CENTRAL INTELLIGENCE AGENCY ANNUAL PRIVACY ACT REPORT, PART II, FOR 1977
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP81-00142R000700010002-5
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
26
Document Creation Date:
December 9, 2016
Document Release Date:
July 10, 2001
Sequence Number:
2
Case Number:
Publication Date:
May 12, 1978
Content Type:
MF
File:
Attachment | Size |
---|---|
CIA-RDP81-00142R000700010002-5.pdf | 1.19 MB |
Body:
Approved For Release 2001 /08/02: CIA-RDP81-00142R00070001$$g2A-5 78-0996/1
CENTRAL INTELLIGENCE AGENCY
WASHINGTON, D.C. 20505
MEMORANDUM FOR:
ATTENTION:
FROM:
SUBJECT:
REFERENCE:
Mr. James T. McIntyre
Director, Office of Management
and Budget
Mr. Walter W. Haase
Deputy Associate Director for
Information Systems Policy
John F. Blake
Deputy Director for Administration
Central Intelligence Agency Annual
Privacy Act Report, Part II, for 1977
Agency Memorandum of 10 March 1978
Containing Part I of the Annual Report
In accordance with OMB Circular No. A-108, Transmittal
Memorandum No. 4, and OMB Memorandum of 25 January 1978,
forwarded herewith is the balance of the CIA Annual Privacy
Act Report for 1977.
John F. Blake
Attachment
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
CIA ANNUAL PRIVACY ACT REPORT FOR 1977
NARRATIVE
1. Whereas technical and descriptive data of the
Agency's records systems comprised our response of 10 March
1978, this portion of the Annual Report addresses the accom
plishments, plans, administration, processing difficulties
and recommendations for change vis-a-vis the Privacy Act of
1974. The following discussions correlate to subparagraphs
2 (a through g) of the attachment to your memorandum of
inquiry of 25 January 1978.
2(a) Summary of Accomplishments and Future Plans:
(1)
Protecting Individual Privacy:
As a matter of course
h
, t
e sensitive nature
of records held by the Agency and our basic policies
governing access to them assist in preserving an
individual's privacy. Since the preponderance of
our documentation is classified, only properly
cleared personnel can review documents, and then
on a need-to-know principle. Moreover, the Agency
does not have a centralized file system; there-
fore, this built-in compartmentation limits the
amount of information available to any one person.
All offices and files are secured whenever staff
personnel are not present and all visitors are
asked to state their business and verify their rds. aredrecorded, and the Visitors' movemen
y personnel
enc closely monitored at all times. is are
(2) Reducing the Scope of Personal Recordkee
Current reductions in holdings of documen-
tation have been virtually impossible due to
a number of overlapping and repetitive non-
destruction directives. The Agency is currently
under such an order issued by the House Select
Committee on Assassinations. However, with the
view that these record destruction moratoriums
will eventually end, extensive reviews have been
initiated to determine what records will be
retained, declassified or destroyed. One signi-
ficant step in making possible future reductions
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
in our holdings has been the approval of all of
the Agency's Records Control Schedules by the
National Archives and Records Service. Given this
approval, it is likely that the number of Agency
records systems currently maintained may be
decreased by two. There are indications, however,
that approximately five new systems will have to
be declared in the near future. The scope of
maintained records is contained by our review and
the removal of extraneous data prior to its in-
clusion in a system. There has been concern
expressed that future access to records may in-
hibit the input of current documentation, leading
to bland and incomplete files. Although this has
been expressed by some records managers, to date
we have seen very little evidence of such an
occurrence.
(b) Scope and Nature of Federal Personal Recordkeeping;
Analysis of Changes to Systems o Records:
(1) During 1977, CIA--22 was merged with CIA--21.
This incorporated the case files maintained on the
Agency's Freedom of Information Act and E.O. 11652
document declassification requesters with those
for persons who filed Privacy Act requests. Two
new systems were declared, namely: CIA--60,
Personal and Professional Associates of the Director
of Central Intelligence; and CIA--61, Supplemental
Personnel (Soft) Files. This latter system was
created when the Director established the position
of Special Assistant to the Deputy to the Director
for Resource Management as an integral part of the
intelligence community as a whole. Each of the
new systems was required because, as Director of
Central Intelligence, Admiral Turner assumed
responsibility for directing the intelligence
community and effectual support was needed.
(2) No great change in the use of computer support
was noted in 1977. However, in order to meet
quick response demands for information, significant
increases can be expected within the next two
years in computer-assisted records systems. A
number of developmental programs are currently
being studied for possible implementation.
(3) The size of new systems can be expected to be
significantly large at the outset, but a leveling
off or reduction will be accomplished as permission
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
-2-
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
is granted to remove obsolete information. The
scope of new systems will be limited to the effi-
cient, effective and necessary requirements to be
served, not only for the sake of privacy considera-
tions, but also because of the considerable costs
involved.
(c) Agency Administration of the Act:
(1) Accounting for Disclosures:
Records are maintained of instances when
information is released and, where necessary,
waivers are requested from the individuals
concerned.
(2) Maintenance of Only That Information Necessary
for an Authorized Function:
Routine uses of records are the determining
factors in placing a document into a system.
Prior to insertion into a system, records and
information are reviewed for relevance.
(3) Publication Requirements:
All changes to a system of records are pro-
mulgated in the Federal Register with due regard
for the 30-day notice to te given to the general
public for their comment and our consideration of
their views. In addition, significant additions
and deletions to the Agency's systems of records
are submitted to the President of the Senate, the
Speaker of the House, the Privacy Protection Study
Commission and the Office of Management and Budget.
(4) Standard of Accuracy, Relevance Timeliness
and Completeness:
Within the limits of our Records Control
Schedules and the current prohibition on destruction
of records, the relevance and timeliness of records
are considered. Accuracy and completeness of
files are accomplished by placing a copy of the
correspondence from the subject, purporting to
correct or clarify records, with the document in
question. In this way, a complete analysis of the
record can be made by an authorized officer when
reviewing the information.
Approved For Release 2001/08/02 : C14RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
(5) Validation of Records Before Disclosure
Outside the Agency:
Validation of information is accomplished
through normal verification procedures. Where
prudent or necessary, the individual will be
contacted for additional supporting data.
(6) Restrictions on Recordkee in About First
men ment Activities:
Collectors and recipients of personal infor-
mation are acutely aware of this requirement.
Documents are reviewed prior to becoming part of
the system.
(7) Rules of Conduct for Agency Personnel:
Personnel having access to personal records
have been instructed in depth as to their respon-
sibilities in this regard and the possible con-
sequences of a breach of this trust. Formal
instruction and realistic situational workshops
have been developed to further understanding of
the Privacy Act. Extensive formal and on-the-job
training are required for those directly implementing
the Act.
(8) Safeguards on Information:
Agency personnel have been well trained in
handling sensitive information. Records are
maintained in combination lock safes or in vaulted
areas. Computers can be accessed only by those
personnel who have been assigned controlled pass-
words and/or other coded identifiers.
(9)
Operation of the Exemption Provisions:
A. The CIA regulations promulgated pursuant
to subsection (j) of the Act authorize the
withholding of any information pertaining to
an individual which would reveal intelligence
sources and methods. Polygraph records are
exempt from all sections as provided under
the exemption except for subsections 552a(b),
(c) (1) and (2), (e) (4) (A through F), (e) (5) ,
Approved For Release 2001/08/02 : Cl -RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
(6), (7), (9) , (10), and (11), and (i). Under
subsection (j) of the Act, systems of records that
contain sources and methods are exempt from sub-
sections (c)(3), (d), (e) (3) (A through D),
(e) (4) (E) , and (f) (1) .
E. Under subsection (k), regulations were
promulgated which provide that all provisions
of this subsection apply to all systems of
records. Information meeting the criteria
defined in provisions (k) (1) through (k) (7)
may be exempted from subsection (d).
C. In conformity with the express intent of
the Privacy Act, information in a records
system pertaining to an individual is exempt from
disclosure, subsection (d), except as permitted in
subsection (b)(1 through 11). Written permission
must be obtained from an individual when personal
information pertaining to that person is requested
by another individual or entity.
D. The Privacy Act permits the Director wide
latitude in implementing exemptions for
access to records; however, this has been done
only to a limited extent. As a system, CIA--23,
Polygraph Files, is totally exempt from access.
The remaining 57 systems of records are searched,
as appropriate, in response to inquiries
from requesters. When the above exemptions do
not apply, documents are released; and, where
they are applicable, segregable portions of
records are released whenever feasible.
E. There were 644 inquiries in which the request
was totally or partially denied and the above
discussed subsections were invoked. The con-
version to an ADP system in June 1977, did not
permit a complete exemption breakout of all the
cases but does provide a sample of the results for
388 cases as follows:
(b)(i.e., Privacy).... 204
(J) (1) ? ...............352
MM 1 .207
(k)(5) .................56
Also, the word "Privacy" was cited previously;
however, in order to refer to a specific sub-
section of the Act, subsection (b) replaced
"Privacy" in July 1977.
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
-5-
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
F. In lieu of permitting direct access to
records by requesters, as provided for in
subsection (d), the Agency duplicates re-
leasable documentation for requesters at no
cost.
(d) Changes in Patterns of Information Exchange:
(1) Agency employees or applicants are the
primary source of information on themselves.
Where verification of data is necessary,
waivers are requested. Where sensitive opera-
tional and security considerations are para-
mount, liaison with some Federal agencies
has been curtailed or abandoned. This has
resulted from possible exposure, via the
Privacy Act, of the Agency's interest in a
person and where those agencies cannot exert
exemptions to protect our interests.
(2) There have been some changes in procedure to
segregate out that information which is considered
strictly personal and that which is directly
related to employment. A Privacy Act statement
gives the individual a high degree of awareness as
to the limits to which information will be used.
These are fully discussed and the problems that
can develop are explained, should the desired
information not be provided or a waiver for
specific purposes not obtained.
(3) Initially, officials expressed concern that
the Act would cause a significant reduction in
third party-provided information. As for Agency
employees, this factor has not been noticed. How-
ever, those interviewed may be narrowing their
answers to the questions being asked, with less
extemporaneous comment being offered. Pledges of
confidentiality requested remain at a level paral-
leling the past. Sources in the private sector,
having become more aware of their rights, seem
somewhat more reluctant to provide information to
government officials, with pledges of confiden-
tiality more often requested.
(4) Alternative sources of information have not
been developed.
(5) Except for procedural requirements, no
significant effect on Agency activities has been
noted, due to the Act's limitations on information
disclosure.
Approved For Release 2001/08/02 : CIA5RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
C. Civil Actions:
Filed Against Agency .... ....6
Cases Decided in Agency Favor ......... 1**
Cases Decided Against Agency .......... 0
Cases Remaining in Litigation ......... 5
**This case was decided in favor of the Agency.
However, the plaintiff appealed one document;
the District court upheld the Agency's posi-
tion but will still review the record in
camera.
(2)(A) The Agency's estimate of current and
former employees making Privacy Act requests is
less than 10 percent of the total. However, the
number of requesters in this group appears to be
increasing. Also, these figures do not take into
account informal requests from current employees
where procedures have been in existence since the
inception of the Act to permit review of one's
files. Approximately 10 percent of Agency em-
ployees have availed themselves of this informal
approach.
(B) Although the Agency does not maintain
statistics on which Act a person cites in making
a request, Agency employees most often cite the
correct Act, given our readily available assist-
ance. When anyone wishes to receive information
on himself, we encourage processing under the
Privacy Act. The requester is assured that all
information will be provided as can be allowed
under both Acts. If he is insistent, however, we
will process such a request under the Freedom Act
or provide the exemptions from both Acts.
(C) Rarely will the general public cite a
system to be searched unless requests for Office
of Strategic Services' documents, drug experiment
information, or Agency intercepted mail can be so
considered. Requesters using commercial services
will often cite records systems. Agency personnel
use a check-off form.
(D) Since all systems are potentially exempt,
the requests for access to exempt systems can be
considered 100 percent. Also, if releasing a
record, where one exists, is considered as access
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
-8-
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
to an exempt system, we permit this to over 80
percent of the requesters, the balance being
denied in full.
(f) Public Scrutiny of Federal Personal Recordkeeping
Practices:
(1) No reaction of'a substantive nature to any
Agency Privacy Act issuance promulgated in the
Federal Register has been received from the
general public, the Congress or OMB. If the
public wants something, they write or call.
Presently existing rules and regulations are
largely unknown; so, we properly channel their
requests and explain the requirements and pro-
cedures necessary to service their requests.
To say the least, the Act is expensive in terms
of employee time and machine support expended.
From the Agency's standpoint, our costs will not
lessen simply because the number of our requests
are increasing each year, all other factors aside.
(g) Problem Areas and Recommendations for Change:
Although the discussion below may not pertain
specifically to the Privacy Act, it does address
personally identifiable information.
(1) Agency concern over material released under
the Privacy Act is increasing. Problems are being
experienced with former staff employees and cooper-
ating individuals whose Agency affiliation has not
heretofore been disclosed. Serious security
breaches could be in the offing. The mere possession
of a seemingly innocuous Agency document could,
under certain circumstances, cause embarrassment
or danger to the person involved, not to mention
problems for the Agency.
(2) Since deceased individuals have no privacy
rights, it is possible that personally identifiable
information might have to be released connecting the
Agency with undeclared persons. This information,
if pursued by hostile elements, could cause serious
consequences for vital operational activities and
could place in physical jeopardy those who were
in association with such an individual. Hostile
security and intelligence organizations, in view
of their presumed thorough documentation of an
American's activities, could quickly identify
suspected intelligence sources. Through merely
Approved For Release 2001/08/02 : CIAIRDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
the exposure of the name of a CIA man, a hostile
country could determine whether and when he was
there.
(3) Because of information which might be re-
leased, liaison equities between the Agency and
its foreign counterparts are being seriously
questioned by the latter. They foresee the possi-
bility of their information being released and we
suspect that they may be withholding information.
This very real problem will affect our national
security more and more as time elapses.
(4) Our experience has shown that the public
seldom uses the published systems of records
as a key to obtain access to their files.
The public generally requests all records
retrievable under their name. The possi-
bility of each agency making available
directly to the public on request a descrip-
tive list of records systems should be con-
sidered. Expensive publication costs in pro-
mulgating systems in the Federal Register
could then be limited to only t Se deletion of
an existing system of the declaration of a
new system.
Approved For Release 2001/08/02 : CIA-RDPO4-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
IPS/DM/9 May 78
Distribution:
Orig. + 4 - 0MB (w/attach)
DDA Chrono (w/attach)
AI/DDA (w/attach)
IPS Chrono w/attach)
IPS (w/attach)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R0007
CIA ANNUAL PRIVACY ACT REPORT, PART I, FOR 1977
1. Verification of the Inventory of Federal Personal Data
ystems
a. 0MB System Number:
All system numbers remain as indicated.
b. Agency System Indentifier:
The CIA has no objection to identifying our
records systems with the 0MB System Number.
All changes have been indicated on the attached
inventory.
c. System Name:
No change.
d. System Notice Date:
All dates indicated are correct. However, notice
of a new "blanket" routine use was published in
the Federal Register on 16 May 1977, Vol. 42, No.
94, pages 24 an 24760. This "blanket" routine
use was also published in the Federal Re ister as
part of the annual compilation o recor s systems
at Book 2, Part VII, Vol. 42, No. 184, page 48050.
It is identified as entry 6 under the heading,
"Statement of General Routine Uses," and allows
for a record from a system of records to be pro-
vided to NARS in records management inspections.
e. System Notice Page:
No change.
f. ADP Code:
No change.
Purpose Code (Pur Code):
No change.
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 201/08/02 : CIA-RDP81-00142R000700002-5
(2) No. of Individuals:
Changes are indicated where appropriate.
While it is possible that a record exists
where any exemption could be invoked, only
numbers of individuals are entered where
there is a common use of that exemption.
(3) Rule Date:
No change.
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
h. Function Code:
All Function Code entries should be identified
as "054". Our records indicate that 0MB was
notified of the assignment of the 054 Function
Code for records systems CIA--60 and 61, by our
memorandum of 5 December 1977. The correct Func-
tion Code is indicated on the attached.
i. Public Report Code:
All CIA record systems reflect "N" for this
category since no information is sought from
the public at large or a segment thereof. Al-
though many Agency forms are common to many
personal files in our systems, they are of a
singular purpose which is unique to that person.
No. of Individuals in Systems:
-Many changes are entered on the attached. Some
changes were the result of normal additions over
the year, while others were the result of past
inaccurate initial estimates.
k. Exemption Data.
(1) Authority Code (Auth Code):
Exemption subsections (j)(1) and (k)(1
through 7) are utilized by the Agency. All
records systems are subject to all of these
subsections.. In addition to these, subsection
(b), (5 U.S.C. 552 a(b)), is invoked by the
Agency where consideration of the individual
"Privacy" of a person other than the requester
is involved.
Approved For Release 2001/08/02: CIA-RDP81-00142R000700 D02-5
(4) Rule Page:
No change.
2. It has been determined that, where previously denied,
the numbers of individuals in systems CIA--58, In-
spector General Research Records, and CIA--61, Supple-
mental Personnel (Soft) Files, may be included in your
reporting and released to the public. Entries have
been made as appropriate in the inventory. The number
of individuals in system CIA--60 remains available to
the public.
3. Also, since the information provided in the attached
inventory for.sy.stems CIA--60 and 61 does not include
exemption information, it is herewith provided in the
format of the inventory compilation. All exemption
subsections apply to these systems as discussed in
paragraphs 1(k) (1) and 1(k) (2) above.
4. In contrast to data releasable to the public, the
numbers of individuals in the systems listed below must
be withheld from published material and the public
since it is classified and its release would be
mission revealing.
CIA-8
CIA-19
CIA-27
CIA-34
CIA-50
9
20
28
37
52
10
23
29
43
54
12
24
31
44
56
16
25
32
48
57.
17
26
33
49
5. The required information for Part II and Part III of
the Annual Privacy Act Report will be forwarded to your
office by 30 April 1978.
John F. Blake
Deputy Director
for
Administration
IPS/DM/gh/8 March 1978
Distribution:
Orig - Addee
T- IPS Chrono
1 - IPS Subject ( )
I - AI/DDA
1 - DDA
? Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
or Release 9:PMTd'l~EC1 -RE 1010 0ItRH@JDEC2 5
OFFICE OF MANAGEMENT AND BUDGET
WASHINGTON, D.C. 20503
January 31, 1978 CIRCULAR NO. A-108
Transmittal Memorandum No. 4
TO THE HEADS OF EXECUTIVE DEPARTMENT AND ESTABLISHMENTS
Subject: Reporting Instructions for the Annual Report to the
Congress Under the Privacy Act of 1974
1. Purpose. This supplement to OMB Circular No. A-108,
dated July 1, 1975, provides guidance to Federal agencies
regarding the preparation and submission of material for the
President's Annual Report to the Congress on the Privacy Act
of 1974, required by 5 U.S.C. 552a(p). The reporting
requirements in this transmittal memorandum supersede all
previous guidance regarding the President's annual report
issued by this office, including that contained in the OMB
guidelines dated July 1, 1975 (published July 9, 1975, at 40
FR 28948), and Transmittal Memorandum No. 2 to OMB Circular
No. A-108, dated March 25, 1976.
2. Reporting Instructions. Agency reports shall cover
activities for the preceding calendar year and should
describe only major changes in agency policies, procedures,
and activities. The report shall include the following
sections:
a. Summary of accomplishments and future plans:
(1) Protecting individual privac : Summarize
major achievements-in protecting personal privacy during the
year, and outline plans for the next year.
(2) Reducing the scope of personal recordkeepin:
Describe reductions in personal recordkeeping achieved in
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
response to the Director's memoranda of March 7, 1977, and
August 3, 1977, and outline agency plans for further
reducing the number and scope of systems of records in the
next year.
b. Scope and nature of Federal personal recordkeeping:
(1) Inventory of Federal Personal Data Systems.
The inventory is a listing of all systems of records in
existence for which notices have been filed for publication
in the Federal Register as of December 31 of the preceding
calendar year. On or before January 31 of each year, the
Office of Management and Budget will provide to each agency
copies of its portion of the inventory, along with detailed
instructions for verifying the entries. The inventory
includes the following information about each system of
records:
-- the name and identifying number;
-- the date and page number of the most recent
notice published in the Federal Register;
-- whether the records are fully or partially
computerized;
-- the general purpose of the system (e.g.,
administrative or programmatic);
-- the budget function (e.g., national
defense, health) served by the system;
-- the estimated number of individuals on whom
records are maintained.
-- whether the system includes a public report
subject to the Federal Reports Act; and
-- whether the system has been exempted from
any portions of the Act, and if so, the provisions of the
Act on which the exemption is based; the date and page
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
number of the Federal Register in which an exemption rule
was published; and the estimated number of individuals'
records covered by the exemption.
(2) Analysis of changes to systems of records.
Describe any overall changes or trends in recordkeeping
patterns reflected in the agency's Inventory of Federal
Personal Data Systems. This analysis should include, but is
not limited to, the following:
the purposes of and government functions
supported by new systems of records;
computers; and
increases or decreases in the use
-- trends in size and scope of new systems
c. Agency administration of the Act. This section
should describe agency activities to comply with specific
provisions of the Act. Discussion should include an
evaluation of the extent to which the provisions of the Act
have achieved their intended purposes, and Ia. discussion of
any suggested alternative means. of achieving those ends.
The following provisions of the Act should be discussed in
this section:
(1) Accounting for disclosures (subsection (c));
(2) Maintenance of only that information necessary
f
or an authorized function (subsection (e)(1));
(3) Publication requirements (subsection
(e)(11), (f)).;
)(4),
(4) Standard of accuracy, relevance, timeliness
and completeness.(subsection (e)(5));
(5) Validation of records before disclosure
outside the agency (subsection (e)(6));
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
(6) Restrictions on recordkeepirig about First
Amendment activities (subsection (a)(7));
(7) Rules of conduct for agency personnel
(subsection (e)(9)); and
(8) Safeguards on information. (subsections
(e)(10)).
(9) Operation of the exemption provisions
(subsections (j) and (k)), including the following:
-- Provisions of the Act from which systems
have been exempted (as opposed to the provisions under which
systems are exempted, e.g., a system may be exempted from
the access requirement of subsection (d)(1)).
-- The extent to which exemptions permitted by
the Act are invoked by the agencies;
-- Procedures/policies developed to permit
access by individuals to exempt records-
d. Changes in patterns of information exchange. This
section should address the effects of the Privacy Act on
agency information activities. Specific considerations to
be discussed include, but are not limited to, the following:
(1) Has the requirement that information be
collected to the extent possible from the individual,
(subsection (e)(2)), significantly affected agency
information collection practices? If so, how and to what
extent?
(2) Has there been a change in the willingness of
individuals to provide information about themselves? Has
the privacy notification statement required by subsection
(e)(3) made a perceptible difference?
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
(3) Has there. been a change in the amount and/or
quality of information available from third party sources?
Are pledges of confidentiality regularly requested?
(4) Has it become necessary to develop alternative
sources of information? If so, describe them.
(5) How have the Act's limitations on the
disclosure of information affected agency activities?
(6) Were any new policies regarding the routine
use provisions adopted during the year? Describe any major
new routine uses which were established, including the
purpose for the routine use, the recipient of the
information, and the reason for its establishment.
(7) How have State and local privacy and freedom
of information laws affected the exchange of information?
e. Exercise of individual rights. Discuss the extent
to which individuals have sought access to and amendment of
their records, and agency actions in response to these
requests, including numbers of and final actions on appeals
of adverse decisions.
provided:
The total number of requests received, for
access to and for amendment of records; and the number
granted in full and in part, and the number denied, along
with the bases for denial.
-- The number of appeals filed within the agency;
and the number of agency decisions fully or partially
sustained, and the number reversed.
-- The number of civil actions filed (including.
appeals of final agency decisions on access and amendment),
and the disposition or current status of those actions.
(No. A-108)
(1) The following specific information should be
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
(2) Also indicate, using estimates to the extent
necessary:
-- The proportion of requests made by current and
former Federal employees, compared to those made by the
public at large.
-- The numbers of requests which cited the
Privacy Act, the Freedom of Information Act, or both, or
neither. Outline the agency's procedures for handling
requests which cite both or neither.
-- The number of requests which named a specific
system of records.
-- The number of requests for access to exempt
systems and the number actually granted.
f. Public scrutiny of Federal personal recordkeeping
practices. Discuss the extent and nature of comments
received on Privacy Act issuances, including exemption and
procedural rules, system notices, and routine uses published
in the Federal Register, and reports on new or altered
systems of records submitted to OMB and the Congress.
Indicate the source of comments, e.g., the general public,
the Congress, and OMB. Outline any suggested alternatives
for providing notice to the public.
g. Problem areas and recommendations for change. This
section should address any major problems which have arisen
in connection with the Privacy Act, and include
recommendations for changes, either in Administration
policies or in the Act.
3. Distribution of the report. One copy of the verified
inventory listings and five copies of the remainder of the
report will be provided to the Director, Office of
Management and Budget.
4. Timing. A report shall be submitted annually by each
agency, on or before the following dates:
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
a. Verified inventory listings (paragraph b(l)) shall
be submitted not later than six (6) weeks after the release
of the listings and special instructions. Agencies with
more than 100 systems are encouraged to contact OMB staff to
discuss the possibility of phased submission of data. Special
arrangements can also be made to provide agencies with copies
of data in the OMB inventory throughout the year to reduce
the year-end verification workload.
. b. The remainder of the report shall be submitted not
later than April 30 of each year.
5. Effective date. The provisions of this transmittal
memorandum are effective upon issuance.
6. Inquiries. Questions about this transmittal memorandum
may Be directed to the information Systems Policy Division,
Room 9002, New Executive Office Building, (202) 395-4814.
mes T. McIntyre, Jr.
cting Director
(No. A-108)
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
Ap~pO far Release 200
# W6plA F&1 ~ OgLgo%W02-5
WASHINGTON, D.C. 20503
7?
JAN 2 5 "
MEMORANDUM TO Agency Privacy Act Points of Contact
Subject: Annual Verification of Inventory of Federal
Personal Data Systems
This memorandum provides instructions to agencies for
verifying the Inventory of Federal Personal Data Systems.
This is part of the data required for the President's
Annual Report to Congress pursuant to Section 3(p) of
the Act (5 U.S.C. 552a(p)). The remainder of the
annual report submissions are required to be submitted
by April 30, 1978. See OMB Circular No. A-108,
Transmittal Memorandum No. 4 (copy attached).
Two copies of a listing of your agency's systems of
records as reported in the Federal Register are attached.
One copy of this listing, annotated in accordance with the
instructions provided, must be returned to the Office of
Management and Budget (Attention: Information Systems
Policy Division) not later than March 10, 1978.
If you have any questions, contact Ms. Leslie Greenspan
at 395-4814.
Sincerely,
Walter W. Haase
Deputy Associate Director
for Information Systems Policy
Approved For. Release 2001/08/02 : CIA-RDP81.700142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-0Q142B00070t0010002t5
Instructions for Verification of the nven ory o Federal
Personal Data Systems
The attached listing has been compiled by OMB from system
notices published in the Federal Register. It should con-
tain all systems of records in -existence and published or
filed for publication in the Federal Register on or before
December 31, 1977. The information described below should
be verified or supplied for each system. All notations
should be made legibly in ink. Corrections or additions
should be made in the space p id t 1 elow the
item on the listings. If an item is to be change in part
(e.g., editing the system name it should be rewritten in
its ett~_irety in the space provided. orrec - s ould
Any items deletcl s ould be lined out in ink. An entire
system may be deleted only if a notice to that effect has
been published in the Federal Register or the entry on the
listing is a duplicate. Indicate the date and page of the
notice of deletion in the margin where appropriate. If
it is necessary to add systems, do so by writing them in at
the end of the listing, w t he data elements in the same
order as on the listings. Entries may be added only for
notices filed for publication on or before e em 1977.
1. OMB System Number. This is a unique number assigned by
OMB to each system of records. The number consists of the
agency and bureau codes for the organization which main-
tains the system, plus a sequential number. This number
may not be changed in any way. When adding entries, leave
this element blank; OMB will assign a number.
2. Agency System Identifier: This is the number assigned
to each system of records by the agency maintaining the
system. A es are encouraged to delete this item if
feasible and reference their systems both on the listin
an in e e era R using the OMB System Number,
aDa". It the agency desires to continue to use the
number, it will be limited to 21 positions (including
punctuation). Entries longer than 21 positions will be
apparent, because they will exceed the number of blank
spaces allowed for corrections. Verify, modify, or delete
the number as appropriate.
3. System Name: This is the name assigned to a system
of records by the maintaining agency. Agencies should
review the system name carefully to assure that it is as
descriptive as possible and edit it as appropriate.
System names are limited to 55 characters includig
punctuation.
Approved Fo.r Release 200'1108/02 :_ CIA-RDP8.1-00142R000700010002-5
4 Ap d r3ftW44&M #k8E/09l'C A-RkWEMbW=R400 0O1 00$;ite on
which the full text of the system notice was published in
the daily Federal Register. In some cases agencies have
published blanket" routine uses applicable to many or all
of their systems'. The publication dates for such notices
should not appear on this listing. Verify or supply the
date.
5. System Notice Page: This is the page number in the
Federal Register corresponding to the System Notice Date
above. Note that the page number indicates where a
specific system notice, not an agency's group of notices,
began. Verify or supply the page number for each system.
6. ADP Code: This item indicates whether the information
in the system is maintained in a computer (e.g., magnetic
tape or disc); in manual form, (e.g., in paper files or
on index cards); or a hybrid, a combination of the two.
Verify or supply this entry as follows:
A - Automated
H - Hybrid
M - Manual
7. Purpose Code (Pur Code): This number indicates the
genera purpose of the system as follows:
? Administrative or housekeeping systems, code "1,"
are essentially internal in focus, dealing with the
allocation or management of government resources,
such as personnel records, travel vouchers, or motor
pool records.
? Federal Domestic Assistance Program systems, code "2,"
are those operated in support of a program listed in
the "1977 Catalog of Federal Domestic Assistance."
Federal domestic assistance programs are generally
defined as activities of a Federal agency which
provide assistance or benefits that can be requested
or applied for by organizations or individuals (see
OMB Circular No. A-89).
? Other program systems, coded "3," are external in
focus, relating to an agency's substantive programs,
other than those included in the "Catalog of Federal
Domestic Assistance."
I
Approved For Release 2001/08/02: CIA-RDP81-00142R000700010002-5
ApW:py"FOER@4@p-#0Q 4 /gdC-Ikl3Df?g A14?L~P007 g0%2t;o that
systems of records operated under government contracts
should be classified on the basis of the subject matter
of the system (i.e., a contract may be for administrative
or program purposes, either domestic assistance or other.)
8. Function Code: This indicates more specifically the
type of Federal program or activity supported by the system
in terms of the budget function of the appropriation used
to finance it. For each system, supply the appropriate
budget function code as described in section 21.3 of OMB
Circular No. A-il, dated July 1977. If a system is
financed by more than one appropriation, list the budget
function code for the appropriation which provides the
largest portion of the funding. If the function code
for the appropriation is '999' (multiple functions),
furnish the code of the principal subfunction cited in
Part A of the Supplementary Source Document prepared for
that appropriation in the FY 1978 budget submission.
9. Public Re ort Code:. This indicates whether the system
involves pu is reporting subject to the Federal Reports
Act. For each system, enter "P" public re
included in the s ste if no public report is
involved.
10. No. of Individuals in Systems: This item indicates
the number of individuals on whom records are kept, rather
than the number of pieces of information within any system.
It is not necessary to change the number of individuals for
system
If it is not possible
to state an exact igure without either restructuring the
system or establishing a new system of records (e.g.,
because the system may he organized by case, which is
not readily convertible into numbers or individuals),
provide an estimate. Do not leave this item blank. If an
estimate is given, explain the basis for the estimate in
a brief accompanying narrative.
11. Exemption Data. One set of entries (items (a)
through (d) below) must be provided for each exemption
claimed for a system.
a. Authority Code (Auth Code): This entry indicates
the subsection s) of the Act under which exemptions are
claimed; (e.g., J2 or K5). If a system is exemot under
more than one subsection, list each subsection. If the
system is not exempt, leave this and the remaining items
blank.
Approved For Release-2001/08102 CIA-RDP81-00142R000700010002-5
Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5
b.. Na. of Individuals;: Like item 9 above, this means
the number of people on w om exempt records are maintained,
rather than how many pieces of information have been
exempted. The purpose of this, item is. to determine
the proportion of individuals whosse.records are exempt,
if the number differs from-the total number of
individuals on whom records. are maintained in the system.
Verify or supply the number of individuals on whom
records in the system. would be exempt for each exemption
claimed. if all. records are potentially exempt,, repeat
the total number of individuals given in item 9.
c. Rule Date; This is the date on which the agency
published a rule in the Federal Register exempting the
system. Do,nat cite the system notice. Cite the date of
adoption unless the exemption rule is still in the
proposal stage. If the system is exempted under more than
one subsection,, list the date of the rule for each
exemption cited in a, above.
d. Rule Page: This is the Federal-Register page
number corresponding- to the Exemption Rue Date, above.
Approved, For Release 2001108/02 CIA-RDP81-00142R000700010002-5