Collapse to view only § 1008.13 - Requests for access to records.

§ 1008.1 - Purpose and scope.

This part contains the regulations of the Presidio Trust implementing section 3 of the Privacy Act. Sections 1008.3 through 1008.10 describe the procedures and policies of the Presidio Trust concerning maintenance of records which are subject to the Privacy Act. Sections 1008.11 through 1008.17 describe the procedure under which individuals may determine whether systems of records subject to the Privacy Act contain records relating to them and the procedure under which they may seek access to existing records. Sections 1008.18 through 1008.24 describe the procedure under which individuals may petition for amendment of records subject to the Privacy Act relating to them.

§ 1008.2 - Definitions.

The following terms have the following meanings as used in this part:

Individual means a citizen of the United States or an alien who is currently lawfully admitted for permanent residence.

Maintain means maintain, collect, use or disseminate.

Privacy Act means 5 U.S.C. 552a.

Privacy Act Officer means the Presidio Trust official charged with responsibility for carrying out the functions assigned in this part.

Record means any item, collection, or grouping of information about an individual that is maintained by the Presidio Trust, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the individual's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print, or a photograph. Related definitions include:

(1) System of records means a group of any records under the control of the Presidio Trust from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.

(2) Medical records means records which relate to the identification, prevention, cure or alleviation of any disease, illness or injury including psychological disorders, alcoholism and drug addiction.

(3) Personnel records means records used for personnel management programs or processes such as staffing, employee development, retirement, and grievances and appeals.

(4) Statistical records means records in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual.

Routine use means a use of a record for a purpose which is compatible with the purpose for which it was collected.

System manager means the official designated in a system notice as having administrative responsibility for a system of records.

System notice means the notice describing a system of records required by 5 U.S.C. 552a(e)(4) to be published in the Federal Register upon establishment or revision of the system of records.

[63 FR 71779, Dec. 30, 1998, as amended at 83 FR 50834, Oct. 10, 2018]

§ 1008.3 - Records subject to the Privacy Act.

The Privacy Act applies to all records which the Presidio Trust maintains in a system of records.

§ 1008.4 - Standards for maintenance of records subject to the Privacy Act.

(a) Content of records. Records subject to the Privacy Act shall contain only such information about an individual as is relevant and necessary to accomplish a purpose of the Presidio Trust required to be accomplished by statute or Executive Order of the President.

(b) Standards of accuracy. Records subject to the Privacy Act which are used in making any determination about any individual shall be maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in making the determination.

(c) Collection of information. (1) Information which may be used in making determinations about an individual's rights, benefits, and privileges under Federal programs shall, to the greatest extent practicable, be collected directly from that individual.

(2) In deciding whether collection of information from an individual, as opposed to a third party source, is practicable, the following factors, among others, may be considered:

(i) Whether the nature of the information sought is such that it can only be obtained from a third party;

(ii) Whether the cost of collecting the information from the individual is unreasonable when compared with the cost of collecting it from a third party;

(iii) Whether there is a risk that information collected from third parties, if inaccurate, could result in an adverse determination to the individual concerned;

(iv) Whether the information, if supplied by the individual, would have to be verified by a third party; or (v) Whether provisions can be made for verification, by the individual, of information collected from third parties.

(d) Advice to individuals concerning uses of information. (1) Each individual who is asked to supply information about him or herself which will be added to a system of records shall be informed of the basis for requesting the information, how it may be used, and what the consequences, if any, are of not supplying the information.

(2) At a minimum, the notice to the individual must state:

(i) The authority (whether granted by statute or Executive Order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary;

(ii) The principal purpose or purposes for which the information is intended to be used;

(iii) The routine uses which may be made of the information; and

(iv) The effects on the individual, if any, of not providing all or any part of the requested information.

(3)(i) When information is collected on a standard form, the notice to the individual shall be provided on the form, on a tear-off sheet attached to the form, or on a separate sheet, whichever is most practical.

(ii) When information is collected by an interviewer, the interviewer shall provide the individual with a written notice which the individual may retain. If the interview is conducted by telephone, however, the interviewer may summarize the notice for the individual and need not provide a copy to the individual unless the individual requests a copy.

(iii) An individual may be asked to acknowledge, in writing, that the notice required by this section has been provided.

(e) Records concerning activity protected by the First Amendment. No record may be maintained describing how any individual exercises rights guaranteed by the First Amendment to the Constitution unless the maintenance of the record is:

(1) Expressly authorized by statute or by the individual about whom the record is maintained; or

(2) Pertinent to and within the scope of an authorized law enforcement activity.

§ 1008.5 - Federal Register notices describing systems of records.

The Privacy Act requires publication of a notice in the Federal Register describing each system of records subject to the Privacy Act. Such notice will be published prior to the establishment or a revision of the system of records. 5 U.S.C. 552a(e)(4).

§ 1008.6 - Assuring integrity of records.

(a) Statutory requirement. The Privacy Act requires that records subject to the Privacy Act be maintained with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained, 5 U.S.C. 552a(e)(10).

(b) Records security. Whether maintained in physical or electronic form, records subject to the Privacy Act shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to ensure their adequacy.

§ 1008.7 - Conduct of employees.

(a) Handling of records subject to the Privacy Act. Employees whose duties require handling of records subject to the Privacy Act shall, at all times, take care to protect the integrity, security and confidentiality of these records.

(b) Disclosure of records. No employee of the Presidio Trust may disclose records subject to the Privacy Act unless disclosure is permitted under § 1008.9 or is to the individual to whom the record pertains.

(c) Alteration of records. No employee of the Presidio Trust may alter or destroy a record subject to the Privacy Act unless such alteration or destruction is:

(1) Properly undertaken in the course of the employee's regular duties; or

(2) Required by a decision under §§ 1008.18 through 1008.23 or the decision of a court of competent jurisdiction.

§ 1008.8 - Government contracts.

(a) Required contract provisions. When a contract provides for the operation by or on behalf of the Presidio Trust of a system of records to accomplish a Presidio Trust function, the contract shall, consistent with the Presidio Trust's authority, cause the requirements of 5 U.S.C. 552a and the regulations contained in this part to be applied to such system.

(b) System manager. A regular employee of the Presidio Trust will be the manager for a system of records operated by a contractor.

§ 1008.9 - Disclosure of records.

(a) Prohibition of disclosure. No record contained in a system of records may be disclosed by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.

(b) General exceptions. The prohibition contained in paragraph (a) of this section does not apply where disclosure of the record would be:

(1) To those officers or employees of the Presidio Trust who have a need for the record in the performance of their duties; or

(2) Required by the Freedom of Information Act, 5 U.S.C. 552.

(c) Specific exceptions. The prohibition contained in paragraph (a) of this section does not apply where disclosure of the record would be:

(1) For a routine use which has been described in a system notice published in the Federal Register;

(2) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of Title 13, U.S. Code;

(3) To a recipient who has provided the system manager responsible for the system in which the record is maintained with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;

(4) To the National Archives and Records Administration as a record which has sufficient historical or other value to warrant its continued preservation by the U.S. Government, or for evaluation by the Archivist of the United States or the designee of the Archivist to determine whether the record has such value;

(5) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the Presidio Trust specifying the particular portion desired and the law enforcement activity for which the record is sought;

(6) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual;

(7) To either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee;

(8) To the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office;

(9) Pursuant to the order of a court of competent jurisdiction; or

(10) To a consumer reporting agency in accordance with section 3(d) of the Federal Claims Collection Act of 1966, as amended (31 U.S.C. 3711(e)).

(d) Reviewing records prior to disclosure. (1) Prior to any disclosure of a record about an individual, unless disclosure is required by the Freedom of Information Act, reasonable efforts shall be made to ensure that the records are accurate, complete, timely and relevant for agency purposes.

(2) When a record is disclosed in connection with a Freedom of Information Act request made under this part and it is appropriate and administratively feasible to do so, the requester shall be informed of any information known to the Presidio Trust indicating that the record may not be fully accurate, complete, or timely.

(e) Notice of court-ordered and emergency disclosures. (1) Court-ordered disclosures. When a record pertaining to an individual is required to be disclosed by a court order, the Presidio Trust will make reasonable efforts to provide notice of this to the individual. Notice will be given within a reasonable time after the Presidio Trust's receipt of the order—except that in a case in which the order is not a matter of public record, the notice will be given only after the order becomes public. This notice will be mailed to the individual's last known address and will contain a copy of the order and a description of the information disclosed. Notice will not be given if disclosure is made from a criminal law enforcement system of records that has been exempted from the notice requirement.

(2) Emergency disclosures. Upon disclosing a record pertaining to an individual made under compelling circumstances affecting health or safety, the Presidio Trust will notify that individual of the disclosure. This notice will be mailed to the individual's last known address and will state the nature of the information disclosed, the person, organization or agency to which it was disclosed, the date of the disclosure, and the compelling circumstances justifying the disclosure.

[83 FR 50835, Oct. 10, 2018]

§ 1008.10 - Accounting for disclosures.

(a) Maintenance of an accounting. (1) Where a record is disclosed to any person, or to another agency, under any of the specific exceptions provided by § 1008.9(c), an accounting shall be made.

(2) The accounting shall record:

(i) The date, nature, and purpose of each disclosure of a record to any person or to another agency; and

(ii) The name and address of the person or agency to whom the disclosure was made.

(3) Accountings prepared under this section shall be maintained for at least five years or the life of the record, whichever is longer, after the disclosure for which the accounting is made.

(b) Access to accountings. (1) Except for accountings of disclosures made under § 1008.9(b) or 1008.9(c)(5), accountings of all disclosures of a record shall be made available to the individual to whom the record relates at the individual's request.

(2) An individual desiring access to an accounting of disclosures of a record pertaining to the individual shall submit a request by following the procedures of § 1008.13.

(c) Notification of disclosure. When a record is disclosed pursuant to § 1008.9(c)(9) as the result of the order of a court of competent jurisdiction, reasonable efforts shall be made to notify the individual to whom the record pertains as soon as the order becomes a matter of public record.

[83 FR 50835, Oct. 10, 2018]

§ 1008.11 - Request for notification of existence of records: Submission.

(a) Submission of requests. (1) Individuals desiring to determine under the Privacy Act whether a system of records contains records pertaining to them shall address inquiries to the Privacy Act Officer, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052, unless the system notice describing the system prescribes or permits submission to some other official or officials.

(2) Individuals desiring to determine whether records pertaining to them are maintained in two or more systems shall make a separate inquiry concerning each system.

(b) Form of request. (1) An inquiry to determine whether a system of records contains records pertaining to an individual shall be in writing.

(2) To expedite processing, both the envelope containing a request and the face of the request should bear the legend “PRIVACY ACT INQUIRY.”

(3) The request shall state that the individual is seeking information concerning records pertaining to him or herself and shall supply such additional identifying information, if any, as is called for in the system notice describing the system.

(4) The request must include verification of the requester's identity, including the requester's full name, current address, and date and place of birth. The request must be signed by the requester, and the signature must be notarized or submitted under 28 U.S.C. 1746, which permits statements to be made under penalty of perjury as a substitute for notarization.

(5) If the request is made on behalf of a minor or someone determined by a court to be incompetent, for access to records about that individual, the requester must establish:

(i) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and, at the requester's option, the Social Security number of the individual;

(ii) The requester's identity, as required in paragraph 4 above of this section;

(iii) That the requester is the parent or guardian of that individual, which the requester may prove by providing a copy of the individual's birth certificate showing the requester's parentage or by providing a court order establishing the requester's guardianship; and

(iv) That the requester is acting on behalf of that individual in making the request.

(6) Individuals who have reason to believe that information pertaining to them may be filed under a name other than the name they are currently using (e.g., maiden name), shall include such information in the request.

[83 FR 50835, Oct. 10, 2018]

§ 1008.12 - Requests for notification of existence of records: Action on.

(a) Decisions on request. (1) Individuals inquiring to determine whether a system of records contains records pertaining to them shall be promptly advised whether the system contains records pertaining to them unless:

(i) The records were compiled in reasonable anticipation of a civil action or proceeding; or

(ii) The system of records is one which has been excepted from the notification provisions of the Privacy Act by rulemaking.

(2) If the records were compiled in reasonable anticipation of a civil action or proceeding or the system of records is one which has been excepted from the notification provisions of the Privacy Act by rulemaking, the individuals will be promptly notified that they are not entitled to notification of whether the system contains records pertaining to them.

(b) Authority to deny requests. A decision to deny a request for notification of the existence of records shall be made by the Privacy Act officer in consultation with the General Counsel.

(c) Form of decision. (1) No particular form is required for a decision informing individuals whether a system of records contains records pertaining to them.

(2) A decision declining to inform an individual whether or not a system of records contains records pertaining to him or her shall be in writing and shall:

(i) State the basis for denial of the request;

(ii) Advise the individual that an appeal of the declination may be made to the Executive Director pursuant to § 1008.16 by writing to the Executive Director, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052; and

(iii) State that the appeal must be received by the foregoing official within 20 working days of the date of the decision.

(3) If the decision declining a request for notification of the existence of records involves records which fall under the jurisdiction of another agency, the individual shall be informed in a written response which shall:

(i) State the reasons for the denial;

(ii) Include the name, position title, and address of the official responsible for the denial; and (iii) Advise the individual that an appeal of the declination may be made only to the appropriate official of the relevant agency, and include that official's name, position title, and address.

(4) Copies of decisions declining a request for notification of the existence of records made pursuant to paragraphs (c)(2) and (c)(3) of this section shall be provided to the Privacy Act Officer.

§ 1008.13 - Requests for access to records.

The Privacy Act permits individuals, upon request, to gain access to their records or to any information pertaining to them which is contained in a system and to review the records and have a copy made of all or any portion thereof in a form comprehensive to them. 5 U.S.C. 552a(d)(1). A request for access shall be submitted in accordance with the procedures in this part.

§ 1008.14 - Requests for access to records: Submission.

(a) Submission of requests. (1) Requests for access to records shall be submitted to the Privacy Act Officer unless the system notice describing the system prescribes or permits submission to some other official or officials.

(2) Individuals desiring access to records maintained in two or more separate systems shall submit a separate request for access to the records in each system.

(b) Form of request. (1) A request for access to records subject to the Privacy Act shall be in writing and addressed to Privacy Act Officer, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052.

(2) To expedite processing, both the envelope containing a request and the face of the request should bear the legend “PRIVACY ACT REQUEST FOR ACCESS.”

(3) Requesters shall specify whether they seek all of the records contained in the system which relate to them or only some portion thereof. If only a portion of the records which relate to the individual are sought, the request shall reasonably describe the specific record or records sought.

(4) If the requester seeks to have copies of the requested records made, the request shall state the maximum amount of copying fees which the requester is willing to pay. A request which does not state the amount of fees the requester is willing to pay will be treated as a request to inspect the requested records. Requesters are further notified that under § 1008.15(d) the failure to state willingness to pay fees as high as are anticipated by the Presidio Trust will delay processing of a request.

(5) The request shall supply such identifying information, if any, as is called for in the system notice describing the system.

(6) The request must include verification of the requester's identity, including the requester's full name, current address, and date and place of birth. The request must be signed by the requester, and the signature must be notarized or submitted under 28 U.S.C. 1746, which permits statements to be made under penalty of perjury as a substitute for notarization.

(7) If the request is made on behalf of a minor or someone determined by a court to be incompetent, for access to records about that individual, the requester must establish:

(i) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and, at the requester's option, the Social Security number of the individual;

(ii) The requester's identity, as required in paragraph 6 above of this section;

(iii) That the requester is the parent or guardian of that individual, which the requester may prove by providing a copy of the individual's birth certificate showing the requester's parentage or by providing a court order establishing the requester's guardianship; and

(iv) That the requester is acting on behalf of that individual in making the request.

(8) Requests failing to meet the requirements of this paragraph shall be returned to the requester with a written notice advising the requester of the deficiency in the request.

[83 FR 50836, Oct. 10, 2018]

§ 1008.15 - Requests for access to records: Initial decision.

(a) Acknowledgements of requests. Upon receipt of a request, the Presidio Trust ordinarily will send an acknowledgement letter to the requester which will confirm the requester's agreement to pay fees and will provide an assigned request number for further reference.

(b) Decisions on requests. A request made under this part for access to a record shall be granted promptly unless the record:

(1) Was compiled in reasonable anticipation of a civil action or proceeding; or

(2) Is contained in a system of records which has been excepted from the access provisions of the Privacy Act by rulemaking.

(c) Authority to deny requests. A decision to deny a request for access under this part shall be made by the Privacy Act Officer in consultation with the General Counsel.

(d) Form of decision. (1) No particular form is required for a decision granting access to a record. The decision shall, however, advise the individual requesting the record as to where and when the record is available for inspection or, as the case may be, where and when copies will be available. If fees are due under § 1008.15(e), the individual requesting the record shall also be notified of the amount of fees due or, if the exact amount has not been determined, the approximate amount of fees due.

(2) A decision denying a request for access, in whole or part, shall be in writing and shall:

(i) State the basis for denial of the request;

(ii) Contain a statement that the denial may be appealed to the Executive Director pursuant to § 1008.16 by writing to the Executive Director, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052; and

(iii) State that the appeal must be received by the foregoing official within 20 working days of the date of the decision.

(3) If the decision denying a request for access involves records which fall under the jurisdiction of another agency, the individual shall be informed in a written response which shall:

(i) State the reasons for the denial;

(ii) Include the name, position title, and address of the official responsible for the denial; and

(iii) Advise the individual that an appeal of the declination may be made only to the appropriate official of the relevant agency, and include that official's name, position title, and address.

(4) Copies of decisions denying requests for access made pursuant to paragraphs (d)(2) and (d)(3) of this section will be provided to the Privacy Act Officer.

(e) Fees. (1) No fees may be charged for the cost of searching for or reviewing a record in response to a request made under § 1008.14.

(2) Unless the Privacy Act Officer determines that reduction or waiver of fees is appropriate, fees for copying a record in response to a request made under § 1008.14 shall be charged in accordance with the provisions of this section and the current schedule of charges determined by the Executive Director and published on the Trust's website. Such charges shall be set at the level necessary to recoup the full allowable direct costs to the Trust.

(3) Where it is anticipated that fees chargeable in connection with a request will exceed the amount the person submitting the request has indicated a willingness to pay, the Privacy Act Officer shall notify the requester and shall not complete processing of the request until the requester has agreed, in writing, to pay fees as high as are anticipated.

[83 FR 50836, Oct. 10, 2018]

§ 1008.16 - Requests for notification of existence of records and for access to records: Appeals.

(a) Right of appeal. Except for appeals pertaining to records under the jurisdiction of another agency, individuals who have been notified that they are not entitled to notification of whether a system of records contains records pertaining to them or have been denied access, in whole or part, to a requested record may appeal to the Executive Director.

(b) Time for appeal. (1) An appeal must be received by the Executive Director no later than 20 working days after the date of the initial decision on a request.

(2) The Executive Director may, for good cause shown, extend the time for submission of an appeal if a written request for additional time is received within 20 working days of the date of the initial decision on the request.

(c) Form of appeal. (1) An appeal shall be in writing and shall attach copies of the initial request and the decision on the request.

(2) The appeal shall contain a brief statement of the reasons why the appellant believes the decision on the initial request to have been in error.

(3) The appeal shall be addressed to the Executive Director, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052.

(d) Action on appeals. (1) Appeals from decisions on initial requests made pursuant to §§ 1008.11 and 1008.14 shall be decided for the Presidio Trust by the Executive Director after consultation with the General Counsel.

(2) The decision on an appeal shall be in writing and shall state the basis for the decision.

§ 1008.17 - Requests for access to records: Special situations.

(a) Medical records. (1) Medical records shall be disclosed to the individual to whom they pertain unless it is determined, in consultation with a medical doctor, that disclosure should be made to a medical doctor of the individual's choosing.

(2) If it is determined that disclosure of medical records directly to the individual to whom they pertain could have an adverse effect on that individual, the individual may designate a medical doctor to receive the records and the records will be disclosed to that doctor.

(b) Inspection in presence of third party. (1) Individuals wishing to inspect records pertaining to them which have been opened for their inspection may, during the inspection, be accompanied by a person of their own choosing.

(2) When such a procedure is deemed appropriate, individuals to whom the records pertain may be required to furnish a written statement authorizing discussion of their records in the accompanying person's presence.

§ 1008.18 - Amendment of records.

The Privacy Act permits individuals to request amendment of records pertaining to them contained in a system of records if they believe the records are not accurate, relevant, timely or complete. 5 U.S.C. 552a(d)(2). A request for amendment of a record shall be submitted in accordance with the procedures in this part.

[83 FR 50837, Oct. 10, 2018]

§ 1008.19 - Petitions for amendment: Submission and form.

(a) Submission of petitions for amendment. (1) A request for amendment of a record shall be submitted to the Privacy Act Officer unless the system notice describing the system prescribes or permits submission to a different official or officials. If an individual wishes to request amendment of records located in more than one system, a separate petition must be submitted with respect to each system.

(2) A petition for amendment of a record may be submitted only if the individual submitting the petition has previously requested and been granted access to the record and has inspected or been given a copy of the record.

(b) Form of petition. (1) A petition for amendment shall be in writing, shall specifically identify the record for which amendment is sought, and shall be addressed to the Privacy Act Officer, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052.

(2) To expedite processing, both the envelope containing a petition and the face of the petition should bear the legend “PRIVACY ACT PETITION FOR AMENDMENT.”

(3) The petition shall state, in detail, the reasons why the petitioner believes the record, or the objectionable portion thereof, is not accurate, relevant, timely or complete. Copies of documents or evidence relied upon in support of these reasons shall be submitted with the petition.

(4) The petition shall state, specifically and in detail, the changes sought in the record. If the changes involve rewriting the record or portions thereof or involve adding new language to the record, the petition shall propose specific language to implement the changes.

(5) The petition must include verification of the petitioner's identity, including the petitioner's full name, current address, and date and place of birth. The petition must be signed by the petitioner, and the signature must be notarized or submitted under 28 U.S.C. 1746, which permits statements to be made under penalty of perjury as a substitute for notarization.

(6) If the petition is made on behalf of a minor or someone determined by a court to be incompetent, for access to records about that individual, the petitioner must establish:

(i) The identity of the individual who is the subject of the record, by stating the name, current address, date and place of birth, and, at the petitioner's option, the Social Security number of the individual;

(ii) The petitioner's identity, as required in paragraph 5 above of this section;

(iii) That the petitioner is the parent or guardian of that individual, which the petitioner may prove by providing a copy of the individual's birth certificate showing the petitioner's parentage or by providing a court order establishing the petitioner's guardianship; and

(iv) That the petitioner is acting on behalf of that individual in making the request.

(7) Petitions failing to meet the requirements of this paragraph shall be returned to the petitioner with a written notice advising the petitioner of the deficiency in the petition.

[83 FR 50837, Oct. 10, 2018]

§ 1008.20 - Petitions for amendment: Processing and initial decision.

(a) Decisions on petitions. In reviewing a record in response to a petition for amendment, the accuracy, relevance, timeliness and completeness of the record shall be assessed against the criteria set out in § 1008.4.

(b) Authority to decide. A decision on a petition for amendment shall be made by the Privacy Act Officer in consultation with the General Counsel.

(c) Acknowledgment of receipt. Unless processing of a petition is completed within ten working days, the receipt of the petition for amendment shall be acknowledged in writing by the Privacy Act Officer.

(d) Inadequate petitions. (1) If a petition does not meet the requirements of § 1008.19, the petitioner shall be so advised and shall be told what additional information must be submitted to meet the requirements of § 1008.19.

(2) If the petitioner fails to submit the additional information within a reasonable time, the petition may be rejected. The rejection shall be in writing and shall meet the requirements of paragraph (e) of this section.

(e) Form of decision. (1) A decision on a petition for amendment shall be in writing and shall state concisely the basis for the decision.

(2) If the petition for amendment is rejected, in whole or part, the petitioner shall be informed in a written response which shall:

(i) State concisely the basis for the decision;

(ii) Advise the petitioner that the rejection may be appealed to the Executive Director, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052; and

(iii) State that the appeal must be received by the foregoing official within 20 working days of the decision.

(3) If the petition for amendment involves records which fall under the jurisdiction of another agency and is rejected, in whole or part, the petitioner shall be informed in a written response which shall:

(i) State concisely the basis for the decision;

(ii) Include the name, position title, and address of the official responsible for the denial; and

(iii) Advise the individual that an appeal of the rejection may be made only to the appropriate official of the relevant agency, and include that official's name, position title, and address.

(4) Copies of rejections of petitions for amendment made pursuant to paragraphs (e)(2) and (e)(3) of this section will be provided to the Privacy Act Officer.

(f) Implementation of initial decision. If a petition for amendment is accepted, in whole or part, the system manager maintaining the record shall:

(1) Correct the record accordingly and,

(2) Where an accounting of disclosures has been made pursuant to § 1008.10, advise all previous recipients of the record that the correction was made and the substance of the correction.

§ 1008.21 - Petitions for amendment: Time limits for processing.

(a) Acknowledgment of receipt. The acknowledgment of receipt of a petition required by § 1008.20(c) shall be dispatched not later than ten working days after receipt of the petition by the Privacy Act Officer, unless a decision on the petition has been previously dispatched.

(b) Decision on petition. A petition for amendment shall be processed promptly. A determination whether to accept or reject the petition for amendment shall be made within 30 working days after receipt of the petition by the system manager responsible for the system containing the challenged record.

(c) Suspension of time limit. The 30 working day time limit for a decision on a petition shall be suspended if it is necessary to notify the petitioner, pursuant to § 1008.20(d), that additional information in support of the petition is required. Running of the 30 working day time limit shall resume on receipt of the additional information by the system manager responsible for the system containing the challenged record.

(d) Extensions of time. (1) The 30 working day time limit for a decision on a petition may be extended if the Privacy Act Officer determines that an extension is necessary for one of the following reasons:

(i) A decision on the petition requires analysis of voluminous record or records;

(ii) Some or all of the challenged records must be collected from facilities other than the facility at which the Privacy Act Officer is located; or

(iii) Some or all of the challenged records are of concern to another agency of the Federal Government whose assistance and views are being sought in processing the request.

(2) If the official responsible for making a decision on the petition determines that an extension is necessary, the official shall promptly inform the petitioner of the extension and the date on which a decision is expected to be dispatched.

§ 1008.22 - Petitions for amendment: Appeals.

(a) Right of appeal. Except for appeals pertaining to records under the jurisdiction of another agency, where a petition for amendment has been rejected in whole or in part, the individual submitting the petition may appeal the denial to the Executive Director.

(b) Time for appeal. (1) An appeal must be received no later than 20 working days after the date of the decision on a petition.

(2) The Executive Director may, for good cause shown, extend the time for submission of an appeal if a written request for additional time is received within 20 working days of the date of the decision on a petition.

(c) Form of appeal. (1) An appeal shall be in writing and shall attach copies of the initial petition and the decision on that petition.

(2) The appeal shall contain a brief statement of the reasons why the appellant believes the decision on the petition to have been in error.

(3) The appeal shall be addressed to the Executive Director, The Presidio Trust, P.O. Box 29052, San Francisco, CA 94129–0052.

§ 1008.23 - Petitions for amendment: Action on appeals.

(a) Authority. Appeals from decisions on initial petitions for amendment shall be decided by the Executive Director, in consultation with the General Counsel.

(b) Time limit. (1) A final determination on any appeal shall be made within 30 working days after receipt of the appeal.

(2) The 30 working day period for decision on an appeal may be extended, for good cause shown, by the Executive Director. If the 30 working day period is extended, the individual submitting the appeal shall be notified of the extension and of the date on which a determination on the appeal is expected to be dispatched.

(c) Form of decision. (1) The final determination on an appeal shall be in writing and shall state the basis for the determination.

(2) If the determination upholds, in whole or part, the initial decision rejecting the petition for amendment, the determination shall also advise the individual submitting the appeal:

(i) Of his or her right to file a concise statement of the reasons for disagreeing with the decision of the Presidio Trust;

(ii) Of the procedure established by § 1008.24 for the filing of the statement of disagreement;

(iii) That the statement which is filed will be made available to anyone to whom the record is subsequently disclosed together with, at the discretion of the Presidio Trust, a brief statement by the Presidio Trust summarizing its reasons for refusing to amend the record;

(iv) That prior recipients of the challenged record will be provided a copy of any statement of dispute to the extent that an accounting of disclosure was maintained; and

(v) Of his or her right to seek judicial review of the Presidio Trust's refusal to amend the record.

(3) If the determination reverses, in whole or in part, the initial decision rejecting the petition for amendment, the system manager responsible for the system containing the challenged record shall be directed to:

(i) Amend the challenged record accordingly; and

(ii) If an accounting of disclosures has been made, advise all previous recipients of the record of the amendment and its substance.

§ 1008.24 - Statements of disagreement.

(a) Filing of statement. If the determination of the Executive Director under § 1008.23 rejects in whole or part, a petition for amendment, the individual submitting the petition may file with the Privacy Act Officer a concise written statement setting forth the reasons for disagreement with the determination of the Presidio Trust.

(b) Disclosure of statements. In any disclosure of a record containing information about which an individual has filed a statement of disagreement under this section which occurs after the filing of the statement, the disputed portion of the record will be clearly noted and the recipient shall be provided copies of the statement of disagreement. If appropriate, a concise statement of the reasons of the Presidio Trust for not making the requested amendments may also be provided to the recipient.

(c) Maintenance of statements. System managers shall develop procedures to assure that statements of disagreement filed with them shall be maintained in such a way as to assure dissemination of the statements to recipients of the records to which the statements pertain.