About GPO   |   Newsroom/Media   |   Congressional Relations   |   Inspector General   |   Careers   |   Contact   |   askGPO   |   Help  
 
Home   |   Customers   |   Vendors   |   Libraries  

The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.

[2]
 
 

Electronic Code of Federal Regulations

e-CFR Data is current as of April 21, 2014

Title 44: Emergency Management and Assistance


PART 6—IMPLEMENTATION OF THE PRIVACY ACT OF 1974


Contents

Subpart A—General

§6.1   Purpose and scope of part.
§6.2   Definitions.
§6.3   Collection and use of information (Privacy Act statements).
§6.4   Standards of accuracy.
§6.5   Rules of conduct.
§6.6   Safeguarding systems of records.
§6.7   Records of other agencies.
§6.8   Subpoena and other legal demands.
§6.9   Inconsistent issuances of FEMA and/or its predecessor agencies superseded.
§6.10   Assistance and referrals.

Subpart B—Disclosure of Records

§6.20   Conditions of disclosure.
§6.21   Procedures for disclosure.
§6.22   Accounting of disclosures.

Subpart C—Individual Access to Records

§6.30   Form of requests.
§6.31   Special requirements for medical records.
§6.32   Granting access.
§6.33   Denials of access.
§6.34   Appeal of denial of access within FEMA.

Subpart D—Requests To Amend Records

§6.50   Submission of requests to amend records.
§6.51   Review of requests to amend records.
§6.52   Approval of requests to amend records.
§6.53   Denial of requests to amend records.
§6.54   Agreement to alternative amendments.
§6.55   Appeal of denial of request to amend a record.
§6.56   Statement of disagreement.
§6.57   Judicial review.

Subpart E—Report on New Systems and Alterations of Existing Systems

§6.70   Reporting requirement.
§6.71   Federal Register notice of establishment of new system or alteration of existing system.
§6.72   Effective date of new system of records or alteration of an existing system of records.

Subpart F—Fees

§6.80   Records available at fee.
§6.81   Additional copies.
§6.82   Waiver of fee.
§6.83   Prepayment of fees.
§6.84   Form of payment.
§6.85   Reproduction fees.

Subpart G—Exempt Systems of Records

§6.86   General exemptions.
§6.87   Specific exemptions.

Authority: 5 U.S.C. 552a; Reorganization Plan No. 3 of 1978; and E.O. 12127.

Source: 44 FR 50293, Aug. 27, 1979, unless otherwise noted.

Subpart A—General

§6.1   Purpose and scope of part.

This part sets forth policies and procedures concerning the collection, use and dissemination of records maintained by the Federal Emergency Management Agency (FEMA) which are subject to the provision of 5 U.S.C. 552a, popularly known as the “Privacy Act of 1974” (hereinafter referred to as the Act). These policies and procedures govern only those records as defined in §6.2. Policies and procedures governing the disclosure and availability of records in general are in part 5 of this chapter. This part also covers: (a) Procedures for notification to individuals of a FEMA system of records pertaining to them; (b) guidance to individuals in obtaining information, including inspections of, and disagreement with, the content of records; (c) accounting of disclosure; (d) special requirements for medical records; and (e) fees.

§6.2   Definitions.

For the purpose of this part:

(a) Agency includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency (see 5 U.S.C. 552(e)).

(b) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence.

(c) Maintain includes maintain, collect, use, and disseminate.

(d) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to those concerning education, financial transactions, medical history, and criminal or employment history, and that contains the name or other identifying particular assigned to the individual, such as a fingerprint, voiceprint, or photograph.

(e) System of records means a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identification assigned to that individual.

(f) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual, except as provided by 13 U.S.C. 8.

(g) Routine use means, with respect to the disclosure of a record, the use of that record for a purpose which is compatible with the purpose for which it was collected.

(h) System manager means the employee of FEMA who is responsible for the maintenance of a system of records and for the collection, use, and dissemination of information therein.

(i) Subject individual means the individual named or discussed in a record of the individual to whom a record otherwise pertains.

(j) Disclosure means a transfer of a record, a copy of a record, or any or all of the information contained in a record to a recipient other than the subject individual, or the review of a record by someone other than the subject individual.

(k) Access means a transfer of a record, a copy of a record, or the information in a record to the subject individual, or the review of a record by the subject individual.

(l) Solicitation means a request by an officer or employee of FEMA that an individual provide information about himself or herself.

(m) Administrator means the Administrator, FEMA.

(n) Deputy Administrator means the Deputy Administrator, FEMA, or, in the case of the absence of the Deputy Administrator, or a vacancy in that office, a person designated by the Administrator to perform the functions under this regulation of the Deputy Administrator.

(o) Privacy Appeals Officer means the FOIA/Privacy Act Specialist or his/her designee.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980; 51 FR 34604, Sept. 30, 1986]

§6.3   Collection and use of information (Privacy Act statements).

(a) General. Any information used in whole or in part in making a determination about an individual's rights, benefits, or privileges under FEMA programs will be collected directly from the subject individual to the extent practicable. The system manager also shall ensure that information collected is used only in conformance with the provisions of the Act and these regulations.

(b) Solicitation of information. System managers shall ensure that at the time information is solicited the solicited individual is informed of the authority for collecting that information, whether providing the information is mandatory or voluntary, the purpose for which the information will be used, the routine uses to be made of the information, and the effects on the individual, if any, of not providing the information. The Director, Records Management Division, Office of Management and Regional Administrators shall ensure that forms used to solicit information are in compliance with the Act and these regulations.

(c) Solicitation of Social Security numbers. Before an employee of FEMA can deny to any individual a right, benefit, or privilege provided by law because such individual refuses to disclose his/her social security account number, the employee of FEMA shall ensure that either:

(1) The disclosure is required by Federal statute; or

(2) The disclosure of a social security number was required under a statute or regulation adopted before January 1, 1975, to verify the identity of an individual, and the social security number will become a part of a system of records in existence and operating before January 1, 1975.

If solicitation of the social security number is authorized under paragraph (c) (1) or (2) of this section, the FEMA employee who requests an individual to disclose the social security account number shall first inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority the number is solicited, and the use that will be made of it.

(d) Soliciting information from third parties. An employee of FEMA shall inform third parties who are requested to provide information about another individual of the purposes for which the information will be used.

[44 FR 50293, Aug. 27, 1979, as amended at 47 FR 13149, Mar. 29, 1982; 48 FR 12091, Mar. 23, 1983; 50 FR 40006, Oct. 1, 1985]

§6.4   Standards of accuracy.

The system manager shall ensure that all records which are used by FEMA to make determinations about any individual are maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual.

§6.5   Rules of conduct.

Employees of FEMA involved in the design, development, operation, or maintenance of any system of records or in maintaining any record, shall conduct themselves in accordance with the rules of conduct concerning the protection of personal information in §3.25 of this chapter.

§6.6   Safeguarding systems of records.

(a) Systems managers shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

(b) Personnel information contained in both manual and automated systems of records shall be protected by implementing the following safeguards:

(1) Official personnel folders, authorized personnel operating or work folders and other records of personnel actions effected during an employee's Federal service or affecting the employee's status and service, including information on experience, education, training, special qualification, and skills, performance appraisals, and conduct, shall be stored in a lockable metal filing cabinet when not in use by an authorized person. A system manager may employ an alternative storage system providing that it furnished an equivalent degree of physical security as storage in a lockable metal filing cabinet.

(2) System managers, at their discretion, may designate additional records of unusual sensitivity which require safeguards similar to those described in paragraph (a) of this section.

(3) A system manager shall permit access to and use of automated or manual personnel records only to persons whose official duties require such access, or to a subject individual or his or her representative as provided by this part.

§6.7   Records of other agencies.

If FEMA receives a request for access to records which are the primary responsibility of another agency, but which are maintained by or in the temporary possession of FEMA on behalf of that agency, FEMA will advise the requestor that the request has been forwarded to the responsible agency. Records in the custody of FEMA which are the primary responsibility of the Office of Personnel Management are governed by the rules promulgated by it pursuant to the Privacy Act.

§6.8   Subpoena and other legal demands.

Access to records in systems of records by subpoena or other legal process shall be in accordance with the provisions of part 5 of this chapter.

§6.9   Inconsistent issuances of FEMA and/or its predecessor agencies superseded.

Any policies and procedures in any issuances of FEMA or any of its predecessor agencies which are inconsistent with the policies and procedures in this part are superseded to the extent of that inconsistency.

§6.10   Assistance and referrals.

Requests for assistance and referral to the responsible system manager or other FEMA employee charged with implementing these regulations should be made to the Privacy Appeals Officer, Federal Emergency Management Agency, Washington, DC 20472.

[45 FR 17152, Mar. 18, 1980]

Subpart B—Disclosure of Records

§6.20   Conditions of disclosure.

No employee of FEMA shall disclose any record to any person or to another agency without the express written consent of the subject individual unless the disclosure is:

(a) To officers or employees of FEMA who have a need for the information in the official performance of their duties;

(b) Required by the provisions of the Freedom of Information Act, 5 U.S.C. 552.

(c) For a routine use as published in the notices in the Federal Register;

(d) To the Bureau of the Census for use pursuant to title 13, United States Code;

(e) To a recipient who has provided FEMA with advance adequate written assurance that the record will be used solely as a statistical research or reporting record subject to the following: The record shall be transferred in a form that is not individually identifiable. The written statement should include as a minimum (1) a statement of the purpose for requesting the records; and (2) certification that the records will be used only for statistical purposes. These written statements should be maintained as accounting records. In addition to deleting personal identifying information from records released for statistical purposes, the system manager shall ensure that the identity of the individual cannot reasonably be deduced by combining various statistical records;

(f) To the National Archives of the United States as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Administrator of The National Archives and Records Administration or his designee to determine whether the record has such value;

(g) To another agency or instrumentality of any governmental jurisdiction within or under the control of the United States for civil or criminal law enforcement activity, if the activity is authorized by law, and if the head of the agency or instrumentality or his designated representative has made a written request to the Administrator specifying the particular portion desired and the law enforcement activity for which the record is sought;

(h) To a person showing compelling circumstances affecting the health and safety of an individual to whom the record pertains. (Upon such disclosure, a notification must be sent to the last known address of the subject individual.)

(i) To either House of Congress or to a subcommittee or committee (joint or of either House, to the extent that the subject matter falls within their jurisdiction;

(j) To the Comptroller General or any duly authorized representatives of the Comptroller General in the course of the performance of the duties of the Government Accountability Office; or

(k) Pursuant to the order of a court of competent jurisdiction.

(l) To consumer reporting agencies as defined in the Fair Credit Reporting Act (35 U.S.C. 1681a(f) or the Debt Collection Act of 1982 (31 U.S.C. 3711(d)(4)).

[44 FR 50293, Aug. 27, 1979, as amended at 48 FR 44543, Sept. 29, 1983; 50 FR 40006, Oct. 1, 1985]

§6.21   Procedures for disclosure.

(a) Upon receipt of a request for disclosure, the system manager shall verify the right of the requestor to obtain disclosure pursuant to §6.20. Upon that verification and subject to other requirements of this part, the system manager shall make the requested records available.

(b) If the system manager determines that the disclosure is not permitted under the provisions of §6.20 or other provisions of this part, the system manager shall deny the request in writing and shall inform the requestor of the right to submit a request for review and final determination to the Administrator or designee.

§6.22   Accounting of disclosures.

(a) Except for disclosures made pursuant to §6.20 (a) and (b), an accurate accounting of each disclosure shall be made and retained for 5 years after the disclosure or for the life of the record, whichever is longer. The accounting shall include the date, nature, and purpose of each disclosure, and the name and address of the person or agency to whom the disclosure is made;

(b) The system manager also shall maintain in conjunction with the accounting of disclosures;

(1) A full statement of the justification for the disclosure.

(2) All documentation surrounding disclosure of a record for statistical or law enforcement purposes; and

(3) Evidence of written consent to a disclosure given by the subject individual.

(c) Except for the accounting of disclosures made to agencies or instrumentalities in law enforcement activities in accordance with §6.20 (g) or of disclosures made from exempt systems the accounting of disclosures shall be made available to the individual upon request. Procedures for requesting access to the accounting are in subpart C of this part.

Subpart C—Individual Access to Records

§6.30   Form of requests.

(a) An individual who seeks access to his or her record or to any information pertaining to the individual which is contained in a system of records should notify the system manager at the address indicated in the Federal Register notice describing the pertinent system. The notice should bear the legend “Privacy Act Request” both on the request letter and on the envelope. It will help in the processing of a request if the request letter contains the complete name and identifying number of the system as published in the Federal Register; the full name and address of the subject individual; a brief description of the nature, time, place, and circumstances of the individual's association with FEMA; and any other information which the individual believes would help the system manager to determine whether the information about the individual is included in the system of records. The system manager shall answer or acknowledge the request within 10 workdays of its receipt by FEMA.

(b) The system manager, at his discretion, may accept oral requests for access subject to verification of identity.

§6.31   Special requirements for medical records.

(a) A system manager who receives a request from an individual for access to those official medical records which belong to the U.S. Office of Personnel Management and are described in Chapter 339, Federal Personnel Manual (medical records about entrance qualifications or fitness for duty, or medical records which are otherwise filed in the Official Personnel Folder), shall refer the pertinent system of records to a Federal Medical Officer for review and determination in accordance with this section. If no Federal Medical Officer is available to make the determination required by this section, the system manager shall refer the request and the medical reports concerned to the Office of Personnel Management for determination.

(b) If, in the opinion of a Federal Medical Officer, medical records requested by the subject individual indicate a condition about which a prudent physician would hesitate to inform a person suffering from such a condition of its exact nature and probable outcome, the system manager shall not release the medical information to the subject individual nor to any person other than a physician designated in writing by the subject individual, or the guardian or conservator of the individual.

(c) If, in the opinion of a Federal Medical Officer, the medical information does not indicate the presence of any condition which would cause a prudent physician to hesitate to inform a person suffering from such a condition of its exact nature and probable outcome, the system manager shall release it to the subject individual or to any person, firm, or organization which the individual authorizes in writing to receive it.

§6.32   Granting access.

(a) Upon receipt of a request for access to non-exempt records, the system manager shall make these records available to the subject individual or shall acknowledge the request within 10 workdays of its receipt by FEMA. The acknowledgment shall indicate when the system manager will make the records available.

(b) If the system manager anticipates more than a 10 day delay in making a record available, he or she also shall include in the acknowledgment specific reasons for the delay.

(c) If a subject individual's request for access does not contain sufficient information to permit the system manager to locate the records, the system manager shall request additional information from the individual and shall have 10 workdays following receipt of the additional information in which to make the records available or to acknowledge receipt of the request and indicate when the records will be available.

(d) Records will be available for authorized access during normal business hours at the offices where the records are located. A requestor should be prepared to identify himself or herself by signature; i.e., to note by signature the date of access and/or produce other identification verifying the signature.

(e) Upon request, a system manager shall permit an individual to examine the original of a non-exempt record, shall provide the individual with a copy of the record, or both. Fees shall be charged in accordance with subpart F.

(f) An individual may request to pick up a record in person or to receive it by mail, directed to the name and address provided by the individual in the request. A system manager shall not make a record available to a third party for delivery to the subject individual except for medical records as outlined in §6.31.

(g) An individual who selects another person to review, or to accompany the individual in reviewing or obtaining a copy of the record must, prior to the disclosure, sign a statement authorizing the disclosure of the record. The system manager shall maintain this statement with the record.

(h) The procedure for access to an accounting of disclosure is identical to the procedure for access to a record as set forth in this section.

§6.33   Denials of access.

(a) A system manager may deny an individual access to that individual's record only upon the grounds that FEMA has published the rules in the Federal Register exempting the pertinent system of records from the access requirement. These exempt systems of records are described in subpart G of this part.

(b) Upon receipt of a request for access to a record which the system manager believes is contained within an exempt system of records he or she shall forward the request to the appropriate official listed below or to his or her delegate through normal supervisory channels.

(1) Deputy Administrators.

(2) [Reserved]

(3) Federal Insurance Administrator.

(4) Assistant Administrators.

(5) United States Fire Administrator.

(6) Chief of Staff.

(7) Office Directors.

(8) Chief Counsel.

(9) [Reserved]

(10) Chief Financial Officer.

(11) Regional Administrators.

(c) In the event that the system manager serves in one of the positions listed in paragraph (b) of this section, he or she shall retain the responsibility for denying or granting the request.

(d) The appropriate official listed in paragraph (b) of this section shall, in consultation with the Office of Chief Counsel and such other officials as deemed appropriate, determine if the request record is contained within an exempt system of records and:

(1) If the record is not contained within an exempt system of records, the above official shall notify the system manager to grant the request in accordance with §6.32, or

(2) If the record is contained within an exempt system said official shall;

(i) Notify the requestor that the request is denied, including a statement justifying the denial and advising the requestor of a right to judicial review of that decision as provided in §6.57, or

(ii) Notify the system manager to make record available to the requestor in accordance with §6.31, notwithstanding the record's inclusion within an exempt system.

(e) The appropriate official listed in paragraph (b) of this section shall provide the Privacy Appeals Office with a copy of any denial of a requested access.

[44 FR 50293, Aug. 27, 1979, as amended at 48 FR 44543, Sept. 29, 1983; 50 FR 40006, Oct. 1, 1985; 51 FR 34604, Sept. 30, 1986; 74 FR 15334, Apr. 3, 2009]

§6.34   Appeal of denial of access within FEMA.

A requestor denied access in whole or in part, to records pertaining to that individual, exclusive of those records for which the system manager is the Administrator, may file an administrative appeal of that denial. Appeals of denied access will be processed in the same manner as processing for appeals from a denial of a request to amend a record set out in §6.55, regardless whether the denial being appealed is made at headquarters or by a regional official.

Subpart D—Requests To Amend Records

§6.50   Submission of requests to amend records.

An individual who desires to amend any record containing personal information about the individual should direct a written request to the system manager specified in the pertinent Federal Register notice concerning FEMA's systems of records. A current FEMA employee who desires to amend personnel records should submit a written request to the Director, Human Capital Division, Washington, DC 20472. Each request should include evidence of and justification for the need to amend the pertinent record. Each request should bear the legend “Privacy Act—Request to Amend Record” prominently marked on both the face of the request letter and the envelope.

§6.51   Review of requests to amend records.

(a) The system manager shall acknowledge the receipt of a request to amend a record within 10 workdays. If possible, the acknowledgment shall include the system manager's determination either to amend the record or to deny the request to amend as provided in §6.53.

(b) When reviewing a record in response to a request to amend, the system manager shall assess the accuracy, relevance, timeliness, and completeness of the existing record in light of the proposed amendment and shall determine whether the request for the amendment is justified. With respect to a request to delete information, the system manager also shall review the request and the existing record to determine whether the information is relevant and necessary to accomplish an agency purpose required to be accomplished by statute or Executive Order.

§6.52   Approval of requests to amend records.

If the system manager determines that amendment of a record is proper in accordance with the request to amend, he or she promptly shall make the necessary corrections to the record and shall send a copy of the corrected record to the individual. Where an accounting of disclosure has been maintained, the system manager shall advise all previous recipients of the record of the fact that a correction has been made and the substance of the correction. Where practicable, the system manager shall advise the Privacy Appeals Officer that a request to amend has been approved.

§6.53   Denial of requests to amend records.

(a) If the system manager determines that an amendment of a record is improper or that the record should be amended in a manner other than that requested by an individual, he shall refer the request to amend and his determinations and recommendations to the appropriate official listed in §6.33(b) through normal supervisory channels.

(b) If the official listed in §6.33, after reviewing the request to amend a record, determines to amend the record in accordance with the request, said official promptly shall return the request to the system manager with instructions to make the requested amendments in accordance with §6.52.

(c) If the appropriate official listed in §6.33, after reviewing the request to amend a record, determines not to amend the record in accordance with the request, the requestor shall be promptly advised in writing of the determination. The refusal letter (1) shall state the reasons for the denial of the request to amend; (2) shall include proposed alternative amendments, if appropriate; (3) shall state the requestor's right to appeal the denial of the request to amend; and (4) shall state the procedures for appealing and the name and title of the official to whom the appeal is to be addressed.

(d) The appropriate official listed in §6.33 shall furnish the Privacy Appeals Officer a copy of each initial denial of a request to amend a record.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§6.54   Agreement to alternative amendments.

If the denial of a request to amend a record includes proposed alternative amendments, and if the requestor agrees to accept them, he or she must notify the official who signed the denial. That official immediately shall instruct the system manager to make the necessary amendments in accordance with §6.52.

§6.55   Appeal of denial of request to amend a record.

(a) A requestor who disagrees with a denial of a request to amend a record may file an administrative appeal of that denial. The requestor should address the appeal to the FEMA Privacy Appeals Officer, Washington, DC 20472. If the requestor is an employee of FEMA and the denial to amend involves a record maintained in the employee's Official Personnel Folder covered by an Office of Personnel Management Government-wide system notice, the appeal should be addressed to the Assistant Director, Information Systems, Agency Compliance and Evaluation Group, Office of Personnel Management, Washington, DC 20415.

(b) Each appeal to the Privacy Act Appeals Officer shall be in writing and must be received by FEMA no later than 30 calendar days from the requestor's receipt of a denial of a request to amend a record. The appeal should bear the legend “Privacy Act—Appeal,” both on the face of the letter and the envelope.

(c) Upon receipt of an appeal, the Privacy Act Appeals Officer shall consult with the system manager, the official who made the denial, the Chief Counsel or a member of that office, and such other officials as may be appropriate. If the Privacy Act Appeals Officer in consultation with these officials, determines that the record should be amended, as requested, the system manager shall be instructed immediately to amend the record in accordance with §6.52 and shall notify the requestor of that action.

(d) If the Privacy Act Appeals Officer, in consultation with the officials specified in paragraph (c) of this section, determines that the appeal should be rejected, the Privacy Act Appeals Officer shall submit the file on the request and appeal, including findings and recommendations, to the Deputy Administrator for a final administrative determination.

(e) If the Deputy Administrator determines that the record should be amended as requested, he or she immediately shall instruct the system manager in writing to amend the record in accordance with §6.52. The Deputy Administrator shall send a copy of those instructions to the Privacy Act Appeals Officer, who shall notify the requester of that action.

(f) If the Deputy Administrator determines to reject the appeal, the requestor shall immediately be notified in writing of that determination. This action shall constitute the final administrative determination on the request to amend the record and shall include:

(1) The reasons for the rejection of the appeal.

(2) Proposed alternative amendments, if appropriate, which the requestor subsequently may accept in accordance with §6.54.

(3) Notice of the requestor's right to file a Statement of Disagreement for distribution in accordance with §6.56.

(4) Notice of the requestor's right to seek judicial review of the final administrative determination, as provided in §6.57.

(g) The final agency determination must be made no later than 30 workdays from the date on which the appeal is received by the Privacy Act Appeals Officer.

(h) In extraordinary circumstances, the Administrator may extend this time limit by notifying the requestor in writing before the expiration of the 30 workdays. The Administrator's notification will include a justification for the extension.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§6.56   Statement of disagreement.

Upon receipt of a final administrative determination denying a request to amend a record, the requestor may file a Statement of Disagreement with the appropriate system manager. The Statement of Disagreement should include an explanation of why the requestor believes the record to be inaccurate, irrelevant, untimely, or incomplete. The system manager shall maintain the Statement of Disagreement in conjunction with the pertinent record, and shall include a copy of the Statement of Disagreement in any disclosure of the pertinent record. The system manager shall provide a copy of the Statement of Disagreement to any person or agency to whom the record has been disclosed only if the disclosure was subject to the accounting requirements of §6.22.

§6.57   Judicial review.

Within 2 years of receipt of a final administrative determination as provided in §6.34 or §6.55, a requestor may seek judicial review of that determination. A civil action must be filed in the Federal District Court in which the requestor resides or has his or her principal place of business or in which the agency records are situated, or in the District of Columbia.

Subpart E—Report on New Systems and Alterations of Existing Systems

§6.70   Reporting requirement.

(a) No later than 90 calendar days prior to the establishment of a new system of records, the prospective system manager shall notify the Privacy Appeals Officer of the proposed new system. The prospective system manager shall include with the notification a completed FEMA Form 11-2, System of Records Covered by the Privacy Act of 1974, and a justification for each system of records proposed to be established. If the Privacy Appeals Officer determines that the establishment of the proposed system is in the best interest of the Government, then no later than 60 calendar days prior to the establishment of that system of records, a report of the proposal shall be submitted by the Administrator or a designee thereof, to the President of the Senate, the Speaker of the House of Representatives, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget for their evaluation of the probable or potential effect of that proposal on the privacy and other personal or property rights of individuals.

(b) No later than 90 calendar days prior to the alteration of a system of records, the system manager responsible for the maintenance of that system of records shall notify the Privacy Appeals Officer of the proposed alteration. The system manager shall include with the notification a completed FEMA Form 11-2. System of Records Covered by the Privacy Act of 1974, and a justification for each system of records he proposes to alter. If it is determined that the proposed alteration is in the best interest of the Government, then, the Administrator, or a designee thereof, shall submit, no later than 60 calendar days prior to the establishment of that alteration, a report of the proposal to the President of the Senate, the Speaker of the House of Representatives, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget for their evaluation of the probable or potential effect of that proposal on the privacy and other personal or property rights of individuals.

(c) The reports required by this regulation are exempt from reports control.

(d) The Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget may waive the time requirements set out in this section upon a finding that a delay in the establishing or amending the system would not be in the public interest and showing how the public interest would be adversely affected if the waiver were not granted and otherwise complying with OMB Circular A-130.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980; 51 FR 34604, Sept. 30, 1986]

§6.71   Federal Register notice of establishment of new system or alteration of existing system.

Notice of the proposed establishment or alteration of a system of records shall be published in the Federal Register, in accordance with FEMA procedures when:

(a) Notice is received that the Senate, the House of Representatives, and the Office of Management and Budget do not object to the establishment of a new system or records or to the alteration of an existing system of records, or

(b) No fewer than 30 calendar days elapse from the date of submission of the proposal to the Senate, the House of Representatives, and the Office of Management and Budget without receipt of an objection to the proposal. The notice shall include all of the information required to be provided in FEMA Form 11-2, System of Records Covered by the Privacy Act of 1974, and such other information as the Administrator deems necessary.

§6.72   Effective date of new system of records or alteration of an existing system of records.

Systems of records proposed to be established or altered in accordance with the provisions of this subpart shall be effective no sooner than 30 calendar days from the publication of the notice required by §6.71.

Subpart F—Fees

§6.80   Records available at fee.

The system manager shall provide a copy of a record to a requestor at a fee prescribed in §6.85 unless the fee is waived under §6.82.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§6.81   Additional copies.

A reasonable number of additional copies shall be provided for the applicable fee to a requestor who indicates that he has no access to commercial reproduction services.

§6.82   Waiver of fee.

The system manager shall make one copy of a record, up to 300 pages, available without charge to a requestor who is an employee of FEMA. The system manager may waive the fee requirement for any other requestor if the cost of collecting the fee is an unduly large part of, or greater than, the fee, or when furnishing the record without charge conforms to generally established business custom or is in the public interest.

[44 FR 50287, Aug. 27, 1979, as amended at 52 FR 13679, Apr. 24, 1987]

§6.83   Prepayment of fees.

(a) When FEMA estimates or determines that allowable charges that a requester may be required to pay are likely to exceed $250.00, FEMA may require a requester to make an advance payment of the entire fee before continuing to process the request.

(b) When a requester has previously failed to pay a fee charged in a timely fashion (i.e., within 30 days of the date of the billing), FEMA may require the requester to pay the full amount owed plus any applicable interest as provided in §6.85(d), and to make an advance payment of the full amount of the estimated fee before the agency begins to process a new request or a pending request from that requester.

(c) When FEMA acts under §5.44 (a) or (b), the administrative time limits prescribed in subsection (a)(6) of the FOIA (i.e., 10 working days from the receipt of initial requests and 20 working days from receipt of appeals from initial denial, plus permissible extensions of these time limits) will begin only after FEMA has received fee payments described under §5.44 (a) or (b).

[52 FR 13679, Apr. 24, 1987]

§6.84   Form of payment.

Payment shall be by check or money order payable to The Federal Emergency Management Agency and shall be addressed to the system manager.

§6.85   Reproduction fees.

(a) Duplication costs. (1) For copies of documents reproduced on a standard office copying machine in sizes up to 812 ×14 inches, the charge will be $.15 per page.

(2) The fee for reproducing copies of records over 812 ×14 inches or whose physical characteristics do not permit reproduction by routine electrostatic copying shall be the direct cost of reproducing the records through Government or commercial sources. If FEMA estimates that the allowable duplication charges are likely to exceed $25, it shall notify the requester of the estimated amount of fees, unless the requester has indicated in advance his/her willingness to pay fees as high as those anticipated. Such a notice shall offer a requester the opportunity to confer with agency personnel with the objective of reformulating the request to meet his/her needs at a lower cost.

(3) For other methods of reproduction or duplication, FEMA shall charge the actual direct costs of producing the document(s). If FEMA estimates that the allowable duplication charges are likely to exceed $25, it shall notify the requester of the estimated amount of fees, unless the requester has indicated in advance his/her willingness to pay fees as high as those anticipated. Such a notice shall offer a requester the opportunity to confer with agency personnel with the objective of reformulating the request to meet his/her needs at a lower cost.

(b) Interest may be charge to those requesters who fail to pay fees charged. FEMA may begin assessing interest charges on the amount billed starting on the 31st day following the day on which the billing was sent. Interest will be at the rate prescribed in section 3717 of title 31 U.S.C.

[52 FR 13679, Apr. 24, 1987]

Subpart G—Exempt Systems of Records

§6.86   General exemptions.

(a) Whenever the Administrator, Federal Emergency Management Agency, determines it to be necessary and proper, with respect to any system of records maintained by the Federal Emergency Management Agency, to exercise the right to promulgate rules to exempt such systems in accordance with the provisions of 5 U.S.C. 552a (j) and (k), each specific exemption, including the parts of each system to be exempted, the provisions of the Act from which they are exempted, and the justification for each exemption shall be published in the Federal Register as part of FEMA's Notice of Systems of Records.

(b) Exempt under 5 U.S.C. 552a(j)(2) from the requirements of 5 U.S.C. 552a(c) (3) and (4), (d), (e) (1), (2), (3), (e)(4) (G), (H), and (I), (e) (5) and (8) (f) and (g) of the Privacy Act.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552(j)(2), shall be exempt from the provisions of 5 U.S.C. 552a listed in paragraph (b) of this section.

General Investigative Files (FEMA/IG-2)—Limited Access

(2) Reasons for exemptions. (i) 5 U.S.C. 552a (e)(4)(G) and (f)(1) enable individuals to be notified whether a system of records contains records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed system of records would give individuals an opportunity to learn whether they are of record either as suspects or as subjects of a criminal investigation; this would compromise the ability of the Federal Emergency Management Agency to complete investigations and identify or detect violators of laws administered by the Federal Emergency Management Agency or other Federal agencies. Individuals would be able (A) to take steps to avoid detection, (B) to inform co-conspirators of the fact that an investigation is being conducted, (C) to learn the nature of the investigation to which they are being subjected, (D) to learn the type of surveillance being utilized, (E) to learn whether they are only suspects or identified law violators, (F) to continue to resume their illegal conduct without fear of detection upon learning that they are not in a particular system of records, and (G) to destroy evidence needed to prove the violation.

(ii) 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) enable individuals to gain access to records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed system of records would compromise its ability to complete or continue criminal investigations and to detect or identify violators of laws administered by the Federal Emergency Management Agency or other Federal agencies. Permitting access to records contained in the above-listed system of records would provide individuals with significant information concerning the nature of the investigation, and this could enable them to avoid detection or apprehension in the following ways:

(A) By discovering the collection of facts which would form the basis for their arrest, (B) by enabling them to destroy evidence of criminal conduct which would form the basis for their arrest, and (C) by learning that the criminal investigators had reason to believe that a crime was about to be committed, they could delay the commission of the crime or change the scene of the crime to a location which might not be under surveillance. Granting access to ongoing or closed investigative files would also reveal investigative techniques and procedures, the knowledge of which could enable individuals planning criminal activity to structure their future operations in such a way as to avoid detection or apprehension, thereby neutralizing law enforcement officers' established investigative tools and procedures. Further, granting access to investigative files and records could disclose the identity of confidential sources and other informers and the nature of the information which they supplied, thereby endangering the life or physical safety of those sources of information by exposing them to possible reprisals for having provided information relating to the criminal activities of those individuals who are the subjects of the investigative files and records; confidential sources and other informers might refuse to provide criminal investigators with valuable information if they could not be secure in the knowledge that their identities would not be revealed through disclosure of either their names or the nature of the information they supplied, and this would seriously impair the ability of the Federal Emergency Management Agency to carry out its mandate to enforce criminal and related laws. Additionally, providing access to records contained in the above-listed system of records could reveal the identities of undercover law enforcement personnel who compiled information regarding individual's criminal activities, thereby endangering the life or physical safety of those undercover personnel or their families by exposing them to possible reprisals.

(iii) 5 U.S.C. 552a(d) (2), (3) and (4), (e)(4)(H) and (f)(4), which are dependent upon access having been granted to records pursuant to the provisions cited in paragraph (b)(2)(ii) of this section, enable individuals to contest (seek amendment to) the content of records contained in a system of records and require an agency to note an amended record and to provide a copy of an individual's statement (of disagreement with the agency's refusal to amend a record) to persons or other agencies to whom the record has been disclosed. The Federal Emergency Management Agency believes that the reasons set forth in paragraph (b)(2)(ii) of this section are equally applicable to this paragraph and, accordingly, those reasons are hereby incorporated herein by reference.

(iv) 5 U.S.C. 552a(c)(3) requires that an agency make accountings of disclosures of records available to individuals named in the records at their request; such accountings must state the date, nature and purpose of each disclosure of a record and the name and address of the recipient. The Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would impair the ability of other law enforcement agencies to make effective use of information provided by the Federal Emergency Management Agency in connection with the investigation, detection and apprehension of violators of the criminal laws enforced by those other law enforcement agencies. Making accountings of disclosure available to violators or possible violators would alert those individuals to the fact that another agency is conducting an investigation into their criminal activities, and this could reveal the geographic location of the other agency's investigation, the nature and purpose of that investigation, and the dates on which that investigation was active. Violators possessing such knowledge would thereby be able to take appropriate measures to avoid detection or apprehension by altering their operations, by transferring their criminal activities to other geographic areas or by destroying or concealing evidence which would form the basis for their arrest. In addition, providing violators with accountings of disclosure would alert those individuals to the fact that the Federal Emergency Management Agency has information regarding their criminal activities and could inform those individuals of the general nature of that information; this, in turn, would afford those individuals a better opportunity to take appropriate steps to avoid detection or apprehension for violations of criminal and related laws.

(v) 5 U.S.C. 552a(c)(4) requires that an agency inform any person or other agency about any correction or notation of dispute made by the agency in accordance with 5 U.S.C. 552a(d) of any record that has been disclosed to the person or agency if an accounting of the disclosure was made. Since this provision is dependent on an individual's having been provided an opportunity to contest (seek amendment to) records pertaining to him/her, and since the above-listed system of records is proposed to be exempt from those provisions of 5 U.S.C. 552a relating to amendments of records as indicated in paragraph (b)(2)(iii) of this section, the Federal Emergency Management Agency believes that this provision should not be applicable to the above system of records.

(vi) 5 U.S.C. 552a(e)(4)(I) requires that an agency publish a public notice listing the categories of sources for information contained in a system of records. The categories of sources of this system of records have been published in the Federal Register in broad generic terms in the belief that this is all that subsection (e)(4)(I) of the Act requires. In the event, however, that this subsection should be interpreted to require more detail as to the identity of sources of the records in this system, exemption from this provision is necessary in order to protect the confidentiality of the sources of criminal and other law enforcement information. Such exemption is further necessary to protect the privacy and physical safety of witnesses and informants.

(vii) 5 U.S.C. 552a(e)(1) requires that an agency maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or executive order. The term maintain as defined in 5 U.S.C. 552a(a)(3) includes “collect” and “disseminate.” At the time that information is collected by the Federal Emergency Management Agency, there is often insufficient time to determine whether the information is relevant and necessary to accomplish a purpose of the Federal Emergency Management Agency; in many cases information collected may not be immediately susceptible to a determination of whether the information is relevant and necessary, particularly in the early stages of an investigation, and in many cases, information which initially appears to be irrelevant or unnecessary may, upon further evaluation or upon continuation of the investigation, prove to have particular relevance to an enforcement program of the Federal Emergency Management Agency. Further, not all violations of law discovered during a criminal investigation fall within the investigative jurisdiction of the Federal Emergency Management Agency; in order to promote effective law enforcement, it often becomes necessary and desirable to disseminate information pertaining to such violations to other law enforcement agencies which have jurisdiction over the offense to which the information relates. The Federal Emergency Management Agency should not be placed in a position of having to ignore information relating to violations of law not within its jurisdiction when that information comes to the attention of the Federal Emergency Management Agency through the conduct of a lawful FEMA investigation. The Federal Emergency Management Agency, therefore, believes that it is appropriate to exempt the above-listed system of records from the provisions of 5 U.S.C. 552a(e)(1).

(viii) 5 U.S.C. 552a(e)(2) requires that an agency collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs. The Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would impair the ability of the Federal Emergency Management Agency to conduct investigations and to identify or detect violators of criminal or related laws for the following reasons:

(A) Most information collected about an individual under criminal investigations is obtained from third parties such as witnesses and informers, and it is usually not feasible to rely upon the subject of the investigation as a source for information regarding his/her criminal activities, (B) an attempt to obtain information from the subject of a criminal investigation will often alert that individual to the existence of an investigation, thereby affording the individual an opportunity to attempt to conceal his/her criminal activities so as to avoid apprehension, (C) in certain instances, the subject of a criminal investigation is not required to supply information to criminal investigators as a matter of legal duty, and (D) during criminal investigations it is often a matter of sound investigative procedures to obtain information from a variety of sources in order to verify information already obtained.

(ix) 5 U.S.C. 552a(e)(3) requires that an agency inform each individual whom it asks to supply information, either on the form which the agency uses to collect the information or on a separate form which can be retained by the individual, with the following information: The authority which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary; the principal purposes for which the information is intended to be used; the routine uses which may be made of the information; and the effects on the individual of not providing all or part of the requested information. The Federal Emergency Management Agency believes that the above-listed system of records should be exempted from this provision in order to avoid adverse effects on its ability to identify or detect violators of criminal or related laws. In many cases, information is obtained by confidential sources, other informers or undercover law enforcement officers under circumstances where it is necessary that the true purpose of their actions be kept secret so as to avoid alerting the subject of the investigation or his/her associates that a criminal investigation is in process. Further, if it became known that the undercover officer was assisting in a criminal investigation, that officer's life or physical safety could be endangered through reprisal, and, under such circumstances it may not be possible to continue to utilize that officer in the investigation. In many cases, individuals, for personal reasons, would feel inhibited in talking to a person representing a criminal law enforcement agency but would be willing to talk to a confidential source or undercover officer who they believe is not involved in law enforcement activities. In addition, providing a source of information with written evidence that he was a source, as required by this provision, could increase the likelihood that the source of information would be the subject of retaliatory action by the subject of the investigation. Further, application of this provision could result in an unwarranted invasion of the personal privacy of the subject of the criminal investigation, particularly where further investigation would result in a finding that the subject was not involved in any criminal activity.

(x) 5 U.S.C. 552a(e)(5) requires that an agency maintain all records used by the agency in making any determination about any individual with such accuracy, relevance, timeliness and completeness as is reasonably necessary to assure fairness to the individual in the determination. Since 5 U.S.C. 552a(a)(3) defines “maintain” to include “collect” and “disseminate,” application of this provision to the above-listed system of records would hinder the initial collection of any information which could not, at the moment of collection, be determined to be accurate, relevant, timely and complete. Similarly, application of this provision would seriously restrict the necessary flow of information from the Federal Emergency Management Agency to other law enforcement agencies when a FEMA investigation revealed information pertaining to a violation of law which was under investigative jurisdiction of another agency. In collecting information during the course of a criminal investigation, it is not possible or feasible to determine accuracy, relevance, timeliness or completeness prior to collection of the information; in disseminating information to other law enforcement agencies it is often not possible to determine accuracy, relevance, timeliness or completeness prior to dissemination because the disseminating agency may not have the expertise with which to make such determinations. Further, information which may initially appear to be inaccurate, irrelevant, untimely or incomplete may, when gathered, grouped, and evaluated with other available information, become more pertinent as an investigation progresses. In addition, application of this provision could seriously impede criminal investigators and intelligence analysts in the exercise of their judgment in reporting on results obtained during criminal investigations. The Federal Emergency Management Agency believes that it is appropriate to exempt the above-listed system of records from the provisions of 5 U.S.C. 552a(e)(5).

(xi) 5 U.S.C. 552a(e)(8) requires that an agency make reasonable effort to serve notice on an individual when any record on the individual is made available to any person under compulsory legal process when such process becomes a matter of public record. The Federal Emergency Management Agency believes that the above-listed system of records should be exempt from this provision in order to avoid revealing investigative techniques and procedures outlined in those records and in order to prevent revelation of the existence on an on-going investigation where there is a need to keep the existence of the investigation secret.

(xii) 5 U.S.C. 552a(g) provides civil remedies to an individual for an agency's refusal to amend a record or to make a review of a request for amendment; for an agency's refusal to grant access to a record; for an agency's failure to maintain accurate, relevant, timely and complete records which are used to make a determination which is adverse to the individual; and for an agency's failure to comply with any other provision of 5 U.S.C. 552a in such a way as to have an adverse effect on an individual. The Federal Emergency Management Agency believes that the above-listed system of records should be exempted from this provision to the extent that the civil remedies provided therein may relate to provisions of 5 U.S.C. 552a from which the above-listed system of records is proposed to be exempt. Since the provisions of 5 U.S.C. 552a enumerated in paragraphs (b)(2)(i) through (xi) of this section are proposed to be inapplicable to the above-listed systems of records for the reasons stated therein, there should be no corresponding civil remedies for failure to comply with the requirements of those provisions to which the exemption is proposed to apply. Further, the Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would adversely affect its ability to conduct criminal investigations by exposing to civil court action every stage of the criminal investigative process in which information is compiled or used in order to identify, detect, or otherwise investigate persons suspected or known to be engaged in criminal conduct.

(xiii) Individuals may not have access to another agency's records, which are contained in files maintained by the Federal Emergency Management Agency, when that other agency's regulations provide that such records are subject to general exemption under 5 U.S.C. 552a(j). If such exempt records are within a request for access, FEMA will advise the individual of their existence and of the name and address of the source agency. For any further information concerning the record and the exemption, the individual must contact that source agency.

[45 FR 64580, Sept. 30, 1980]

§6.87   Specific exemptions.

(a) Exempt under 5 U.S.C. 552a(k)(1). The Administrator, Federal Emergency Management Agency has determined that certain systems of records may be exempt from the requirements of (c)(3) and (d) pursuant to 5 U.S.C. 552a(k)(1) to the extent that the system contains any information properly classified under Executive Order 12356 or any subsequent Executive order and which are required to be kept secret in the interest of national defense or foreign policy. To the extent that this occurs, such records in the following systems would be exempt:

Claims (litigation) (FEMA/GC-1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC-2)—Limited Access

General Investigative Files (FEMA/IG-1)—Limited Access

Security Management Information System (FEMA/SEC-1)—Limited Access

(b) Exempt under 5 U.S.C. 552a(k)(2) from the requirements of 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4) (G), (H), and (I), and (f). The Federal Emergency Management Agency will not deny individuals access to information which has been used to deny them a right, privilege, or benefit to which they would otherwise be entitled.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552a(k)(2), shall be exempt from the provisions of 5 U.S.C. 552a(k)(2) listed in paragraph (b) of this section.

Claims (litigation) (FEMA/GC-1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC-2)—Limited Access

General Investigative Files (FEMA/IG-1)—Limited Access

Equal Employment Opportunity Complaints of Discrimination Files (FEMA/PER-2)—Limited Access

(2) Reasons for exemptions. (i) 5 U.S.C. 552a (e)(4)(G) and (f)(1) enable individuals to be notified whether a system of records contains records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed systems of records would impair the ability of FEMA to successfully complete investigations and inquiries of suspected violators of civil and criminal laws and regulations under its jurisdiction. In many cases investigations and inquiries into violations of civil and criminal laws and regulations involve complex and continuing patterns of behavior. Individuals, if informed, that they have been identified as suspected violators of civil or criminal laws and regulations, would have an opportunity to take measures to prevent detection of illegal action so as to avoid prosecution or the imposition of civil sanctions. They would also be able to learn the nature and location of the investigation or inquiry, the type of surveillance being utilized, and they would be able to transmit this knowledge to co-conspirators. Finally, violators might be given the opportunity to destroy evidence needed to prove the violation under investigation or inquiry.

(ii) 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) enable individuals to gain access to records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed systems of records would impair its ability to complete or continue civil or criminal investigations and inquiries and to detect violators of civil or criminal laws. Permitting access to records contained in the above-listed systems of records would provide violators with significant information concerning the nature of the civil or criminal investigation or inquiry. Knowledge of the facts developed during an investigation or inquiry would enable violators of criminal and civil laws and regulations to learn the extent to which the investigation or inquiry has progressed, and this could provide them with an opportunity to destroy evidence that would form the basis for prosecution or the imposition of civil sanctions. In addition, knowledge gained through access to investigatory material could alert a violator to the need to temporarily postpone commission of the violation or to change the intended point where the violation is to be committed so as to avoid detection or apprehension. Further, access to investigatory material would disclose investigative techniques and procedures which, if known, could enable violators to structure their future operations in such a way as to avoid detection or apprehension, thereby neutralizing investigators' established and effective investigative tools and procedures. In addition, investigatory material may contain the identity of a confidential source of information or other informer who would not want his/her identity to be disclosed for reasons of personal privacy or for fear of reprisal at the hands of the individual about whom he/she supplied information. In some cases mere disclosure of the information provided by an informer would reveal the identity of the informer either through the process of elimination or by virtue of the nature of the information supplied. If informers cannot be assured that their identities (as sources for information) will remain confidential, they would be very reluctant in the future to provide information pertaining to violations of criminal and civil laws and regulations, and this would seriously compromise the ability of the Federal Emergency Management Agency to carry out its mission. Further, application of 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) to the above-listed systems of records would make available attorney's work product and other documents which contain evaluations, recommendations, and discussions of on-going civil and criminal legal proceedings; the availability of such documents could have a chilling effect on the free flow of information and ideas within the Federal Emergency Management Agency which is vital to the agency's predecisional deliberative process, could seriously prejudice the agency's or the Government's position in a civil or criminal litigation, and could result in the disclosure of investigatory material which should not be disclosed for the reasons stated above. It is the belief of the Federal Emergency Management Agency that, in both civil actions and criminal prosecutions, due process will assure that individuals have a reasonable opportunity to learn of the existence of, and to challenge, investigatory records and related materials which are to be used in legal proceedings.

(iii) 5 U.S.C. 552a (d)(2), (3) and (4), (e)(4)(H) and (f)(4) which are dependent upon access having been granted to records pursuant to the provisions cited in paragraph (b)(2)(ii) of this section, enable individuals to contest (seek amendment to) the content of records contained in a system of records and require an agency to note an amended record and to provide a copy of an individual's statement (of disagreement with the agency's refusal to amend a record) to persons or other agencies to whom the record has been disclosed. The Federal Emergency Management Agency believes that the reasons set forth in paragraphs (b)(2)(i) of this section are equally applicable to this paragraph, and, accordingly, those reasons are hereby incorporated herein by reference.

(iv) 5 U.S.C. 552a(c)(3) requires that an agency make accountings of disclosures of records available to individuals named in the records at their request; such accountings must state the date, nature, and purpose of each disclosure of a record and the name and address of the recipient. The Federal Emergency Management Agency believes that application of this provision to the above-listed systems of records would impair the ability of the Federal Emergency Management Agency and other law enforcement agencies to conduct investigations and inquiries into civil and criminal violations under their respective jurisdictions. Making accountings available to violators would alert those individuals to the fact that the Federal Emergency Management Agency or another law enforcement authority is conducting an investigation or inquiry into their activities, and such accountings could reveal the geographic location of the investigation or inquiry, the nature and purpose of the investigation or inquiry and the nature of the information disclosed, and the date on which that investigation or inquiry was active. Violators possessing such knowledge would thereby be able to take appropriate measures to avoid detection or apprehension by altering their operations, transferring their activities to other locations or destroying or concealing evidence which would form the basis for prosecution or the imposition of civil sanctions.

(v) 5 U.S.C. 552a(e)(1) requires that an agency maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or executive order. The term maintain as defined in 5 U.S.C. 552a(a)(3) includes “collect” and “disseminate.” At the time that information is collected by the Federal Emergency Management Agency there is often insufficient time to determine whether the information is relevant and necessary to accomplish a purpose of the Federal Emergency Management Agency; in many cases information collected may not be immediately susceptible to a determination of whether the information is relevant and necessary, particularly in the early stages of investigation or inquiry, and in many cases information which initially appears to be irrelevant or unnecessary may, upon further evaluation or upon continuation of the investigation or inquiry, prove to have particular relevance to an enforcement program of the Federal Emergency Management Agency. Further, not all violations of law uncovered during a Federal Emergency Management Agency inquiry fall within the civil or criminal jurisdiction of the Federal Emergency Management Agency; in order to promote effective law enforcement, it often becomes necessary and desirable to disseminate information pertaining to such violations to other law enforcement agencies which have jurisdiction over the offense to which the information relates. The Federal Emergency Management Agency should not be placed in a position of having to ignore information relating to violations of law not within its jurisdiction when that information comes to the attention of the Federal Emergency Management Agency through the conduct of a lawful FEMAs civil or criminal investigation or inquiry. The Federal Emergency Management Agency therefore believes that it is appropriate to exempt the above-listed systems of records from the provisions of 5 U.S.C. 552a(e)(1).

(c) Exempt under 5 U.S.C. 552a(k)(5). The Administrator, Federal Emergency Management Agency has determined that certain systems of records are exempt from the requirements of (c)(3) and (d) of 5 U.S.C. 552a.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552a(k)(5), shall be exempted from the provisions of 5 U.S.C. 552a listed in paragraph (c) of this section.

Claims (litigation) (FEMA/GC-1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC-2)—Limited Access

General Investigative Files (FEMA/IG-2)—Limited Access

Security Management Information Systems (FEMA/SEC-1)—Limited Access

(2) Reasons for exemptions. All information about individuals in these records that meet the criteria stated in 5 U.S.C. 552a(k)(5) is exempt from the requirements of 5 U.S.C. 552a (c)(3) and (d). These provisions of the Privacy Act relate to making accountings of disclosure available to the subject and access to and amendment of records. These exemptions are claimed because the system of records entitled, FEMA/SEC-1, Security Management Information System, contains investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for access to classified information or classified Federal contracts, but only to the extent that the disclosure would reveal the identity of a source who furnished information to the Government under an express promise or, prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence. During the litigation process and investigations, it is possible that certain records from the system of records entitled, FEMA/SEC-1, Security Management System may be necessary and relevant to the litigation or investigation and included in these systems of records. To the extent that this occurs, the Administrator, FEMA, has determined that the records would also be exempted from subsections (c)(3) and (d) pursuant to 5 U.S.C. 552a(k)(5) to protect such records. A determination will be made at the time of the request for a record concerning whether specific information would reveal the identity of a source. This exemption is required in order to protect the confidentiality of the sources of information compiled for the purpose of determining access to classified information. This confidentiality helps maintain the Government's continued access to information from persons who would otherwise refuse to give it.

[45 FR 64580, Sept. 30, 1980, as amended at 47 FR 54816, Dec. 6, 1982; 52 FR 5114, Feb. 19, 1987]



For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.
For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.