Regulations last checked for updates: Nov 25, 2024

Title 45 - Public Welfare last revised: Nov 19, 2024
§ 613.1 - General provisions.

This part sets forth the National Science Foundation procedures under the Privacy Act of 1974. The rules in this part apply to all records in systems of records maintained by NSF that are retrieved by an individual's name or personal identifier. They describe the procedures by which individuals, as defined in the Privacy Act, may request access to records about themselves and request amendment or correction of those records. All Privacy Act requests for access to records are also processed under the Freedom of Information Act, 5 U.S.C. 552 (as provided in part 612 of this chapter), which gives requesters the benefit of both statutes. Notice of systems of records maintained by the National Science Foundation are published in the Federal Register. This part also includes regulations required by the Social Security Fraud Prevention Act of 2017 to limit the use of Social Security numbers on documents mailed by the National Science Foundation (NSF or Foundation).

[70 FR 43068, July 26, 2005, as amended at 87 FR 64169, Oct. 24, 2022]
§ 613.2 - Requesting access to records.

(a) Where to make a request. You may make a request for access to NSF records about yourself by appearing in person at the National Science Foundation or by making a written request. If you choose to visit the Foundation, you must contact the NSF Security Desk and ask to speak with the Foundation's Privacy Act Officer of the General Counsel. Written requests should be sent to the NSF Privacy Act Officer, National Science Foundation, 4201 Wilson Boulevard, Suite 1265, Arlington, VA 22230. Written requests are recommended, since in many cases it may take several days to determine whether a record exists, and additional time may be required for record(s) retrieval and processing.

(b) Description of requested records. You must describe the records that you seek in enough detail to enable NSF personnel to locate the system of records containing them with a reasonable amount of effort. Providing information about the purpose for which the information was collected, applicable time periods, and name or identifying number of each system of records in which you think records about you may be kept, will help speed the processing of your request. NSF publishes notices in the Federal Register that describe the systems of records maintained by the Foundation. The Office of the Federal Register publishes a biennial “Privacy Act compilation” that includes NSF system notices. This compilation is available in many large reference and university libraries, and can be accessed electronically at the Government Printing Office's Web site at www.access.gpo/su_docs/aces/PrivacyAct.shtml.

(c) Verification of identity. When requesting access to records about yourself, NSF requires that you verify your identity in an appropriate fashion. Individuals appearing in person should be prepared to show reasonable picture identification such as driver's license, government or other employment identification card, or passport. Written requests must state your full name and current address. you must sign your request and your signature must either be notarized, or submitted by you under 28 U.S.C. 1746,a. While no specific form is required, you may obtain information about these required elements for requests from the NSF Privacy Act Officer, Suite 1265, 4201 Wilson Blvd, Arlington, VA 22230, or from the NSF Home Page under “Public & media Information—FOIA and Privacy Act” at http://www.nsf.gov/home/pubinfo/foia.htm. In order to help agency personnel in locating and identifying requested records, you may also, at your option, include your social security number, and/or date and place of birth. An individual reviewing his or her record(s) in person may be accompanied by an individual of his or her choice after signing a written statement authorizing that individual's presence. Individuals requesting or authorizing the disclosure of records to a third party must verify their identity and specifically name the third party and identify the information to be disclosed.

(d) Verification of guardianship. When making a request as the parent or guardian of a minor or as the guardian of someone determined by a court of competent jurisdiction to be incompetent, for access to records about that individual, you must establish:

(1) The identity of the record subject, by stating individuals' name and current address and, at your option, the social security number and/or date and place of birth of the individual;

(2) Your own identity, as required in paragraph (c) of this section;

(3) That you are the parent or guardian of that individual, which you may prove by providing a copy of the individual's birth certificate showing your parentage or by providing a court order establishing your guardianship; and

(4) That you are acting on behalf of that individual in making the request.

(e) The procedures of paragraphs (a) through (d) of this section shall also apply to requests made pursuant to 5 U.S.C. 552a(c)(3).

§ 613.3 - Responding to requests for access to records.

(a) Timing of responses to requests. The Foundation will make reasonable effort to act on a request for access to records within 20 days of its receipt by the Privacy Act Officer (excluding date of receipt, weekends, and legal holidays) or from the time any required identification is received by the Privacy Act Officer, whichever is later. In determining which records are responsive to a request, the Foundation will include only records in its possession as of the date of receipt. When the agency cannot complete processing of a request within 20 working days, the foundation will send a letter explaining the delay and notifying the requester of the date by which processing is expected to be completed.

(b) Authority to grant or deny requests. The Privacy Act Officer, or his or her designee in the office with responsibility for the requested records, is authorized to grant or deny access to a Foundation record.

(c) Granting access to records. When a determination is made to grant a request for access in whole or part, the requester will be notified as soon as possible of the Foundation's decision. Where a requester has previously failed to pay a properly charged fee to any agency within 30 days of the date of billing, NSF may require the requester to pay the full amount due, plus any applicable interest, and to make an advance payment of the full amount of any anticipated fee, before NSF begins to process a new request or continues to process a pending request from that requester.

(1) Requests made in person. When a request is made in person, if the records can be found, and reviewed for access without unreasonable disruption of agency operations, the Foundation may disclose the records to the requester directly upon payment of any applicable fee. A written record should be made documenting the granting of the request. If a requester is accompanied by another person, the requester shall be required to authorize in writing any discussion of the records in the presence of the other person.

(2) Requests made in writing. The Foundation will send the records to the requester promptly upon payment of any applicable fee.

(d) Denying access to records. The requester will be notified in writing of any determination to deny a request for access to records. The notification letter will be signed by the Privacy Act Officer, or his or designee, as the individual responsible for the denial and will include a brief statement of the reason(s) for the denial, including any Privacy Act exemption(s) applied in denying the request.

(e) Fees. The Foundation will charge for duplication of records requested under the Privacy Act in the same way it charges for duplication under the Freedom of Information Act (see CFR 612.10). No search or review fee may be charged for the record unless the record has been exempted from access under Exemptions (j)(2) or (k)(2) of the Privacy Act.

§ 613.4 - Amendment of records.

(a) Where to make a request. An individual may request amendment of records pertaining to him or her that are maintained in an NSF Privacy Act system of records, except that certain records described in paragraph (h) of this section are exempt from amendment. Request for amendment of records must be made in writing to the NSF Privacy Act Officer, National Science Foundation, Suite 1265, 4201 Wilson Boulevard, Arlington, VA 22230.

(b) How to make a request. Your request should identify each particular record in question, state the amendment you want to take place and specify why you believe that the record is not accurate, relevant, timely, or complete. You may submit any documentation that you think would be helpful. Providing an edited copy of the record(s) showing the desired change will assist the agency in making a determination about your request. If you believe that the same information is maintained in more than one NSF system of records you should include that information in your request. You must sign your request and provide verification of your identity as specified in 613.2(c).

(c) Timing of responses to requests. The Privacy Act Officer, or his or her designee, will acknowledge receipt of request for amendment within 10 working days of receipt. Upon receipt of a proper request the Privacy Act Officer will promptly confer with the NSF Directorate or Office with responsibility for the record to determine if the request should be granted in whole or part.

(d) Granting request for amendment. When a determination is made to grant a request for amendment in whole or part, notification to the requester will be made as soon as possible, normally within 30 wording days of the Privacy Act Officer receiving the request, describing the amendment made and including a copy of the amended record, in disclosable form.

(e) Denying request for amendment. When a determination is made that amendment, in whole or part, is unwarranted, the matter shall be brought to the attention of the Inspector General, if it pertains to records maintained by the Office of the Inspector General, or to the attention of the General Counsel, if it pertains to other NSF records. If the General Counsel or Inspector General or their designee agrees with the determination that amendment is not warranted, the Privacy Act Officer will notify the requester in writing, normally within 30 working days of the Privacy Act Officer receiving the request. The notification letter will be signed by the Privacy Act Officer or his or her designee, and will include a statement of the reason(s) for the denial and how to appeal the decision.

(f) Appealing a denial. You may appeal a denial of a request to amend records to the General Counsel, National Science Foundation, 4201 Wilson Blvd., Suite 1265, Arlington, VA 22230. You must make your appeal in writing and it must be received by the Office of the General Counsel within ten days of the receipt of the denial (weekends, legal holidays, and the date of receipt excluded). Clearly mark your appeal letter and envelope “Privacy Act Appeal.” Your appeal letter must include a copy of your original request for amendment and the denial letter, along with any additional documentation or argument you wish to submit in favor of amending the records. It must be signed by you or your officially designated representative.

(g) Responses to appeals. The General Counsel, or his or her designee, will normally render a decision on the appeal within thirty working days after proper receipt of the written appeal by the General Counsel. If additional time to make a determination is necessary you will be advised in writing of the need for an extension.

(1) Amendment appeal granted. If on appeal the General Counsel, or his or her designee, determines that amendment of the record should take place, you will be notified as soon as possible of the Foundation's decision. The notification will describe the amendment made and include a copy of the amended record, in disclosable form.

(2) Amendment appeal denied—Statement of disagreement. If on appeal the General Counsel, or his or her designee, upholds a denial of a request for amendment of records, you will be notified in writing of the reasons why the appeal was denied and advised of your right to seek judicial review of the decision. The letter will also notify you of your right to file with the Foundation a concise statement setting forth the reasons for your disagreement with the refusal of the Foundation to amend the record. The statement should be sent to the Privacy Act Officer, who will ensure that a copy of the statement is placed with the disputed record. A copy of the statement will be included with any subsequent disclosure of the record.

(h) Records not subject to amendment. The following records are not subject to amendment:

(1) Transcripts of testimony given under oath or written statements made under oath;

(2) Transcripts of grand jury proceedings, judicial proceedings, or quasi-judicial proceedings, which are the official record of those proceedings;

(3) Pre-sentence records that originated with the courts; and

(4) Records in systems of records that have been exempted from amendment under Privacy Act, 5 U.S.C. 552a(j) or (k) by notice published in the Federal Register.

§ 613.5 - Exemptions.

(a) Fellowships and other support. Pursuant to 5 U.S.C. 552a(k)(6), the Foundation hereby exempts from the application of 5 U.S.C. 552a(c)(3) and (d) any materials which would reveal the identity of references of fellowship or other award applicants or nominees, or reviewers of applicants for Federal contracts (including grants and cooperative agreements) contained in any of the following systems of records:

(1) “Fellowships and Other Awards,”

(2) “Principal Investigator/Proposal File and Associated Records,”

(3) “Reviewer/Proposal File and Associated Records,” and

(4) “Reviewer/Fellowship and Other Awards File and Associated Records.”

(b) OIG Files Compiled for the Purpose of a Criminal Investigation and for Related Purposes. Pursuant to 5 U.S.C. 552a(j)(2), the Foundation hereby exempts the system of records entitled “Office of Inspector General Investigative Files,” insofar as it consists of information compiled for the purpose of a criminal investigation or for other purposes within the scope of 5 U.S.C. 552a(j)(2), from the application of 5 U.S.C. 552a,except,c,e,e,7,9,10,and.

(c) OIG and ACA Files Compiled for Other Law Enforcement Purposes. Pursuant to 5 U.S.C. 552a(k)(2), the Foundation hereby exempts the systems of records entitled “Office of Inspector General Investigative Files” and “Antarctic Conservation Act Files” insofar as they consist of information compiled for law enforcement purposes other than material within the scope of 5 U.S.C. 552a(j)(2), from the application of 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

(d) Investigations of Scientific Misconduct. Pursuant to 5 U.S.C. 552a(k)(2) and (k)(5), the Foundation hereby exempts from the application of 5 U.S.C. 552a(c)(3) and (d) any materials which would reveal the identity of confidential sources of information contained in the following system of records: “Debarment/Scientific Misconduct Files.”

(e) Personnel Security Clearances. Pursuant to 5 U.S.C. 552a(k)(5), the Foundation hereby exempts from the application of 5 U.S.C. 552a(c)(3) and (d) any materials which would reveal the identity of confidential sources of information contained in the following system of records: “Personnel Security.”

(f) Applicants for Employment. Records on applicants for employment at NSF are covered by the Office of Personnel Management (OPM) government-wide system notice “Recruiting, Examining and Placement Records.” These records are exempted as claimed in 5 CFR 297.501(b)(7).

(g) Statistical records. Pursuant to 5 U.S.C. 552a(k)(4), the Foundation hereby exempts the systems of records entitled “Doctorate Records Files,” “Doctorate Work History Files,” and “National Survey of Recent College Graduates & Follow-up Files” from the application of 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

(h) Other records. The Foundation may also assert exemptions for records received from another agency that could properly be claimed by that agency in responding to a request.

§ 613.6 - Other rights and services.

Nothing in this subpart shall be construed to entitle any person, as of right, to any service or to the disclosure of any record to which such person is not entitled under the Privacy Act.

§ 613.7 - Social Security numbers on documents mailed by NSF.

(a) A document that NSF sends by mail shall not include the Social Security number (SSN) of an individual, except where the NSF Director (or other agency official whom the NSF Director may designate) determines that it is necessary. If so, the SSN must be truncated to the extent feasible, as follows—

(1) The document shall include no more than the last four digits of the SSN; or

(2) If the document needs to include more digits, then only where they are:

(i) Required by law (including, but not limited to, a statute, court order, or other legal mandate);

(ii) Needed to identify a specific individual when no adequate substitute is available; or

(iii) Needed to fulfill some other compelling NSF business need.

(b) No portion of an SSN may be visible on the outside of any NSF mailing.

(c) For purposes of this section, “mail” and “mailing” means printed documents or correspondence, and does not include emails or any other documents, correspondence, or communications in electronic form.

(d) The requirements of this section shall apply to mail sent by NSF, including mailings by a contractor on NSF's behalf, on or after October 24, 2022.

[87 FR 64169, Oct. 24, 2022]
authority: 5 U.S.C. 552a; for § 613.7, 42 U.S.C. 405 note, Pub L. 115-59, 131 Stat. 1152
source: 70 FR 43068, July 26, 2005, unless otherwise noted.
cite as: 45 CFR 613.7