About GPO   |   Newsroom/Media   |   Congressional Relations   |   Inspector General   |   Careers   |   Contact   |   askGPO   |   Help  
 
Home   |   Customers   |   Vendors   |   Libraries  

The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.

[2]
 
 

Electronic Code of Federal Regulations

e-CFR Data is current as of April 17, 2014

Title 41: Public Contracts and Property Management


PART 105-64—GSA PRIVACY ACT RULES


Contents
§105-64.000   What is the purpose of this part?
§105-64.001   What terms are defined in this part?

Subpart 105-64.1—Policies and Responsibilities

§105-64.101   Who is responsible for enforcing these rules?
§105-64.102   What is GSA's policy on disclosure of information in a system of records?
§105-64.103   What is GSA's policy on collecting and using information in a system of records?
§105-64.104   What must the system manager tell me when soliciting personal information?
§105-64.105   When may Social Security Numbers (SSNs) be collected?
§105-64.106   What is GSA's policy on information accuracy in a system of records?
§105-64.107   What standards of conduct apply to employees with privacy-related responsibilities?
§105-64.108   How does GSA safeguard personal information?
§105-64.109   How does GSA handle other agencies' records?
§105-64.110   When may GSA establish computer matching programs?
§105-64.111   What is GSA's policy on directives that may conflict with this part?

Subpart 105-64.2—Access to Records

§105-64.201   How do I get access to my records?
§105-64.202   How do I request access in person?
§105-64.203   How do I request access in writing?
§105-64.204   Can parents and guardians obtain access to records?
§105-64.205   Who will provide access to my record?
§105-64.206   How long will it take to get my record?
§105-64.207   Are there any fees?
§105-64.208   What special conditions apply to release of medical records?
§105-64.209   What special conditions apply to accessing law enforcement and security records?

Subpart 105-64.3—Denial of Access to Records

§105-64.301   Under what conditions will I be denied access to a record?
§105-64.302   How will I be denied access?
§105-64.303   How do I appeal a denial to access a record?
§105-64.304   How are administrative appeal decisions made?
§105-64.305   What is my recourse to an appeal denial?

Subpart 105-64.4—Amending Records

§105-64.401   Can I amend my record?
§105-64.402   What records are not subject to amendment?
§105-64.403   What happens when I submit a request to amend a record?
§105-64.404   What must I do if I agree to an alternative amendment?
§105-64.405   Can I appeal a denial to amend a record?
§105-64.406   How will my appeal be handled?
§105-64.407   How do I file a Statement of Disagreement?
§105-64.408   What is my recourse to a denial decision?

Subpart 105-64.5—Disclosure of Records

§105-64.501   Under what conditions may a record be disclosed without my consent?
§105-64.502   How do I find out if my record has been disclosed?
§105-64.503   What is an accounting of disclosures?
§105-64.504   Under what conditions will I be denied an accounting of disclosures?

Subpart 105-64.6—Establishing or Revising Systems of Records in GSA

§105-64.601   Procedures for establishing system of records.

Subpart 105-64.7—Assistance and Referrals

§105-64.701   Submittal of requests for assistance and referrals.

Subpart 105-64.8—Privacy Complaints

§105-64.801   How to file a privacy complaint.
§105-64.802   Can I appeal a decision to a privacy complaint?
§105-64.803   How will my appeal be handled?
Appendix A to Part 105-64—Addresses for Geographically Dispersed Records

Authority: 5 U.S.C. 552a.

Source: 74 FR 66246, Dec. 15, 2009, unless otherwise noted.

§105-64.000   What is the purpose of this part?

This part implements the General Services Administration (GSA) rules under the Privacy Act of 1974, 5 U.S.C. 552a, as amended. The rules cover the GSA systems of records from which information is retrieved by an individual's name or personal identifier. These rules set forth GSA's policies and procedures for accessing, reviewing, amending, and disclosing records covered by the Privacy Act. GSA will comply with all existing and future privacy laws.

§105-64.001   What terms are defined in this part?

GSA defines the following terms to ensure consistency of use and understanding of their meaning under this part:

Agency means any organization covered by the Privacy Act as defined in 5 U.S.C. 551(1) and 5 U.S.C. 552a (a)(1). GSA is such an agency.

Computer matching program means the computerized comparison of two or more Federal personnel or payroll systems of records, or systems of records used to establish or verify an individual's eligibility for Federal benefits or to recoup delinquent debts.

Disclosure of information means providing a record or the information in a record to someone other than the individual of record.

Exempt records means records exempted from access by an individual under the Privacy Act, subsections (j)(1), Central Intelligence Agency, (j)(2) and (k)(2), law enforcement, (k)(1), Section 552 (b)(1), (k)(3), protective services to the President,(k)(4), statistical records, (k)(5), employee background investigations, (k)(6), federal service disclosure, and (k)(7), promotion in armed services.

Individual means a citizen of the United States or a legal resident alien on whom GSA maintains Privacy Act records. An individual may be addressed as you when information is provided for the individual's use.

Personally Identifiable Information (PII) means information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined. In OMB Circular M-06-19, the term “Personally Identifiable Information” is defined as any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity, such as their name, Social Security Number, date and place of birth, mother's maiden name, biometric records, including any other personal information which can be linked to an individual.

Record means any item, collection, or grouping of information about an individual within a system of records which contains the individual's name or any other personal identifier such as number or symbol, fingerprint, voiceprint, or photograph. The information may relate to education, financial transactions, medical conditions, employment, or criminal history collected in connection with an individual's interaction with GSA.

Request for access means a request by an individual to obtain or review his or her record or information in the record.

Routine use means disclosure of a record outside GSA for the purpose for which it is intended, as specified in the systems of records notices.

Solicitation means a request by an officer or employee of GSA for an individual to provide information about himself or herself for a specified purpose.

System of records means a group of records from which information is retrieved by the name of an individual, or by any number, symbol, or other identifier assigned to that individual.

System manager means the GSA associate responsible for a system of records and the information in it, as noted in the Federal Register systems of records notices.

Subpart 105-64.1—Policies and Responsibilities

§105-64.101   Who is responsible for enforcing these rules?

GSA Heads of Services and Staff Offices and Regional Administrators are responsible for ensuring that all systems of records under their jurisdiction meet the provisions of the Privacy Act and these rules. System managers are responsible for the system(s) of records assigned to them. The GSA Privacy Act Officer oversees the GSA Privacy Program and establishes privacy-related policy and procedures for the agency under the direction of the GSA Senior Agency Official for Privacy.

§105-64.102   What is GSA's policy on disclosure of information in a system of records?

No information contained in a Privacy Act system of records will be disclosed to third parties without the written consent of you, the individual of record, except under the conditions cited in §105-64.501.

§105-64.103   What is GSA's policy on collecting and using information in a system of records?

System managers must collect information that is used to determine your rights, benefits, or privileges under GSA programs directly from you whenever practical, and use the information only for the intended purpose(s).

§105-64.104   What must the system manager tell me when soliciting personal information?

When soliciting information from you or a third party for a system of records, system managers must: Cite the authority for collecting the information; say whether providing the information is mandatory or voluntary; give the purpose for which the information will be used; state the routine uses of the information; and describe the effect on you, if any, of not providing the information. This information is found in the Privacy Act Statement. Any form that asks for personal information will contain this statement.

§105-64.105   When may Social Security Numbers (SSNs) be collected?

(a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of identification. Systems without statutory or regulatory authority implemented after January 1, 1975, will not collect Social Security Numbers.

(b) In compliance with OMB M-07-16 (Safeguarding Against and Responding to the Breach of Personally Identifiable Information) collection and storage of SSN will be limited to systems where no other identifier is currently available. While GSA will strive to reduce the collection and storage of SSN and other PII we recognize that some systems continue to need to collect this information.

§105-64.106   What is GSA's policy on information accuracy in a system of records?

System managers will ensure that all Privacy Act records are accurate, relevant, necessary, timely, and complete. All GSA systems are reviewed annually. Those systems that contain Personally Identifiable Information (PII) are reviewed to ensure they are relevant, necessary, accurate, up-to-date, and covered by the appropriate legal or regulatory authority. A listing of GSA Privacy Act Systems can be found at the following link (http://www.gsa.gov/

Portal/gsa/ep/

contentView.do?contentType=

GSA_BASIC&contentId=21567).

§105-64.107   What standards of conduct apply to employees with privacy-related responsibilities?

(a) Employees who design, develop, operate, or maintain Privacy Act record systems will protect system security, avoid unauthorized disclosure of information, both verbal and written, and ensure that no system of records is maintained without public notice. All such employees will follow the standards of conduct in 5 CFR part 2635, 5 CFR part 6701, 5 CFR part 735, and 5 CFR part 2634 to protect personal information.

(b) Employees who have access to privacy act records will avoid unauthorized disclosure of personal information, both written and verbal, and ensure they have met privacy training requirements. All such employees will follow GSA orders HCO 9297.1 GSA Data Release Policy, HCO 9297.2A GSA Information Breach Notification Policy, HCO 2180.1 GSA Rules of Behavior for Handling Personally Identifiable Information (PII), CIO P 2100.1E CIO P GSA Information Technology (IT) Security Policy, and CIO 2104.1 GSA Information Technology (IT) General Rules of Behavior.

§105-64.108   How does GSA safeguard personal information?

(a) System managers will establish administrative, technical, and physical safeguards to ensure the security and confidentiality of records, protect the records against possible threats or hazards, and permit access only to authorized persons. Automated systems will incorporate security controls such as password protection, verification of identity of authorized users, detection of break-in attempts, firewalls, or encryption, as appropriate.

(b) System managers will ensure that employees and contractors who have access to personal information in their system will have the proper background investigation and meet all privacy training requirements.

§105-64.109   How does GSA handle other agencies' records?

In cases where GSA has either permanent or temporary custody of other agencies' records, system managers will coordinate with those agencies on any release of information. Office of Personnel Management (OPM) records that are in GSA's custody are subject to OPM's Privacy Act rules.

§105-64.110   When may GSA establish computer matching programs?

(a) System managers will establish computer matching programs or agreements for sharing information with other agencies only with the consent and under the direction of the GSA Data Integrity Board that will be established when and if computer matching programs are used at GSA.

(b) GSA will designate which positions comprise the Data Integrity Board and develop a policy that defines the roles and responsibilities of these positions.

§105-64.111   What is GSA's policy on directives that may conflict with this part?

These rules take precedence over any GSA directive that may conflict with the requirements stated here. GSA officials will ensure that no such conflict exists in new or existing directives.

Subpart 105-64.2—Access to Records

§105-64.201   How do I get access to my records?

You may request access to your record in person or by writing to the system manager or, in the case of geographically dispersed records, to the office maintaining the records (see appendix A to this part). Parents or guardians may obtain access to records of minors or when a court has determined that the individual of record is incompetent.

§105-64.202   How do I request access in person?

If appearing in person, you must properly identify yourself through photographic identification such as an agency identification badge, passport, or driver's license. Records will be available during normal business hours at the offices where the records are maintained. You may examine the record and be provided a copy on request. If you want someone else to accompany you when reviewing a record, you must first sign a statement authorizing the disclosure of the record; the statement will be maintained with your record.

§105-64.203   How do I request access in writing?

If you request access in writing, mark both the envelope and the request letter “Privacy Act Request”. Include in the request your full name and address; a description of the records you seek; the title and number of the system of records as published in the Federal Register; a brief description of the nature, time, and place of your association with GSA; and any other information you believe will help in locating the record.

§105-64.204   Can parents and guardians obtain access to records?

If you are the parent or guardian of a minor, or of a person judicially determined to be incompetent, you must provide full information about the individual of record. You also must properly identify yourself and provide a copy of the birth certificate of the individual, or a court order establishing guardianship, whichever applies.

§105-64.205   Who will provide access to my record?

The system manager will make a record available to you on request, unless special conditions apply, such as for medical, law enforcement, and security records.

§105-64.206   How long will it take to get my record?

The system manager will make a record available within 10 workdays after receipt of your request. If a delay of more than 10 workdays is expected, the system manager will notify you in writing of the reason for the delay and when the record will be available. The system manager may ask you for additional information to clarify your request. The system manager will have an additional 10 workdays after receipt of the new information to provide the record to you, or provide another acknowledgment letter if a delay in locating the record is expected.

§105-64.207   Are there any fees?

No fees are charged for records when the total fee is less than $25. The system manager may waive the fee above this amount if providing records without charge is customary or in the public interest. When the cost exceeds $25, the fee for a paper copy is 10 cents per page, and the fee for materials other than paper copies is the actual cost of reproduction. For fees above $250, advance payment is required. You should pay by check or money order made payable to the General Services Administration, and provide it to the system manager.

§105-64.208   What special conditions apply to release of medical records?

Medical records containing information that may have an adverse effect upon a person will be released only to a physician designated in writing by you, or by your guardian or conservator. Medical records in an Official Personnel Folder (OPF) fall under the jurisdiction of the Office of Personnel Management (OPM) and will be referred to OPM for a response.

§105-64.209   What special conditions apply to accessing law enforcement and security records?

Law enforcement and security records are generally exempt from disclosure to individuals except when the system manager, in consultation with legal counsel and the Head of the Service or Staff Office or Regional Administrator or their representatives, determines that information in a record has been used or is being used to deny you any right, privilege, or benefit for which you are eligible or entitled under Federal law. If so, the system manager will notify you of the existence of the record and disclose the information, but only to the extent that the information does not identify a confidential source. If disclosure of information could reasonably be expected to identify a confidential source, the record will not be disclosed to you unless it is possible to delete all such information. A confidential source is a person or persons who furnished information during Federal investigations with the understanding that his or her identity would remain confidential.

Subpart 105-64.3—Denial of Access to Records

§105-64.301   Under what conditions will I be denied access to a record?

The system manager will deny access to a record that is being compiled in the reasonable anticipation of a civil action or proceeding or to records that are specifically exempted from disclosure by GSA in its system of records notices, published in the Federal Register. Exempted systems include the Investigation Case Files, Internal Evaluation Case Files, and Security Files. These systems are exempted to maintain the effectiveness and integrity of investigations conducted by the Office of Inspector General, and others, as part of their duties and responsibilities involving Federal employment, contracts, and security.

§105-64.302   How will I be denied access?

If you request access to a record in an exempt system of records, the system manager will consult with the Head of Service or Staff Office or Regional Administrator or their representatives, legal counsel, and other officials as appropriate, to determine if all or part of the record may be disclosed. If the decision is to deny access, the system manager will provide a written notice to you giving the reason for the denial and your appeal rights.

§105-64.303   How do I appeal a denial to access a record?

If you are denied access to a record in whole or in part, you may file an administrative appeal within 30 days of the denial. The appeal should be in writing and addressed to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street, NW., Washington, DC 20405. Mark both the envelope and the appeal letter “Privacy Act Appeal”.

§105-64.304   How are administrative appeal decisions made?

The GSA Privacy Act Officer will conduct a review of your appeal by consulting with legal counsel and appropriate officials. The Privacy Act Officer may grant record access if the appeal is granted. If the decision is to reject the appeal, the Privacy Act Officer will provide all pertinent information about the case to the Deputy Administrator and ask for a final administrative decision. The Deputy Administrator may grant access to a record, in which case the Privacy Act Officer will notify you in writing, and the system manager will make the record available to you. If the Deputy Administrator denies the appeal, he or she will notify you in writing of the reason for rejection and of your right to a judicial review. The administrative appeal review will take no longer than 30 workdays after the Privacy Act Officer receives the appeal. The Deputy Administrator may extend the time limit by notifying you in writing of the extension and the reason for it before the 30 days are up.

§105-64.305   What is my recourse to an appeal denial?

You may file a civil action to have the GSA administrative decision overturned within two years after the decision is made. You may file in a Federal District Court where you live or have a principal place of business, where the records are maintained, or in the District of Columbia.

Subpart 105-64.4—Amending Records

§105-64.401   Can I amend my record?

You may request to amend your record by writing to the system manager with the proposed amendment. Mark both the envelope and the letter “Privacy Act Request to Amend Record”.

§105-64.402   What records are not subject to amendment?

You may not amend the following records under the law:

(a) Transcripts of testimony given under oath or written statements made under oath.

(b) Transcripts of grand jury proceedings, judicial proceedings, or quasi-judicial proceedings which constitute the official record of the proceedings.

(c) Pre-sentence reports that are maintained within a system of records but are the property of the courts.

(d) Records exempted from amendment by notice published in the Federal Register.

§105-64.403   What happens when I submit a request to amend a record?

The system manager will consult with the Head of Service or Staff Office or Regional Administrator or their representatives, and legal counsel. They will determine whether to amend an existing record by comparing its accuracy, relevance, timeliness, and completeness with the amendment you propose. The system manager will notify you within 10 workdays whether your proposed amendment is approved or denied. In case of an expected delay, the system manager will acknowledge receipt of your request in writing and provide an estimate of when you may expect a decision. If your request to amend is approved, the system manager will amend the record and send an amended copy to you and to anyone who had previously received the record. If your request to amend is denied, the system manager will advise you in writing, giving the reason for denial, a proposed alternative amendment if possible, and your appeal rights. The system manager also will notify the GSA Privacy Act Officer of any request for amendment and its disposition. Any amendment to a record may involve a person's Official Personnel Folder (OPF). OPF regulations are governed by OPM regulations, including alternate amendments and appeals of denials, and not GSA regulations.

§105-64.404   What must I do if I agree to an alternative amendment?

If you agree to the alternative amendment proposed by the system manager, you must notify the manager in writing of your concurrence. The system manager will amend the record and send an amended copy to you and to anyone else who had previously received the record.

§105-64.405   Can I appeal a denial to amend a record?

You may file an appeal within 30 workdays of a denial to amend your record by writing to the: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street, NW., Washington, DC 20405. Mark both the envelope and the appeal letter “Privacy Act Amendment Appeal.” Appeals to amend records in a GSA employee's official personnel file will be sent to the Office of Personnel Management, Washington, DC 20415.

§105-64.406   How will my appeal be handled?

The GSA Privacy Act Officer will consult with legal counsel and appropriate GSA officials concerning your appeal. If they decide to reject your appeal, the Privacy Act Officer will provide the Deputy Administrator with all pertinent information about the case and request a final administrative decision. The Deputy Administrator may approve your amendment, in which case the Privacy Act Officer will notify you in writing, and the system manager will amend the record and send an amended copy to you and anyone who had previously been provided with the record. If the Deputy Administrator denies the appeal, he or she will notify you in writing of the reason for denial, of your right to a judicial review, and of your right to file a Statement of Disagreement. The amendment appeal review will be made within 30 workdays after the Privacy Act Officer receives your appeal. The Deputy Administrator may extend the time limit by notifying you in writing of the reason for the extension before the 30 days are up.

§105-64.407   How do I file a Statement of Disagreement?

You may file a Statement of Disagreement with the system manager within 30 days of the denial to amend a record. The statement should explain why you believe the record to be inaccurate, irrelevant, untimely, or incomplete. The system manager will file the statement with your record, provide a copy to anyone who had previously received the record, and include a copy of it in any future disclosure.

§105-64.408   What is my recourse to a denial decision?

You may file a civil action to have the GSA decision overturned within two years after denial of an amendment appeal. You may file the civil action in a Federal District Court where you live or have a principal place of business, where the records are maintained, or in the District of Columbia.

Subpart 105-64.5—Disclosure of Records

§105-64.501   Under what conditions may a record be disclosed without my consent?

A system manager may disclose your record without your consent under the Privacy Act when the disclosure is: To GSA officials or employees in the performance of their official duties; required by the Freedom of Information Act; for a routine use stated in a Federal Register notice; to the Bureau of the Census for use in fulfilling its duties; for statistical research or reporting, and only when the record is not individually identifiable; to the National Archives and Records Administration (NARA) when the record has been determined to be of historical or other value that warrants permanent retention; to a U.S. law enforcement agency or instrumentality for a civil or criminal law enforcement purpose; under compelling circumstances affecting an individual's health and safety, and upon disclosure a notification will be sent to the individual; to Congress or its committees and subcommittees when the record material falls within their jurisdiction; to the Comptroller General or an authorized representative in the performance of the duties of the Government Accountability Office (GAO); under a court order; or to a consumer reporting agency under the Federal Claims Collection Act of 1966, 31 U.S.C. 3711.

§105-64.502   How do I find out if my record has been disclosed?

You may request an accounting of the persons or agencies to whom your record has been disclosed, including the date and purpose of each disclosure, by writing to the system manager. Mark both the envelope and the letter “Privacy Act Accounting Request”. The system manager will provide the requested information in the same way as that for granting access to records; see Subpart 105-64.2, providing no restrictions to disclosure or accounting of disclosures applies.

§105-64.503   What is an accounting of disclosures?

The system manager maintains an account of each record disclosure for five years or for the life of the record, whichever is longer. The accounting of disclosure information includes the name of the person or agency to whom your record has been provided, the date, the type of information disclosed, and the reason for disclosure. Other pertinent information, such as justifications for disclosure and any written consent that you may have provided, is also included. No accounting needs to be maintained for disclosures to GSA officials or employees in the performance of their duties, or disclosures under the Freedom of Information Act.

§105-64.504   Under what conditions will I be denied an accounting of disclosures?

The system manager will deny your request for an accounting of disclosures when the disclosures are to GSA officials or employees in the performance of their duties or disclosures under the Freedom of Information Act, for which no accounting is required; law enforcement agencies for law enforcement activities; and systems of records exempted by notice in the Federal Register. You may appeal a denial using the same procedures as those for denial of access to records, see Subpart 105-64.3.

Subpart 105-64.6—Establishing or Revising Systems of Records in GSA

§105-64.601   Procedures for establishing system of records.

The following procedures apply to any proposed new or revised system of records:

(a) Before establishing a new or revising an existing system of records, the system manager, with the concurrence of the appropriate Head of Service or Staff Office, will provide to the GSA Privacy Act Officer a proposal describing and justifying the new system or revision.

(b) A Privacy Impact Assessment (PIA) will be filled out to determine if a system notice needs to be completed.

(c) The GSA Privacy Act Officer will work with the program office to create the draft system of notice document.

(d) The GSA Privacy Office will work with various offices to take the draft system notice through the concurrence process.

(e) The GSA Privacy Act Officer will publish in the Federal Register a notice of intent to establish or revise the system of records at least 30 calendar days before the planned system establishment or revision date.

(f) The new or revised system becomes effective 30 days after the notice is published in the Federal Register unless submitted comments result in a revision to the notice, in which case, a new revised notice will be issued.

(g) When publishing a new system notice letters will be sent to the Chairman, Committee on Homeland Security and Governmental Affairs, Chairman, Committee on Oversight and Government Reform, and the Docket Library Office of Information and Regulatory Affairs, Office of Management and Budget.

Subpart 105-64.7—Assistance and Referrals

§105-64.701   Submittal of requests for assistance and referrals.

Address requests for assistance involving GSA Privacy Act rules and procedures, or for referrals to system managers or GSA officials responsible for implementing these rules to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street, NW., Washington, DC 20405.

Subpart 105-64.8—Privacy Complaints

§105-64.801   How to file a privacy complaint.

E-mail your complaint to gsa.privacyact@gsa.gov or send to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW., Washington, DC 20405. Please provide as much details about the complaint in the communication. Provide contact information where you prefer all communication to be sent. The Privacy Officer will conduct an investigation and consult with appropriate GSA officials and legal counsel to render a decision within 30 workdays of the complaint being received by the privacy office. The decision will be sent by the method the complaint was received.

§105-64.802   Can I appeal a decision to a privacy complaint?

You may file an appeal within 30 workdays of a denial of a privacy complaint by writing to: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW., Washington, DC 20405. Mark both the envelope and appeal letter “Privacy Act Complaint appeal”.

§105-64.803   How will my appeal be handled?

The Privacy Act Officer will consult with legal counsel and the appropriate GSA officials concerning your appeal. The decision will be made by the Senior Agency Official for Privacy. The decision will be sent within 30 workdays of the appeal being received by the privacy office. The decision provided in the appeal letter is the final recourse.

Appendix A to Part 105-64—Addresses for Geographically Dispersed Records

Address requests for physically dispersed records, as noted in the system of records notices, to the Regional Privacy Act Coordinator, General Services Administration, at the appropriate regional GSA office, as follows:

Great Lakes Region (includes Illinois, Indiana, Michigan, Ohio, Minnesota, and Wisconsin), 230 South Dearborn Street, Chicago, IL 60604-1696.

Greater Southwest Region (includes Arkansas, Louisiana, Oklahoma, New Mexico, and Texas), 819 Taylor Street, Fort Worth, TX 76102.

Mid-Atlantic Region (includes Delaware, Maryland, Pennsylvania, Virginia, and West Virginia, but excludes the National Capital Region), The Strawbridge Building, 20 North 8th Street, Philadelphia, PA 19107-3191.

National Capital Region (includes the District of Columbia; the counties of Montgomery and Prince George's in Maryland; the city of Alexandria, Virginia; and the counties of Arlington, Fairfax, Loudoun, and Prince William in Virginia), 7th and D Streets, SW., Washington, DC 20407.

New England Region (includes Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont), 10 Causeway Street, Boston, MA 02222.

Northeast and Caribbean Region (includes New Jersey, New York, Puerto Rico, and Virgin Islands), 26 Federal Plaza, New York, NY 10278.

Northwest/Arctic Region (includes Alaska, Idaho, Oregon, and Washington), 400 15th Street, SW., Auburn, WA 98001-6599.

Pacific Rim Region (includes Arizona, California, Hawaii, and Nevada), 450 Golden Gate Avenue, San Francisco, CA 94102-3400.

Rocky Mountain Region (includes Colorado, Montana, North Dakota, South Dakota, Utah, and Wyoming), U.S. General Services Administration, DFC, Bldg. 41, Rm. 210, P.O. Box 25006, Denver, CO 80225-0006.

Southeast-Sunbelt Region (includes Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee), Office of the Regional Administrator (4A), 77 Forsyth Street, Atlanta, GA 30303.

The Heartland Region (includes Iowa, Kansas, Missouri, and Nebraska), 1500 East Bannister Road, Kansas City, MO 64131-3088.



For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.
For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.