61 FR 2673, Jan. 29, 1996, unless otherwise noted.
82 FR 46371, Oct. 5, 2017, unless otherwise noted.
(a) This subpart contains the rules that SBA follows in processing requests for records under the Freedom of Information Act (“FOIA”), 5 U.S.C. 552. The rules in this subpart should be read in conjunction with the text of the FOIA and the Uniform Freedom of Information Fee Schedule and Guidelines published by the Office of Management and Budget (“OMB Guidelines”). Requests made by individuals for records about themselves under the Privacy Act of 1974, 5 U.S.C. 552a, are processed under subpart B of this part as well as under this subpart.
(b) As referenced in this subpart, “component” means each separate bureau, office, division, district office, regional office, area office, service center, loan processing center or central office duty location within the SBA that is responsible for processing FOIA requests. See appendix A to this subpart for a list of information generally exempt from disclosure. For contact information for each office visit https://www.sba.gov/foia and for a detailed description of the function of each office to help ascertain the types of records maintained by each component, please visit https://www.sba.gov/about-sba. The rules described in this regulation that apply to SBA also apply to its components.
(c) The SBA has a decentralized system for processing requests, with each component handling requests for its records.
(d) The term record means:
(1) Any information that would be an agency record subject to the requirements of this section when maintained by SBA in any format, including written or electronic format; and
(2) Any information described under paragraph (d)(1) of this section that is maintained for SBA by an entity under Government contract, for purposes of records management.
Records that are required by the FOIA to be made available for public inspection in an electronic format may be accessed through the SBA's Web site at https://www.sba.gov/foia. Each component of SBA is responsible for determining which of its records are required to be made publicly available, as well as for identifying additional records of interest to the public that are appropriate for public disclosure, and for posting and indexing such records. Each component shall ensure that its Web site of posted records and indices is reviewed and updated on an ongoing basis. Each component has a FOIA Public Liaison who can assist individuals in locating records particular to a component. A list of the SBA's FOIA Public Liaisons is available at https://www.sba.gov/foia.
(a) General information.
(1) The SBA has a decentralized system for responding to FOIA requests, with each component handling requests for its records. All components have the capability to receive requests electronically either through email or a web portal. To make a request for records, a requester should write directly to the Freedom of Information/Privacy Acts (FOI/PA) Office by mail to 409 3rd St SW., Washington, DC 20416 or submit a fax to 202-205-7059 or email to foia@sba.gov. Requesters may also submit their request through the FOIA online portal at https://foiaonline.regulations.gov/foia/action/public/home. Additional information for submitting a request to SBA is listed at https://www.sba.gov/foia. However, a request will receive the quickest possible response if it is addressed to the component that maintains the records sought.
(2) A requester who is making a request for records about himself or herself must comply with the verification of identity provision set forth in subpart B of this part. The Certification of Identity form, available at http://www.justice.gov/oip/forms/cert_ind.pdf, may be used by individuals who are making requests for records pertaining to themselves.
(3) Where a request for records pertains to another individual, a requester may receive greater access by submitting either a notarized authorization signed by that individual or a declaration made in compliance with the requirements set forth in 28 U.S.C. 1746 by that individual authorizing disclosure of the records to the requester, or by submitting proof that the individual is deceased (e.g., a copy of a death certificate or an obituary). As an exercise of administrative discretion, each component can require a requester to supply additional information if necessary in order to verify that a particular individual has consented to disclosure.
(b) Description of records sought. Requesters must describe the records sought in sufficient detail to enable agency personnel to locate them with a reasonable amount of effort. To the extent possible, requesters should include specific information that may help the component in identifying the requested records, such as the date, title or name, author, recipient, subject matter of the record, case number, file designation, reference number, the timeframe for which the records are sought, the office that created the records, or any other information that will assist the component in locating documents responsive to the request. Before submitting their requests, requesters may contact the component's FOIA Contact or FOIA Public Liaison to discuss the records they are seeking and to receive assistance in describing the records. If, after receiving a request, a component determines that the request does not adequately describe the records sought, the component will inform the requester what additional information is needed or why the request is otherwise insufficient. The component will also notify the requester that it will not be able to comply with their request unless the additional information it has requested is received from them in writing within 20 working days after the component has requested it. If this type of notification is received, a requester may wish to discuss it with the FOIA Public Liaison. If the component does not receive a written response containing the additional information within 20 working days after it has been requested, the SBA will presume that the requester is no longer interested in the records and will close the file on the request. Requesters who are attempting to reformulate or modify such a request may discuss their request with the component's designated FOIA Contact or its FOIA Public Liaison, or a representative of the FOI/PA Office, each of whom is available to assist the requester in reasonably describing the records sought. If a request does not reasonably describe the records sought, the SBA's response to the request may be delayed.
(c) Form or format. Requests may specify the preferred form or format (including electronic formats) for the records sought. The SBA will accommodate the request if the record is readily reproducible in that form or format.
(d) Contact information. Requesters must provide contact information, such as their phone number, email address, and mailing address, to assist the SBA in communicating with the requester and providing the released records.
(a) In general. Except in the instances described in paragraphs (c) and (d) of this section, the component that first receives a request for a record and maintains that record is the component responsible for responding to the request. In determining which records are responsive to a request, a component ordinarily will include only records in its possession as of the date that it begins its search. If any other date is used, the component shall inform the requester of that date. A record that is excluded from the requirements of the FOIA pursuant to 5 U.S.C. 552(c) is not considered responsive to a request.
(b) Authority to grant or deny requests. The head of a component, or designee, is authorized to grant or to deny any requests for records that are maintained by that component.
(c) Re-routing of misdirected requests. Where a component determines that a request was misdirected within the SBA, the receiving component shall route the request to the proper component(s).
(d) Consultation, referral, and coordination. When reviewing records located by a component in response to a request, the component shall determine whether another component of SBA or another agency of the Federal Government is better able to determine whether the record is exempt from disclosure under the FOIA. As to any such record, the component shall proceed in one of the following ways:
(1) Consultation. When records originated with the component processing the request, but contain within them information of interest to another component, agency, or other Federal Government office, the component processing the request should typically consult with that other component or agency prior to making a release determination.
(2) Referral.
(i) When the component processing the request believes that a different component, agency, or other Federal Government office is best able to determine whether to disclose the record, the component typically should refer the responsibility for responding to the request regarding that record, as long as the referral is to a component or agency that is subject to the FOIA. Ordinarily, the component or agency that originated the record will be presumed to be best able to make the disclosure determination. However, if the component processing the request and the originating component or agency jointly agrees that the former is in the best position to respond regarding the record, then the record may be handled as a consultation.
(ii) Whenever a component refers any part of the responsibility for responding to a request to another component or agency, it shall document the referral, maintain a copy of the record that it refers, and notify the requester of the referral and inform the requester of the name(s) of the component or agency to which the record was referred, including that component's or agency's FOIA Contact information.
(3) Coordination. The standard referral procedure is not appropriate where disclosure of the identity of the component or agency to which the referral would be made could harm an interest protected by an applicable exemption, such as the exemptions that protect personal privacy or national security interests. For example, if a non-law enforcement component responding to a request for records on a living third party locates within its files records originating with a law enforcement agency, and if the existence of that law enforcement interest in the third party was not publicly known, then to disclose that law enforcement interest could cause an unwarranted invasion of the personal privacy of the third party. Similarly, if a component locates within its files material originating with an Intelligence Community agency and the involvement of that agency in the matter is classified and not publicly acknowledged, then to disclose or give attribution to the involvement of that Intelligence Community agency could cause national security harms. In such instances, in order to avoid harm to an interest protected by an applicable exemption, the component that received the request should coordinate with the originating component or agency to seek its views on the disclosure of the record. The release determination for the record that is the subject of the coordination should then be conveyed to the requester by the component that originally received the request.
(e) Classified information. On receipt of any request involving classified information, the component shall determine whether the information is currently and properly classified and take appropriate action to ensure compliance. Whenever a request involves a record containing information that has been classified or may be appropriate for classification by another component or agency under any applicable executive order concerning the classification of records, the receiving component shall refer the responsibility for responding to the request regarding that information to the component or agency that classified the information, or that should consider the information for classification. Whenever a component's record contains information that has been derivatively classified (for example, when it contains information classified by another component or agency), the component shall refer the responsibility for responding to that portion of the request to the component or agency that classified the underlying information.
(f) Agreements regarding consultations and referrals. Components of SBA may establish agreements with other components of SBA or other Federal agencies to eliminate the need for consultations or referrals with respect to particular types of records.
(g) Timing of responses to consultations and referrals. All consultations and referrals received by the SBA will be handled according to the date that the FOIA request initially was received by the first component or agency.
(a) In general. Components ordinarily will respond to requests according to their order of receipt. In instances involving misdirected requests that are re-routed pursuant to § 102.4(c), the response time will commence on the date that the request is received by the proper component's office that is designated to receive requests, but in any event not later than 10 working days after the request is first received by any component's office that is designated by these regulations to receive requests.
(b) Multitrack processing. All components will designate a specific track for requests that are granted expedited processing, in accordance with the standards set forth in paragraph (e) of this section. A component may also designate additional processing tracks that distinguish between simple and more complex requests based on the estimated amount of work or time needed to process the request. Among the factors that may be considered are the number of records requested, the number of pages involved in processing the request and the need for consultations or referrals. Components shall advise requesters of the track into which their request falls and, when appropriate, should offer the requester an opportunity to narrow or modify the request so that it can be placed in a different processing track.
(c) Unusual circumstances. Whenever the statutory time limit for processing a request cannot be met because of “unusual circumstances,” as defined in the FOIA, and the component extends the time limit on that basis, the component shall, before expiration of the 20-working day period to respond, notify the requester in writing of the unusual circumstances involved and of the date by which the component estimates processing of the request will be completed. Where the extension exceeds 10 working days, the component shall, as prescribed by the FOIA, provide the requester with an opportunity to modify the request or to arrange an alternative time period for processing the original or modified request. The component shall make available its designated FOIA Contact or its FOIA Public Liaison for this purpose. The component must also alert requesters to the availability of the Office of Government Information Services (OGIS) to provide dispute resolution services.
(d) Aggregating requests. For the purposes of determining unusual circumstances under the FOIA, components may aggregate requests in cases where it reasonably appears that multiple requests, submitted either by a requester or by a group of requesters acting in concert, constitute a single request that would otherwise involve unusual circumstances. Components shall not aggregate multiple requests that involve unrelated matters.
(e) Expedited processing.
(1) Requests and appeals shall be processed on an expedited basis whenever it is determined that they involve:
(i) Circumstances in which the lack of expedited processing could reasonably be expected to pose an imminent threat to the life or physical safety of an individual;
(ii) An urgency to inform the public about an actual or alleged Federal Government activity, if made by a person who is primarily engaged in disseminating information.
(iii) The loss of substantial due process rights; or
(iv) A matter of widespread and exceptional media interest in which there exist possible questions about the government's integrity that affect public confidence.
(2) A request for expedited processing may be made at any time. Requests based on paragraphs (e)(1)(i) through (iii) of this section must be submitted to the component that maintains the records requested. When making a request for expedited processing of an administrative appeal, the request should be submitted to the FOI/PA Office. Requests for expedited processing that are based on paragraph (e)(1)(iv) of this section must be submitted to the component processing the request. A component that receives a misdirected request for expedited processing under the standard set forth in paragraph (e)(1)(iv) of this section shall forward it immediately to the FOI/PA Office for its determination. The time period for making the determination on the request for expedited processing under paragraph (e)(1)(iv) of this section shall commence on the date that the FOI/PA Office receives the request, provided that it is routed within 10 working days.
(3) A requester who seeks expedited processing must submit a notarized statement, such as an affidavit or declaration, certified to be true and correct, explaining in detail the basis for making the request for expedited processing. For example, under paragraph (e)(1)(ii) of this section, a requester who is not a full-time member of the news media must establish that the requester is a person whose primary professional activity or occupation is information dissemination, though it need not be the requester's sole occupation. Such a requester also must establish a particular urgency to inform the public about the government activity involved in the request—one that extends beyond the public's right to know about government activity generally. The existence of numerous articles published on a given subject can be helpful in establishing the requirement that there be an “urgency to inform” the public on the topic. As a matter of administrative discretion, the SBA may waive the formal certification requirement.
(4) A component shall notify the requester within 10 working days of the receipt of a request for expedited processing of its decision whether to grant or deny expedited processing. If expedited processing is granted, the request must be given priority, placed in the processing track for expedited requests, and must be processed as soon as practicable. If a request for expedited processing is denied, any appeal of that decision shall be acted on expeditiously.
(a) In general. Components should, to the extent practicable, communicate with requesters having access to the Internet using electronic means, such as email or web portal.
(b) Acknowledgments of requests. A component shall acknowledge the request in writing and assign it an individualized tracking number. Components shall include in the acknowledgment a brief description of the records sought to allow requesters to more easily keep track of their requests.
(c) Estimated dates of completion and interim responses. Upon request, components shall provide an estimated date by which they expect to provide a response to the requester. If a request involves a voluminous amount of material, or searches in multiple locations, the SBA or component may provide interim responses, releasing the records on a rolling basis.
(d) Grants of requests. Once a component determines it will grant a request in full or in part, it will notify the requester in writing. The component shall inform the requester of any fees charged under § 102.8 and shall disclose the requested records to the requester promptly upon payment of any applicable fees. The component must inform the requester of the availability of its FOIA Public Liaison to offer assistance.
(e) Adverse determinations of requests. A component making an adverse determination denying a request in any respect shall notify the requester of that determination in writing. Adverse determinations, or denials of requests, include denials involving fees or fee waiver matters, denials of requests for expedited processing, and decisions where:
(1) The requested record is exempt, in whole or in part;
(2) The request does not reasonably describe the records sought;
(3) The information requested is not a record subject to the FOIA;
(4) The requested record does not exist, cannot be located, or has been destroyed; or
(5) The requested record is not readily reproducible in the form or format sought by the requester.
(f) Content of denial. The denial must be signed by the head of the component or designee and must include:
(1) The name and title or position of the person responsible for the denial;
(2) A brief statement of the reasons for the denial, including any FOIA exemption applied by the component in denying the request;
(3) An estimate of the volume of any records or information withheld, such as the number of pages or some other reasonable form of estimation, although such an estimate is not required if the volume is otherwise indicated by deletions marked on records that are disclosed in part or if providing an estimate would harm an interest protected by an applicable exemption;
(4) A statement that the denial may be appealed under § 102.9, and a description of the appeal requirements; and
(5) A statement notifying the requester of the assistance available from the component's FOIA Public Liaison or designee, and the dispute resolution services offered by OGIS.
(g) Markings on released documents. Records disclosed in part must be marked clearly to show the amount of information deleted and the exemption under which the deletion was made unless doing so would harm an interest protected by an applicable exemption.
(a) Definitions. For purposes of this section:
Confidential commercial information means commercial or financial information obtained by the SBA from a submitter that may be protected from disclosure under Exemption 4 of the FOIA, 5 U.S.C. 552(b)(4).
Submitter means any person or entity, including a corporation, State, or foreign government, but not including another Federal Government entity, that provides information, either directly or indirectly to the Federal Government.
(b) Designation of confidential commercial information. A submitter of confidential commercial information must use good faith efforts to designate by appropriate markings, either at the time of submission or within a reasonable time thereafter, any portion of its submission that it considers to be protected from disclosure under Exemption 4. These designations shall expire 10 years after the date of the submission unless the submitter requests and provides justification for a longer designation period.
(c) When notice to submitters is required.
(1) A component shall promptly provide written notice to a submitter of confidential commercial information whenever records containing such information are requested under the FOIA if, after reviewing the request, the responsive records, and any appeal by the requester, the component determines that it may be required to disclose the records, provided:
(i) The requested information has been designated in good faith by the submitter as information considered protected from disclosure under Exemption 4; or
(ii) The component has a reason to believe that the requested information may be protected from disclosure under Exemption 4, but has not yet determined whether the information is protected from disclosure under that exemption or any other applicable exemption.
(2) The notice shall either describe the commercial information requested or include a copy of the requested records or portions of records containing the information. In cases involving a voluminous number of submitters, notice may be made by posting or publishing the notice in a place or manner reasonably likely to accomplish it.
(d) Exceptions to submitter notice requirements. The notice requirements of this section shall not apply if:
(1) The component determines that the information is exempt under the FOIA;
(2) The information has been lawfully published or has been officially made available to the public;
(3) Disclosure of the information is required by a statute other than the FOIA or by a regulation issued in accordance with the requirements of Executive Order 12600 of June 23, 1987; or
(4) The designation made by the submitter under paragraph (b) of this section appears obviously frivolous, except that, in such a case, the component shall give the submitter written notice of any final decision to disclose the information and must provide that notice within a reasonable number of days prior to a specified disclosure date.
(e) Opportunity to object to disclosure.
(1) A component shall specify a reasonable time period within which the submitter must respond to the notice referenced above. If the submitter has any objections to disclosure, it should provide the component a detailed written statement that specifies all grounds for withholding the particular information under any exemption of the FOIA. In order to rely on Exemption 4 as the basis for nondisclosure, the submitter must explain why the information constitutes a trade secret or commercial or financial information that is privileged or confidential.
(2) A submitter who fails to respond within the time period specified in the notice shall be considered to have no objection to disclosure of the information. Information received by the component after the date of any disclosure decision shall not be considered by the component. Any information provided by a submitter under this subpart may itself be subject to disclosure under the FOIA.
(f) Analysis of objections. A component shall consider a submitter's objections and specific grounds for nondisclosure in deciding whether to disclose the requested information.
(g) Notice of intent to disclose. Whenever a component decides to disclose information over the objection of a submitter, the component shall provide the submitter written notice, which shall include:
(1) A statement of the reasons why each of the submitter's disclosure objections was not sustained;
(2) A description of the information to be disclosed; and
(3) A specified disclosure date, which shall be a reasonable time subsequent to the notice.
(a) In general. Components shall charge for processing requests under the FOIA in accordance with the provisions of this section and with the OMB Guidelines. In order to resolve any fee issues that arise under this section, a component may contact a requester for additional information. Components shall ensure that searches, review, and duplication are conducted in the most efficient and the least expensive manner. A component ordinarily will collect all applicable fees before sending copies of records to a requester. Requesters must pay fees by check or money order made payable to the Small Business Administration, addressed to the component assessing the fee.
(b) Categories of requesters. Different fees are assessed depending on the requester category. Requesters may seek a fee waiver. Requests for fee waivers will be considered in accordance with the requirements in paragraph (l) of this section. For purposes of assessing fees, the FOIA establishes four categories of requesters:
(1) Commercial use requesters;
(2) Non-commercial scientific/educational institutions requesters;
(3) News media requesters, and;
(4) All other requesters.
(c) Definitions. For purposes of this section:
(1) Commercial use request is a request that asks for information for a use or a purpose that furthers a commercial, trade, or profit interest, which can include furthering those interests through litigation. A component's decision to place a requester in the commercial use category will be made on a case-by-case basis based on the requester's intended use of the information.
(2) Direct costs are those expenses that the SBA incurs in searching for and duplicating (and, in the case of commercial use requests, reviewing) records in order to respond to a FOIA request. For example, direct costs include the salary of the employee performing the work (i.e., the basic rate of pay for the employee, plus 16 percent of that rate to cover benefits) and the cost of operating computers and other electronic equipment, such as photocopiers and scanners. Direct costs do not include overhead expenses such as the costs of space, and of heating or lighting a facility. This will be in addition to search, review, and duplication fees, and shall be paid by requesters categorized as commercial and other.
(3) Duplication is reproducing a copy of a record, or of the information contained in it, necessary to respond to a FOIA request. Copies can take the form of paper, audiovisual materials, or electronic records, among others.
(4) Educational institution is any school that operates a program of scholarly research. A requester in this fee category must show that the request is made in connection with his or her role at the educational institution. Components may seek verification from the requester that the request is in furtherance of scholarly research and will advise requesters of their placement in this category.
A request from a professor of geology at a university for records relating to soil erosion, written on letterhead of the Department of Geology, would be presumed to be from an educational institution.
A request from the same professor of geology seeking drug information from the Food and Drug Administration in furtherance of a murder mystery he is writing would not be presumed to be an institutional request, regardless of whether it was written on institutional stationery.
A student, who makes a request in furtherance of their coursework or other school-sponsored activities and provides a copy of a course syllabus or other reasonable documentation to indicate the research purpose for the request, would qualify as part of this fee category.
(5) Noncommercial scientific institution is an institution that is not operated on a “commercial” basis, as defined in paragraph (c)(1) of this section and that is operated solely for the purpose of conducting scientific research, the results of which are not intended to promote any particular product or industry. A requester in this category must show that the request is authorized by and is made under the auspices of a qualifying institution and that the records are sought to further scientific research and are not for a commercial use.
(6) Representative of the news media is any person or entity that gathers information of potential interest to a segment of the public, uses its editorial skills to turn the raw materials into a distinct work, and distributes that work to an audience. The term “news” means information that is about current events or that would be of current interest to the public. Examples of news media entities include television or radio stations that broadcast “news” to the public at large and publishers of periodicals that disseminate “news” and make their products available through a variety of means to the general public, including news organizations that disseminate solely on the Internet. A request for records supporting the news-dissemination function of the requester will not be considered to be for a commercial use. “Freelance” journalists who demonstrate a solid basis for expecting publication through a news media entity will be considered as a representative of the news media. A publishing contract would provide the clearest evidence that publication is expected; however, a requester's past publication record will be considered in making a determination.
(7) Review is the examination of a record located in response to a request in order to determine whether any portion of it is exempt from disclosure. Review time includes processing any record for disclosure, such as doing all that is necessary to prepare the record for disclosure, including the process of redacting the record and marking the appropriate exemptions. Review costs are properly charged even if a record ultimately is not disclosed. Review time also includes time spent both obtaining and considering any formal objection to disclosure made by a confidential commercial information submitter under § 102.7, but it does not include time spent resolving general legal or policy issues regarding the application of exemptions.
(8) Search is the process of looking for and retrieving records or information responsive to a request. Search time includes page-by-page or line-by-line identification of information within records and the reasonable efforts expended to locate and retrieve information from electronic records.
(d) Charging fees. In responding to FOIA requests, components will charge the following fees unless a waiver or reduction of fees has been granted under paragraph (l) of this section. Because the fee amounts provided below already account for the direct costs associated with a given fee type, components will not add any additional costs to charges calculated under this section.
(1) Search.
(i) Requests made by educational institutions, noncommercial scientific institutions, or representatives of the news media are not subject to search fees. Search fees shall be charged for all other requesters, subject to the restrictions of paragraph (e) of this section. Components may properly charge for time spent searching even if they do not locate any responsive records or if they determine that the records are entirely exempt from disclosure.
(ii) For each hour spent by personnel searching for requested records, including electronic searches that do not require new programming, the fees will be charged as follows: Professional (GS 9-14)—$46; and managerial (GS 15 and above)—$83.
(iii) Requesters shall be charged the direct costs associated with conducting any search that requires the creation of a new computer program to locate the requested records. Requesters shall be notified of the costs associated with creating such a program and must agree to pay the associated costs before the costs may be incurred.
(iv) For requests that require the retrieval of records stored by SBA at a Federal Records Center operated by the National Archives and Records Administration (NARA), additional costs shall be charged in accordance with the Transactional Billing Rate Schedule established by NARA.
(2) Duplication. Duplication fees will be assessed to all requesters, subject to the restrictions of paragraph (e) of this section. A component shall honor a requester's preference for receiving a record in a particular form or format where it can be readily reproduced in the form or format requested. Where photocopies are supplied, SBA will provide one copy per request at the cost of $.10 per page. For copies of records produced on tapes, disks, or other media, SBA will charge the direct costs of producing the copy, including operator time. Where paper documents must be scanned in order to comply with a requester's preference to receive the records in an electronic format, the requester must also pay the direct costs associated with scanning those materials. For other forms of duplication, components shall charge the direct costs.
(3) Review.
(i) Review fees will be assessed to requesters who make commercial use requests. Review fees will be assessed in connection with the initial review of the record, i.e., the review conducted by a component to determine whether an exemption applies to a particular record or portion of a record. No charge will be made for review at the administrative appeal stage of exemptions applied at the initial review stage. However, if a particular exemption is deemed to no longer apply, any costs associated with SBA's re-review of the records in order to consider the use of other exemptions may be assessed as review fees. Review fees will be charged at the same rates as those charged for a search under paragraph (d)(1)(ii) of this section.
(ii) The following table summarizes the fees for each type of requester.
Table 1 to § 102.8—Summary of Fees
| Requester category | Search | Review | Duplication fees | Direct costs |
|---|---|---|---|---|
| Commercial Use | Yes | Yes | Yes | Yes. |
| Educational/Noncommercial Scientific Institutions | No | No | Yes (first 100 pages, or equivalent volume free) | No. |
| News Media | No | No | Yes (first 100 pages, or equivalent volume free) | No. |
| All Others | Yes (first 2 hours free) | No | Yes (first 100 pages, or equivalent volume free) | Yes. |
(e) Restrictions on charging fees.
(1) When a component determines that a requester is an educational institution, non-commercial scientific institution, or representative of the news media, and the records are not sought for commercial use, it will not charge search fees.
(i) If a component fails to comply with the time limits in which to respond to a request, it may not charge search fees, or, in the instances of requests from requesters described in paragraph (c)(1) of this section, may not charge duplication fees, except as described in paragraphs (d)(1)(ii) through (iv) of this section.
(ii) If a component has determined that unusual circumstances as defined by the FOIA apply and SBA provided timely written notice to the requester in accordance with the FOIA, a failure to comply with the time limit shall be excused for an additional 10 working days.
(iii) If a component has determined that unusual circumstances, as defined by the FOIA, apply and more than 5,000 pages are necessary to respond to the request, the component may charge search fees, or, in the case of requesters described in paragraph (c)(1) of this section, may charge duplication fees, if the following steps are taken. The component shall provide a timely written notice of unusual circumstances to the requester in accordance with the FOIA and SBA must have discussed with the requester via written mail, email, or telephone (or made not less than three good-faith attempts to do so) how the requester could effectively limit the scope of the request in accordance with 5 U.S.C. 552(a)(6)(B)(ii). If this exception is satisfied, the component may charge all applicable fees incurred in the processing of the request.
(iv) If a court has determined that exceptional circumstances exist, as defined by the FOIA, a failure to comply with the time limits shall be excused for the length of time provided by the court order.
(2) No search or review fees will be charged for a quarter-hour period unless more than half of that period is required for search or review.
(3) Except for requesters seeking records for a commercial use, components shall provide without charge:
(i) The first 100 pages of duplication (or the cost equivalent for other media); and
(ii) The first two hours of search.
(4) No fee will be charged when the total fee, after deducting the 100 free pages (or its cost equivalent) and the first two hours of search, is equal to or less than $46.00.
(f) Notice of anticipated fees in excess of $46.00.
(1) When a component determines or estimates that the fees to be assessed in accordance with this section will exceed $46.00, the component shall notify the requester of the actual or estimated amount of the fees, including a breakdown of the fees for search, review, or duplication, unless the requester has indicated a willingness to pay fees as high as those anticipated. If only a portion of the fee can be estimated readily, the component shall advise the requester accordingly. If the request is not for noncommercial use, the notice will specify that the requester is entitled to the statutory entitlements of 100 pages of duplication at no charge and, if the requester is charged search fees, two hours of search time at no charge, and will advise the requester whether those entitlements have been provided.
(2) In cases in which a requester has been notified that the actual or estimated fees are in excess of $46.00, the request shall not be considered received and further work will not be completed until the requester commits in writing to pay the actual or estimated total fee, or designates some amount of fees the requester is willing to pay, or in the case of a noncommercial use requester who has not yet been provided with the requester's statutory entitlements, designates that the requester seeks only that which can be provided by the statutory entitlements. The requester must provide the commitment or designation in writing, and must, when applicable, designate an exact dollar amount the requester is willing to pay. Components are not required to accept payments in installments.
(3) If the requester has indicated a willingness to pay some designated amount of fees, but the component estimates that the total fee will exceed that amount, the component will toll the processing of the request when it notifies the requester of the estimated fees in excess of the amount the requester has indicated a willingness to pay. The component shall inquire whether the requester wishes to revise the amount of fees the requester is willing to pay or modify the request. Once the requester responds, the time to respond will resume from where it was at the date of the notification.
(4) Components shall make available their FOIA Public Liaison or other designee to assist any requester in reformulating a request to meet the requester's needs at a lower cost.
(g) Charges for other services. Although not required to provide special services, if a component chooses to do so as a matter of administrative discretion, the direct costs of providing the service will be charged. Examples of such services include certifying that records are true copies, providing multiple copies of the same document, or sending records by means other than first class mail.
(h) Charging interest. Components may charge interest on any unpaid bill starting on the 31st day following the date of billing the requester. Interest charges will be assessed at the rate provided in 31 U.S.C. 3717 and will accrue from the billing date until payment is received by the component. Components shall follow the provisions of the Debt Collection Act of 1982 (Pub. L. 97-365, 96 Stat. 1749), as amended, and its administrative procedures, including the use of consumer reporting agencies, collection agencies, and offset.
(i) Aggregating requests. When a component reasonably believes that a requester or a group of requesters acting in concert is attempting to divide a single request into a series of requests for the purpose of avoiding fees, the component may aggregate those requests and charge accordingly. Components may presume that multiple requests of this type made within a 30-day period have been made in order to avoid fees. For requests separated by a longer period, components shall aggregate them only where there is a reasonable basis for determining that aggregation is warranted in view of all the circumstances involved. Multiple requests involving unrelated matters cannot be aggregated.
(j) Advance payments.
(1) For requests other than those described in paragraphs (j)(2) or (j)(3) of this section, components cannot require the requester to make an advance payment before work is commenced or continued on a request. Payment owed for work already completed (i.e., payment before copies are sent to a requester) is not an advance payment.
(2) When a component determines or estimates that a total fee to be charged under this section will exceed $250.00, it may require that the requester make an advance payment up to the amount of the entire anticipated fee before beginning to process the request. Components may elect to process the request prior to collecting fees when it receives a satisfactory assurance of full payment from a requester with a history of prompt payment.
(3) Where a requester has previously failed to pay a properly charged FOIA fee to any component or SBA within 30 working days of the billing date, a component may require that the requester pay the full amount due, plus any applicable interest on that prior request, and the component may require that the requester make an advance payment of the full amount of any anticipated fee before SBA begins to process a new request or continues to process a pending request or any pending appeal. When a component has a reasonable basis to believe that a requester has misrepresented the requester's identity in order to avoid paying outstanding fees, it may require that the requester provide proof of identity.
(4) In cases in which advanced payment is required, the request will not be considered received and further work will not be completed until the required payment is received. If the requester does not pay the advance payment within 30 working days after the date of the fee determination, the request will be closed.
(k) Other statutes specifically providing for fees. The fee schedule of this section does not apply to fees charged under any statute that specifically requires SBA to set and collect fees for particular types of records. In instances where records responsive to a request are subject to a statutorily-based fee schedule program, the requester will be informed of the contact information for that program.
(l) Requirements for waiver or reduction of fees.
(1) Requesters may seek a waiver of fees by submitting written correspondence demonstrating how disclosure of the requested information is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester. Records responsive to a request shall be furnished without charge or at a reduced rate below the rate established under paragraph (d) of this section, where a component determines, based on all available information, that the requester has demonstrated that:
(i) Disclosure of the requested information is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government, and
(ii) Disclosure of the information is not primarily in the commercial interest of the requester.
(2) Components shall furnish records responsive to a request without charge or at a reduced rate when it determines, based on all available information, that the factors described in paragraphs (l)(2)(i) through (iii) of this section are satisfied:
(i) Disclosure of the requested information would shed light on the operations or activities of the government. The subject of the request must concern identifiable operations or activities of the Federal Government with a connection that is direct and clear, not remote or attenuated.
(ii) Disclosure of the requested information is likely to contribute significantly to public understanding of those operations or activities. This factor is satisfied when the following criteria are met:
(A) Disclosure of the requested records must be meaningfully informative about government operations or activities. The disclosure of information that already is in the public domain, in either the same or a substantially identical form, would not be meaningfully informative if nothing new would be added to the public's understanding.
(B) The disclosure must contribute to the understanding of a reasonably broad audience of persons interested in the subject, as opposed to the individual understanding of the requester. A requester's expertise in the subject area as well as the requester's ability and intention to effectively convey information to the public must be considered. Components shall presume that a representative of the news media will satisfy this consideration.
(iii) The disclosure must not be primarily in the commercial interest of the requester. To determine whether disclosure of the requested information is primarily in the commercial interest of the requester, the following criteria will be considered:
(A) Identify whether the requester has any commercial interest that would be furthered by the requested disclosure. A commercial interest includes any commercial, trade, or profit interest. Requesters must be given an opportunity to provide explanatory information regarding this consideration.
(B) If there is an identified commercial interest, a determination will be made whether the primary interest is furthered by the request. A waiver or reduction of fees is justified when the requirements of paragraphs (l)(2)(i) and (ii) of this section are satisfied and any commercial interest is not the primary interest furthered by the request. Ordinarily there will be a presumption, that when a news media requester has satisfied factors (l)(2)(i) and (ii) of this section, the request is not primarily in the commercial interest of the requester. Disclosure to data brokers or others who merely compile and market government information for direct economic return will not be presumed to primarily serve the public interest.
(3) Where only some of the records to be released satisfy the requirements for a waiver of fees, a waiver must be granted for those records.
(4) Requests for a waiver or reduction of fees should be made when the request is first submitted and should address the criteria referenced above. A requester may submit a fee waiver request at a later time so long as the underlying record request is pending or on administrative appeal. When a requester who has committed to pay fees subsequently asks for a waiver of those fees and that waiver is denied, the requester must pay any costs incurred up to the date the fee waiver request was received.
(a) Requirements for making an appeal. A requester may appeal any adverse determinations to the FOI/PA Office. The contact information is contained in § 102.3(a)(1). Examples of adverse determinations are provided in § 102.6(e). The requester must make the appeal in writing and to be considered timely it must be postmarked, or in the case of electronic submissions, transmitted, within 90 working days after the date of the response. The appeal should clearly identify the component's determination that is being appealed and the assigned request number. To facilitate handling, the requester should mark both the appeal letter and envelope, or subject line of the electronic transmission, “Freedom of Information Act Appeal.”
(b) Adjudication of appeals.
(1) The Chief, FOI/PA or designee will act on behalf of the SBA on all appeals under this section.
(2) An appeal ordinarily will not be adjudicated if the request becomes a matter of FOIA litigation.
(3) On receipt of any appeal involving classified information, the FOI/PA Office shall take appropriate action to ensure compliance with Executive Orders 13467 and 13526.
(c) Decisions on appeals. A decision on an appeal will be made in writing. A decision that upholds a component's determination will contain a statement that identifies the reasons for the affirmance, including any FOIA exemptions applied. The decision will provide the requester with notification of the statutory right to file a lawsuit and will inform the requester of the mediation services offered by OGIS as a non-exclusive alternative to litigation. If a component's decision is remanded or modified on appeal, the requester will be notified of that determination in writing. The component will thereafter, further process the request in accordance with that appeal determination and respond directly to the requester.
(d) Time limit for issuing appeal decision. The statutory time limit for responding to appeals is generally 20 working days after receipt. However, the Appeals Officer may extend the time limit for responding to an appeal provided the circumstances set forth in 5 U.S.C. 552(a)(6)(B)(i) are met.
(e) Engaging in dispute resolution services provided by OGIS. Mediation is a voluntary process. If a component agrees to participate in the mediation services provided by OGIS, it will actively engage as a partner to the process in an attempt to resolve the dispute.
(f) When an appeal is required. Before seeking review by a court of a component's adverse determination, a requester generally must first submit a timely administrative appeal.
Each component shall preserve all correspondence pertaining to the requests that it receives under this subpart, as well as copies of all requested records, until disposition or destruction is authorized pursuant to title 44 of the United States Code or the General Records Schedule 14 of the National Archives and Records Administration. Records shall not be disposed of or destroyed while they are the subject of a pending request, appeal, or lawsuit under the FOIA.
(a) The person to whom the subpoena is directed must consult with SBA counsel in the relevant SBA office, who will seek approval for compliance from the Associate General Counsel for Litigation. Except where the subpoena requires the testimony of an employee of the Inspector General's office, or records within the possession of the Inspector General, the Associate General Counsel may delegate the authorization for appropriate production of documents or testimony to local SBA counsel.
(b) If SBA counsel approves compliance with the subpoena, SBA will comply.
(c) If SBA counsel disapproves compliance with the subpoena, SBA will not comply, and will base such noncompliance on an appropriate legal basis such as privilege or a statute.
(d) SBA counsel must provide a copy of any subpoena relating to a criminal matter to SBA's Inspector General prior to its return date.
I. Information Generally Exempt From Disclosure
a. Non-statistical information on pending, declined, withdrawn, or canceled applications.
b. Non-statistical information on defaults, delinquencies, losses etc.
c. Loan status, other than charged-off or paid-in-full.
d. Home disaster loan status and interest rate.
e. Financial statements, credit reports, business plans, plant lay-outs, marketing strategy, advertising plans, fiscal projections, pricing information, payroll information, private sector experience and contracts, IRS forms, purchase information, banking information, corporate structure, research plans and client list of applicant/recipient.
f. Portions of: Certificate of Competency records, Requests for Size Determinations, 8(a) Business Development Plans, loan applications, SBIC applications, loan officer's reports.
g. Internal documents not incorporated into final Agency action, pending internal recommendations on applications for assistance, SBA/attorney-client communications, pending litigation documents and investigatory documents. Discretionary disclosure policy must be utilized.
h. Personal history and financial statements, tax forms, resumes, all non-government career experience, communications regarding applicant's character, home addresses and telephone numbers, social security numbers, birth dates and medical records. Portions of Inspector General (IG) reports, audit reports, program investigation records and any other records which, if released, would interfere with the Government's law enforcement proceedings and/or would reveal the identity of a confidential source and documents relating to pending litigation and investigations. Requests for IG documents must be referred to the Office of the Inspector General, Counsel Division.
i. Financial information on portfolio companies.
j. Information originating from other agencies should be referred to those agencies for disclosure determinations.
II. Information Generally Disclosed
a. Names and business addresses of recipients of approved loans, SBIC licenses, Certificates of Competency, lease guarantees, surety bond guarantees and requests for counseling.
b. Names of officers, directors, stockholders or partners of recipient firms.
c. Kinds and amounts of loans, loan terms, interest rates (except on home disaster loans), maturity dates, general purpose, etc.
d. Statistical data on assistance, loans, defaults, contracts, counseling, etc.
e. Decisions, rulings and records showing final Agency actions in specific factual situations if identifying details exempt from disclosure are first deleted.
f. Awarded contracts: names, amounts, dates, contracting agencies.
g. Identity of participating banks.
h. List of 8(a) participants, date of entry, FPPT dates and NAICS codes.
i. OHA opinions and decisions.
j. Names of SBA employees, grades, titles, and duty stations.
72 FR 17369, Apr. 9, 2007, unless otherwise noted.
(a) Purpose and scope. This subpart implements the provisions of the Privacy Act of 1974, 5 U.S.C. 552a. These regulations apply to all records which are contained in systems of records maintained by the U.S. Small Business Administration (SBA) and that are retrieved by an individual's name or personal identifier. These regulations set forth the procedures by which individuals may request access to records about themselves, request amendment or correction of those records, and request an accounting of disclosures of those records by the SBA. These regulations also set forth the requirements applicable to SBA employees maintaining, collecting, using or disseminating records pertaining to individuals. This subpart applies to SBA and all of its offices and is mandatory for use by all SBA employees.
(b) Definitions. As used in this subpart:
(1) Agency means the U.S. Small Business Administration (SBA) and includes all of its offices wherever located;
(2) Employee means any employee of the SBA, regardless of grade, status, category or place of employment;
(3) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence. This term shall not encompass entrepreneurial enterprises (e.g. sole proprietors, partnerships, corporations, or other forms of business entities);
(4) Maintain includes maintain, collect, use, or disseminate;
(5) Record means any item, collection, or grouping of information about an individual that is maintained by the SBA, including, but not limited to education, financial transactions, medical history, and criminal or employment history and that contains the individual's name, or an identifying number, symbol, or other identifying particular assigned to the individual such as a finger or voice print or photograph;
(6) System of records means a group of any records under the control of SBA from which information is retrieved by the name of the individual or by an identifying number, symbol, or other identifying particular assigned to the individual;
(7) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual;
(8) Routine use means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected;
(9) Request for access to a record means a request made under Privacy Act subsection (d)(1) allowing an individual to gain access to his or her record or to any information pertaining to him or her which is contained in a system of records;
(10) Request for amendment or correction of a record means a request made under Privacy Act subsection (d)(2), permitting an individual to request amendment or correction of a record that he or she believes is not accurate, relevant, timely, or complete;
(11) Request for an accounting means a request made under Privacy Act subsection (c)(3) allowing an individual to request an accounting of any disclosure to any SBA officers and employees who have a need for the record in the performance of their duties;
(12) Requester is an individual who makes a request for access, a request for amendment or correction, or a request for an accounting under the Privacy Act; and
(13) Authority to request records for a law enforcement purpose means that the head of an Agency or a United States Attorney, or either's designee, is authorized to make written requests under subsection (b)(7) of the Privacy Act for records maintained by other agencies that are necessary to carry out an authorized law enforcement activity.
(a) Program/Support Office Head is the SBA employee in each field office and major program and support area responsible for implementing and overseeing this regulation in that office.
(b) Privacy Act Systems Manager (PASM) is the designated SBA employee in each office responsible for the development and management of any Privacy Act systems of records in that office.
(c) Senior Agency Official for Privacy is SBA's Chief Information Officer (CIO) who has overall responsibility and accountability for ensuring the SBA's implementation of information privacy protections, including the SBA's full compliance with Federal laws, regulations, and policies relating to information privacy such as the Privacy Act and the E-Government Act of 2002.
(d) Chief, Freedom of Information/Privacy Acts (FOI/PA) Office oversees and implements the record access, amendment, and correction provisions of the Privacy Act.
(a) In general. Each SBA office shall, in accordance with the Privacy Act:
(1) Maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the Agency required to be accomplished by a statute or by Executive Order of the President;
(2) Collect information to the greatest extent practicable directly from the subject individual when the information may affect an individual's rights, benefits, and privileges under Federal programs;
(b) Requests for information from individuals. If a form is being used to collect information from individuals, either the form used to collect the information, or a separate form that can be retained by the individual, must state the following:
(1) The authority (whether granted by statute, or by Executive Order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary;
(2) The principal purpose or purposes for which the information is intended to be used;
(3) The routine uses which may be made of the information; and
(4) The effects on such individual, if any, of not providing all or any part of the requested information.
(c) Report on new systems. Each SBA office shall provide adequate advance notice to Congress and OMB through the FOI/PA Office of any proposal to establish or alter any system of records in order to permit an evaluation of the probable or potential effect of such proposal on the privacy and other personal or property rights of individuals or the disclosure of information relating to such individuals.
(d) Accurate and secure maintenance of records. Each SBA office shall:
(1) Maintain all records which are used in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination;
(2) Prior to disseminating any record from a system of records about an individual to any requestor, including an agency, make reasonable efforts to assure that such records are accurate, complete, timely, and relevant for SBA purposes; and
(3) Establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
(i) PASMs, with the approval of the head of their offices, shall establish administrative and physical controls, consistent with SBA regulations, to insure the protection of records systems from unauthorized access or disclosure and from physical damage or destruction. The controls instituted shall be proportional to the degree of sensitivity of the records but at a minimum must ensure that records other than those available to the general public under the FOIA, are protected from public view, that the area in which the records are stored is supervised during all business hours and physically secured during non-business hours to prevent unauthorized personnel from obtaining access to the records.
(ii) PASMs, with the approval of the head of their offices, shall adopt access restrictions to insure that only those individuals within the agency who have a need to have access to the records for the performance of their duties have access to them. Procedures shall also be adopted to prevent accidental access to, or dissemination of, records.
(e) Prohibition against maintenance of records concerning First Amendment rights. No SBA office shall maintain a record describing how any individual exercises rights guaranteed by the First Amendment (e.g. speech), unless the maintenance of such record is:
(1) Expressly authorized by statute, or
(2) Expressly authorized by the individual about whom the record is maintained, or
(3) Pertinent to and within the scope of an authorized law enforcement activity.
(a) Notices of systems of records to be published in the Federal Register.
(1) The SBA shall publish in the Federal Register upon establishment or revision a notice of the existence and character of any new or revised systems of records. Unless otherwise instructed, each notice shall include:
(i) The name and location of the system;
(ii) The categories of individuals on who records are maintained in the system;
(iii) The categories of records maintained in the system;
(iv) Each routine use of the records contained in the system, including the categories of users and the purpose of such use;
(v) The policies and practices of the office regarding storage, retrievability, access controls, retention, and disposal of the records;
(vi) The title and business address of the SBA official who is responsible for the system of records;
(vii) A statement that SBA procedures allow an individual, at his or her request, to determine whether a system of records contains a record pertaining to him or her, to review such records and to contest or amend such records, located in sections 102.25 through 102.29 of these regulations.
(viii) A statement that such requests may be directed to the SBA's FOI/PA Office, 409 3rd St., SW., Washington, DC 20416 or faxed to 202-205-7059; and
(ix) The categories of sources of records in the system.
(2) Minor changes to systems of records shall be published annually.
(b) Notice of new or modified routine uses to be published in the Federal Register. At least 30 days prior to disclosing records pursuant to a new use or modification of a routine use, as published under paragraph (a)(1)(iv) of this section, each SBA office shall publish in the Federal Register notice of such new or modified use of the information in the system and provide an opportunity for any individual or persons to submit written comments.
(a) How made and addressed. An individual, or his or her legal guardian, may make a request for access to an SBA record about himself or herself by appearing in person or by writing directly to the SBA office that maintains the record or to the FOI/PA Office by mail to 409 3rd St., SW., Washington, DC 20416 or fax to 202-205-7059. A request received by the FOI/PA Office will be forwarded to the appropriate SBA Office where the records are located.
(b) Description of records sought. A request for access to records must describe the records sought in sufficient detail to enable SBA personnel to locate the system of records containing them with a reasonable amount of effort. A request should also state the date of the record or time period in which the record was compiled, and the name or identifying number of each system of records in which the requester believes the record is kept. The SBA publishes notices in the Federal Register that describe its systems of records. A description of the SBA's systems of records also may be found at http://www.sba.gov/foia/systemrecords.doc.
(c) Verification of identity. Any individual who submits a request for access to records must verify his or her identity. No specific form is required; however, the requester must state his or her full name, current address, and date and place of birth. The request must be signed and the requester's signature must either be notarized or submitted under 28 U.S.C. 1746. This law permits statements to be made under penalty of perjury as a substitute for notarization, the language states:
(1) If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). Signature”; or
(2) If executed within the Untied States, its territories, possessions or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). Signature”.
(d) Verification of guardianship. When making a request as a legal agent or the parent or guardian of a minor or as the guardian of someone determined by a court to be incompetent, for access to records about that individual, the requester must establish:
(1) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and, at the requester's option, the social security number of the individual;
(2) The requester's own identity, as required in paragraph (c) of this section;
(3) That the requester is the legal agent or parent or guardian of that individual, which may be proven by providing a copy of the individual's birth certificate showing his parentage or by providing a court order establishing guardianship; and
(4) That the requester is acting on behalf of that individual in making the request.
(a) In general. Except as stated in paragraphs (c), (d), and (e) of this section and in § 102.24(a), the office that first receives a request for access to a record, and has possession of that record, is the office responsible for responding to the request. That office shall acknowledge receipt of the request not later than 10 days (excluding Saturdays, Sundays, and legal public holidays) after the date of receipt of the request in writing. In determining which records are responsive to a request, an office ordinarily shall include only those records in its possession as of the date the office begins its search for them. If any other date is used, the office shall inform the requester of that date.
(b) Authority to grant or deny requests. The Program/Support Office Head, or designee, is authorized to grant or deny any request for access to a record of that office.
(c) Consultations and referrals. When an office receives a request for access to a record in its possession, it shall determine whether another office, or another agency of the Federal Government, is better able to determine whether the record is exempt from access under the Privacy Act. If the receiving office determines that it is best able to process the record in response to the request, then it shall do so. If the receiving office determines that it is not best able to process the record, then it shall either:
(1) Respond to the request regarding that record, after consulting with the office or agency best able to determine whether the record is exempt from access and with any other office or agency that has a substantial interest in it; or
(2) Refer the responsibility for responding to the request to the office best able to determine whether the record is exempt from access or to another agency that originated the record (but only if that agency is subject to the Privacy Act). Ordinarily the office or agency that originated a record will be presumed to be best able to determine whether it is exempt from access.
(d) Law enforcement information. Whenever a request is made for access to a record containing information that relates to an investigation of a possible violation of law and that was originated by SBA's Office of the Inspector General (OIG) or another agency, the receiving office shall refer the responsibility for responding to the request regarding that information to either SBA's OIG or the other agency “depending on where the investigation originated.”
(e) Classified information. Whenever a request is made for access to a record containing information that has been classified by or may be appropriate for classification by another office or agency under Executive Order 12958 or any other executive order concerning the classification of records, the receiving office shall refer the responsibility for responding to the request regarding that information to the office or agency that classified the information, should consider the information for classification, or has the primary interest in it, as appropriate. Whenever a record contains information that has been derivatively classified by an office because it contains information classified by another office or agency, the office shall refer the responsibility for responding to the request regarding that information to the office or agency that classified the underlying information. Information determined to no longer require classification shall not be withheld from a requester on the basis of Exemption (k)(1) of the Privacy Act.
(f) Notice of referral. Whenever an office refers all or any part of the responsibility for responding to a request to another office or agency, it shall notify the requester of the referral and inform the requester of the name of each office or agency to which the request has been referred and of the part of the request that has been referred.
(g) Responses to consultations and referrals. All consultations and referrals shall be processed according to the date the access request was initially received by the first office or agency, not any later date.
(h) Agreements regarding consultations and referrals. Offices may make agreements with other offices or agencies to eliminate the need for consultations or referrals for particular types of records.
(a) Acknowledgements of requests. On receipt of a request, an office shall send an acknowledgement letter to the requester.
(b) Grants of requests for access. Once an office makes a determination to grant a request for access in whole or in part, it shall notify the requester in writing. The Program/Support Office Head or designee shall inform the requester in the notice of any fee charged under § 102.31 and shall disclose records to the requester promptly on payment of any applicable fee. If a request is made in person, the office may disclose records to the requester directly, in a manner not unreasonably disruptive of its operations, on payment of any applicable fee and with a written record made of the grant of the request. If a requester is accompanied by another person, he or she shall be required to authorize in writing any discussion of the records in the presence of the other person.
(c) Adverse determinations of requests for access. A Program/Support Office Head or designee making an adverse determination denying a request for access in any respect shall notify the requester of that determination in writing. Adverse determinations, or denials of requests, consist of: a determination to withhold any requested record in whole or in part; a determination that a requested record does not exist or cannot be located; a determination that the requested information is not a record subject to the Privacy Act; a determination on any disputed fee matter; and a denial of a request for expedited treatment. The notification letter shall be signed by the Program/Support Office Head or designee, and shall include:
(1) The name and title or position of the person responsible for the denial;
(2) A brief statement of the reason(s) for the denial, including any FOIA or Privacy Act exemption(s) applied in denying the request; and
(3) A statement that the denial may be appealed under § 102.27(a) and a description of the requirements of § 102.27(a).
(a) Appeals. If the requester is dissatisfied with an office's response to his or her request for access to records, the requester may make a written appeal of the adverse determination denying the request in any respect to the SBA's FOI/PA Office, 409 3rd St., SW., Washington, DC 20416. The appeal must be received by the FOI/PA Office within 60 days of the date of the letter denying the request. The requester's appeal letter should include as much information as possible, including the identity of the office whose adverse determination is being appealed. Unless otherwise directed, the Chief, FOI/PA will decide all appeals under this subpart.
(b) Responses to appeals. The decision on a requester's appeal will be made in writing not later than 30 days (excluding Saturdays, Sundays, and legal public holidays) after the date of receipt of such appeal. A decision affirming an adverse determination in whole or in part will include a brief statement of the reason(s) for the affirmation, including any Privacy Act exemption applied, and will inform the requester of the Privacy Act provisions for court review of the decision. If the adverse determination is reversed or modified on appeal in whole or in part, the requester will be notified in a written decision and his request will be reprocessed in accordance with that appeal decision.
(c) Judicial review. In order to seek judicial review by a court of any adverse determination or denial of a request, a requester must first appeal it to the FOI/PA Office under this section.
(a) How made and addressed. Unless the record is not subject to amendment or correction as stated in paragraph (f) of this section, an individual may make a request for amendment or correction of an SBA record about himself or herself by writing directly to the office that maintains the record, following the procedures in § 102.24. The request should identify each particular record in question, state the amendment or correction sought, and state why the record is not accurate, relevant, timely, or complete. The requester may submit any documentation that he or she thinks would be helpful. If the requester believes that the same record is in more than one system of records, that should be stated and the request should be sent to each office that maintains a system of records containing the record.
(b) Office responses. Within ten (10) days (excluding Saturdays, Sundays, and legal public holidays) of receiving a request for amendment or correction of records, an office shall send the requester a written acknowledgment of receipt, and the office shall notify the requester within 30 days (excluding Saturdays, Sundays, and legal public holidays) of receipt of the request whether it is granted or denied. If the Program/Support Office Head or designee grants the request in whole or in part, the amendment or correction must be made, and the requester advised of his or her right to obtain a copy of the corrected or amended record. If the office denies a request in whole or in part, it shall send the requester a letter signed by the Program/Support Office Head or designee that shall state:
(1) The reason(s) for the denial; and
(2) The procedure for appeal of the denial under paragraph (c) of this section, including the name and business address of the official who will act on your appeal.
(c) Appeals. An individual may appeal a denial of a request for amendment or correction to the FOI/PA Office in the same manner as a denial of a request for access to records (see § 102.27), and the same procedures shall be followed. If the appeal is denied, the requester shall be advised of his or her right to file a Statement of Disagreement as described in paragraph (d) of this section and of his or her right under the Privacy Act for court review of the decision.
(d) Statement of Disagreement. If an appeal under this section is denied in whole or in part, the requester has the right to file a Statement of Disagreement that states the reason(s) for disagreeing with the SBA's denial of his or her request for amendment or correction. A Statement of Disagreement must be concise, must clearly identify each part of any record that is disputed, and should be no longer than one typed page for each fact disputed. An individual's Statement of Disagreement must be sent to the office that maintains the record involved, which shall place it in the system of records in which the disputed record is maintained and shall mark the disputed record to indicate that a Statement of Disagreement has been filed and where in the system of records it may be found.
(e) Notification of amendment/correction or disagreement. Within 30 days (excluding Saturdays, Sundays, and legal public holidays) of the amendment or correction of a record, the office that maintains the record shall notify all persons, organizations, or agencies to which it previously disclosed the record, if an accounting of that disclosure was made, that the record has been amended or corrected. If an individual has filed a Statement of Disagreement, the office shall append a copy of it to the disputed record whenever the record is disclosed and may also append a concise statement of its reason(s) for denying the request to amend or correct the record.
(f) Records not subject to amendment or correction. The following records are not subject to amendment or correction:
(1) Transcripts of testimony given under oath or written statements made under oath;
(2) Transcripts of grand jury proceedings, judicial proceedings, or quasi-judicial proceedings, which are the official record of those proceedings;
(3) Pre-sentence records that originated with the courts; and
(4) Records in systems of records that have been exempted from amendment and correction under Privacy Act, 5 U.S.C. 552a (j) or (k) by notice published in the Federal Register.
(a) How made and addressed. Except where accountings of disclosures are not required to be kept (as stated in paragraph (b) of this section), an individual may make a request for an accounting of any disclosure that has been made by the SBA to another person, organization, or agency of any record in a system of records about him or her. This accounting contains the date, nature, and purpose of each disclosure, as well as the name and address of the person, organization, or agency to which the disclosure was made. The request for an accounting should identify each particular record in question and should be made by writing directly to the SBA office that maintains the record, following the procedures in § 102.24.
(b) Where accountings are not required. Offices are not required to provide accountings where they relate to:
(1) Disclosures for which accountings are not required to be kept; disclosures that are made to employees within the SBA and disclosures that are made under the FOIA;
(2) Disclosures made to law enforcement agencies for authorized law enforcement activities in response to written requests from those law enforcement agencies specifying the civil or criminal law enforcement activities for which the disclosures are sought; or
(3) Disclosures made from law enforcement systems of records that have been exempted from accounting requirements under Privacy Act, 5 U.S.C. 552a(j) or (k) by notice published in the Federal Register.
(c) Appeals. An individual may appeal a denial of a request for an accounting to the FOI/PA Office in the same manner as a denial of a request for access to records (see § 102.27), and the same procedures will be followed.
Each office will preserve all correspondence pertaining to the requests that it receives under this subpart, as well as copies of all requested records, until disposition or destruction is authorized by title 44 of the United States Code or the National Archives and Records Administration's General Records Schedule 14. Records will not be disposed of while they are the subject of a pending request, appeal, or lawsuit under the Privacy Act.
SBA offices shall charge fees for duplication of records under the Privacy Act in the same way in which they charge duplication fees under § 102.6(b)(3). No search or review fee may be charged for any record unless the record has been exempted from access under Exemptions (j)(2) or (k)(2) of the Privacy Act. SBA will waive fees under $25.00.
(a) Court-ordered disclosures. When a record pertaining to an individual is required to be disclosed by order of a court of competent jurisdiction, the office that maintains the record shall make reasonable efforts to provide notice of this to the individual. Notice shall be given within a reasonable time after the office's receipt of the order, except that in a case in which the order is not a matter of public record, the notice shall be given only after the order becomes public. This notice shall be mailed to the individual's last known address and shall contain a copy of the order and a description of the information disclosed. Notice shall not be given if disclosure is made from a criminal law enforcement system of records that has been exempted from the notice requirement.
(b) Emergency disclosures. Upon disclosing a record pertaining to an individual made under compelling circumstances affecting health or safety, the office shall notify that individual of the disclosure. This notice shall be mailed to the individual's last known address and shall state the nature of the information disclosed; the person, organization, or agency to which it was disclosed; the date of disclosure; and the compelling circumstances justifying the disclosure.
(a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and to prevent physical damage to or destruction of records. The stringency of these controls shall correspond to the sensitivity of the records that the controls protect. At a minimum, each office's administrative and physical controls shall ensure that:
(1) Records are protected from public view;
(2) The area in which records are kept is supervised during business hours to prevent unauthorized persons from having access to them;
(3) Records are inaccessible to unauthorized persons outside of business hours; and
(4) Records are not disclosed to unauthorized persons or under unauthorized circumstances in either oral or written form.
(b) Each Program/Support Office Head or designee shall establish procedures that restrict access to records to only those individuals within the SBA who must have access to those records in order to perform their duties and that prevent inadvertent disclosure of records.
(c) The OCIO shall provide SBA offices with guidance and assistance for privacy and security of electronic systems and compliance with pertinent laws and requirements.
When SBA contracts for the operation or maintenance of a system of records or a portion of a system of records by a contractor, the record system or the portion of the record affected, are considered to be maintained by the SBA, and subject to this subpart. The SBA is responsible for applying the requirements of this subpart to the contractor. The contractor and its employees are to be considered employees of the SBA for purposes of the sanction provisions of the Privacy Act during performance of the contract.
Each Program/Support Office Head or designee shall ensure that collection and use of SSN is performed only when the functionality of the system is dependant on use of the SSN as an identifier. Employees authorized to collect information must be aware:
(a) That individuals may not be denied any right, benefit, or privilege as a result of refusing to provide their social security numbers, unless:
(1) The collection is authorized either by a statute; or
(2) The social security numbers are required under statute or regulation adopted prior to 1975 to verify the identity of an individual; and
(b) That individuals requested to provide their social security numbers must be informed of:
(1) Whether providing social security numbers is mandatory or voluntary;
(2) Any statutory or regulatory authority that authorizes the collection of social security numbers; and
(3) The uses that will be made of the numbers.
Each Program/Support Office Head or designee shall inform its employees of the provisions of the Privacy Act, including its civil liability and criminal penalty provisions. Unless otherwise permitted by law, an employee of the SBA shall:
(a) Collect from individuals only the information that is relevant and necessary to discharge the responsibilities of the SBA;
(b) Collect information about an individual directly from that individual whenever practicable;
(c) Inform each individual from whom information is collected of:
(1) The legal authority to collect the information and whether providing it is mandatory or voluntary;
(2) The principal purpose for which the SBA intends to use the information;
(3) The routine uses the SBA may make of the information; and
(4) The effects on the individual, if any, of not providing the information;
(d) Ensure that the office maintains no system of records without public notice and that it notifies appropriate SBA officials of the existence or development of any system of records that is not the subject of a current or planned public notice;
(e) Maintain all records that are used by the SBA in making any determination about an individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in the determination;
(f) Except as to disclosures made to an agency or made under the FOIA, make reasonable efforts, prior to disseminating any record about an individual, to ensure that the record is accurate, relevant, timely, and complete;
(g) Maintain no record describing how an individual exercises his or her First Amendment rights, unless it is expressly authorized by statute or by the individual about whom the record is maintained, or is pertinent to and within the scope of an authorized law enforcement activity;
(h) When required by the Privacy Act, maintain an accounting in the specified form of all disclosures of records by the SBA to persons, organizations, or agencies;
(i) Maintain and use records with care to prevent the unauthorized or inadvertent disclosure of a record to anyone; and
(j) Notify the appropriate SBA official of any record that contains information that the Privacy Act does not permit the SBA to maintain.
All employees should attend privacy training within one year of employment with SBA. All employees with Privacy Act responsibilities must attend Privacy Act training, whenever needed, that is offered by the SBA.
Nothing in this subpart shall be construed to entitle any person, as a right, to any service or to the disclosure of any record to which such person is not entitled under the Privacy Act.
(a) Systems of records subject to investigatory material exemption under 5 U.S.C. 552a(k)(2), or 5 U.S.C. 552a(k)(5) or both:
(1) Office of Inspector General Records Other Than Investigation Records—SBA 4, contains records pertaining to audits, evaluations, and other non-audit services performed by the OIG;
(2) Equal Employment Opportunity Complaint Cases—SBA 13, contains complaint files, Equal Employment Opportunity counselor's reports, investigation materials, notes, reports, and recommendations;
(3) Investigative Files—SBA 16, contains records gathered by the OIG in the investigation of allegations that are within the jurisdiction of the OIG;
(4) Investigations Division Management Information System—SBA 17, contains records gathered or created during preparation for, conduct of, and follow-up on investigations conducted by the OIG, the Federal Bureau of Investigation (FBI), and other Federal, State, local, or foreign regulatory or law enforcement agency;
(5) Litigation and Claims Files—SBA 19, contains records relating to recipients classified as “in litigation” and all individuals involved in claims by or against the Agency;
(6) Personnel Security Files—SBA 24, contains records on active and inactive personnel security files, employee or former employee's name, background information, personnel actions, OPM, and/or authorized contracting firm background investigations;
(7) Security and Investigations Files—SBA 27, contains records gathered or created during preparation for, conduct of, and follow-up on investigations conducted by OIG, the FBI, and other Federal, State, local, or foreign regulatory or law enforcement agencies as well as other material submitted to or gathered by OIG in furtherance of its investigative function; and
(8) Standards of Conduct Files—SBA 29, contains records on confidential employment and financial statements of employees Grade 13 and above.
(b) These systems of records are exempt from the following provisions of the Privacy Act and all regulations in this part promulgated under these provisions:
(1) 552a(c)(3) (Accounting of Certain Disclosures);
(2) 552a(d) (Access to Records);
(3) 552a(e)(1), 4G, H, and I (Agency Requirements); and
(4) 552a(f) (Agency Rules).
(c) The systems of records described in paragraph (a) of this section are exempt from the provisions of the Privacy Act described in paragraph (b) of this section in order to:
(1) Prevent the subject of investigations from frustrating the investigatory process;
(2) Protect investigatory material compiled for law enforcement purposes;
(3) Fulfill commitments made to protect the confidentiality of sources and to maintain access to necessary sources of information; or
(4) Prevent interference with law enforcement proceedings.
(d) In addition to the foregoing exemptions in paragraphs (a) through (c) of this section, the systems of records described in paragraph (a) of this section numbered SBA 4, 16, 17, 24, and 27 are exempt from the Privacy Act except for subsections (b), (c)(1) and (2), (e)(4)(A) through F, (e)(6), (7), (9), (10) and (11) and (i) to the extent that they contain:
(1) Information compiled to identify individual criminal offenders and alleged offenders and consisting only of identifying data and notations of arrests, confinement, release, and parole and probation status;
(2) Information, including reports of informants and investigators, associated with an identifiable individual compiled to investigate criminal activity; or
(3) Reports compiled at any stage of the process of enforcement of the criminal laws from arrest or indictment through release from supervision associated with an identifiable individual.
(e) The systems of records described in paragraph (d) of this section are exempt from the Privacy Act to the extent described in that paragraph because they are records maintained by the Investigations Division of the OIG, which is a component of SBA which performs as its principal function activities pertaining to the enforcement of criminal laws within the meaning of 5 U.S.C. 552a(j)(2). They are exempt in order to:
(1) Prevent the subjects of OIG investigations from using the Privacy Act to frustrate the investigative process;
(2) Protect the identity of Federal employees who furnish a complaint or information to the OIG, consistent with section 7(b) of the Inspector General Act of 1978, 5 U.S.C. app. 3;
(3) Protect the confidentiality of other sources of information;
(4) Avoid endangering confidential sources and law enforcement personnel;
(5) Prevent interference with law enforcement proceedings;
(6) Assure access to sources of confidential information, including that contained in Federal, State, and local criminal law enforcement information systems;
(7) Prevent the disclosure of investigative techniques; or
(8) Prevent the disclosure of classified information.
The OCIO will enforce the computer matching provisions of the Privacy Act. The FOI/PA Office will review and concur on all computer matching agreements prior to their activation and/or renewal.
(a) Matching agreements. SBA will comply with the Computer Matching and Privacy Protection Act of 1988 (5 U.S.C. 552a(o), 552a notes) . The Privacy Protection Act establishes procedures Federal agencies must use if they want to match their computer lists. SBA shall not disclose any record which is contained in a system of records to a recipient agency or non-Federal agency for use in a computer matching program except pursuant to a written agreement between SBA and the recipient agency or non-Federal agency specifying:
(1) The purpose and legal authority for conducting the program;
(2) The justification for the purpose and the anticipated results, including a specific estimate of any savings;
(3) A description of the records that will be matched, including each data element that will be used, the approximate number of records that will be matched, and the projected starting and completion dates of the matching program;
(4) Procedures for providing individualized notice at the time of application, and periodically thereafter as directed by the Data Integrity Board, that any information provided by any of the above may be subject to verification through matching programs to:
(i) Applicants for and recipients of financial assistance or payments under Federal benefit programs, and
(ii) Applicants for and holders of positions as Federal personnel.
(5) Procedures for verifying information produced in such matching program as required by paragraph (c) of this section.
(6) Procedures for the retention and timely destruction of identifiable records created by a recipient agency or non-Federal agency in such matching program;
(7) Procedures for ensuring the administrative, technical, and physical security of the records matched and the results of such programs;
(8) Prohibitions on duplication and redisclosure of records provided by SBA within or outside the recipient agency or non-Federal agency, except where required by law or essential to the conduct of the matching program;
(9) Procedures governing the use by a recipient agency or non-Federal agency of records provided in a matching program by SBA, including procedures governing return of the records to SBA or destruction of records used in such programs;
(10) Information on assessments that have been made on the accuracy of the records that will be used in such matching programs; and
(11) That the Comptroller General may have access to all records of a recipient agency or non-Federal agency that the Comptroller General deems necessary in order to monitor or verify compliance with the agreement.
(b) Agreement specifications. A copy of each agreement entered into pursuant to paragraph (a) of this section shall be transmitted to OMB, the Committee on Governmental Affairs of the Senate and the Committee on Governmental Operations of the House of Representatives and be available upon request to the public.
(1) No such agreement shall be effective until 30 days after the date on which a copy is transmitted.
(2) Such an agreement shall remain in effect only for such period, not to exceed 18 months, as the Data Integrity Board determines is appropriate in light of the purposes, and length of time necessary for the conduct, of the matching program.
(3) Within three (3) months prior to the expiration of such an agreement, the Data Integrity Board may without additional review, renew the matching agreement for a current, ongoing matching program for not more than one additional year if:
(i) Such program will be conducted without any change; and
(ii) Each party to the agreement certifies to the Board in writing that the program has been conducted in compliance with the agreement.
(c) Verification. In order to protect any individual whose records are used in matching programs, SBA and any recipient agency or non-Federal agency may not suspend, terminate, reduce, or make a final denial of any financial assistance or payment under the Federal benefit program to such individual, or take other adverse action against such individual as a result of information produced by such matching programs until such information has been independently verified.
(1) Independent verification requires independent investigation and confirmation of any information used as a basis for an adverse action against an individual including, where applicable:
(i) The amount of the asset or income involved,
(ii) Whether such individual actually has or had access to such asset or income or such individual's own use, and
(iii) The period or periods when the individual actually had such asset or income.
(2) SBA and any recipient agency or non-Federal agency may not suspend, terminate, reduce, or make a final denial of any financial assistance or payment under a Federal benefit program, or take other adverse action as a result of information produced by a matching program,
(i) Unless such individual has received notice from such agency containing a statement of its findings and information of the opportunity to contest such findings, and
(ii) Until the subsequent expiration of any notice period provided by the program's governing statute or regulations, or 30 days. Such opportunity to contest may be satisfied by notice, hearing, and appeal rights governing such Federal benefit program. The exercise of any such rights shall not affect rights available under the Privacy Act.
(3) SBA may take any appropriate action otherwise prohibited by the above if SBA determines that the public health or safety may be adversely affected or significantly threatened during the notice period required by paragraph (c)(2)(ii) of this section.
(d) Sanctions. Notwithstanding any other provision of law, SBA may not disclose any record which is contained in a system of records to a recipient agency or non-Federal agency for a matching program if SBA has reason to believe that the requirements of paragraph (c) of this section, or any matching agreement entered into pursuant to paragraph (b) of this section or both, are not being met by such recipient agency.
(1) SBA shall not renew a matching agreement unless,
(i) The recipient agency or non-Federal agency has certified that it has complied with the provisions of that agreement; and
(ii) SBA has no reason to believe that the certification is inaccurate.
(e) Review annually each ongoing matching program in which the Agency has participated during the year, either as a source or as a matching agency in order to assure that the requirements of the Privacy Act, OMB guidance, and any Agency regulations and standard operating procedures, operating instructions, or guidelines have been met.
(f) Data Integrity Board. SBA shall establish a Data Integrity Board (Board) to oversee and coordinate the implementation of the matching program. The Board shall consist of the senior officials designated by the Administrator, to include the Inspector General (who shall not serve as chairman), and the Senior Agency Official for Privacy. The Board shall:
(1) Review, approve and maintain all written agreements for receipt or disclosure of Agency records for matching programs to ensure compliance with paragraph (a) of this section and with all relevant statutes, regulations, and guidance;
(2) Review all matching programs in which SBA has participated during the year, determine compliance with applicable laws, regulations, guidelines, and Agency agreements, and assess the costs and benefits of such programs;
(3) Review all recurring matching programs in which SBA has participated during the year, for continued justification for such disclosures;
(4) At the instruction of OMB, compile a report to be submitted to the Administrator and OMB, and made available to the public on request, describing the matching activities of SBA, including,
(i) Matching programs in which SBA has participated;
(ii) Matching agreements proposed that were disapproved by the Board;
(iii) Any changes in membership or structure of the Board in the preceding year;
(iv) The reasons for any waiver of the requirement described below for completion and submission of a cost-benefit analysis prior to the approval of a matching program;
(v) Any violations of matching agreements that have been alleged or identified and any corrective action taken; and
(vi) Any other information required by OMB to be included in such report;
(5) Serve as clearinghouse for receiving and providing information on the accuracy, completeness, and reliability of records used in matching programs;
(6) Provide interpretation and guidance to SBA offices and personnel on the requirements for matching programs;
(7) Review Agency recordkeeping and disposal policies and practices for matching programs to assure compliance with the Privacy Act; and
(8) May review and report on any SBA matching activities that are not matching programs.
(g) Cost-benefit analysis. Except as provided in paragraphs (e)(2) and (3) of this section, the Data Integrity Board shall not approve any written agreement for a matching program unless SBA has completed and submitted to such Board a cost-benefit analysis of the proposed program and such analysis demonstrates that the program is likely to be cost effective. The Board may waive these requirements if it determines, in writing, and in accordance with OMB guidelines, that a cost-benefit analysis is not required. Such an analysis also shall not be required prior to the initial approval of a written agreement for a matching program that is specifically required by statute.
(h) Disapproval of matching agreements. If a matching agreement is disapproved by the Data Integrity Board, any party to such agreement may appeal to OMB. Timely notice of the filing of such an appeal shall be provided by OMB to the Committee on Governmental Affairs of the Senate and the Committee on Government Operations of the House of Representatives.
(1) OMB may approve a matching agreement despite the disapproval of the Data Integrity Board if OMB determines that:
(i) The matching program will be consistent with all applicable legal, regulatory, and policy requirements;
(ii) There is adequate evidence that the matching agreement will be cost-effective; and
(iii) The matching program is in the public interest.
(2) The decision of OMB to approve a matching agreement shall not take effect until 30 days after it is reported to the committees described in paragraph (h) of this section.
(3) If the Data Integrity Board and the OMB disapprove a matching program proposed by the Inspector General, the Inspector General may report the disapproval to the Administrator and to the Congress.
(a) Personnel records. All SBA personnel records and files, as prescribed by OPM, shall be maintained in such a way that the privacy of all individuals concerned is protected in accordance with regulations of OPM (5 CFR parts 293 and 297).
(b) Mailing lists. The SBA will not sell or rent an individual's name or address. This provision shall not be construed to require the withholding of names or addresses otherwise permitted to be made public.
(c) Changes in systems. The SBA shall provide adequate advance notice to Congress and OMB of any proposal to establish or alter any system of records in order to permit an evaluation of the probable or potential effect of such proposal on the privacy and other personal or property rights of individuals or the disclosure of information relating to such individuals, and its effect on the preservation of the constitutional principles of federalism and separation of powers.
(d) Medical records. Medical records shall be disclosed to the individual to whom they pertain. SBA may, however, transmit such information to a medical doctor named by the requesting individual. In regard to medical records in personnel files, see also 5 CFR 297.205.