Page images
PDF
EPUB

your consent, it can be revoked in writing at
any time before your records are disclosed.
Futhermore, any consent you give is effec-
tive for only 3 months and your financial in-
stitution must keep a record of the instances
in which it discloses your financial informa-
tion.

APPENDIX CTO PART 504CERTIFICATE

OF COMPLIANCE WITH THE RIGHT TO
FINANCIAL PRIVACY ACT OF 1978
SAMPLE FORMAT

(Official Letterhead)
Mr./Mrs. XXXXXXXXXX,
Manager, Army Federal Credit Union, Fort Ord,

CA 93941.
Dear Mr./Mrs. XXXXXXXXXX: I certify.
pursuant to section 3403(b) of the Right to
Financial Privacy Act of 1978, section 3401 et
seq., Title 12, United States Code, that the
applicable provisions of that statute have
been complied with as to the customer's
consent, search warrant or judicial sub-
poena, formal written request, emergency
access, as applicable) presented on (date), for
the following financial records of (cus-
tomer's name):

Without Your Consent
Without your consent, a Federal agency
that wants to see your financial records may
do so ordinarily only by means of a lawful
subpoena, summons, formal written request,
or search warrant for that purpose. Gen-
erally, the Federal agency must give you ad-
vance notice of its request for your records
explaining why the information is being
sought and telling you how to object in
court. The Federal agency must also send
you copies of court documents to be prepared
by you with instructions for filling them
out. While these procedures will be kept as
simple as possible, you may want to consult
an attorney before making a challenge to a
Federal agency's request.

Exceptions
In some circumstances, a Federal agency
may obtain financial information about you
without advance notice or your consent. In
most of these cases, the Federal agency will
be required to go to court for permission to
obtain your records without giving you no-
tice beforehand. In these instances, the court
will make the Government show that its in-
vestigation and request for your records are
proper. When the reason for the delay of no-
tice no longer exists, you will usually be no-
tified that your records were obtained.

(Describe the specific records)
(Official Signature Block)

Pursuant to section 3417(c) of the Right to
Financial Privacy Act of 1978, good faith re-
liance upon this certificate relieves your in-
stitution and its employees and agents of
any possible liability to the customer in con-
nection with the disclosure of these financial
records.

APPENDIX D TO PART 504-FORMAL

WRITTEN REQUEST FOR ACCESS-SAM-
PLE FORMAT

(Official Letterhead)
(Date)
Mr./Mrs. XXXXXXXXXX,
President (as appropriate), City National Bank

and Trust Company, Altoona, PA 16602.
Dear Mr./Mrs. XXXXXXXXXX: In connec-
tion with a legitimate law enforcement in-
quiry and pursuant to section 3402(5) and sec-
tion 3408 of the Right to Financial Privacy
Act of 1978, section 3401 et seq., Title 12,
United States Code, and Army Regulation
190-6, you are requested to provide the fol-
lowing account information pertaining to
(identify customer);

Transfer of Information
Generally, a Federal agency that obtains
your financial records is prohibited from
transferring them to another Federal agency
unless it certifies in writing the transfer is
proper and sends a notice to you that your
records have been sent to another agency.

Penalties
If the Federal agency or financial institu-
tion violates the Right to Financial Privacy
Act, you may sue for damages or seek com-
pliance with the law. If you win, you may be
repaid your attorney's fee and costs.

Additional Information
If you have any questions about your
rights under this law, or about how to con-
sent to release your financial records, please
call the official whose name and telephone
number appears below:

(Describe the specific records to be exam-

ined)

The Army has no authority to issue an ad-
ministrative summons or subpoena for ac-
cess to these financial records which are re-
quired for (describe the nature or purpose of
the inquiry).

A copy of this request was (personally
served upon or mailed to) the subject on
(date) who has (10 or 14 days in which to
challenge this request by filing an applica-
tion in an appropriate United States district
court if the subject desires to do so.

Upon expiration of the above mentioned
time period and in the absence of any filing

(Last Name, First Name, Middle Initial)

Title (Area Code) (Telephone Number)

(Component activity, address)

174-116 0497--2

enforcement inquiries, in which event you
will be notified after the transfer if such
transfer is made.
3 Inclosures (see para-
(Signature)

or challenge by the subject, you will be fur-
nished a certification certifying in writing
that the applicable provisions of the Act
have been complied with prior to obtaining
the requested records. Upon your receipt of a
Certificate of Compliance with the Right to
Financial Privacy Act of 1978, you will be re-
lieved of any possible liability to the subject
in connection with the disclosure of the re-
quested financial records.
(Official Signature Block)

PART 505-THE ARMY PRIVACY

PROGRAM

APPENDIX E TO PART 504—CUSTOMER

NOTICE OF FORMAL WRITTEN RE-
QUEST_SAMPLE FORMAT

(Official Letterhead)
(Date)
Mr./Ms. XXXXX X. XXXXX,
1500 N. Main Street, Washington, DC 20314.

Dear Mr.Ms. XXXXX: Information or
records concerning your transactions held by
the financial institution named in the at-
tached request are being sought by the
(agency/department) in accordance with the
Right to Financial Privacy Act of 1978, sec-
tion 3401 et seq., Title 12, United States
Code, and Army Regulation 190-6, for the fol-
lowing purpose(s):

Sec.
505.1 General information.
505.2 Individual rights of access and amend-

ment.
505.3 Disclosure of personal information to

other agencies and third parties.
505.4 Record-keeping requirements under

the Privacy Act.
505.5 Exemptions.
APPENDIX A TO PART 505-EXAMPLE OF SYS-

TEM OF RECORDS NOTICE
APPENDIX B TO PART 505-EXAMPLE OF RE-

PORT FOR NEW SYSTEM OF RECORDS
APPENDIX C TO PART 505-PROVISIONS OF THE

PRIVACY ACT FROM WHICH A GENERAL OR

SPECIFIC EXEMPTION MAY BE CLAIMED
APPENDIX D TO PART 505-GLOSSARY OF

TERMS
AUTHORITY: Pub. L. 93-579, 88 Stat. 1896 (5
U.S.C. 552a).

SOURCE: 50 FR 42164, Oct. 18, 1985, unless
otherwised noted.

(List the purpose(s))

If you desire that such records or informa-
tion not be made available, you must do the
following:

a. Fill out the accompanying motion paper
and sworn statement or write one of your
own-

(1) Stating that you are the customer
whose records are being requested by the
Government.

(2) Giving the reasons you believe that the
records are not relevant or any other legal
basis for objecting to the release of the
records.

b. File the motion and statement by mail-
ing or delivering them to the clerk of any
one of the following United States District
Courts:

(List applicable courts)

c. Mail or deliver a copy of your motion
and statement to the requesting authority:
(give title and address).

d. Be prepared to come to court and pre-
sent your position in further detail.

You do not need to have a lawyer, although
you may wish to employ one to represent
you and protect your rights.

If you do not follow the above procedures,
upon the expiration of (10 days from the date
of personal service) (14 days from the date of
mailing) of this notice, the records or infor-
mation requested therein may be made
available.

These records may be transferred to other
Government authorities for legitimate law

8 505.1 General information.

(a) Purpose. This regulation sets forth
policies and procedures that govern
personal information kept by the De-
partment of the Army in systems of
records.

(b) References—(1) Required publica-
tions. (i) AR 195–2, Criminal Investiga-
tion Activities. (Cited in $ 505.2(j))

(ii) AR 340–17, Release of Information
and Records from Army Files. (Cited in
88 505.2(h) and 505.4(d))

(iii) AR 430–21-8, The Army Privacy
Program; System Notices and Exemp-
tion Rules for Civilian Personnel Func-
tions. (Cited in $ 505.2(i))

(iv) AR 380-380, Automated System
Security. (Cited in $ 505.4(d) and (1)

(2) Related publications. (A related
publication is merely a source of addi.
tional information. The user does not
have to read it to understand this regu-
lation.)

(i) DOD Directive 5400.11, DOD Pri-
vacy Program.

(ii) DOD Regulation 5400.11-R, DOD
Privacy Program.

(iii) Treasury Fiscal Requirements Manual. This publication can be obtained from The Treasury Department, 15th and Pennsylvania Ave., NW, Washington, DC 20220

(c) Erplanation of abbreviations and terms. Abbreviations and special terms used in this regulation are explained in the glossary.

(d) Responsibilities. (1) The Director of Information Systems for Command, Control, Communications, and Computers (DISC4) is responsible for issuing policy and guidance for the Army Privacy Program in consultation with the Army General Counsel.

(2) The Commander, U.S. Army Information Systems Command is responsible for developing policy for and executing the Privacy Act Program under the policy and guidance of the DISC4.

(3) Heads of Joint Service agencies or commands for which the Army is the Executive Agent, or otherwise has responsibility for providing fiscal, logistical, or administrative support, will adhere to the policies and procedures in this regulation.

(4) Commander, Army and Air Force Exchange Service (AAFES), is responsible for the supervision and execution of the privacy program within that command pursuant to this regulation.

(e) Policy. Army Policy concerning the privacy rights of individuals and the Army's responsibilities for compliance with operational requirements established by the Privacy Act are as follows:

(1) Protect, as required by the Privacy Act of 1974 (5 U.S.C. 552a), as amended, the privacy of individuals from unwarranted intrusion. Individuals covered by this protection are living citizens of the United States and aliens lawfully admitted for permanent residence.

(2) Collect only the personal information about an individual that is legally authorized and necessary to support Army operations. Disclose this information only as authorized by the Privacy Act and this regulation.

(3) Keep only personal information that is timely, accurate, complete, and relevant to the purpose for which it was collected.

(4) Safeguard personal information to prevent unauthorized use, access, disclosure, alteration, or destruction.

(5) Let individuals know what records the Army keeps on them and let them review or get copies of these records, subject to exemptions authorized by law and approved by the Secretary of the Army. (See g 505.5.)

(6) Permit individuals to amend records about themselves contained in Army systems of records, which they can prove are factually in error, not up-to-date, not complete, or not relevant.

(7) Allow individuals to ask for an administrative review or decisions that deny them access to or the right to amend their records.

(8) Maintain only information about an individual that is relevant and necessary for Army purposes required to be accomplished by statute or Executive Order.

(9) Act on all requests promptly, accurately, and fairly.

(f) Authority. The Privacy Act of 1974 (5 U.S.C. 552a), as amended, is the statutory basis for the Army Privacy Program. With in the Department of Defense, the Act is implemented by DOD Directive 5400.11 and DOD 5400.11-R. The Act Assigns

(1) Overall Government-wide responsibilities for implementation to the Office of Management and Budget.

(2) Specific responsibilities to the Office of Personnel Management and the General Services Administration.

(g) Access and Amendment Refusal Authority (AARA). Each Access and Amendment Refusal Authority (AARA) is responsible for action on requests for access to, or amendment of, records referred to them under this part. The officials listed below are the only AARA for records in their authority. Authority may be delegated to an officer or subordinate commander. All delegations must be in writing. If an AARA's delegate denies access or amendment, the delegate must clearly state that he or she is acting on behalf of the AARA and identify the AARA by name and position in the written response to the requester. Denial of access or amendment by an AARA's delegate must

have appropriate legal review. Delegations will not be made below the colonel (06) or GS/GM-15 level. Such delegations must not slow Privacy actions. AARAS will send the names, offices, telephone numbers of heir delegates to the Director of Information Systems for Command, Control, Communications and Computers, Headquarters, Department of the Army, ATTN: SAISIDP, Washington, DC 20310_0107; and the Department of the Army Privacy Review Board, Crystal Square 1, Suite 201, 1725 Jefferson Davis Highway, Arlington, VA 22202.

(1) The Administrative Assistant to the Secretary of the Army (AASA) for records of the Secretariat and its serviced activities, to include the personnel records maintained by the General Officer Management Office, personnel records pertaining to Senior Executive Service personnel serviced by the Office of the Secretary of the Army (OSA), and Equal Employment Opportunity (EEO) records from offices serviced by the OSA. The AASA will also serve as AARA for those records requiring the personal attention of the Secretary of the Army.

(2) The Inspector General (TIG) for TIG investigative records.

(3) The president or executive secretary of boards, councils, and similar bodies established by the Department of the Army to consider personnel matters, including the Army Board of Correction of Military Appeals, for records under their purview.

(4) The Deputy Chief of Staff for Personnel (DCSPER) for records of active and former non-appropriated fund employees (except those in the Army and Air Force Exchange Service), alcohol and drug abuse treatment records, behavioral science records, recruiting, Armed Services Vocational Aptitude Battery (ASVAB), equal opportunity, Junior Reserve Officers' Training Corps (ROTC), Senior ROTC Instructor, military academy cadet, selection, promotion, and reduction boards; special review boards; professional staff informational records; and entrance processing records (when records pertain to those not entering active duty).

(5) The Deputy Chief of Staff for Operations and Plans (DCSOPS) for military police records and reports and

prisoner confinement and correctiona records.

(6) Chief of Engineers (COE) for records pertaining to civil work (including litigation), military construction, engineer procurement, other engineering matters not under the purview of another AARA, ecology, and CODtractor qualifications.

(7) The Surgeon General (TSG) for medical records, except properly part of the Official Personnel Folder (OPM GOVT-1 system of records).

(8) Chief of Chaplains (CCH) for eccle siastical records.

(9) The Judge Advocate General (TJAG) for legal records under TJAG responsibility.

(10) Chief, National Guard Bureau (NGB) for personnel records of the Army National Guard.

(11) Chief, Army Reserve (CAR) for personnel records of Army retired, separated and reserve military personnel members.

(12) Commander, United States Army Material Command (USAMC) for records of Army contractor personnel of the Army Material Command.

(13) Commander, United States Army Criminal Investigation Command (USACIDC) for criminal investigation reports and military police reports included therein.

(14) Commander, United States Total Army Personnel Command (PERSCOM) for personnel and personnel related records of Army members on active duty and current Federal appropriated fund civilian employees. (Requests from former civilian employees to amend a record in any OPM system of records such as the Official Personnel Folder should be sent to the Office of Personnel Management, Assistant Director for Workforce Information, Compliance and Investigations Group, 1900 E Street, NW., Washington, DC 20415-0001.

(15) Commander, U.S. Army Community and Family Support Center (USACFSC) for records relating to morale, welfare and recreation activities; community life programs; family action programs, retired activities, club management, Army emergency relief, consumer protection, retiree survival benefits, and records dealing with Department of the Army relationships

questionnaires that seek personnel information from an individual, and (iv) procedures are in place to meet reporting requirements. (50 FR 42164, Oct. 18, 1985, as amended at 58 FR 51012, Sept. 30, 1993)

assess

and social security veteran's affairs, United Service Organizations, U.S. Soldiers' and Airmen's home and American Red Cross.

(16) Commander, U.S. Army Intelligence and Security Command (INSCOM) for intelligence, investigative and security records; foreign scientific and technological information; intelligence training, mapping and geodesy information; ground surveillance records; intelligence threat ments; and missile intelligence data relating to tactical land warfare systems.

(17) Commander, Army and Air Force Exchange Service (AAFES) for records pertaining to employees, patrons, and other matters which are the responsibility of the Exchange Service.

(18) Commander, Military Traffic Management Command (MTMC) for transportation records.

(19) Director of Army Safety for safety records.

(20) Commander, U.S. Army Information Systems Command (USAISC) for records which do not fall within the functional area of another AARA.

(h) Department of the Army Privacy Review Board. The Department of the Army Privacy Review Board acts on behalf of the Secretary of the Army in deciding appeals from refusal of the appropriate AARAS to amend records. Board membership is comprised of the AASA, the Commander, USAISC, Pentagon, and TJAG, or their representatives. The AARA may serve as a nonvoting member when the Board considers matters in the AARA's area of functional specialization. The Commander, USAISC, Pentagon, chairs the Board and provides the recording secretary.

(i) Privacy Official. (1) Heads of Army Staff agencies and commanders of major Army commands and subordinate commands and activities will designate a privacy official who will serve as a staff adviser on privacy matters. This function will not be assigned below battalion level.

(2) The privacy official will ensure that (i) requests are processed promptly and responsively, (ii) records subject to the Privacy Act in his/her command agency are described properly by a published system notice, (iii) privacy statements are included on forms and

8 505.2 Individual rights of access and

amendment. (a) Access under the Privacy Act. Upon a written or oral request, an individual or his/her designated agent or legal guardian will be granted access to a record pertaining to that individual, maintained in a system of records, unless the record is subject to an exemption and the system manager has invoked the exemption (see $ 505.5), or the record is information compiled in reasonable anticipation of a civil action or proceeding. The requester does not have to state a reason or otherwise justify the need to gain access. Nor can an individual be denied access solely because he/she refused to provide his/her Social Security Number unless the social Security Number was required for access by statute or regulation adopted prior to January 1, 1975. The request should be submitted to the custodian of the record.

(b) Notifying the individual. The custodian of the record will acknowledge requests for access within 10 work days of receipt. Records will be provided within 30 days, excluding Saturdays, Sundays, and legal public holidays.

(c) Relationship between the Privacy Act and the Freedom of Information Act. A Privacy Act request for access to records should be processed also as a Freedom of Information Act request. If all or any portion of the requested material is to be denied, it must be considered under the substantive provisions of both the Privacy Act and the Freedom of Information Act. Any withholding of information must be justified by asserting a legally applicable exemption in each Act.

(d) Functional requests. If an individual asks for his/her record and does not cite, or reasonably imply, either the Privacy Act or the Freedom of Information Act, and another prescribing directive authorizes release, the records should be released under that directive. Examples of functional requests are military members asking to

« PreviousContinue »