Privacy and Civil Liberties Oversight Board PCLOB
-1 Privacy and Civil Liberties Oversight Board--1, Freedom of Information Act and Privacy Act Files.

This system will contain classified and unclassified records.

Records are maintained at the Privacy and Civil Liberties Oversight Board's office in Washington, DC.

Individuals who submit Freedom of Information Act (FOIA) and Privacy Act (PA) requests and administrative appeals to the Privacy and Civil Liberties Oversight Board, including individuals who make requests or appeals on behalf of other persons or entities; individuals who are the subjects of FOIA or PA requests or appeals; Board employees or Department of Justice litigators assigned to handle requests or appeals.

Categories of records in the system include: FOIA and PA requests or appeals, including requesters' names, contact (email, street address, telephone number) information, and proof of identification; names and other information about persons who are the subject of FOIA or PA requests; records received, created, or compiled in processing FOIA and PA requests or appeals, including correspondence, intra or inter agency memoranda, notes, and other documentation; copies of requested records; requesters names, contact (email, street address, telephone number) information, and proof of identification; names, addresses, and telephone numbers of submitters of requested records.

5 U.S.C. 552; 5 U.S.C. 552a; 44 U.S.C. 3101

The purpose of this system is to process FOIA and PA requests and appeals, and to carry out other Board obligations under the FOIA and PA.

In addition to those disclosures permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed by the Board as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (including U.S. Attorney Offices) or other federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to or has an interest in the litigation:

1. The Board;

2. Any Board member or employee in his/her official capacity;

3. Any Board member or employee in his/her individual capacity if DOJ or the Board has agreed to represent the member or employee;

4. The United States or any agency thereof if the Board determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which the Board collected the records.

B. To a congressional office, provided that the individual who is the subject of the record at issue authorized the congressional office to request the record on his or her behalf.

C. To the National Archives and Record Administration or other federal agency pursuant to records management inspections conducted under 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations authorized by law, but only to the extent necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. The Board suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Board determines that because of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Board or other agency or entity), or harm to individuals that rely on compromised information; and

3. Disclosure is necessary to assist with the Board's efforts to respond to the suspected or confirmed compromise, and prevent, minimize, or remedy such harm.

F. To contractors and their agents; grantees; experts; consultants; and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Board, when necessary to accomplish a Board function related to this system of records.

G. To an appropriate federal, state, tribal, local, international, or foreign agency, including law enforcement, or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the individual making the disclosure.

H. To a federal, state, territorial, tribal, local, international, or foreign agency or other entity for the purpose of consulting with that agency or entity:

1. To assist in making a determination regarding the disclosure of, access to, or amendment of information; or

2. To verify the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment of information.

I. To a federal agency for the purpose of referring the request to that agency for processing or consulting with that agency regarding the appropriate handling of the request.

J. To the Office of Government Information Services (OGIS) for the purposes of resolving disputes between the Board and FOIA requesters or for OGIS' review of Board policies, procedures, and compliance in order to recommend policy changes to Congress and the President.

K. To the Office of Management and Budget or the Department of Justice when necessary to obtain advice regarding statutory or other requirements under the FOIA or PA.

Disclosure to consumer reporting agencies: No.

Storage:

Records in this system are stored electronically and/or on paper in secure facilities. Electronic records may be stored on magnetic disc, tape, digital media, and CD-ROM.

Records may be retrieved by individual's name or by case tracking or control number.

Records in this system are safeguarded in accordance with applicable rules and policies, including automated systems security and access policies. Access to records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

FOIA and PA records are retained in accordance with National Archives and Records Administration's General Records Schedule 14.

Chief FOIA Officer and Chief Privacy Officer, Privacy and Civil Liberties Oversight Board, c/o General Services Administration, Agency Liaison Division, 1275 First Street NE., ATTN: 849C, Washington, DC 20417.

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Privacy Officer at the address provided for the System Manager, above. When seeking records about yourself from this system of records your request must comply with the Board's Privacy Act regulations and must include sufficient information to permit us to identify potentially responsive records. In addition, you must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. Sec. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her consent to your access to his/ her records. Without this information, we may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

See "Notification procedure" above.

See "Notification procedure" above.

Records are obtained from individuals who submit FOIA and PA requests or appeals; the records searched and identified as responsive in the process of responding to such requests and appeals; Board personnel assigned to handle such requests and appeals; other agencies that have referred FOIA or PA requests to the Board for consultation or response; submitters or subjects of records or information that have provided assistance to the Board in making access or amendment determinations.

None.

Domestic Security PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD IMPLEMENTATION OF THE PRIVACY ACT OF 1974

Sec.

1002.1 Purpose and scope.

1002.2 Definitions.

1002.3 Privacy Act requests.

1002.4 Responses to Privacy Act requests.

1002.5 Administrative appeals.

1002.6 Fees.

1002.7 Penalties.

Authority: 5 U.S.C. 552a.

Source: 78 FR 67001, Nov. 8, 2013, unless otherwise noted.

§ 1002.1 Purpose and scope.

The regulations in this part implement the provisions of the Privacy Act.

§ 1002.2 Definitions.

The following terms used in this part are defined in the Privacy Act: Individual, maintain, record, system of records, statistical record, and routine use. The following definitions also apply in this part:

Board means the Privacy and Civil Liberties Oversight Board, established by the Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53.

Chairman means the Chairman of the Board, as appointed by the President and confirmed by the Senate under section 801(a) of the Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53, or any person to whom the Board has delegated authority in the matter concerned.

General Counsel means the Board’s principal legal advisor, or his or her designee.

Privacy Act means the Privacy Act of 1974, 5 U.S.C. 552a, as amended.

Privacy Act Officer means the person designated by the Board to be responsible for the day-to-day administration of the Privacy Act.

§ 1002.3 Privacy Act requests.

(a) Requests to determine if you are the subject of a record. You may request that the Board inform you if we maintain a system of records that contains records about you. Your request must follow the procedures described in paragraph (b) of this section.

(b) Requests for access. You may request access to a Board record about you in writing or by appearing in person. You should direct your request to the Privacy Act Officer. Written requests may be sent to: Privacy Act Officer, Privacy and Civil Liberties Oversight Board, 2100 K Street NW., Suite 500, Washington, DC 20427. Your request should include the following information:

(1) Your name, address, and telephone number;

(2) The system(s) of records in which the requested information is contained; and

(3) At your option, authorization for copying expenses.

(4) Written requests. In addition to the information described in paragraphs (b)(1) through (3) of this section, written requests must include a statement affirming your identity, signed by you and witnessed by two persons (including witnesses’ addresses) or notarized.

(i) Witnessed. If your statement is witnessed, it must include a sentence above the witnesses’ signatures attesting that they personally know you or that you have provided satisfactory proof of your identity.

(ii) Notarized. If your statement is notarized, you must provide the notary with adequate proof of your identity in the form of a drivers’ license, passport, or other identification acceptable to the notary.

(iii) The Board, in its discretion, may require additional proof of identification depending on the nature and sensitivity of the records in the system of records.

(iv) For the quickest possible handling, your letter and envelope should be marked "Privacy Act Request".

(5) In person requests. In addition to the information described in paragraphs (b)(1) through (3) of this section, if you make your request in person, you must provide adequate proof of identification at the time of your request. Adequate proof of identification includes a valid drivers’ license, valid passport, or other current identification that includes your address and photograph.

(c) Requests for amendment or correction of records. You may request an amendment to or correction of a record about you in person or by writing to the Privacy Act Officer following the procedures described in paragraph (b) of this section. Your request for amendment or correction should identify each particular record at issue, state the amendment or correction sought, and describe why the record is not accurate, relevant, timely, or complete.

(d) Requests for an accounting of disclosures. Except for those disclosures for which the Privacy Act does not require an accounting, you may request an accounting of any disclosure by the Board of a record about you. Your request for an accounting of disclosures must be made in writing following the procedures described in subsection (b) of this section.

(e) Requests for access on behalf of someone else.

(1) If you are making a request on behalf of someone else, your request must include a statement from that individual verifying his or her identity, as provided in paragraph (b)(4) of this section. Your request also must include a statement certifying that individual’s agreement that records about him or her may be released to you.

(2) If you are the parent or guardian of the individual to whom the requested record pertains, or the individual to whom the record pertains has been deemed incompetent by a court, your request for access to records about that individual must include:

(i) The identity of the individual who is the subject of the record, including his or her name, current address, and date and place of birth;

(ii) Verification of your identity in accordance with paragraph (b)(4) of this section;

(iii) Verification that you are the subject’s parent or guardian, which may be established by a copy of the subject’s birth certificate identifying you as his or her parent, or a court order establishing you as guardian; and

(iv) A statement certifying that you are making the request on the subject’s behalf.

§ 1002.4 Responses to Privacy Act requests.

(a) Acknowledgement. The Privacy Act Officer shall provide you with a written acknowledgment of your written request under section 3 within ten business days of our receipt of your request.

(b) Grants of requests. If you make your request in person, the Privacy Act Officer shall respond to your request directly, either by granting you access to the requested records, upon payment of any applicable fee and with a written record of the grant of your request and receipt of the records, or by informing you when a response may be expected. If you are accompanied by another person, you must authorize in writing any discussion of the records in the presence of the third person. If your request is in writing, the Privacy Act Officer shall provide you with written notice of the Board’s decision to grant your request and the amount of any applicable fee. The Privacy Act Officer shall disclose the records to you promptly, upon payment of any applicable fee.

(c) Denials of requests in whole or in part. The Privacy Act Officer shall notify you in writing of his or her determination to deny, in whole or in part, your request. This writing shall include the following information:

(1) The name and title or position of the person responsible for the denial;

(2) A brief statement of the reason for the denial(s), including any applicable Privacy Act exemption;

(3) A statement that you may appeal the denial and a brief description of the requirements for appeal under § 1002.5.

(d) Request for records not covered by the Privacy Act or subject to Privacy Act exemption. If the Privacy Act Officer determines that a requested record is not subject to the Privacy Act or the records are subject to Privacy Act exemption, your request will be processed in accordance with the Board’s Freedom of Information Act procedures at 6 CFR part 1001.

§ 1002.5 Administrative appeals.

Appeal procedures.

(1) You may appeal any decision by the Board to deny, in whole or in part, your request under § 1002.3 no later than 60 days after the decision is rendered.

(2) Your appeal must be in writing, sent to the General Counsel at the address specified in § 1002.3(b) and contain the following information:

(i) Your name;

(ii) Description of the record(s) at issue;

(iii) The system of records in which the record(s) is contained;

(iv) A statement of why your request should be granted.

(3) The General Counsel shall determine whether to uphold or reverse the initial determination within 30 working days of our receipt of your appeal. The General Counsel shall notify you of his or her decision, including a brief statement of the reasons for the decision, in writing. The General Counsel’s decision will be the final action of the Board.

(b) Statement of disagreement. If your appeal of our determination related to your request for amendment or correction is denied in whole or in part, you may file a Statement of Disagreement that states the basis for your disagreement with the denial. Statements of Disagreement must be concise and must clearly identify each part of any record that is disputed. The Privacy Act Officer will place your Statement of Disagreement in the system of records in which the disputed record is maintained and shall mark the disputed record to indicate that a Statement of Disagreement has been filed and where it may be found.

(c) Notification of amendment, correction, or disagreement. Within 30 working days of the amendment or correction of a record, the Privacy Act Officer shall notify all persons, organizations, or agencies to which the Board previously disclosed the record, if an accounting of that disclosure was made, that the record has been corrected or amended. If you filed a Statement of Disagreement, the Privacy Act Officer shall append a copy of it to the disputed record whenever it is disclosed and also may append a concise statement of its reason(s) for denying the request to amend or correct the record.

§ 1002.6 Fees.

We will not charge a fee for search or review of records requested under this part, or for the correction of records. If you request copies of records, we may charge a fee of $.10 per page.

§ 1002.7 Penalties.

Any person who makes a false statement in connection with any request for a record or an amendment or correction thereto under this part is subject to the penalties prescribed in 18 U.S.C. 494 and 495 and 5 U.S.C. 552a(i)(3).