)(202/263-4869).

SUPPLEMENTARY INFORMATION: The Board's Privacy Act Regulation was last 
revised in 1995 (60 FR 3341, January 17, 1995). In its ongoing review 
of regulations, the Board has determined that certain changes should be 
made to the regulation to adopt better procedures.
    The first substantive change concerns waivers of the fee charged 
for copying records. The Privacy Act (5 U.S.C. 552a(f)(5)) permits an 
agency to assess copying fees for providing access to records. Section 
261a.4(a) of the Board's current regulation states that the duplication 
fee for Privacy Act requests will be the same as that charged for 
duplication of records in response to a Freedom of Information Act 
request (currently $.10/page). Section 261a.4(c) states that, in the 
connection with a request by an employee for records to use in 
prosecuting a grievance or complaint of discrimination against the 
Board, fees totaling less than $50 will be waived, but the Secretary of 
the Board also may waive fees exceeding that amount. A review of 
current Board practice revealed that copies of personnel files are 
routinely provided to an employee upon request without assessing a 
copying fee, and copies of records relied upon in an adverse action 
must be provided to the subject employee without charge. Accordingly, 
the Board proposes to waive all fees for providing copies of 
information from systems of records to current or former employees.
    The second substantive change concerns the special procedures for 
disclosing medical records. Currently, section 261a.7 of the Privacy 
Act Regulation permits the privacy officer, in consultation with the 
Board's physician, to determine that disclosure of medical records 
directly to the requester could have an adverse effect on the 
requester. In that situation, the Board would transmit the records to a 
licensed physician named by the requester, and the physician would 
disclose the records to the requester in a manner deemed appropriate by 
the physician. The Board proposes to expand the scope of these special 
procedures to cover records maintained in the Board's Employee 
Assistance Program (EAP) system of records. These records also may 
contain material that could have an adverse effect if disclosed 
directly to the requester, so the proposed change would permit a 
similar indirect disclosure through a licensed physician or other 
appropriate representative named by the requester. It is contemplated 
that such ``appropriate representative'' could be a psychologist, 
social worker, or even a parent or other relative.
    The remaining proposed changes are technical or editorial in nature 
and should not have a substantive effect on persons.

Initial Regulatory Flexibility Analysis

    The Privacy Act Regulation sets forth the procedures by which 
individuals may request access and amendment to records maintained in 
systems of records at the Board. The Board certifies that this rule 
will not have a significant economic impact on a substantial number of 
small entities, because it does not apply to business entities.

List of Subjects in 12 CFR Part 261a

    Privacy.
    For the reasons set forth in the preamble, the Board proposes to 
revise 12 CFR part 261a as follows:

PART 261a--PRIVACY ACT REGULATION

Subpart A--General Provisions
Sec.
261a.1 Authority, purpose and scope.
261a.2 Definitions.
261a.3 Custodian of records; delegations of authority.
261a.4 Fees.
Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains
Sec.
261a.5 Request for access to record.
261a.6 Board procedures for responding to request for access.
261a.7 Special procedures for medical records.
261a.8 Request for amendment of record.
261a.9 Board review of request for amendment of record.
261a.10 Appeal of adverse determination of request for access or 
amendment.
Subpart C--Disclosure to Person Other than Individual to Whom Record 
Pertains
Sec.
261a.11 Restrictions on disclosure.
261a.12 Exceptions.
Subpart D--Exempt Records
Sec.
261a.13 Exemptions.

Subpart A--General Provisions


Sec.  261a.1  Authority, purpose and scope.

    (a) Authority. This part is issued by the Board of Governors of the 
Federal Reserve System (the Board) pursuant to the Privacy Act of 1974 
(5 U.S.C 552a).
    (b) Purpose and scope. This part implements the provisions of the 
Privacy Act of 1974 (5 U.S.C. 552a) with regard to the maintenance, 
protection, disclosure, and amendment of records contained within 
systems of records maintained by the Board. It sets forth the 
procedures for requests for access to, or amendment of, records 
concerning individuals that are contained in systems of records 
maintained by the Board.


Sec.  261a.2  Definitions.

    For the purposes of this part, the following definitions apply:
    (a) Business day means any day except Saturday, Sunday or a legal 
federal holiday.
    (b) Designated system of records means a system of records 
maintained by the Board that has been published in the Federal Register 
pursuant to the requirements of 5 U.S.C. 552a(e).
    (c) Guardian means the parent of a minor, or the legal guardian of 
any individual who has been declared to be incompetent due to physical 
or mental incapacity or age by a court of competent jurisdiction.
    (d) Individual means a natural person who is either a citizen of 
the United States or an alien lawfully admitted for permanent 
residence.
    (e) Maintain includes maintain, collect, use, disseminate, or 
control.
    (f) Record means any item, collection, or grouping of information 
about an individual maintained by the Board that contains the 
individual's name, or the identifying number, symbol, or other 
identifying particular assigned to the individual, such as a 
fingerprint, voice print, or photograph.
    (g) Routine use means, with respect to disclosure of a record, the 
use of such record for a purpose that is compatible with the purpose 
for which it was collected or created.
    (h) System of records means a group of any records under the 
control of the Board from which information is retrieved by the name of 
the individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual.

[[Page 31769]]

Sec.  261a.3  Custodian of records; delegations of authority.

    (a) Custodian of records. The Secretary of the Board is the 
official custodian of all records of the Board in the possession or 
control of the Board.
    (b) Delegated authority of Secretary. With regard to this part, the 
Secretary of the Board is delegated the authority to--
    (1) Respond to requests for access to, accounting of, or amendment 
of records contained in a system of records, except for such requests 
regarding systems of records maintained by the Board's Office of the 
Inspector General (OIG);
    (2) Approve the publication of new systems of records and amend 
existing systems of records, except systems of records exempted 
pursuant to Sec.  261a.13(b), (c) and (d);
    (3) File the biennial reports required by the Privacy Act.
    (c) Delegated authority of designee. Any action or determination 
required or permitted by this part to be done by the Secretary of the 
Board may be done by a responsible employee of the Board who has been 
duly designated for this purpose by the Secretary.
    (d) Delegated authority of inspector general. With regard to 
systems of records maintained by the OIG, the Inspector General is 
delegated the authority to respond to requests for access or amendment.


Sec.  261a.4  Fees.

    (a) Copies of records. Copies of records requested pursuant to 
Sec.  261a.5 shall be provided at the same cost charged for duplication 
of records and/or production of computer output under the Board's Rules 
Regarding Availability of Information, 12 CFR 261.17.
    (b) No fee. Documents will be furnished without charge where total 
charges are less than $5.
    (c) Waiver of fees. No fees will be charged in connection with any 
request by an employee or former employees of the Board for access to 
information pertaining to that employee or former employee.

Subpart B--Procedures for Requests by Individual to Whom Record 
Pertains


Sec.  261a.5  Request for access to record.

    (a) Procedures for making request.
    (1) Except as provided in paragraph (a)(2) of this section, any 
individual (or guardian of an individual) desiring to learn of the 
existence of, or to gain access to, his or her record in a designated 
system of records shall submit a request in writing to the Secretary of 
the Board, Board of Governors of the Federal Reserve System, 20th and 
Constitution Avenue, NW, Washington, DC 20551.
    (2) A request by a current Board employee for that employee's 
personnel records may be made in person during regular business hours 
at the Human Resources Function of the Management Division, Board of 
Governors of the Federal Reserve System, 20th and Constitution Avenue, 
NW, Washington, DC 20551.
    (3) Requests for information contained in a system of records 
maintained by the Board's OIG shall be submitted in writing to the 
Inspector General, Board of Governors of the Federal Reserve System, 
20th and Constitution Avenue, N.W., Washington, D.C. 20551.
    (b) Contents of request. A request made pursuant to paragraph (a) 
of this section shall include the following:
    (1) A statement that it is made pursuant to the Privacy Act of 
1974;
    (2) The name of the system of records expected to contain the 
record requested or a concise description of such system of records;
    (3) Information necessary to verify the identity of the requester 
pursuant to paragraph (c) of this section; and
    (4) Any other information that may assist in the rapid 
identification of the record to which access is being requested (e.g., 
maiden name, dates of employment, etc.).
    (c) Verification of identity. The Board may require proof of 
identity from a requester and reserves the right to determine the 
adequacy of such proof. In general, the following shall be considered 
adequate proof of identity:
    (1) For a current Board employee, his or her Board identification 
card; or
    (2) For an individual other than a current Board employee, either--
    (i) Two forms of identification, one of which has a picture of the 
individual requesting access; or
    (ii) A notarized statement attesting to the identity of the 
requester.
    (d) Verification of identity not required. No verification of 
identity shall be required of individuals seeking access to records 
that are otherwise available to any person under the Freedom of 
Information Act, 5 U.S.C. 552.
    (e) Request for accounting of previous disclosures. An individual 
may request an accounting of previous disclosures of records pertaining 
to such individual in a designated system of records as provided in 5 
U.S.C. 552a(c).


Sec.  261a.6  Board Procedures for Responding to Request for Access.

    (a) Compliance with Freedom of Information Act. Every request made 
pursuant to Sec.  261a.5 shall also be handled by the Board as a 
request for information pursuant to the Freedom of Information Act (5 
U.S.C. 552), except that the time limits set forth in paragraph (b) of 
this section and the fees specified in Sec.  261a.4 shall apply to such 
requests.
    (b) Time limits. Every request made pursuant to Sec.  261a.5 shall 
be acknowledged or, where practicable, substantially responded to 
within 20 business days from receipt of the request.
    (c) Disclosure.(1) Information to be disclosed pursuant to this 
part, except for information maintained by the Board's OIG, shall be 
made available for inspection and copying during regular business hours 
at the Board's Freedom of Information Office, or upon request, shall be 
sent to the requester.
    (2) Information to be disclosed that is maintained by the Board's 
OIG shall be made available for inspection and copying by the OIG.
    (3) The requester may be accompanied in the inspection of 
information by a person of the requester's own choosing upon the 
requester's submission of a written and signed statement authorizing 
the presence of such person.
    (d) Denial of request. A denial of a request made pursuant to Sec.  
261a.5 shall include a statement of the reason(s) for denial and the 
procedures for appealing the denial.


Sec.  261a.7  Special procedures for medical records.

    Medical or psychological records requested pursuant to Sec.  261a.5 
shall be disclosed directly to the requester unless such disclosure 
could, in the judgment of the privacy officer, in consultation with the 
Board's physician or Employee Assistance Program counselor, have an 
adverse effect upon the requester. Upon such determination, the 
information shall be transmitted to a licensed physician or other 
appropriate representative named by the requester, who will disclose 
those records to the requester in a manner the physician or 
representative deems appropriate.


Sec.  261a.8  Request for amendment of record.

    (a) Procedures for making request. (1) An individual desiring to 
amend a record in a designated system of records that pertains to him 
or her shall submit a request in writing to the Secretary of the Board 
(or to the Inspector General for records in a system of records 
maintained by the OIG) in an envelope clearly marked ``Privacy Act 
Amendment Request.''
    (2) Each request for amendment of a record shall--

[[Page 31770]]

    (i) Identify the system of records containing the record for which 
amendment is requested;
    (ii) Specify the portion of that record requested to be amended; 
and
    (iii) Describe the nature of and reasons for each requested 
amendment.
    (3) Each request for amendment of a record shall be subject to 
verification of identity under the procedures set forth in Sec.  
261a.5(c), unless such verification has already been made in a related 
request for access or amendment.
    (b) Burden of proof. The request for amendment of a record shall 
set forth the reasons the individual believes the record is not 
accurate, relevant, timely, or complete. The burden of proof for 
demonstrating the appropriateness of the requested amendment rests with 
the requester, and the requester shall provide relevant and convincing 
evidence in support of the request.


Sec.  261a.9  Board review of request for amendment of record.

    (a) Time limits. The Board shall acknowledge a request for 
amendment of a record within 10 business days of receipt of the 
request. Such acknowledgment may request additional information 
necessary for a determination on the request for amendment. A 
determination on a request to amend a record shall be made promptly.
    (b) Contents of response to request for amendment. The response to 
a request for amendment shall include the following:
    (1) The decision to grant or deny, in whole or in part, the request 
for amendment; and
    (2) If the request is denied:
    (i) The reasons for denial of any portion of the request for 
amendment;
    (ii) The requester's right to appeal any denial; and
    (iii) The procedures for appealing the denial to the appropriate 
official.


Sec.  261a.10  Appeal of adverse determination of request for access or 
amendment.

    (a) Appeal. A requester may appeal a denial of a request made 
pursuant to Sec.  261a.5 or Sec.  261a.8 to the Board within 10 
business days of issuance of notification of denial. The appeal shall--
    (1) Be made in writing to the Secretary of the Board, with the 
words ``PRIVACY ACT APPEAL'' written prominently on the first page;
    (2) Specify the background of the request; and
    (3) Provide reasons why the initial denial is believed to be in 
error.
    (b) Determination. The Board shall make a determination with 
respect to such appeal not later than 30 business days from its 
receipt, unless the time is extended for good cause shown.
    (1) If the Board grants an appeal regarding a request for 
amendment, the Board shall take the necessary steps to amend the 
record, and, when appropriate and possible, notify prior recipients of 
the record of the Board's action.
    (2) If the Board denies an appeal, the Board shall inform the 
requester of such determination, give a statement of the reasons 
therefor, and inform the requester of the right of judicial review of 
the determination.
    (c) Statement of disagreement. (1) Upon receipt of a denial of an 
appeal regarding a request for amendment, the requester may file a 
concise statement of disagreement with the denial. Such statement shall 
be maintained with the record the requester sought to amend, and any 
disclosure of the record shall include a copy of the statement of 
disagreement.
    (2) When practicable and appropriate, the Board shall provide a 
copy of the statement of disagreement to any person or other agency to 
whom the record was previously disclosed.

Subpart C--Disclosure To Person Other Than Individual To Whom 
Record Pertains


Sec.  261a.11  Restrictions on disclosure.

    No record contained in a designated system of records shall be 
disclosed to any person or agency without the prior written consent of 
the individual to whom the record pertains unless the disclosure is 
authorized by Sec.  261a.12.


Sec.  261a.12  Exceptions.

    The restrictions on disclosure in Sec.  261a.11 do not apply to any 
disclosure--
    (a) To those officers and employees of the Board who have a need 
for the record in the performance of their duties;
    (b) That is required under the Freedom of Information Act (5 U.S.C. 
552);
    (c) For a routine use listed with respect to a designated system of 
records;
    (d) To the Bureau of the Census for purposes of planning or 
carrying out a census or survey or related activity pursuant to the 
provisions of title 13 of the United States Code;
    (e) To a recipient who has provided the Board with advance adequate 
written assurance that the record will be used solely as a statistical 
research or reporting record, and the record is to be transferred in a 
form that is not individually identifiable;
    (f) To the National Archives of the United States as a record that 
has sufficient historical or other value to warrant its continued 
preservation by the United States government, or for evaluation by the 
administrator of General Services or his designee to determine whether 
the record has such value;
    (g) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the Board specifying the particular portion 
desired and the law enforcement activity for which the record is 
sought;
    (h) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if upon such disclosure 
notification is transmitted to the last known address of such 
individual;
    (i) To either House of Congress, or, to the extent of matter within 
its jurisdiction, any committee or subcommittee thereof, any joint 
committee of Congress or subcommittee of any such joint committee;
    (j) To the Comptroller General, or any of his authorized 
representatives, in the course of the performance of the duties of the 
General Accounting Office;
    (k) Pursuant to the order of a court of competent jurisdiction; or
    (l) To a consumer reporting agency in accordance with 31 U.S.C. 
3711(e).

Subpart D--Exempt Records


Sec.  261a.13  Exemptions.

    (a) Information compiled for civil action. Nothing in this part 
shall allow an individual access to any information compiled in 
reasonable anticipation of a civil action or proceeding.
    (b) Law enforcement information. Pursuant to section (k)(2) of the 
Privacy Act of 1974 (5 U.S.C. 552a(k)(2)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), 
and (f), and Sec. Sec.  261a.5, 261a.7, and 261a.8. Accordingly, the 
following designated systems of records are exempt from these 
provisions, but only to the extent that they contain investigatory 
materials compiled for law enforcement purposes:

[[Page 31771]]

    (1) BGFRS-1 Recruiting and Placement Records
    (2) BGFRS-4 General Personnel Records
    (3) BGFRS-5 EEO Discrimination Complaint File
    (4) BGFRS-9 Consultant and Staff Associate File
    (5) BGFRS-21 Supervisory Tracking and Reference System
    (6) BGFRS/OIG-1 OIG Investigatory Records
    (7) BGFRS-31 Protective Information System
    (8) BGFRS-32 Visitor Log
    (c) Confidential references. Pursuant to section (k)(5) of the 
Privacy Act of 1974 (5 U.S.C. 552a(k)(5)), the Board has deemed it 
necessary to exempt certain designated systems of records maintained by 
the Board from the requirements of the Privacy Act concerning access to 
accountings of disclosures and to records, maintenance of only relevant 
and necessary information in files, and certain publication provisions, 
respectively 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I), 
and (f), and Sec. Sec.  261a.5, 261a.7, and 261a.8. Accordingly, the 
following systems of records are exempt from these provisions, but only 
to the extent that they contain investigatory material compiled to 
determine an individual's suitability, eligibility, and qualifications 
for Board employment or access to classified information, and the 
disclosure of such material would reveal the identity of a source who 
furnished information to the Board under a promise of confidentiality.
    (1) BGFRS-1 Recruiting and Placement Records
    (2) BGFRS-4 General Personnel Records
    (3) BGFRS-9 Consultant and Staff Associate File
    (4) BGFRS-10 General File on Board Members
    (5) BGFRS-11 Official General Files
    (6) BGFRS-15 General Files of Federal Reserve Agents, Alternates 
and Representatives at Federal Reserve Banks
    (7) BGFRS/OIG-2 OIG Personnel Records
    (8) BGFRS-25 Multi-Rater Feedback Records
    (d) Criminal law enforcement information. Pursuant to 5 U.S.C. 
552a(j)(2), the Board has determined that portions of the OIG 
Investigatory Records (BGFRS/OIG-1) shall be exempt from any part of 
the Privacy Act (5 U.S.C. 552a), except the provisions regarding 
disclosure, the requirement to keep an accounting, certain publication 
requirements, certain requirements regarding the proper maintenance of 
systems of records, and the criminal penalties for violation of the 
Privacy Act, respectively, 5 U.S.C. 552a(b), (c)(1), and (2), (e)(4)(A) 
through (F), (e)(6), (e)(7), (e)(9), (e)(10), (e)(11) and (i). This 
designated system of records is maintained by the OIG, a Board 
component that performs as its principal function an activity 
pertaining to the enforcement of criminal laws. The exempt portions of 
the records consist of--
    (1) Information compiled for the purpose of identifying individual 
criminal offenders and alleged offenders;
    (2) Information compiled for the purpose of a criminal 
investigation, including reports of informants and investigators, and 
associated with an identifiable individual; or
    (3) Reports identifiable to an individual compiled at any stage of 
the process of enforcement of the criminal laws from arrest or 
indictment through release from supervision.

    By order of the Board of Governors of the Federal Reserve 
System, June 1, 2004.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc. 04-12727 Filed 6-4-04; 8:45 am]
BILLING CODE 6210-01-S