(a) General. The DNI has determined that invoking exemptions under the Privacy Act and continuing exemptions previously asserted by agencies whose records ODNI receives is necessary: to ensure against the release of classified information essential to the national defense or foreign relations; to protect intelligence sources and methods; and to maintain the integrity and effectiveness of intelligence, investigative and law enforcement processes. Accordingly, as authorized by the Privacy Act, 5 U.S.C. 552a,subsections,and,5.S.C. 553, the ODNI shall:

(1) Exercise its authority pursuant to subsections (j) and (k) of the Privacy Act to exempt certain ODNI systems of records or portions of systems of records from various provisions of the Privacy Act; and

(2) Continue in effect and assert all exemptions claimed under Privacy Act subsections (j) and (k) by an originating agency from which the ODNI obtains records where the purposes underlying the original exemption remain valid and necessary to protect the contents of the record.

(b) Related policies. (1) The exemptions asserted apply to records only to the extent they meet the criteria of subsections (j) and (k) of the Privacy Act, whether claimed by the ODNI or the originator of the records.

(2) Discretion to supersede exemption: Where complying with a request for access or amendment would not appear to interfere with or adversely affect a counterterrorism or law enforcement interest, and unless prohibited by law, the D/IMO may exercise his discretion to waive the exemption. Discretionary waiver of an exemption with respect to a record will not obligate the ODNI to waive the exemption with respect to any other record in an exempted system of records. As a condition of such discretionary access, ODNI may impose any restrictions (e.g., concerning the location of file reviews) deemed necessary or advisable to protect the security of agency operations, information, personnel, or facilities.

(3) Records in ODNI systems also are subject to protection under 50 U.S.C. 403-1(i), the provision of the National Security Act of 1947 which requires the DNI to protect intelligence sources and methods from unauthorized disclosure.

(a) ODNI exempts the systems of records listed in § 1701.22 from the requirements of paragraphs (c)(3); (d)(1), (2), (3) and (4); (e)(1) and (e)(4)(G), (H), and (I); and (f) of the Privacy Act (5 U.S.C. 552a) to the extent that information in the system is subject to exemption pursuant to paragraph (k)(1), (k)(2), or (k)(5) of the Act as noted in § 1701.22. ODNI also derivatively preserves the exempt status of records it receives from source agencies when the reason for the exemption remains valid, as set forth in § 1701.20.

(b) Systems of records utilized by the Office of the Intelligence Community Inspector General (ICIG) are additionally exempted from the requirements of paragraphs (c)(4); (e)(2); (e)(3); (e)(5); (e)(8); (e)(12); and (g) of the Privacy Act (5 U.S.C. 552a) to the extent that information in the system is subject to exemption pursuant to paragraph (j)(2) of the Privacy Act (5 U.S.C. 552a).

(c) Exemption of records in these systems from any or all of the enumerated requirements may be necessary for the following reasons:

(1) From paragraph (c)(3) of the Privacy Act (5 U.S.C. 552a) (accounting of disclosures) because an accounting of disclosures from records concerning the record subject would specifically reveal an intelligence or investigative interest on the part of ODNI or the recipient agency and could result in release of properly classified national security or foreign policy information.

(2) From paragraph (c)(4) of the Privacy Act (5 U.S.C. 552a) (notice of amendment to record recipients) because the system is exempted from the access and amendment provisions of paragraph (d) of the Privacy Act.

(3) From paragraphs (d)(1) through (4) of the Privacy Act (5 U.S.C. 552a) (record subject's right to access and amend records) because affording access and amendment rights could alert the record subject to the investigative interest of intelligence or law enforcement agencies or compromise sensitive information classified in the interest of national security. In the absence of a national security basis for exemption, records in this system may be exempted from access and amendment to the extent necessary to honor promises of confidentiality to persons providing information concerning a candidate for position. Inability to maintain such confidentiality would restrict the free flow of information vital to a determination of a candidate's qualifications and suitability.

(4) From paragraph (e)(1) of the Privacy Act (5 U.S.C. 552a) (maintain only relevant and necessary records) because it is not always possible to establish relevance and necessity before all information is considered and evaluated in relation to an intelligence concern. In the absence of a national security basis for exemption under paragraph (k)(1) of the Privacy Act (5 U.S.C. 552a), records in this system may be exempted from the relevance requirement pursuant to paragraphs (k)(2) and (5) of the Privacy Act (5 U.S.C. 552a) because it is not possible to determine in advance what exact information may assist in determining the qualifications and suitability of a candidate for position. Seemingly irrelevant details, when combined with other data, can provide a useful composite for determining whether a candidate should be appointed.

(5) From paragraph (e)(2) of the Privacy Act (5 U.S.C. 552a) (collection directly from the individual) because application of this provision would alert the subject of a counterterrorism investigation, study, or analysis to that fact, permitting the subject to frustrate or impede the activity. Counterterrorism investigations necessarily rely on information obtained from third parties rather than information furnished by subjects themselves.

(6) From paragraph (e)(3) of the Privacy Act (5 U.S.C. 552a) (provide Privacy Act Statement to subjects furnishing information) because the system is exempted from requirements in paragraph (e)(2) of the Privacy Act to collect information directly from the subject.

(7) From paragraphs (e)(4)(G) and (H) of the Privacy Act (5 U.S.C. 552a) (publication of procedures for notifying subjects of the existence of records about them and how they may access records and contest contents) because the system is exempted from provisions in paragraph (d) of the Privacy Act (5 U.S.C. 552a) regarding access and amendment, and from the requirement in paragraph (f) of the Privacy Act to promulgate agency rules for notification, access, and amendment. Nevertheless, ODNI has published notice concerning notification, access, and contest procedures because it may in certain circumstances determine it appropriate to provide subjects access to all or a portion of the records about them in a system of records.

(8) From paragraph (e)(4)(I) of the Privacy Act (5 U.S.C. 552a) (identifying sources of records in the system of records) because identifying sources could result in disclosure of properly classified national defense or foreign policy information, intelligence sources and methods, and investigatory techniques and procedures. Notwithstanding its exemption from this requirement, ODNI identifies record sources in broad categories sufficient to provide general notice of the origins of the information it maintains in its systems of records.

(9) From paragraph (e)(5) of the Privacy Act (5 U.S.C. 552a) (maintain timely, accurate, complete and up-to-date records) because many of the records in the system are derived from other domestic and foreign agency record systems over which ODNI exercises no control. In addition, in collecting information for counterterrorism, intelligence, and law enforcement purposes, it is not possible to determine in advance what information is accurate, relevant, timely, and complete. With the passage of time and the development of additional facts and circumstances, seemingly irrelevant or dated information may acquire significance. The restrictions imposed by paragraph (e)(5) of the Privacy Act (5 U.S.C. 552a) would limit the ability of intelligence analysts to exercise judgment in conducting investigations and impede development of intelligence necessary for effective counterterrorism and law enforcement efforts.

(10) From paragraph (e)(8) of the Privacy Act (5 U.S.C. 552a) (notice of compelled disclosures) because requiring individual notice of legally compelled disclosure poses an impossible administrative burden and could alert subjects of counterterrorism, law enforcement, or intelligence investigations to the previously unknown fact of those investigations.

(11) From paragraph (e)(12) of the Privacy Act (public notice of matching activity) because, to the extent such activities are not otherwise excluded from the matching requirements of the Privacy Act (5 U.S.C. 552a), publishing advance notice in the Federal Register would frustrate the ability of intelligence analysts to act quickly in furtherance of analytical efforts.

(12) From paragraph (f) of the Privacy Act (5 U.S.C. 552a) (agency rules for notifying subjects to the existence of records about them, for accessing and amending records, and for assessing fees) because the system is exempt from provisions in paragraph (d) of the Privacy Act regarding access and amendment of records by record subjects. Nevertheless, ODNI has published agency rules concerning notification of a subject in response to his request if any system of records named by the subject contains a record pertaining to him and procedures by which the subject may access or amend the records. Notwithstanding exemption, ODNI may determine it appropriate to satisfy a record subject's access request.

(13) From paragraph (g) of the Privacy Act (5 U.S.C. 552a) (civil remedies) to the extent that the civil remedies relate to provisions of 5 U.S.C. 552a from which this rule exempts the system.

(a) ODNI systems of records subject to exemption:

(1) Manuscript, Presentation, and Resume Review Records (ODNI-01), 5 U.S.C. 552a(k)(1).

(2) Executive Secretary Action Management System Records (ODNI-02), 5 U.S.C. 552a(k)(1).

(3) Public Affairs Office Records (ODNI-03), 5 U.S.C. 552a(k)(1).

(4) Office of Legislative Affairs Records (ODNI-04), 5 U.S.C. 552a(k)(1).

(5) ODNI Guest Speaker Records (ODNI-05), 5 U.S.C. 552a(k)(1).

(6) Office of General Counsel Records (ODNI-06), 5 U.S.C. 552a(k)(1), (2), and (5).

(7) Intelligence Community Customer Registry (ODNI-09), 5 U.S.C. 552a(k)(1).

(8) Office of Intelligence Community Equal Employment Opportunity and Diversity Records (ODNI-10), 5 U.S.C. 552a(k)(1), (2), and (5).

(9) Office of Protocol Records (ODNI-11), 5 U.S.C. 552a(k)(1).

(10) Intelligence Community Security Clearance and Access Approval Repository (ODNI-12), 5 U.S.C. 552a(k)(1), (2), and (5).

(11) Security Clearance Reform Research and Oversight Records (ODNI-13), 5 U.S.C. 552a(k)(1), (2), and (5).

(12) Civil Liberties and Privacy Office Complaint Records (ODNI-14), 5 U.S.C. 552a(k)(1), (2), and (5).

(13) Mission Outreach and Collaboration Records (ODNI-15), 5 U.S.C. 552a(k)(1).

(14) ODNI Human Resource Records (ODNI-16), 5 U.S.C. 552a(k)(1).

(15) ODNI Personnel Security Records (ODNI-17), 5 U.S.C. 552a(k)(1), (2), and (5).

(16) ODNI Freedom of Information Act, Privacy Act, and Mandatory Declassification Review Request Records (ODNI-18), 5 U.S.C. 552a(k)(1), (2), and (5).

(17) ODNI Information Technology Systems Activity and Access Records (ODNI-19), 5 U.S.C. 552a(k)(1), (2), and (5).

(18) ODNI Security Clearance Reciprocity Hotline Records (ODNI-20), 5 U.S.C. 552a(k)(1) and (5).

(19) ODNI Information Technology Network Support, Administration and Analysis Records (ODNI-21), 5 U.S.C. 552a(k)(1).

(20) Insider Threat Program Records (ODNI-22), 5 U.S.C. 552a(k)(1), (2), and (5).

(b) ODNI/National Counterintelligence and Security Center (NCSC) systems of records:

(1) Damage Assessment Records (ODNI/NCIX-001), 5 U.S.C. 552a(k)(1) and (2).

(2) Counterintelligence Trends Analyses Records (ODNI/NCSC-002), 5 U.S.C. 552a(k)(1) and (2).

(3) Continuous Evaluation Records (ODNI/NCSC-003), 5 U.S.C. 552a(k)(1), (2), and (5).

(c) ODNI/National Counterterrorism Center (NCTC) systems of records:

(1) NCTC Access Authorization Records (ODNI/NCTC-002), 5 U.S.C. 552a(k)(1).

(2) NCTC Telephone Directory (ODNI/NCTC-003), 5 U.S.C. 552a(k)(1).

(3) NCTC Knowledge Repository (ODNI/NCTC-004), 5 U.S.C. 552a(k)(1) and (2).

(4) NCTC Current (ODNI/NCTC-005), 5 U.S.C. 552a(k)(1) and (2).

(5) NCTC Partnership Management Records (ODNI/NCTC-006), 5 U.S.C. 552a(k)(1).

(6) NCTC Tacit Knowledge Management Records (ODNI/NCTC-007), 5 U.S.C. 552a(k)(1).

(7) NCTC Terrorism Analysis Records (ODNI/NCTC-008), 5 U.S.C. 552a(k)(1) and (2).

(8) Terrorist Identities Records (ODNI/NCTC-009), 5 U.S.C. 552a(k)(1) and (2).

(d) ODNI/Office of the Intelligence Community Inspector General (ICIG) systems of records:

(1) OIG Human Resources Records (ODNI/OIG-001), 5 U.S.C. 552a(k)(1) and (5).

(2) OIG Experts Contact Records (ODNI/OIG-002), 5 U.S.C. 552a(k)(1) and (5).

(3) OIG Investigation and Interview Records (ODNI/OIG-003), 5 U.S.C. 552a(j)(2); (k)(1), (2), and (5).