The purpose of this subpart is to provide certain safeguards for an individual against the invasion of his or her personal privacy by SIGAR. This subpart is promulgated pursuant to the requirements applicable to all federal agencies contained in 5 U.S.C. 552a(f).

(a) Individuals desiring to know if a specific system of records maintained by SIGAR contains a record pertaining to them should address their inquiries to the Privacy Officer, Special Inspector General for Afghanistan Reconstruction, 2530 Crystal Drive, Arlington, VA 22202. As there may be delays in mail delivery, it is advisable to send the request via facsimile to (703) 601-3804 or by email to [email protected]. The written inquiry should contain a specific reference to the system of records maintained by the SIGAR listed in the SIGAR Notice of Systems of Records, or it should describe the type of record in sufficient detail reasonably to identify the system of records. Notice of SIGAR systems of records subject to the Privacy Act will be published in the Federal Register, posted on the SIGAR public facing Web site, and copies of the notices will be available upon request to the Privacy Officer when so published. A compilation of such notices will also be made and published by the Office of the Federal Register, in accordance with 5 U.S.C. 552a(f).

(b) At a minimum, the request should contain sufficient identifying information to allow SIGAR to determine if there is a record pertaining to the individual making the request in a particular system of records. In instances when the requester's identification is insufficient to ensure disclosure to the individual to whom the information pertains in view of the sensitivity of the information, SIGAR reserves the right to solicit from the person requesting access to a record additional identifying information.

(c) Ordinarily the person requesting will be informed whether the named system of records contains a record pertaining to such person within 10 days of such a request (excluding Saturdays, Sundays and legal Federal holidays). Such a response will also contain or reference the procedures which must be followed by the individual making the request in order to gain access to the record.

(d) Whenever a response cannot be made within the 10 days, the Privacy Officer will inform the person making the request the reasons for the delay and the date on which a response may be anticipated.

(a) Requirement for written requests. An individual desiring to gain access to a record pertaining to him or her in a system of records maintained by SIGAR must submit his or her request in writing in accordance with the procedures set forth in paragraph (b) of this section. Individuals employed by the SIGAR may make their requests on a regularly scheduled workday (Monday through Friday, excluding legal Federal holidays) between the hours of 9:00 a.m. and 5:30 p.m. Such requests for access by individuals employed by SIGAR need not be made in writing.

(b) Procedures—(1) Content of the request. The request for access to a record in a system of records shall be addressed to the Privacy Officer at the address cited above, and shall name the system of records or contain a concise description of such system of records. The request should state that the request is pursuant to the Privacy Act of 1974. In the absence of such a statement, if the request is for a record pertaining to the person requesting access which is maintained by SIGAR in a system of records, the request will be considered under both the Privacy Act of 1974 and the Freedom of Information Act, depending on which would allow greater access to the records requested. The request should contain necessary information to verify the identity of the person requesting access (see paragraph (b)(2)(vi) of this section). In addition, such person should include any other information which may assist in the rapid identification of the record for which access is being requested (e.g., maiden name, dates of employment, etc.) as well as any other identifying information contained in and required by the SIGAR Notice of Systems of Records.

(i) If the request for access follows a prior request under § 9301.1, the same identifying information need not be included in the request for access if a reference is made to that prior correspondence or a copy of the SIGAR response to that request is attached. If the individual specifically desires a copy of the record, the request should so specify under § 9301.4.

(ii) [Reserved]

(2) SIGAR action on request. A request for access will ordinarily be answered within 10 days, except when the Privacy Officer determines otherwise, in which case the person making the request will be informed of the reasons for the delay and an estimated date by which the request will be answered. When the request can be answered within 10 days, it shall include the following:

(i) A statement that there is a record as requested or a statement that there is not a record in the systems of records maintained by SIGAR;

(ii) A statement as to whether access will be granted only by providing a copy of the record through the mail; or the address of the location and the date and time at which the record may be examined. In the event the person requesting access is unable to meet the specified date and time, alternative arrangements may be made with the Privacy Officer;

(iii) A statement, when appropriate, that examination in person will be the sole means of granting access only when the Privacy Officer has determined that it would not unduly impede the right of access of the person making the request.

(iv) The amount of fees charged, if any (see §§ 9301.6 and 9301.7). (Fees are applicable only to requests for copies);

(v) The name, title, and telephone number of the SIGAR official having operational control over the record; and

(vi) The documentation required by SIGAR to verify the identity of the person making the request. At a minimum, SIGAR verification standards include the following:

(A) Current or former SIGAR Employees. Current or former SIGAR employees requesting access to a record pertaining to them in a system of records maintained by SIGAR may, in addition to the other requirements of this section, and at the sole discretion of the official having operational control over the record, have his or her identity verified by visual observation. If the current or former SIGAR employee cannot be so identified by the official having operational control over the records, identification documentation will be required. The employee's common access card, annuitant identification, driver licenses, or the “employee copy” of any official personnel document in the record are examples of acceptable identification validation.

(B) Other than current or former SIGAR employees. Individuals other than current or former SIGAR employees requesting access to a record pertaining to them in a system of records maintained by SIGAR must produce identification documentation of the type described in paragraph (b)(2)(vi)(A) of this section, prior to being granted access. The extent of the identification documentation required will depend on the type of record for which access is requested. In most cases, identification verification will be accomplished by the presentation of two forms of identification. Any additional requirements will be specified in the system of records notices published by SIGAR pursuant to 5 U.S.C. 552a(e)(4).

(C) Access granted by mail. For records to be made accessible by mail, the Privacy Officer shall, to the extent possible, establish identity by a comparison of signatures in situations where the data in the record is not so sensitive that unauthorized access could cause harm or embarrassment to the individual to whom they pertain. No identification documentation will be required for the disclosure to a person making a request of information under the FOIA, 5 U.S.C. 552. When, in the opinion of the Privacy Officer the granting of access through the mail could reasonably be expected to result in harm or embarrassment if disclosed to a person other than the individual to whom the record pertains, a notarized statement of identity or some similar assurance of identity will be required.

(D) Unavailability of identification documentation. If an individual is unable to produce adequate identification documentation the individual will be required to sign a statement asserting identity and acknowledging that knowingly or willfully seeking or obtaining access to records about another person under false pretenses may result in a fine of up to $5,000. In addition, depending upon the sensitivity of the records to which access is sought, the official having operational control over the records may require such further reasonable assurances as may be considered appropriate; e.g., statements of other individuals who can attest to the identity of the person making the request.

(E) Access by the parent of a minor, or by a legal guardian. A parent of a minor, upon presenting suitable personal identification, may act on behalf of the minor to gain access to any record pertaining to the minor maintained by SIGAR in a system of records. A legal guardian may similarly act on behalf of an individual declared to be incompetent due to physical or mental incapacity or age by a court of competent jurisdiction, upon the presentation of the documents authorizing the legal guardian to so act, and upon suitable personal identification of the guardian.

(F) Granting access when accompanied by another individual. When an individual requesting access to his or her record in a system of records maintained by SIGAR wishes to be accompanied by another individual during the course of the examination of the record, the individual making the request shall submit to the official having operational control of the record, a signed statement authorizing that person access to the record.

(G) Granting access to individuals other than the subject of the record. SIGAR will not disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, pursuant to the Privacy Act of 1974.

(H) Denial of access for inadequate identification documentation. If the official having operation control over the records in a system of records maintained by SIGAR determines that an individual seeking access has not provided sufficient identification documentation to permit access, the official shall consult with the Privacy Officer prior to finally denying the individual access.

(vii) Medical records. The records in a system of records which are medical records shall be disclosed to the individual to whom they pertain in such manner and following such procedures as the Privacy Officer shall direct. When SIGAR in consultation with a physician, determines that the disclosure of medical information could have an adverse effect upon the individual to whom it pertains, SIGAR may transmit such information to a physician named by the individual.

(viii) Exceptions. Nothing in this section shall be construed to entitle an individual the right to access to any information compiled in reasonable anticipation of litigation.

Rules governing the granting of access to the accounting of disclosures are the same as those for granting access to the records (including verification of identity) outlined in § 9301.14.

Rules governing requests for copies of records are the same as those for the granting of access to the records (including verification of identity) outlined in § 9301.14. (See also § 9301.19 for rules regarding fees.)

(a) Requirement for written requests. Individuals desiring to amend a record that pertains to them in a system of records maintained by SIGAR must submit their request in writing in accordance with the procedures set forth herein unless this requirement is waived by the official having responsibility for the system of records. Records not subject to the Privacy Act of 1974 will not be amended in accordance with these provisions. However, individuals who believe that such records are inaccurate may bring this to the attention of SIGAR.

(b) Procedures. (1)(i) The request to amend a record in a system of records shall be addressed to the Privacy Officer. Included in the request shall be the name of the system and a brief description of the record proposed for amendment. In the event the request to amend the record is the result of the individual's having gained access to the record in accordance with the provisions concerning access to records as set forth in this paragraph, copies of previous correspondence between the individual and SIGAR will serve in lieu of a separate description of the record.

(ii) When the individual's identity has been previously verified pursuant to § 9301.14(b)(2)(vi), further verification of identity is not required as long as the communication does not suggest that a need for verification has reappeared. If the individual's identity has not been previously verified, SIGAR may require identification validation as described in § 9301.14(b)(2)(vi). Individuals desiring assistance in the preparation of a request to amend a record should contact the Privacy Officer at the address cited above.

(iii) The exact portion of the record the individual seeks to have amended should be clearly indicated. If possible, the desired proposed alternative language should also be set forth, or at a minimum, the facts which the individual believes are not accurate, relevant, timely, or complete should be set forth with such particularity as to permit SIGAR to understand the basis for the request and to make an appropriate amendment to the record.

(iv) The request should also set forth the reasons why the individual believes his record is not accurate, relevant, timely, or complete. In order to avoid the retention by SIGAR of personal information merely to permit verification of records, the burden of persuading SIGAR to amend a record will be upon the individual. The individual must furnish sufficient facts or credible documentation to persuade the official in charge of the system of the inaccuracy, irrelevancy, untimeliness, or incompleteness of the record.

(2) SIGAR action on the request. To the extent possible, a decision upon a request to amend a record will be made within 10 days, excluding Saturdays, Sundays and legal Federal holidays. In the event a decision cannot be made within this time frame, the individual making the request will be informed within 10 days of the expected date for a decision. The decision upon a request for amendment will include the following:

(i) The decision of SIGAR whether to grant in whole, or deny any part of the request to amend the record.

(ii) The reasons for the determination for any portion of the request which is denied.

(iii) The name and address of the official with whom an appeal of the denial may be lodged.

(iv) The name and address of the official designated to assist, as necessary, and upon request of, the individual making the request in the preparation of the appeal.

(v) A description of the review of the appeal within SIGAR (see § 9301.18).

(vi) A description of any other procedures which may be required of the individual in order to process the appeal.

(a) Individuals wishing to request a review of the decision by SIGAR with regard to an initial request to amend a record in accordance with the provisions of § 9301.17, should submit the request for review in writing and, to the extent possible, include the information specified in § 9301.17(a). Individuals desiring assistance in the preparation of their request for review should contact the Privacy Officer at the address provided herein.

(b) The request for review should contain a brief description of the record involved or in lieu thereof, copies of the correspondence from SIGAR in which the request to amend was denied, and also should state the reasons why the individual believes that the disputed information should be amended. The request for review should make reference to the information furnished by the individual in support of his claim and the reasons, as required by § 9301.17, set forth by SIGAR in its decision denying the amendment. In order to avoid the unnecessary retention of personal information, SIGAR reserves the right to dispose of the material concerning the request to amend a record if no request for review in accordance with this section is received by SIGAR within 180 days of the mailing by SIGAR of its decision upon an initial request. A request for review received after the 180 day period may, at the discretion of the Privacy Officer, be treated as an initial request to amend a record.

(c) The request for review should be addressed to the Appellate Authority, Office of the Special Inspector General for Afghanistan Reconstruction, 2530 Crystal Drive, Arlington, VA 22202. As there may be delays in mail delivery, it is advisable to send the request via facsimile to (703) 601-3804 or by email to [email protected].

(d) Final determinations on requests for reviews within SIGAR will be made by the Appellate Authority. Additional information may be requested by the Appellate Authority from the person requesting a review if necessary to make a determination.

(e) The Appellate Authority will inform the person making the request in writing of the decision on the request for review within 30 days (excluding Saturdays, Sundays and legal Federal holidays) from the date of receipt by SIGAR of the individual's request for review, unless the Appellate Authority extends the 30 day period for good cause. The extension and the reasons therefore will be sent by SIGAR to the individual within the initial 30 day period. Included in the notice of a decision being reviewed, if the decision does not grant in full the request for review, will be a description of the steps the individual may take to obtain judicial review of such a decision, and a statement that the individual may file a concise statement with SIGAR setting forth the individual's reasons for his disagreement with the decision upon the request for review. The SIGAR Privacy Officer has the authority to determine the “conciseness” of the statement, taking into account the scope of the disagreement and the complexity of the issues. Upon the filing of a proper concise statement by the individual, any subsequent disclosure of the information in dispute will have the information in dispute clearly noted and a copy of the concise statement furnished, setting forth its reasons for not making the requested changes, if SIGAR chooses to file such a statement. A copy of the individual's statement, and if it chooses, SIGAR's statement, will be sent to any prior transferee of the disputed information who is listed on the accounting required by 5 U.S.C. 552a(c).

(a) Prohibitions against charging fees. Individuals will not be charged for:

(1) The search and review of the record;

(2) Any copies of the record produced as a necessary part of the process of making the record available for access; or

(3) Any copies of the requested record when it has been determined that access can only be accomplished by providing a copy of the record through the mail.

(b) Waiver. The Privacy Officer may, at no charge, provide copies of a record if it is determined that the production of the copies is in the interest of the Government.

(c) Fee schedule and method of payment. Fees will be charged as provided below except as provided in paragraphs (a) and (b) of this section.

(1) Duplication of records. Records will be duplicated at a rate of $.10 per page for copying of 4 pages or more. There is no charge for copying fewer pages.

(2) Where it is anticipated that the fees chargeable under this section will amount to more than $25, the person making the request shall be notified of the amount of the anticipated fee or such portion thereof as can readily be estimated. In instances where the estimated fees will greatly exceed $25, an advance deposit may be required. The notice or request for an advance deposit shall extend an offer to the person requesting to consult with the Privacy Officer in order to reformulate the request in a manner which will reduce the fees, yet still meet the needs of individuals making the request.

(3) Fees must be paid in full prior to issuance of requested copies. In the event the person requesting is in arrears for previous requests copies will not be provided for any subsequent request until the arrears have been paid in full.

(4) Remittances shall be in the form either of a personal check or bank draft drawn on a bank in the United States, or a postal money order. Remittances shall be made payable to the order of the Treasury of the United States and mailed or delivered to the Privacy Officer, Office of the Special Inspector General for Afghanistan Reconstruction, 2530 Crystal Drive, Arlington, VA 22202.

(5) A receipt for fees paid will be given upon request.

Systems of records maintained by SIGAR are authorized to be exempted from certain provisions of the Privacy Act under the general and specific exemptions set forth in the Act. In utilizing these exemptions, SIGAR is exempting only those portions of systems that are necessary for the proper functioning of SIGAR and that are consistent with the Privacy Act. Where compliance would not appear to interfere with or adversely affect the law enforcement process, and/or where it may be appropriate to permit individuals to contest the accuracy of the information collected, e.g., public source materials, the applicable exemption may be waived, either partially or totally, by SIGAR, in the sole discretion of SIGAR, as appropriate.

(a) General exemptions. (1) Individuals may not have access to records maintained by SIGAR that were provided by another agency that has determined by regulation that such information is subject to general exemption under 5 U.S.C. 552a(j)(1). If such exempt records are the subject of an access request, SIGAR will advise the requester of their existence and of the name and address of the source agency, unless that information is itself exempt from disclosure.

(2) The systems of records maintained by the Investigations Directorate (SIGAR-08), are subject to general exemption under 5 U.S.C. 552a(j)(2). All records contained in record system SIGAR-08, Investigations Records, are exempt from all provisions of the Privacy Act except sections (b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6), (7), (9), (10), and (11), and (i) to the extent to which they meet the criteria of section (j)(2). These exemptions are necessary to ensure the effectiveness of the investigative, judicial, and protective processes. These exemptions are necessary to ensure the proper functions of the law enforcement activity, to protect confidential sources of information, to fulfill promises of confidentiality, to prevent interference with the enforcement of criminal laws, to avoid the disclosure of investigative techniques, to avoid the endangering of the life and safety of any individual, to avoid premature disclosure of the knowledge of potential criminal activity and the evidentiary bases of possible enforcement actions, and to maintain the integrity of the law enforcement process.

(3) The systems of records maintained by the Investigations Directorate (SIGAR-08) are exempted from 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f) pursuant to the provisions of 5 U.S.C. 552a(k)(1), (2), and (5). These exemptions are necessary to protect material required to be kept secret in the interest of national defense and foreign policy; to prevent individuals that are the subject of investigation from frustrating the investigatory process; to ensure the proper functioning and integrity of law enforcement activities; to prevent disclosure of investigative techniques; to maintain the confidence of foreign governments in the integrity of the procedures under which privileged or confidential information may be provided; to fulfill commitments made to sources to protect their identities and the confidentiality of information and to avoid endangering these sources and law enforcement personnel; and to ensure the proper functioning of the investigatory process, to ensure effective determination of suitability, eligibility, and qualification for employment and to protect the confidentiality of sources of information.

(b) [Reserved]