PRIVACY ACT MATERIALS

Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R060901120025-2 (7c0d1-1 ROUTING AND TRANSMITTAL. SUP Pp/ n Oats 30 JAN 1986 TO =solace symbol, room numbir. . ASencr/PolD L DIRECTOR OF, INFORMATICN SERVICES Initials Date 2. , 3. 4. S. Action File Note and Return Approval For Clearance Per Conversation As Requested For Correction Prepare Rs* Circulate For Your Information See Me Comment Investigate Signature Coordination Justify REMARKS #1 ? ACTICN PLEASE PREPARE APPROPRIATE RESPCNSES TO ATTACHMENTS 'IWO AND 'THREE. SUSPENSE TO DDA CN ATTACHMENT #2: 28 APR 1986 SUSPENSE TO DDA ON ATTACHEMIN #3: 26 JUN 1986 DO NOT use this form as a RECORD of approvals, concurrences, disposals. clearances, and similar actions rerkill? thimassai owe evirmAeJ Asabssaw/Prtallt .U.5.U.V.U. 1w:3.421-529/320 Room No.?Bldi. Phone No. tORIA 41 (Rev. 7-76) GSA ?PIM (41 CIP% 101-11405 STAT Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON. D.C. 20503 MEMORANDUM FOR THE PRIVACY POINTS OF CONTACT FROM: Robert P. BedellN/e.-. Deputy Administrator Office of Information and Regulatory Affairs SUBJECT: Privacy Act Materials IDD 4 Pc:7:1.7:7'V I 6 - This memorandum, contains three attachments: ? o A copy of the President's Privacy Act Report for CY 1982 and 1983, dated December 4, 1985; o A copy of OMB Circular No. A-130, dated December 12, 1985; and o A supplemental instruction sheet for providing information to support the President's 1985 Privacy Act Report to the Congress. OMB Circular No. A-130 is a policy directive to Federal agencies on the management of Federal information resources. It sets basic guidelines for collecting, processing arid disseminating information and for the management of Federal information systems and technology. It also revises existing directives on privacy, computer security, and cost accounting for Federal computer and telecommunications facilities. Appendix I of the Circular will be of special interest to managers of agency Privacy Act programs. It replaces OMB Circular No. A-108, "Federal Agency Responsibilities for Maintaining Records About Individuals." Please note, however, that this Appendix does not replace the OMB Guidelines on Implementing the Privacy Act of 1974 published in the Federal Register on July 9, 1975 (40 FR 28949). In addition to consolidating the basic Circular A-108 and its Transmittal Memoranda into a single document, the new Appendix I adds or alters certain responsibilities and procedures: o It provides a timetable for agencies to conduct certain reviews of their implementing activities or record holdings, e.g., "review annually agency recordkeeping and disposal practices...." Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 1 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 2 o It transfers certain responsibilities formerly assigned to the General Services Administration to the National Archives and Records Administration. o It requires agencies to collect and keep certain data about their Privacy Act publications and about public use of the Privacy Act for the President's annual report. o It permits agencies to submit exemption rules as part of a report on a new or altered system, rather than under the provisions of Executive Order No. 12291. o It establishes new rules for seeking a waiver of the OMB/Congressional review period for reports on new systems of records.1 Agencies should immediately begin following the procedures for reporting new or altered systems of records contained in Appendix I. Instructions for reporting statistical and other information in support of the President's yearly report to Congress are contained in paragraph 4 of the Appendix. This information is essentially the same as that which we have collected for the past four years. It is due no later than April 30, 1986. The third attachment to this memorandum contains additional instructions for submitting data for the annual report. This information is due no later than June 30, 1986. Send both submissions to: The Office of Management and Budget Office of Information and Regulatory Affairs NEOB Room 3235 Washington, D.C. 20503 Direct questions to Robert N. Veeder, of my staff, at 395-4814. Attachments Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 rr ? ???? ?MIE 4=IM AIM INIM? 1111?1. MN ? GM MOM IMMO MIN ?MIIMI Mini ?11?? MOM ?I???? GEM NNE .1?11?? AMON., M11?1=11?11?????=1 MIN 1=11.1 ?I?? 1??? IMI? ?1111, 1= WO IMO 1Mi Ma En MIN OM MN ..d1??? .o /NM AMIN. an.. MMOMMF ?Mi? ?Nm?? 1?IMMIM IMMNI .... .....- ... li OW =.1 MIN - ??? 11 MIS 10 AM. ?M? MI= AN .1Mr "NB MM. =MI UN, .1111. 4.1M, INW M 1M 11= i=m ???? M=Ii =I& MIMI On. 1.?.. .dii VIN. 1?1111 ??111?1???=, /11111???/ ??11111??? ?.111111r =ND /NM ???? MOWN'S ?MINIM Inn IMINIF IMO ???? GM IMIND INII?1 IMO ///?? .IMk? IMIN AMNON i1 .111, III I=I II% IMIN? .IM?? ,lo. ????1, VIM dabs =MN In =MEM OM. ????1 111?1?P =M. NEN ,IM1? ,li IMm .fr ?MISO Mmil iMIEk. ?Il 4/I, iMm? ..../M/ ????1111 Tuesday December 24, 1985 Part IV Office of Management and Budget Management of Federal Information Resources; Final Publication of OMB Circular No. A-130 , Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 1 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Supplemental Instructions for Submitting Information In Support of the President's Annual Privacy Act Report For CY 1985 Section (p) of the Privacy Act of 1974 (5 U.S.C. 552a) requires the President to report annually to the Congress: o How individuals exercised their rights of access and amendment during the year; o What changes were made to systems of records; o Other information about the implementation of the Act that would be useful to the Congress in carrying out its oversight responsibilities. Appendix I to OMB Circular A-130 contains instructions for collecting statistical data about access and amendment requests, changes to systems of records, matching programs, and litigation. Report that information in Section I below. In Section II below are a series of questions relating to specific implementation activities. Please provide as much information as possible. Provide approximations or estimates where necessary, identifying them as such. I Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 i Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 2 Section I. Report information for calendar year 1985. Aggregate data at the agency level; do not report components separately. A. Privacy Points of Contact: Provide the names, titles, telephone numbers and mailing addresses of the agency individuals who are responsible for Implementing the Privacy Act in your agency: 1. Senior Agency Official: Name Address Telephone 2. Privacy Officer: Name Address Telephone 3. Legal Counsel: Name: Address . Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 I I Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Telephone 3 B. Publication Data: Provide the following information as of December 31, 1985: 1. Total number of active systems: nonexempt exempt 2. Number of new systems published during 1985: nonexempt exempt 3. Number of systems deleted during 1985: nonexempt exempt 4. Number of systems automated, either in whole or part, during 1985: nonexempt exempt 5. Number of existing systems for which new routine uses were established, during 1985: nonexempt exempt 6. Number of existing systems for which new exemptions were claimed. 7. Number of existing systems from which exemptions were deleted. 8. Number of public comments received on agency publication of rules or notices: 9. Briefly discuss any comments received and any action taken based on comments received, including those received from OMB or the Congress. Attach continuation sheet if necessary. Attach copies of . Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 I Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 4 any Congressional correspondence. C. Individuals' Exercise of Rights of Access & Amendment: (Note, access and amendment requests are defined as requests from record subjects for access to agency records that are (1) about themselves; (2) located in systems of records; and (3) which cite the Privacy Act of 1974 as the basis for the request). 1. Total number of requests for access: 2. Number of requests wholly or partially granted: 3. Number of requests totally denied: 4. Number of requests for which no record was found: 5. Number of appeals of denials of access: 6. Number of appeals in which denial was upheld: 7. Number of appeals in which denial was overturned either in whole or part: 8. Number of requests to amend records in system: 9. Number of amendment requests wholly or partially granted: 10. Number of amendment requests totally denied: , Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 5 11. Number of appeals of denials of amendment requests: 12. Number of appeals in which denial was upheld: 13. Number in which denial was overturned either in whole or in part: 14. If your agency denied any access requests on a basis other than the provisions of sections (d)(5), (j), or (k) of the Privacy Act, explain the rationale for your denial. 15. Number of instances in which individuals litigated the results of appeals of access or amendment: 16. The results of such litigation. D. Matching Programs: (See the definition of a matching program in OMB's revised Matching Guidelines, 47 FR 1656, May 19, 1982): 1. How many matching programs did your agency participate in as a matching agency during 1985? 2. How many as a source agency? 3. On what date(s) were any matching reports required by the Guidelines published in the Federal Register and provided to OMB and the Congress? E. Agency Analysis of Activities: Submit a brief analysis of the data provided above. The analysis should show how the data supports the agency's efforts to comply with the objectives of the Act. The analysis should also nnnaidar tha ^e Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 6 earlier reports. Agencies should also identify significant ongoing or completed activities designed to improve administration of the Act, e.g., review of routine uses, publication of revised rules, review of application of exemption provisions, improvements in public access to records, etc. This information is due to OMB no later than April 30, 1986. ! Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 7 Section II. Please provide whatever information you have, including documents where available, in response to the questions below. o PUBLIC NOTICE. The public notice provisions of the Privacy Act call for publication in the Federal Register of systems notices, routine uses, and agency rules. While such publication meets the legal requirements of the Act, it is not the most accessible source for ordinary individuals to find out about agency publications and practices. Does your agency do anything to supplement its Federal Register publications?, e.g., issuing pamphlets, providing abbreviated lists of systems, providing a toll free number for assistance, etc. o MICRO COMPUTER POLICY. How many of your agency's systems of records are contained in stand-alone micro computers, i.e.. on floppy or hard disk? Does your agency have written policies for who may have access and for safeguarding and disposing of records? o AUTOMATION. What percentage of your agency's systems of records are automated, either in whole or part? What percentage of all of the individuals in your agency's systems of records are contained in automated systems? o FOIA/PA RELATIONSHIP. How does your agency process first party requests for access to Privacy Act records that (1) cite the Privacy Act alone; (2) cite the FOIA alone; (3) cite both Acts; (4) cite neither Act? Does your agency have a written policy on processing these kinds of requests? o MATCHING PROGRAMS. OMB Memorandum M-84-6, dated December 29, 1983 transmitted a "Computer Match Checklist" for agencies to use in documenting matching programs. The memorandum requires agency to complete the checklist immediately following publication of the report of the matching program in the Federal Register, and to maintain checklists on file for OMB review. Send copies of these checklists for all matching programs for which a Federal Register report was published in 1985. You should ensure consistency with the figures you report in paragraph D. of Section I of these instructions. o PRIVACY ACT TRAINING. Your answers to the following questions will help us assess the state of such training and determine the need for additional training: What is your agency's policy toward providing Privacy Act training to its employees, (e.g., required for all new employees, required only for employees who work with Privacy Act matters, provided only to those who request it, etc.)? ! Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 - - 8 What percentage of your agency's employees have received formal Privacy Act training, in each of the following categories (1) executive level, (2)legal staff, clerical or administrative staff, ADP staff. Agency Operated Training. Does your agency conduct its own internal training program(s)? If yes, Who is responsible for conducting such training? What are the criteria for deciding who is to be trained? What are the criteria for deciding if training has been effective and useful? Briefly describe your program(s) and provide copies of any training materials used. How many employees were trained in CY 1985 (if possible, by category e.g., executive level, legal staff, clerical or administrative staff, ADP staff). Use of Other Privacy Act Training. What other formal training courses did your agency use in CY 1985,(e.g., by other governmental agencies such as the Office of Personnel Management, or the Department of Justice's Legal Education Institute, or by private firms). How many agency employees received such training (by course and category of employee, if possible)? Was your agency satisfied with the quality of the training? How did it determine this? Do you have any suggestions for Privacy Act training This information is due to OMB no later than June 30, 1986. Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2 Declassified in Part - Sanitized Copy Approved for Release 2-612/08/29 : 120025-2 /004 The President's ANNUAL REPORT on the Agencies' Implementation of the Privacy Act of 1974 CY 1982 - 1983 Declassified in Part - Sanitized Copy Approved for Release 2012/08/29: CIA-RDP88G01332R000901120025-2