CENTRAL INTELLIGENCE AGENCY ANNUAL PRIVACY ACT REPORT, PART II, FOR 1977

Approved For Release 2001 /08/02: CIA-RDP81-00142R00070001$$g2A-5 78-0996/1 CENTRAL INTELLIGENCE AGENCY WASHINGTON, D.C. 20505 MEMORANDUM FOR: ATTENTION: FROM: SUBJECT: REFERENCE: Mr. James T. McIntyre Director, Office of Management and Budget Mr. Walter W. Haase Deputy Associate Director for Information Systems Policy John F. Blake Deputy Director for Administration Central Intelligence Agency Annual Privacy Act Report, Part II, for 1977 Agency Memorandum of 10 March 1978 Containing Part I of the Annual Report In accordance with OMB Circular No. A-108, Transmittal Memorandum No. 4, and OMB Memorandum of 25 January 1978, forwarded herewith is the balance of the CIA Annual Privacy Act Report for 1977. John F. Blake Attachment Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 CIA ANNUAL PRIVACY ACT REPORT FOR 1977 NARRATIVE 1. Whereas technical and descriptive data of the Agency's records systems comprised our response of 10 March 1978, this portion of the Annual Report addresses the accom plishments, plans, administration, processing difficulties and recommendations for change vis-a-vis the Privacy Act of 1974. The following discussions correlate to subparagraphs 2 (a through g) of the attachment to your memorandum of inquiry of 25 January 1978. 2(a) Summary of Accomplishments and Future Plans: (1) Protecting Individual Privacy: As a matter of course h , t e sensitive nature of records held by the Agency and our basic policies governing access to them assist in preserving an individual's privacy. Since the preponderance of our documentation is classified, only properly cleared personnel can review documents, and then on a need-to-know principle. Moreover, the Agency does not have a centralized file system; there- fore, this built-in compartmentation limits the amount of information available to any one person. All offices and files are secured whenever staff personnel are not present and all visitors are asked to state their business and verify their rds. aredrecorded, and the Visitors' movemen y personnel enc closely monitored at all times. is are (2) Reducing the Scope of Personal Recordkee Current reductions in holdings of documen- tation have been virtually impossible due to a number of overlapping and repetitive non- destruction directives. The Agency is currently under such an order issued by the House Select Committee on Assassinations. However, with the view that these record destruction moratoriums will eventually end, extensive reviews have been initiated to determine what records will be retained, declassified or destroyed. One signi- ficant step in making possible future reductions Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 in our holdings has been the approval of all of the Agency's Records Control Schedules by the National Archives and Records Service. Given this approval, it is likely that the number of Agency records systems currently maintained may be decreased by two. There are indications, however, that approximately five new systems will have to be declared in the near future. The scope of maintained records is contained by our review and the removal of extraneous data prior to its in- clusion in a system. There has been concern expressed that future access to records may in- hibit the input of current documentation, leading to bland and incomplete files. Although this has been expressed by some records managers, to date we have seen very little evidence of such an occurrence. (b) Scope and Nature of Federal Personal Recordkeeping; Analysis of Changes to Systems o Records: (1) During 1977, CIA--22 was merged with CIA--21. This incorporated the case files maintained on the Agency's Freedom of Information Act and E.O. 11652 document declassification requesters with those for persons who filed Privacy Act requests. Two new systems were declared, namely: CIA--60, Personal and Professional Associates of the Director of Central Intelligence; and CIA--61, Supplemental Personnel (Soft) Files. This latter system was created when the Director established the position of Special Assistant to the Deputy to the Director for Resource Management as an integral part of the intelligence community as a whole. Each of the new systems was required because, as Director of Central Intelligence, Admiral Turner assumed responsibility for directing the intelligence community and effectual support was needed. (2) No great change in the use of computer support was noted in 1977. However, in order to meet quick response demands for information, significant increases can be expected within the next two years in computer-assisted records systems. A number of developmental programs are currently being studied for possible implementation. (3) The size of new systems can be expected to be significantly large at the outset, but a leveling off or reduction will be accomplished as permission Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 -2-  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 is granted to remove obsolete information. The scope of new systems will be limited to the effi- cient, effective and necessary requirements to be served, not only for the sake of privacy considera- tions, but also because of the considerable costs involved. (c) Agency Administration of the Act: (1) Accounting for Disclosures: Records are maintained of instances when information is released and, where necessary, waivers are requested from the individuals concerned. (2) Maintenance of Only That Information Necessary for an Authorized Function: Routine uses of records are the determining factors in placing a document into a system. Prior to insertion into a system, records and information are reviewed for relevance. (3) Publication Requirements: All changes to a system of records are pro- mulgated in the Federal Register with due regard for the 30-day notice to te given to the general public for their comment and our consideration of their views. In addition, significant additions and deletions to the Agency's systems of records are submitted to the President of the Senate, the Speaker of the House, the Privacy Protection Study Commission and the Office of Management and Budget. (4) Standard of Accuracy, Relevance Timeliness and Completeness: Within the limits of our Records Control Schedules and the current prohibition on destruction of records, the relevance and timeliness of records are considered. Accuracy and completeness of files are accomplished by placing a copy of the correspondence from the subject, purporting to correct or clarify records, with the document in question. In this way, a complete analysis of the record can be made by an authorized officer when reviewing the information. Approved For Release 2001/08/02 : C14RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 (5) Validation of Records Before Disclosure Outside the Agency: Validation of information is accomplished through normal verification procedures. Where prudent or necessary, the individual will be contacted for additional supporting data. (6) Restrictions on Recordkee in About First men ment Activities: Collectors and recipients of personal infor- mation are acutely aware of this requirement. Documents are reviewed prior to becoming part of the system. (7) Rules of Conduct for Agency Personnel: Personnel having access to personal records have been instructed in depth as to their respon- sibilities in this regard and the possible con- sequences of a breach of this trust. Formal instruction and realistic situational workshops have been developed to further understanding of the Privacy Act. Extensive formal and on-the-job training are required for those directly implementing the Act. (8) Safeguards on Information: Agency personnel have been well trained in handling sensitive information. Records are maintained in combination lock safes or in vaulted areas. Computers can be accessed only by those personnel who have been assigned controlled pass- words and/or other coded identifiers. (9) Operation of the Exemption Provisions: A. The CIA regulations promulgated pursuant to subsection (j) of the Act authorize the withholding of any information pertaining to an individual which would reveal intelligence sources and methods. Polygraph records are exempt from all sections as provided under the exemption except for subsections 552a(b), (c) (1) and (2), (e) (4) (A through F), (e) (5) , Approved For Release 2001/08/02 : Cl -RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 (6), (7), (9) , (10), and (11), and (i). Under subsection (j) of the Act, systems of records that contain sources and methods are exempt from sub- sections (c)(3), (d), (e) (3) (A through D), (e) (4) (E) , and (f) (1) . E. Under subsection (k), regulations were promulgated which provide that all provisions of this subsection apply to all systems of records. Information meeting the criteria defined in provisions (k) (1) through (k) (7) may be exempted from subsection (d). C. In conformity with the express intent of the Privacy Act, information in a records system pertaining to an individual is exempt from disclosure, subsection (d), except as permitted in subsection (b)(1 through 11). Written permission must be obtained from an individual when personal information pertaining to that person is requested by another individual or entity. D. The Privacy Act permits the Director wide latitude in implementing exemptions for access to records; however, this has been done only to a limited extent. As a system, CIA--23, Polygraph Files, is totally exempt from access. The remaining 57 systems of records are searched, as appropriate, in response to inquiries from requesters. When the above exemptions do not apply, documents are released; and, where they are applicable, segregable portions of records are released whenever feasible. E. There were 644 inquiries in which the request was totally or partially denied and the above discussed subsections were invoked. The con- version to an ADP system in June 1977, did not permit a complete exemption breakout of all the cases but does provide a sample of the results for 388 cases as follows: (b)(i.e., Privacy).... 204 (J) (1) ? ...............352 MM 1 .207 (k)(5) .................56 Also, the word "Privacy" was cited previously; however, in order to refer to a specific sub- section of the Act, subsection (b) replaced "Privacy" in July 1977. Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 -5-  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 F. In lieu of permitting direct access to records by requesters, as provided for in subsection (d), the Agency duplicates re- leasable documentation for requesters at no cost. (d) Changes in Patterns of Information Exchange: (1) Agency employees or applicants are the primary source of information on themselves. Where verification of data is necessary, waivers are requested. Where sensitive opera- tional and security considerations are para- mount, liaison with some Federal agencies has been curtailed or abandoned. This has resulted from possible exposure, via the Privacy Act, of the Agency's interest in a person and where those agencies cannot exert exemptions to protect our interests. (2) There have been some changes in procedure to segregate out that information which is considered strictly personal and that which is directly related to employment. A Privacy Act statement gives the individual a high degree of awareness as to the limits to which information will be used. These are fully discussed and the problems that can develop are explained, should the desired information not be provided or a waiver for specific purposes not obtained. (3) Initially, officials expressed concern that the Act would cause a significant reduction in third party-provided information. As for Agency employees, this factor has not been noticed. How- ever, those interviewed may be narrowing their answers to the questions being asked, with less extemporaneous comment being offered. Pledges of confidentiality requested remain at a level paral- leling the past. Sources in the private sector, having become more aware of their rights, seem somewhat more reluctant to provide information to government officials, with pledges of confiden- tiality more often requested. (4) Alternative sources of information have not been developed. (5) Except for procedural requirements, no significant effect on Agency activities has been noted, due to the Act's limitations on information disclosure. Approved For Release 2001/08/02 : CIA5RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 C. Civil Actions: Filed Against Agency .... ....6 Cases Decided in Agency Favor ......... 1** Cases Decided Against Agency .......... 0 Cases Remaining in Litigation ......... 5 **This case was decided in favor of the Agency. However, the plaintiff appealed one document; the District court upheld the Agency's posi- tion but will still review the record in camera. (2)(A) The Agency's estimate of current and former employees making Privacy Act requests is less than 10 percent of the total. However, the number of requesters in this group appears to be increasing. Also, these figures do not take into account informal requests from current employees where procedures have been in existence since the inception of the Act to permit review of one's files. Approximately 10 percent of Agency em- ployees have availed themselves of this informal approach. (B) Although the Agency does not maintain statistics on which Act a person cites in making a request, Agency employees most often cite the correct Act, given our readily available assist- ance. When anyone wishes to receive information on himself, we encourage processing under the Privacy Act. The requester is assured that all information will be provided as can be allowed under both Acts. If he is insistent, however, we will process such a request under the Freedom Act or provide the exemptions from both Acts. (C) Rarely will the general public cite a system to be searched unless requests for Office of Strategic Services' documents, drug experiment information, or Agency intercepted mail can be so considered. Requesters using commercial services will often cite records systems. Agency personnel use a check-off form. (D) Since all systems are potentially exempt, the requests for access to exempt systems can be considered 100 percent. Also, if releasing a record, where one exists, is considered as access Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 -8-  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 to an exempt system, we permit this to over 80 percent of the requesters, the balance being denied in full. (f) Public Scrutiny of Federal Personal Recordkeeping Practices: (1) No reaction of'a substantive nature to any Agency Privacy Act issuance promulgated in the Federal Register has been received from the general public, the Congress or OMB. If the public wants something, they write or call. Presently existing rules and regulations are largely unknown; so, we properly channel their requests and explain the requirements and pro- cedures necessary to service their requests. To say the least, the Act is expensive in terms of employee time and machine support expended. From the Agency's standpoint, our costs will not lessen simply because the number of our requests are increasing each year, all other factors aside. (g) Problem Areas and Recommendations for Change: Although the discussion below may not pertain specifically to the Privacy Act, it does address personally identifiable information. (1) Agency concern over material released under the Privacy Act is increasing. Problems are being experienced with former staff employees and cooper- ating individuals whose Agency affiliation has not heretofore been disclosed. Serious security breaches could be in the offing. The mere possession of a seemingly innocuous Agency document could, under certain circumstances, cause embarrassment or danger to the person involved, not to mention problems for the Agency. (2) Since deceased individuals have no privacy rights, it is possible that personally identifiable information might have to be released connecting the Agency with undeclared persons. This information, if pursued by hostile elements, could cause serious consequences for vital operational activities and could place in physical jeopardy those who were in association with such an individual. Hostile security and intelligence organizations, in view of their presumed thorough documentation of an American's activities, could quickly identify suspected intelligence sources. Through merely Approved For Release 2001/08/02 : CIAIRDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 the exposure of the name of a CIA man, a hostile country could determine whether and when he was there. (3) Because of information which might be re- leased, liaison equities between the Agency and its foreign counterparts are being seriously questioned by the latter. They foresee the possi- bility of their information being released and we suspect that they may be withholding information. This very real problem will affect our national security more and more as time elapses. (4) Our experience has shown that the public seldom uses the published systems of records as a key to obtain access to their files. The public generally requests all records retrievable under their name. The possi- bility of each agency making available directly to the public on request a descrip- tive list of records systems should be con- sidered. Expensive publication costs in pro- mulgating systems in the Federal Register could then be limited to only t Se deletion of an existing system of the declaration of a new system. Approved For Release 2001/08/02 : CIA-RDPO4-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 IPS/DM/9 May 78 Distribution: Orig. + 4 - 0MB (w/attach) DDA Chrono (w/attach) AI/DDA (w/attach) IPS Chrono w/attach) IPS (w/attach) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R0007 CIA ANNUAL PRIVACY ACT REPORT, PART I, FOR 1977 1. Verification of the Inventory of Federal Personal Data ystems a. 0MB System Number: All system numbers remain as indicated. b. Agency System Indentifier: The CIA has no objection to identifying our records systems with the 0MB System Number. All changes have been indicated on the attached inventory. c. System Name: No change. d. System Notice Date: All dates indicated are correct. However, notice of a new "blanket" routine use was published in the Federal Register on 16 May 1977, Vol. 42, No. 94, pages 24 an 24760. This "blanket" routine use was also published in the Federal Re ister as part of the annual compilation o recor s systems at Book 2, Part VII, Vol. 42, No. 184, page 48050. It is identified as entry 6 under the heading, "Statement of General Routine Uses," and allows for a record from a system of records to be pro- vided to NARS in records management inspections. e. System Notice Page: No change. f. ADP Code: No change. Purpose Code (Pur Code): No change. Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 201/08/02 : CIA-RDP81-00142R000700002-5 (2) No. of Individuals: Changes are indicated where appropriate. While it is possible that a record exists where any exemption could be invoked, only numbers of individuals are entered where there is a common use of that exemption. (3) Rule Date: No change. Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 h. Function Code: All Function Code entries should be identified as "054". Our records indicate that 0MB was notified of the assignment of the 054 Function Code for records systems CIA--60 and 61, by our memorandum of 5 December 1977. The correct Func- tion Code is indicated on the attached. i. Public Report Code: All CIA record systems reflect "N" for this category since no information is sought from the public at large or a segment thereof. Al- though many Agency forms are common to many personal files in our systems, they are of a singular purpose which is unique to that person. No. of Individuals in Systems: -Many changes are entered on the attached. Some changes were the result of normal additions over the year, while others were the result of past inaccurate initial estimates. k. Exemption Data. (1) Authority Code (Auth Code): Exemption subsections (j)(1) and (k)(1 through 7) are utilized by the Agency. All records systems are subject to all of these subsections.. In addition to these, subsection (b), (5 U.S.C. 552 a(b)), is invoked by the Agency where consideration of the individual "Privacy" of a person other than the requester is involved.  Approved For Release 2001/08/02: CIA-RDP81-00142R000700 D02-5 (4) Rule Page: No change. 2. It has been determined that, where previously denied, the numbers of individuals in systems CIA--58, In- spector General Research Records, and CIA--61, Supple- mental Personnel (Soft) Files, may be included in your reporting and released to the public. Entries have been made as appropriate in the inventory. The number of individuals in system CIA--60 remains available to the public. 3. Also, since the information provided in the attached inventory for.sy.stems CIA--60 and 61 does not include exemption information, it is herewith provided in the format of the inventory compilation. All exemption subsections apply to these systems as discussed in paragraphs 1(k) (1) and 1(k) (2) above. 4. In contrast to data releasable to the public, the numbers of individuals in the systems listed below must be withheld from published material and the public since it is classified and its release would be mission revealing. CIA-8 CIA-19 CIA-27 CIA-34 CIA-50 9 20 28 37 52 10 23 29 43 54 12 24 31 44 56 16 25 32 48 57. 17 26 33 49 5. The required information for Part II and Part III of the Annual Privacy Act Report will be forwarded to your office by 30 April 1978. John F. Blake Deputy Director for Administration IPS/DM/gh/8 March 1978 Distribution: Orig - Addee T- IPS Chrono 1 - IPS Subject ( ) I - AI/DDA 1 - DDA ? Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  or Release 9:PMTd'l~EC1 -RE 1010 0ItRH@JDEC2 5 OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 January 31, 1978 CIRCULAR NO. A-108 Transmittal Memorandum No. 4 TO THE HEADS OF EXECUTIVE DEPARTMENT AND ESTABLISHMENTS Subject: Reporting Instructions for the Annual Report to the Congress Under the Privacy Act of 1974 1. Purpose. This supplement to OMB Circular No. A-108, dated July 1, 1975, provides guidance to Federal agencies regarding the preparation and submission of material for the President's Annual Report to the Congress on the Privacy Act of 1974, required by 5 U.S.C. 552a(p). The reporting requirements in this transmittal memorandum supersede all previous guidance regarding the President's annual report issued by this office, including that contained in the OMB guidelines dated July 1, 1975 (published July 9, 1975, at 40 FR 28948), and Transmittal Memorandum No. 2 to OMB Circular No. A-108, dated March 25, 1976. 2. Reporting Instructions. Agency reports shall cover activities for the preceding calendar year and should describe only major changes in agency policies, procedures, and activities. The report shall include the following sections: a. Summary of accomplishments and future plans: (1) Protecting individual privac : Summarize major achievements-in protecting personal privacy during the year, and outline plans for the next year. (2) Reducing the scope of personal recordkeepin: Describe reductions in personal recordkeeping achieved in (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 response to the Director's memoranda of March 7, 1977, and August 3, 1977, and outline agency plans for further reducing the number and scope of systems of records in the next year. b. Scope and nature of Federal personal recordkeeping: (1) Inventory of Federal Personal Data Systems. The inventory is a listing of all systems of records in existence for which notices have been filed for publication in the Federal Register as of December 31 of the preceding calendar year. On or before January 31 of each year, the Office of Management and Budget will provide to each agency copies of its portion of the inventory, along with detailed instructions for verifying the entries. The inventory includes the following information about each system of records: -- the name and identifying number; -- the date and page number of the most recent notice published in the Federal Register; -- whether the records are fully or partially computerized; -- the general purpose of the system (e.g., administrative or programmatic); -- the budget function (e.g., national defense, health) served by the system; -- the estimated number of individuals on whom records are maintained. -- whether the system includes a public report subject to the Federal Reports Act; and -- whether the system has been exempted from any portions of the Act, and if so, the provisions of the Act on which the exemption is based; the date and page (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 number of the Federal Register in which an exemption rule was published; and the estimated number of individuals' records covered by the exemption. (2) Analysis of changes to systems of records. Describe any overall changes or trends in recordkeeping patterns reflected in the agency's Inventory of Federal Personal Data Systems. This analysis should include, but is not limited to, the following: the purposes of and government functions supported by new systems of records; computers; and increases or decreases in the use -- trends in size and scope of new systems c. Agency administration of the Act. This section should describe agency activities to comply with specific provisions of the Act. Discussion should include an evaluation of the extent to which the provisions of the Act have achieved their intended purposes, and Ia. discussion of any suggested alternative means. of achieving those ends. The following provisions of the Act should be discussed in this section: (1) Accounting for disclosures (subsection (c)); (2) Maintenance of only that information necessary f or an authorized function (subsection (e)(1)); (3) Publication requirements (subsection (e)(11), (f)).; )(4), (4) Standard of accuracy, relevance, timeliness and completeness.(subsection (e)(5)); (5) Validation of records before disclosure outside the agency (subsection (e)(6)); (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 (6) Restrictions on recordkeepirig about First Amendment activities (subsection (a)(7)); (7) Rules of conduct for agency personnel (subsection (e)(9)); and (8) Safeguards on information. (subsections (e)(10)). (9) Operation of the exemption provisions (subsections (j) and (k)), including the following: -- Provisions of the Act from which systems have been exempted (as opposed to the provisions under which systems are exempted, e.g., a system may be exempted from the access requirement of subsection (d)(1)). -- The extent to which exemptions permitted by the Act are invoked by the agencies; -- Procedures/policies developed to permit access by individuals to exempt records- d. Changes in patterns of information exchange. This section should address the effects of the Privacy Act on agency information activities. Specific considerations to be discussed include, but are not limited to, the following: (1) Has the requirement that information be collected to the extent possible from the individual, (subsection (e)(2)), significantly affected agency information collection practices? If so, how and to what extent? (2) Has there been a change in the willingness of individuals to provide information about themselves? Has the privacy notification statement required by subsection (e)(3) made a perceptible difference? (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 (3) Has there. been a change in the amount and/or quality of information available from third party sources? Are pledges of confidentiality regularly requested? (4) Has it become necessary to develop alternative sources of information? If so, describe them. (5) How have the Act's limitations on the disclosure of information affected agency activities? (6) Were any new policies regarding the routine use provisions adopted during the year? Describe any major new routine uses which were established, including the purpose for the routine use, the recipient of the information, and the reason for its establishment. (7) How have State and local privacy and freedom of information laws affected the exchange of information? e. Exercise of individual rights. Discuss the extent to which individuals have sought access to and amendment of their records, and agency actions in response to these requests, including numbers of and final actions on appeals of adverse decisions. provided: The total number of requests received, for access to and for amendment of records; and the number granted in full and in part, and the number denied, along with the bases for denial. -- The number of appeals filed within the agency; and the number of agency decisions fully or partially sustained, and the number reversed. -- The number of civil actions filed (including. appeals of final agency decisions on access and amendment), and the disposition or current status of those actions. (No. A-108) (1) The following specific information should be Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 (2) Also indicate, using estimates to the extent necessary: -- The proportion of requests made by current and former Federal employees, compared to those made by the public at large. -- The numbers of requests which cited the Privacy Act, the Freedom of Information Act, or both, or neither. Outline the agency's procedures for handling requests which cite both or neither. -- The number of requests which named a specific system of records. -- The number of requests for access to exempt systems and the number actually granted. f. Public scrutiny of Federal personal recordkeeping practices. Discuss the extent and nature of comments received on Privacy Act issuances, including exemption and procedural rules, system notices, and routine uses published in the Federal Register, and reports on new or altered systems of records submitted to OMB and the Congress. Indicate the source of comments, e.g., the general public, the Congress, and OMB. Outline any suggested alternatives for providing notice to the public. g. Problem areas and recommendations for change. This section should address any major problems which have arisen in connection with the Privacy Act, and include recommendations for changes, either in Administration policies or in the Act. 3. Distribution of the report. One copy of the verified inventory listings and five copies of the remainder of the report will be provided to the Director, Office of Management and Budget. 4. Timing. A report shall be submitted annually by each agency, on or before the following dates: (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 a. Verified inventory listings (paragraph b(l)) shall be submitted not later than six (6) weeks after the release of the listings and special instructions. Agencies with more than 100 systems are encouraged to contact OMB staff to discuss the possibility of phased submission of data. Special arrangements can also be made to provide agencies with copies of data in the OMB inventory throughout the year to reduce the year-end verification workload. . b. The remainder of the report shall be submitted not later than April 30 of each year. 5. Effective date. The provisions of this transmittal memorandum are effective upon issuance. 6. Inquiries. Questions about this transmittal memorandum may Be directed to the information Systems Policy Division, Room 9002, New Executive Office Building, (202) 395-4814. mes T. McIntyre, Jr. cting Director (No. A-108) Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5  Ap~pO far Release 200 # W6plA F&1 ~ OgLgo%W02-5 WASHINGTON, D.C. 20503 7? JAN 2 5 " MEMORANDUM TO Agency Privacy Act Points of Contact Subject: Annual Verification of Inventory of Federal Personal Data Systems This memorandum provides instructions to agencies for verifying the Inventory of Federal Personal Data Systems. This is part of the data required for the President's Annual Report to Congress pursuant to Section 3(p) of the Act (5 U.S.C. 552a(p)). The remainder of the annual report submissions are required to be submitted by April 30, 1978. See OMB Circular No. A-108, Transmittal Memorandum No. 4 (copy attached). Two copies of a listing of your agency's systems of records as reported in the Federal Register are attached. One copy of this listing, annotated in accordance with the instructions provided, must be returned to the Office of Management and Budget (Attention: Information Systems Policy Division) not later than March 10, 1978. If you have any questions, contact Ms. Leslie Greenspan at 395-4814. Sincerely, Walter W. Haase Deputy Associate Director for Information Systems Policy Approved For. Release 2001/08/02 : CIA-RDP81.700142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-0Q142B00070t0010002t5 Instructions for Verification of the nven ory o Federal Personal Data Systems The attached listing has been compiled by OMB from system notices published in the Federal Register. It should con- tain all systems of records in -existence and published or filed for publication in the Federal Register on or before December 31, 1977. The information described below should be verified or supplied for each system. All notations should be made legibly in ink. Corrections or additions should be made in the space p id t 1 elow the item on the listings. If an item is to be change in part (e.g., editing the system name it should be rewritten in its ett~_irety in the space provided. orrec - s ould Any items deletcl s ould be lined out in ink. An entire system may be deleted only if a notice to that effect has been published in the Federal Register or the entry on the listing is a duplicate. Indicate the date and page of the notice of deletion in the margin where appropriate. If it is necessary to add systems, do so by writing them in at the end of the listing, w t he data elements in the same order as on the listings. Entries may be added only for notices filed for publication on or before e em 1977. 1. OMB System Number. This is a unique number assigned by OMB to each system of records. The number consists of the agency and bureau codes for the organization which main- tains the system, plus a sequential number. This number may not be changed in any way. When adding entries, leave this element blank; OMB will assign a number. 2. Agency System Identifier: This is the number assigned to each system of records by the agency maintaining the system. A es are encouraged to delete this item if feasible and reference their systems both on the listin an in e e era R using the OMB System Number, aDa". It the agency desires to continue to use the number, it will be limited to 21 positions (including punctuation). Entries longer than 21 positions will be apparent, because they will exceed the number of blank spaces allowed for corrections. Verify, modify, or delete the number as appropriate. 3. System Name: This is the name assigned to a system of records by the maintaining agency. Agencies should review the system name carefully to assure that it is as descriptive as possible and edit it as appropriate. System names are limited to 55 characters includig punctuation. Approved Fo.r Release 200'1108/02 :_ CIA-RDP8.1-00142R000700010002-5  4 Ap d r3ftW44&M #k8E/09l'C A-RkWEMbW=R400 0O1 00$;ite on which the full text of the system notice was published in the daily Federal Register. In some cases agencies have published blanket" routine uses applicable to many or all of their systems'. The publication dates for such notices should not appear on this listing. Verify or supply the date. 5. System Notice Page: This is the page number in the Federal Register corresponding to the System Notice Date above. Note that the page number indicates where a specific system notice, not an agency's group of notices, began. Verify or supply the page number for each system. 6. ADP Code: This item indicates whether the information in the system is maintained in a computer (e.g., magnetic tape or disc); in manual form, (e.g., in paper files or on index cards); or a hybrid, a combination of the two. Verify or supply this entry as follows: A - Automated H - Hybrid M - Manual 7. Purpose Code (Pur Code): This number indicates the genera purpose of the system as follows: ? Administrative or housekeeping systems, code "1," are essentially internal in focus, dealing with the allocation or management of government resources, such as personnel records, travel vouchers, or motor pool records. ? Federal Domestic Assistance Program systems, code "2," are those operated in support of a program listed in the "1977 Catalog of Federal Domestic Assistance." Federal domestic assistance programs are generally defined as activities of a Federal agency which provide assistance or benefits that can be requested or applied for by organizations or individuals (see OMB Circular No. A-89). ? Other program systems, coded "3," are external in focus, relating to an agency's substantive programs, other than those included in the "Catalog of Federal Domestic Assistance." I Approved For Release 2001/08/02: CIA-RDP81-00142R000700010002-5  ApW:py"FOER@4@p-#0Q 4 /gdC-Ikl3Df?g A14?L~P007 g0%2t;o that systems of records operated under government contracts should be classified on the basis of the subject matter of the system (i.e., a contract may be for administrative or program purposes, either domestic assistance or other.) 8. Function Code: This indicates more specifically the type of Federal program or activity supported by the system in terms of the budget function of the appropriation used to finance it. For each system, supply the appropriate budget function code as described in section 21.3 of OMB Circular No. A-il, dated July 1977. If a system is financed by more than one appropriation, list the budget function code for the appropriation which provides the largest portion of the funding. If the function code for the appropriation is '999' (multiple functions), furnish the code of the principal subfunction cited in Part A of the Supplementary Source Document prepared for that appropriation in the FY 1978 budget submission. 9. Public Re ort Code:. This indicates whether the system involves pu is reporting subject to the Federal Reports Act. For each system, enter "P" public re included in the s ste if no public report is involved. 10. No. of Individuals in Systems: This item indicates the number of individuals on whom records are kept, rather than the number of pieces of information within any system. It is not necessary to change the number of individuals for system If it is not possible to state an exact igure without either restructuring the system or establishing a new system of records (e.g., because the system may he organized by case, which is not readily convertible into numbers or individuals), provide an estimate. Do not leave this item blank. If an estimate is given, explain the basis for the estimate in a brief accompanying narrative. 11. Exemption Data. One set of entries (items (a) through (d) below) must be provided for each exemption claimed for a system. a. Authority Code (Auth Code): This entry indicates the subsection s) of the Act under which exemptions are claimed; (e.g., J2 or K5). If a system is exemot under more than one subsection, list each subsection. If the system is not exempt, leave this and the remaining items blank. Approved For Release-2001/08102 CIA-RDP81-00142R000700010002-5  Approved For Release 2001/08/02 : CIA-RDP81-00142R000700010002-5 b.. Na. of Individuals;: Like item 9 above, this means the number of people on w om exempt records are maintained, rather than how many pieces of information have been exempted. The purpose of this, item is. to determine the proportion of individuals whosse.records are exempt, if the number differs from-the total number of individuals on whom records. are maintained in the system. Verify or supply the number of individuals on whom records in the system. would be exempt for each exemption claimed. if all. records are potentially exempt,, repeat the total number of individuals given in item 9. c. Rule Date; This is the date on which the agency published a rule in the Federal Register exempting the system. Do,nat cite the system notice. Cite the date of adoption unless the exemption rule is still in the proposal stage. If the system is exempted under more than one subsection,, list the date of the rule for each exemption cited in a, above. d. Rule Page: This is the Federal-Register page number corresponding- to the Exemption Rue Date, above. Approved, For Release 2001108/02 CIA-RDP81-00142R000700010002-5