Datacall


MEMORANDUM FOR AGENCY CHIEF INFORMATION OFFICERS

FROM: Donald Arbuckle /s/
   
SUBJECT: Biennial Privacy Act and Computer Matching Reports

Contents of Memorandum:

Every two years the President is required to submit to the Speaker of the House and the President pro tempore of the Senate a report describing the exercise of individual rights of access and amendment under the Privacy Act and consolidating information regarding computer matching activities of federal agencies. OMB Circular A-130 (Appendix I) directs agencies to submit information necessary to these reports by June 30 in even numbered years. This memorandum is to remind you that the report is due and provide instructions as to how to report.

Please note that on May 14, 1998, the President signed a memorandum directing agencies to undertake a review of their systems of records, routine uses, and practices regarding sharing of personal information with State, local and tribal governments. You will be receiving separate instructions for responding to the President's memorandum very soon. We are working with agency Privacy Act officers to avoid duplication of effort between the statutory biennial Privacy Act Report and reporting under the President's memorandum.

Attached are specific instructions on the biennial Privacy Act Report along with a list of the existing matching programs which will be helpful to agencies reporting computer matching activities. (If you are receiving this document electronically, the list of matching agreements is attached as an HTML document.) The list of matching agreements can also be found on the CIO homepage at http://www.cio.gov.

The instructions are largely the same as those for the 1994-1995 report. The only changes are the request for electronic mail addresses for agency contacts and more specific instructions about how to identify computer matching programs.

Your response is due by June 30, 1998.

Please address all paper submissions to the Acting Administrator of OIRA at the address listed in the attached instructions and send an electronic copy of your submission to Oleinick@omb.eop.gov.

If you have questions about the report, please contact Lew Oleinick, at 202/395-4638 (voice); 202/395-5167 (facsimile); or via electronic mail at Oleinick@omb.eop.gov.

Contents of the Biennial Privacy Act Report:

  1. Name and postal address of reporting agency.

  2. Name, telephone number, and electronic mail address(1) of agency official who can best answer questions about this report.

  3. Name, postal address, and electronic mail address of the senior official responsible for agency's Privacy Act implementation.

  4. Name, postal address, electronic mail address, and telephone number of agency Privacy Act Officer.

  5. Systems of records inventory for the period January 1, 1996 through December 31, 1997 . (please consult your last report and ensure that the numbers reported there are consistent with those you report below). Provide the requested data in the form of the table presented below. If any of the cells in the table below are not applicable please indicate such by placing an "N/A" in the correct cell.

Item # Description 1996 1997
1 Total number of nonexempt systems of records    
2 Total number of exempt systems of records    
3 Number of new nonexempt systems of records added    
4 Number of new exempt systems of records added    
5 Number of routine uses added    
6 Number of exemptions added to existing systems    
7 Number of exemptions deleted from existing systems    
8 Total number of automated systems of records (exempt/nonexempt)    

  1. A brief narrative describing additions of exemptions, routine uses, or systems of records.

For example, ''the Department added a (k)(1) exemption to an existing system of records entitled ''Investigative Records of the Office of Investigations;'' or ''the agency added a new routine use to a system of records entitled 'Employee Health Records' that would permit disclosure of health data to researchers under contract to the agency to perform workplace risk analysis.''

  1. A brief description of any public comments received on agency Privacy Act publication and implementation activities, and agency response.

  2. Number of access and amendment requests from record subjects citing the Privacy Act that were received, and the disposition of requests from any year that were completed, between January 1, 1996 and December 31, 1997. Provide the requested data in the form of the table presented below. any of the cells in the table below are not applicable please indicate such by placing an "N/A" in the correct cell.

NOTE: If the number of access requests which cite the Privacy Act have decreased or increased significantly from an earlier year, then provide a brief description of the factors responsible for this increase or decrease.

Item # Description 1996 1997
  Access Requests    
1 Total number of requests for access(2)    
2 Number granted in whole    
3 Number granted in part    
4 Number wholly denied    
5 Number for which no record was found    
       
  Amendment Requests    
6 Total number of requests to amend records in the system    
7 Number granted in whole    
8 Number granted in part    
9 Number wholly denied(3)    
       
  Appeals of Denials of Access    
10 Total number of appeals of denials of access    
11 Number granted in whole(4)    
12 Number granted in part    
13 Number wholly denied(5)    
14 Number for which no record was found    
       
  Appeals of Denials of Amendment    
15 Total Number of Appeals of Denials of Amendment    
16 Number granted in whole(6)    
17 Number granted in part    
18 Number wholly denied(7)    
       

  1. Number of instances in which individuals brought suit under section (g) of the Privacy Act against the agency and the results of any such litigation that resulted in a change to agency policies or practices.

  2. Description of the results of reviews undertaken in response to the following(8):

    (1) Section (m) Contracts. Review a random sample of agency contracts that provide for the maintenance of a system of records on behalf of the agency to accomplish an agency function, in order to ensure that the wording of each contract makes the provisions of the Act binding on the contractor and his or her employees. (See 5 U.S.C. 552a(m)(1))

    (2) Record keeping Practices. Review agency Record keeping and disposal policies and practices in order to assure compliance with the Act, paying particular attention to the maintenance of automated records.

    (3) Routine Use Disclosures. Review the routine use disclosures associated with each system of records in order to ensure that the recipient's use of such records continues to be compatible with the purpose for which the disclosing agency collected the information.(9)

    (4) Exemption of Systems of Records. Review each system of records for which the agency has promulgated exemption rules pursuant to Section (j) or (k) of the Act in order to determine whether such exemption is still needed.(10)

    (5) Systems of Records Notices. Review each system of records notice to ensure that it accurately describes the system of records. Where minor changes are needed, e.g., the name of the system manager, ensure that an amended notice is published in the Federal Register.

  1. A description of agency Privacy Act training practices.

Submit the report to:

Acting Administrator, Office of Information and Regulatory Affairs
Office of Management and Budget
ATTN: Docket Library
NEOB Room 10012
Washington, D.C. 20503.

Write "Biennial Privacy Act Report" on the envelope in which the report is submitted.

And to

oleinick@omb.eop.gov

Write "Biennial Privacy Act Report for [agency]" on the subject line, filling in the name of your agency.

Contents of the Biennial Computer Matching Report

  1. A listing of the names and positions of the members of the Data Integrity Board. Show separately the name of the Board Secretary, his or her postal address, electronic mail address, and telephone number. Show and explain any changes in membership or structure occurring during the reporting year.

  2. A listing of each matching program, by title and purpose, in which the agency participated during any portion of the reporting year. This listing should show names of participant agencies, give a brief description of the program, and give a page citation and the date of the Federal Register notice describing the program.

Use the attached copy of the Biennial Computer Matching Report of 1994/1995, as a template for your listing of matching programs. If a match from the 1994/1995 report is ongoing, specify the matching program number assigned by OMB listed in the table of the attached report. Provide the Federal Register notice citation for "renewed" matches which extended beyond the 18 month + 12 month renewal period.

For example:

Upon examination of Table 1, one sees that the Department of Defense had 34 matching programs in effect during the period covered by the last Computer Matching Report (1994 and 1995).The illustration below is a representative entry from the computer matching table which is attached.
 

Table 1. Example of Computer Matching Report Table

REPORTING
AGENCY
TITLE
OF
MATCH
MATCHING
AGENCY
PURPOSE
PUBLICATION
DATE
FEDERAL
REGISTER
NOTICE
Department of Defense

4

Retired Military Office of Personnel Management To identify individuals who are improperly receiving miliary retired pay and (1) credit for military service in their civil service annuities, or (2) annuities based on the "guarantee minimum" disability formula. Match identifies and/or prevents erroneous payments under the CSRA, FERSA and Joint Uniform Military Retired Pay System. 09/28/90

re-issued

12/13/94

55 FR 39686

re-issued

58 FR 64196


The entry in the table indicates that this particular matching program was last initiated through publication in the Federal Register on December 31, 1994. If this particular matching program continued beyond June, 30, 1997, then the Department would have been required to publish another notice.

For the 1996-1997 report, the Department of Defense table entry submitted to OMB should appear like the illustration below. Agencies should reference the OMB match number in the first column. The OMB match number is the number listed in the first column of the attached table (also available via the secure portion of the CIO Council Homepage). The match listed in the example above was assigned OMB Match Number 4. The OMB Match Number will be used to ensure continuity and consistency, i.e., so that OMB and the agency involved will have a common reference number when discussing a match. The illustration below in Table 2 shows what the example entry would look like in the 1996-1997 report to OMB.

Table 2. Example of Renewed Matching Program Report (Top of Page)

REPORTING AGENCY
TITLE OF MATCH
MATCHING AGENCY
PURPOSE
PUBLICATION DATE
FEDERAL REGISTER NOTICE
Department of Defense

4

OMB Match Number 4

Retired Military Office of Personnel Management To identify individuals who are improperly receiving miliary retired pay and (1) credit for military service in their civil service annuities, or (2) annuities based on the "guarantee minimum" disability formula. Match identifies and/or prevents erroneous payments under the CSRA, FERSA and Joint Uniform Military Retired Pay System. 09/28/90

re-issued

12/13/94

Re-published

DD/MM/YYYY

55 FR 39686

re-issued

58 FR 64196

Re-published

## FR ####


Note : DD/MM/YYYY would be filled in with the correct date as would the volume and page number in the Federal Register citation. Use four digit years, e.g., 1994.

  1. For each matching program, an indication of whether the cost/benefit analysis performed resulted in a favorable ratio. The Data Integrity Board should explain why the agency proceeded with any matching program for which an unfavorable ratio was reached.

  2. For each program for which the Board waived a cost/benefit analysis, the reasons for the waiver and the results of the match, if tabulated.

  3. A description of any matching agreement the Board rejected and an explanation of the rejection.

  4. A listing of any violations of matching agreements that have been alleged or identified, and a discussion of any action taken.

  5. A discussion of any litigation involving the agency's participation in any matching program.

  6. For any litigation based on allegations of inaccurate records, an explanation of the steps the agency used to ensure the integrity of its data and the verification process it used in the matching program, including an assessment of the adequacy of each.

Submit the report to:

Acting Administrator, Office of Information and Regulatory Affairs
Office of Management and Budget
ATTN: Docket Library
NEOB Room 10012
Washington, D.C. 20503

Write "Biennial Computer Matching Report" on the envelope in which the report is submitted.

And electronically to: oleinick@omb.eop.gov

Write "Biennial Computer Matching Report for " on the subject line, filling in the name of your agency.

  1. Provide electronic mail addresses for each individual in the report when available.

  2. If a request from a record subject cites the Privacy Act then it should be considered an "access request" for this table.

  3. Where a request for amendment is wholly denied and no modification to the record is made.

  4. Where the appeal is granted and access to the record is provided.

  5. Where the appeal is not granted and access to the record is denied again.

  6. Where the appeal is granted and the record is amended.

  7. Where the appeal is not granted and the request to amend the record is denied again.

  8. OMB Circular A-130, Appendix I, 4.a(5) and 3.a(1)-(4), (8), 61 Fed. Reg. 6428, Feb. 20, 1996.

  9. Since Circular A-130 requires agencies to conduct such a review every four years, if no report was made in the last agency Privacy Act report, then the results of such a review must be provided in this report.

  10. Since Circular A-130 requires agencies to conduct such a review every four years, if no report was made in the last agency Privacy Act report, then the results of such a review must be provided in this report.