(a) General information. (1) The Department has a decentralized system for responding to Privacy Act requests for access to records, with each component designating an office to process Privacy Act requests for access to records maintained by that component. A requester may make a Privacy Act request for access to records about the requester by writing directly to the component that maintains the records. All components have the capability to receive requests electronically either through email or a web portal. The request should be sent or delivered to the component's office at the address listed in appendix I to this part, or in accordance with the access procedures outlined in the corresponding SORN. The functions of each component are summarized in part 0 of this title and in the description of the Department and its components in the United States Government Manual, which is updated on a year-round basis and is available free of charge at https://www.usgovernmentmanual.gov/.

(2) If a requester cannot determine where within the Department to send the Privacy Act request for access to records, the requester may send it by mail to the FOIA/PA Mail Referral Unit, Justice Management Division, Department of Justice, 950 Pennsylvania Avenue NW, Washington, DC 20530-0001; by email to [email protected]; or by fax to (202) 616-6695. The Mail Referral Unit will forward the request to the component(s) it believes most likely to have the requested records. For the quickest possible handling, the requester should mark both the request letter and the envelope “Privacy Act Access Request.”

(b) Description of records sought. Requesters must describe the records sought in sufficient detail to enable Department personnel to locate the applicable system of records containing them with a reasonable amount of effort. To the extent possible, requesters should include specific information that may assist a component in identifying the requested records, such as the name or identifying number of each system of records in which the requester believes the records are maintained, or the date, title, name, author, recipient, case number, file designation, reference number, or subject matter of the record. The Department publishes SORNs in the Federal Register that describe the type and categories of records maintained in Department-wide and component-specific systems of records. Department SORNs may be found in published issues of the Federal Register and a list is available at https://www.justice.gov/opcl/doj-systems-records. Requesters may also request the record in a particular form or format.

(c) Agreement to pay fees. A Privacy Act request for access may specify the amount of fees that the requester is willing to pay in accordance with § 16.49. The component responsible for responding to the request shall confirm this agreement in an acknowledgement letter, in accordance with § 16.43.

(d) Verification of identity. (1) A requester must verify the requester's identity when making a Privacy Act request for access. The requester must state the requester's full name, current address, and date and place of birth. The requester must:

(i) Sign the request, and the signature must either be notarized or submitted by the requester under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization; or

(ii) When available, use one of the Department's approved digital services, as indicated on the Department's Privacy Act Request web page, to verify the identity of the requester through identity proofing and authentication processes.

(2) While no specific form is required, the requester may obtain forms for this purpose from the FOIA/PA Mail Referral Unit, Justice Management Division, Department of Justice, 950 Pennsylvania Avenue NW, Washington, DC 20530-0001, or obtain the form at https://www.justice.gov/oip/doj-reference-guide-attachment-d-copies-forms.

(3) To help identify and locate requested records, a requester may also include, at the requester's option, any additional identifying information which may be helpful in identifying and locating the requested records. Components shall establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of information provided by the requester, and to protect against any anticipated threats, in accordance with § 16.51.

(e) Verification of guardianship. (1) The parent of a minor, or the legal guardian of an individual who has been declared incompetent due to physical or mental incapacity or age by a court of competent jurisdiction, is permitted to act on behalf of the individual. In order for a parent of a minor or the legal guardian of an individual to make a Privacy Act request for access on behalf of the individual, the parent or legal guardian must establish:

(i) The identity of the individual who is the subject of the request, by stating the name, current address, date and place of birth, and, at the parent or legal guardian's option, any additional identifying information that may be helpful in identifying and locating the requested records;

(ii) The parent or legal guardian's own identity, as required in paragraph (d) of this section;

(iii) Proof of parentage or legal guardianship, which may be proven by providing a copy of the individual's birth certificate or by providing a court order establishing legal guardianship; and

(iv) That the parent or legal guardian is acting on behalf of that individual in making the request.

(2) Components shall establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of information provided by the parent or legal guardian, and to protect against any anticipated threats, in accordance with § 16.51.