What is the Privacy Act? (PA)

The Privacy Act of 1974, Title 5 U.S.C. 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies.

The Privacy Act focuses on four basic guidelines:

  • To restrict disclosure of personally identifiable records maintained by agencies.
  • To grant individuals increased rights of access to agency records maintained on themselves.
  • To grant individuals the right to seek amendment of agency records maintained on themselves upon a showing that the records are not accurate, relevant, timely or complete.
  • To establish a code of “fair information practices” which requires agencies to comply with statutory norms for collection, maintenance, and dissemination or records.

No agency shall disclose any record which is contained in a system of records by any means of communication to any person or another agency without a written request or prior consent of the individual to whom the record pertains unless the disclosure of the record would be to those officers and employees of the agency who have a need for the records in performance of their duty or for an established routine use to another Federal agency, unless the disclosure is pursuant to one of twelve statutory exceptions.

Note, non-U.S. citizens are not covered by the Privacy Act. However, agencies must ensure the country’s privacy/data protection legal requirements are met. In addition, the Privacy Act does not cover deceased persons, but the release of information is protected when the release would invade the privacy of the surviving next of kin.

Who can file a Privacy Act request?

The Privacy Act permits an individual to gain access to records or any information pertaining to that individual which is contained in a system of records, subject to certain limitations and exemptions. This department processes all Privacy Act requests for access to records under both the Privacy Act and the Freedom of Information Act (FOIA), 5 U.S.C. 552.

How do I file a Privacy Act request?

1. All Privacy Act request must be in writing: (Email (a) or Letter (b)).

Complete the USACC FOIA-PA Request Form
Complete the Verification/Certification of Identity Form

a. Email: usarmy.knox.usacc.mbx.hq-privacy@army.mil
b. United States Postal Service (USPS)

DEPARTMENT OF THE ARMY
Headquarters, United States Army Cadet Command G-6
ATTN: Privacy Act Officer
1307 3RD AVE
Fort Knox, KY 40121-2725
Official Business 690

2. State your willingness to pay applicable fees. If you seek a fee waiver, provide justification for such waiver.

3. Provide a reasonable description of the desired record that will enable the DoD Component to locate requested records with a reasonable amount of effort. Describe the records you are seeking as clearly and precisely as you can. If your request is vague or too broad, we may ask you to be more specific, and this will delay the processing of your request.

4. Please provide your contact information. (Mailing address and phone number)

5. Please DO NOT submit a PA request using government equipment or email account if you are requesting information for personal use.

6. Time frames for processing simple PA requests are as follows:
1. Acknowledgment of receipt of request. Ten (10) business days.
2. Determination to release or deny. Twenty (20) business days.
3. The FOIA provides an additional ten (10) business days for extensions of initial time limits for three specific situations:

a. the need to search for and collect records from separate offices.
b. the need to examine a voluminous amount of records required by the request.
c. the need to consult with another agency or agency.

Are There any FEES?

There is no initial fee required to submit a FOIA request, but the FOIA does provide for the charging of certain types of fees in some instances.

For a typical requester the component can charge for the time it takes to search for records and for duplication of those records. For a typical requester there is no change for the first two hours of search time or for the first 100 pages of duplication.

You may always include in your request letter a specific statement limiting the amount that you are willing to pay in fees. You will not be charged for any fees amounting to $25 or less. If a component estimates that the total fees for processing your request will exceed $25, it will notify you in writing of the estimate and offer you an opportunity to narrow your request in order to reduce the fees, unless you have already indicated a willingness to pay fees as high as those anticipated. The component will not continue to work on your request until you commit in writing to pay the actual or estimated total fee, designate an amount you are willing to pay, or indicate that you only seek what can be provided for free (if you are a noncommercial use requester). If you agree to pay fees for a records search, be aware that you may be required to pay such fees even if the search does not locate any responsive records or, if records are located, even if they are determined to be entirely exempt from disclosure.

Can I Ask that any fees be waived?

You may request a waiver of fees. Under the FOIA fee waivers are limited to situations in which a requester can show that the disclosure of the requested information is in the public interest because it is likely to contribute significantly to public understanding of the operations and activities of the government and is not primarily in the commercial interest of the requester.

Requests for fee waivers from individuals who are seeking records pertaining to themselves usually do not meet this standard. In addition, a requester’s inability to pay fees is not a legal basis for granting a fee waiver.

What are the requirements to get records on myself?

If you are seeking records on yourself, you will be required to verify your identity. This verification is required in order to protect your privacy and to ensure that private information about you is not disclosed inappropriately to someone else. Whenever you request information about yourself you will be asked to provide either a notarized statement or a statement signed under penalty of perjury stating that you are the person who you say you are. You may fulfill this requirement by completing and signing the Verification/Certification of Identity Form. Alternatively, you may provide your full name, current address, and date and place of birth and either (1) have your signature on your request letter witnessed by a notary, or (2) include the following statement immediately above the signature on your request letter: “I declare under penalty of perjury that the foregoing is true and correct. Executed on [date].” If you request information about yourself and do not follow one of these procedures, your request cannot be processed.

What are the requirements for obtaining records on someone else?

If you request records relating to another person, and disclosure of the records could invade that person’s privacy, they ordinarily will not be disclosed to you. For example, if you seek information that would show that someone else (including your spouse or another member of your immediate family) has ever been the subject of a criminal investigation or was even mentioned in a criminal file and you do not provide the subject’s consent or proof of their death, in almost all cases DOJ will respond by stating that it will “neither confirm nor deny” the existence of responsive law enforcement records.

Law enforcement information about a living person is released without that person’s consent only when no personal privacy interest would be invaded by disclosing the information, such as when the information is already public or required to be made public, or in cases where the individual’s privacy interest is outweighed by a strong public interest in disclosure. You may receive greater access by submitting either a notarized authorization signed by that individual or a declaration made in compliance with the requirements set forth in 28 U.S.C. 1746 by that individual authorizing disclosure of the records to you, or by submitting proof that the individual is deceased. Each component can require you to supply additional information if necessary to verify that a particular individual has consented to disclosure.

What are the Conditions of disclosure to third parties?

Breaches: What is a Breach and how to report a breach?

A breach is the actual or possible loss of control, unauthorized disclosure, or unauthorized access of Personally Identifiable Information (PII). All breaches must be reported to the USACC Privacy Act Office immediately: (502) 386-5958, (502) 624-7242, usarmy.knox.usacc.mbx.hq-privacy@army.mil.

ARMDEC SAFE

The AMRDEC SAFE (Safe Access File Exchange) application is used to send large files to individuals which would normally be too large to send via email. There are no user accounts for SAFE – authentication is handled via email and CAC. Everyone has access to SAFE, and the application is available for use by anyone.

SAFE is designed to provide ARMDEC SAFE and its customers an alternative way to send files other than email. SAFE supports file sizes up to 2Gb. Instructions can be found by using the following link: https://safe.amrdec.army.mil/SAFE/Guide.aspx

If I’m still dissatisfied, are there other options?

During the course of the request process, the USACC FOIA contact:

Headquarters, United States Army Cadet Command G-6
ATTN: Privacy Act Officer
1307 3RD AVE
Fort Knox, KY 40121-2725
Official Business 690
(502) 624-7242
usarmy.knox.usacc.mbx.hq-privacy@army.mil

or the Public Liaison

Department of the Army Privacy Office
Casey Building, Suite 144
7701 Telegraph Road
Alexandria, VA 22315-3905
(703) 428-6522
usarmy.belvoir.hqda-oaa-ahs.mbx.rmda-foia-privacy-alert@army.mil

Either can assist you in a variety of ways, from:

  • Working with you on the scope of your request
  • The searches that will be done
  • To arranging an alternative time frame for processing your request
  • To providing information on the status of your request
  • Increasing your understanding of the request process

Definition

Agency:
“any Executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the [federal] Government (including the Executive Office of the President), or any independent regulatory agency.” 5 U.S.C. 552a(1) (incorporating 5 U.S.C. 552(f) (2006), which in turn incorporates 5 U.S.C. 551(1) (2006)).

Individual:
“a citizen of the United States or an alien lawfully admitted for permanent residence.” 5 U.S.C. 552a(a)(2).

Record:
“any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.” 5 U.S.C. 552a(a)(4).

System of Records:
“a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.” 5 U.S.C. 552a(a)(5).