81 FR 17463 - Privacy Act of 1974; System of Records Notice

DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary

Federal Register Volume 81, Issue 60 (March 29, 2016)

In accordance with the requirements of the Privacy Act of 1974, as amended (5 U.S.C. 552a), HHS is updating a department-wide system of records, System No. 09-90-0058, currently titled ``Freedom of Information Case Files and Correspondence Control Log, HHS/OS/ASPA/ FOIA.'' This system of records was established prior to 1979 (see 44 FR 58144) and was previously revised in 1989 and 1994 (see 54 FR 41684 and 59 FR 55845). Due to the length of time since the last revision, the updates published in this Notice affect most sections of the System of Records Notice (SORN). The updates include changing the system name to ``Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals;'' expanding the scope of the system to include tracking records and case files pertaining to not only FOIA and Privacy Act requests processed in agency FOIA offices, but Privacy Act requests and appeals handled by System Managers for Privacy Act systems and related privacy personnel, when those records are retrieved by personal identifier; adding several new routine uses; and clarifying that some of the records in this system of records may be exempt from certain Privacy Act requirements. The updates are more fully explained in the SUPPLEMENTARY INFORMATION section of this Notice.

[Federal Register Volume 81, Number 60 (Tuesday, March 29, 2016)]
[Notices]
[Pages 17463-17467]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2016-07060]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary


Privacy Act of 1974; System of Records Notice

AGENCY: Assistant Secretary for Public Affairs (ASPA), Office of the 
Secretary (OS), Department of Health and Human Services (HHS).

ACTION: Notice of an altered system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended (5 U.S.C. 552a), HHS is updating a department-wide 
system of records, System No. 09-90-0058, currently titled ``Freedom of 
Information Case Files and Correspondence Control Log, HHS/OS/ASPA/
FOIA.'' This system of records was established prior to 1979 (see 44 FR 
58144) and was previously revised in 1989 and 1994 (see 54 FR 41684 and 
59 FR 55845). Due to the length of time since the last revision, the 
updates published in this Notice affect most sections of the System of 
Records Notice (SORN). The updates include changing the system name to 
``Tracking Records and Case Files for FOIA and Privacy Act Requests and 
Appeals;'' expanding the scope of the system to include tracking 
records and case files pertaining to not only FOIA and Privacy Act 
requests processed in agency FOIA offices, but Privacy Act requests and 
appeals handled by System Managers for Privacy Act systems and related 
privacy personnel, when those records are retrieved by personal 
identifier; adding several new routine uses; and clarifying that some 
of the records in this system of records may be exempt from certain 
Privacy Act requirements. The updates are more fully explained in the 
SUPPLEMENTARY INFORMATION section of this Notice.

DATES: This Notice is effective on publication, with the exception of 
the new and revised routine uses. The new and revised routine uses will 
be effective 30 days after publication of this Notice, unless comments 
are received that warrant a revision to this Notice. Written comments 
on the routine uses should be submitted within 30 days. Until the new 
and revised routine uses are effective, the routine uses previously 
published for the system will remain in effect.

ADDRESSES: You may submit comments to Beth Kramer, HHS Privacy Act 
Officer, FOIA/PA Division, by email to: [email protected].

FOR FURTHER INFORMATION CONTACT: Beth Kramer, HHS Privacy Act Officer, 
FOIA/PA Division, Hubert H. Humphrey Building--Suite 729H, 200 
Independence Avenue SW., Washington, DC 20201. Ms. Kramer can also be 
reached by telephone at 202-690-7453.

SUPPLEMENTARY INFORMATION:

I. Explanation of Revisions to System No. 09-90-0058

    The revised System of Records Notice (SORN) published in this 
Notice for System No. 09-90-0058 includes the following significant 
changes, in addition to minor wording changes throughout:
     The system name and scope have been revised to cover not 
only tracking records and case files used by HHS Freedom of Information 
Act (FOIA) offices to process FOIA and Privacy Act requests and appeals 
(which typically involve only ``access'' to agency records), but 
tracking records and case files used by System Managers of Privacy Act 
systems and related privacy personnel to process any type of Privacy 
Act request or appeal (e.g., seeking access, notification, correction 
and amendment, or an accounting of disclosures), when those tracking 
records and case files are retrieved by personal identifier.
     The Categories of Individuals section has been revised to 
omit organizations (because the Privacy Act applies only to 
individuals, not entities), but not to add any additional categories of 
individuals besides individual FOIA and Privacy Act requesters and 
appellants. The result is that only an individual FOIA or Privacy Act 
requester or appellant may make a Privacy Act request under this SORN 
for access to, correction of, notification as to, or an accounting of 
disclosures with respect to tracking records and/or case files used by 
HHS to process a FOIA and/or Privacy Act request in which that 
individual was the requester or appellant. Further, because agency 
records processed in response to a third-party FOIA request are not 
about the requester or appellant, a provision has been added to make 
clear that Privacy Act rights are afforded to an individual requester 
or appellant only to the extent that the information in the tracking 
record and case file retrieved by that individual's identifier is, in 
fact, about that individual requester or appellant. The intent is to 
include in the Categories of Individuals section only individual 
requesters and appellants (not, for example, individual representatives 
who requested records under FOIA on behalf of an entity).
    [cir] Note: Privacy Act case files and tracking records are about 
individual requesters and appellants only, because Privacy Act requests 
can only be made by an individual record subject personally, not by a 
third party or through a representative (unless the representative is 
the parent of or court-appointed guardian for a minor or legally-
declared incompetent who is the record subject). The agency's position 
is that FOIA case files and tracking records, likewise, are about 
requesters and appellants only, not other individuals who may be 
identified in the agency records sought by FOIA requesters and 
appellants. This is because HHS' FOIA case files and tracking records 
are not keyed or indexed to individuals mentioned in records requested 
under FOIA, but are keyed to requesters and appellants, and because the 
purpose for which records are processed under FOIA is to release 
information about the agency (not to release information about 
individuals mentioned in the records to third party FOIA requesters, 
except as required to shed light on conduct of the agency).
     The Categories of Records section has been rewritten, to 
reflect two distinct categories (tracking records and case files); to 
describe the contents in more detail; to clarify that any classified 
records responsive to a FOIA request or appeal are considered part of 
the case file for that request or appeal, even if the classified 
records must be maintained in a security office instead of in the FOIA 
office; and to specifically exclude related categories of records 
covered by other SORNs, to avoid duplicating other systems of records.
     The Purposes section has been rewritten to provide a 
broader description of uses and users of the records within HHS. (The 
prior description mentioned only ``FOIA correspondence and 
processing,'' ``Freedom of Information staff,'' and ``appeals officials 
and members of the Office of General Counsel.'')
     An existing routine use authorizing disclosures to 
contractors (routine use 2) has been revised to be more accurate in 
reflecting the broad purposes for which contractors may be engaged to 
assist HHS and require access to records in the system. (The former 
description was limited to ``collating, aggregating, analyzing, or 
otherwise refining records in this system.'')

[[Page 17464]]

     Four new routine uses have been added (see routine uses 6 
through 9).
     The System Locations and System Manager sections have been 
updated with current information and expanded to be consistent with the 
scope of the system.
     The Policies and Practices section has been revised. 
Specifically, the Storage and Safeguards descriptions have been revised 
to reflect that any of the records (not just tracking records) may be 
maintained electronically, and to include safeguards applicable to 
classified records. The Retention description has been updated to refer 
to new General Records Schedule (GRS) 4.2, issued August 2015 
(superseding GRS 14).
     The Exemptions section has been changed from stating 
``none'' to including an explanation that certain records in this 
system may be exempt if they are from other Privacy Act systems that 
have promulgated exemptions.
    Because the revised SORN includes significant changes, a report on 
the altered system has been sent to Congress and OMB in accordance with 
5 U.S.C. 552a(r).

II. Background on the Privacy Act Requirement To Publish a System of 
Records Notice

    The Privacy Act governs the means by which the U.S. Government 
collects, maintains, and uses information about individuals in a system 
of records. A ``system of records'' is a group of any records under the 
control of a federal agency from which records about individuals are 
retrieved by the individuals' names or other personal identifiers. 
While FOIA entitles any person to seek access to agency records, an 
individual has a right of access under the Privacy Act, in addition to 
FOIA, with respect to agency records about him that are maintained in a 
Privacy Act system of records. The Privacy Act requires each agency to 
publish in the Federal Register a system of records notice (SORN) 
identifying and describing each system of records the agency maintains, 
including the purposes for which the agency uses information about 
individuals in the system, the routine uses for which the agency 
discloses such information to parties outside the agency, and how an 
individual record subject can exercise his rights under the Privacy Act 
(e.g., to request notification of whether the system contains records 
about him, or to request access to or correction or amendment of his 
records).
SYSTEM NUMBER:
09-90-0058

SYSTEM NAME:
    Tracking Records and Case Files for FOIA and Privacy Act Requests 
and Appeals.

SECURITY CLASSIFICATION:
    Classified and Unclassified.

SYSTEM LOCATIONS:
    Physical locations for the case files and tracking records covered 
by this SORN include:
     The HHS Freedom of Information/Privacy Acts Division 
within the Office of the Assistant Secretary for Public Affairs (ASPA) 
in Washington, DC;
     HHS FOIA Requester Service Centers in Washington, DC; 
Baltimore, MD; Bethesda, MD; Research Triangle, NC; Rockville, MD; and 
Atlanta, GA;
     Any contractor locations that support FOIA and/or Privacy 
Act request processing (for example, the Centers for Medicare & 
Medicaid Services (CMS) uses contractors located near its Regional 
Offices in Boston, MA; New York, NY; Philadelphia, PA; Atlanta, GA; 
Chicago, IL; Dallas, TX; Kansas City, MO; Denver, CO; San Francisco, 
CA; and Seattle, WA);
     Server locations for electronic systems used by HHS FOIA 
offices, System Managers, and/or related privacy personnel (for 
example, server locations for agency-developed FOIA systems include 
Bethesda, MD for the system used by National Institutes of Health; 
White Oak, MD and Ashburn, VA for the system used by the Food and Drug 
Administration; and Baltimore, MD for the system used by CMS and PSC; 
locations for commercial off-the-shelf FOIA systems include 
Gaithersburg, MD for FOIAXpress and Washington, DC for the Request 
Management System);
     Security office locations where classified records 
responsive to FOIA and Privacy Act requests may be stored, including 
the Office of Security and Strategic Information (OSSI) in Washington, 
DC; and
     System Manager locations identified in each SORN posted at 
http://www.hhs.gov/foia/privacy/sorns.html, where any tracking records 
and case files used by System Managers and related privacy personnel to 
process Privacy Act requests and appeals would be maintained.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records in this system of records pertain to individual FOIA 
and Privacy Act requesters and appellants only. Individual FOIA and 
Privacy Act requesters and appellants include:
     Any individual who the agency treated as the requester or 
appellant for an access request or appeal that was received in or 
referred to a HHS FOIA office for processing under FOIA (and under the 
Privacy Act, if applicable), excluding individual representatives who 
requested records under FOIA on behalf of an entity; and
     Any individual who made any type of Privacy Act request or 
appeal that was received by or referred to the System Manager (or 
related privacy personnel) for the relevant HHS Privacy Act system of 
records for handling--but only if the System Manager's (or related 
privacy personnel's) Privacy Act tracking records and case files are 
retrieved by requester or appellant identifier.
    For a FOIA request or appeal involving non-Privacy Act records, the 
individual treated as the requester or appellant may have made the FOIA 
request or appeal personally, through a representative, or as a 
representative for another individual. For a Privacy Act request or 
appeal, the individual requester or appellant may have made the request 
or appeal personally, or as the parent of or court-appointed guardian 
for a minor or legally-declared incompetent who is the subject of the 
records, or with the prior, written consent of the record subject. When 
any of the aforementioned individual requesters or appellants seeks to 
exercise Privacy Act rights under this SORN with respect to the 
tracking record and case file pertaining to his or her FOIA or Privacy 
Act request or appeal, the information in the tracking record and case 
file must be about him, as required by 5 U.S.C. 552a(a)(4) (i.e., not 
merely be retrieved by his identifier), for the individual to be 
afforded Privacy Act rights with respect to those records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records consist of tracking records and case files for FOIA and 
Privacy Act requests and appeals made by individuals. This system of 
records excludes tracking records and case files for FOIA requests and 
appeals made by or on behalf of entities.
    Tracking records typically include the requester/appellant's name 
and contact information, case tracking number, date of request or 
appeal, a brief description of the request or appeal, processing 
status, and response date or appeal decision date. A tracking record 
for a FOIA request may include additional information, such as the 
requester's fee category and whether expedited processing or a fee 
waiver or reduction was sought and was granted or denied.

[[Page 17465]]

    A case file typically includes a copy of the request and any 
appeal, which would include the requester/appellant's name; contact 
information; a description of the records that were the subject of the 
access, correction, or other request; issues raised on appeal; copies 
of any documents included with the request or appeal; the case tracking 
number; the agency's response letter and any appeal decision letter; 
copies of records responsive to the request; correspondence about the 
request or appeal with the requester and with other involved parties 
and agencies; and any fee-related information. A case file also may 
include identity verification documents and information (such as 
photocopies of the requester's driver's license, passport, alien or 
voter registration card, or union card; identifying particulars about 
the records sought, such as an account number; or a statement 
certifying that the requester is the individual who he or she claims to 
be) if the case file pertains to a first-party request; a consent form 
signed by an individual record subject, authorizing HHS to provide 
records about that individual to a third party; and photocopies of 
documents establishing a parent, guardian, or other legal relationship 
(such as a court order or birth certificate) if the request or appeal 
was made by a legal representative. Any classified records responsive 
to a FOIA request or appeal are considered to be part of the FOIA case 
file, even if maintained in a security office instead of in the FOIA 
case file.
    Note that the scope of this system of records excludes the 
following related records:
     Litigation files maintained in the HHS Office of General 
Counsel related to requests covered in this system of records (see 
instead the SORN for System No. 09-90-0064 ``Litigation Files, 
Administrative Complaints and Adverse Personnel Actions'');
     Records pertaining to Privacy Act violation claims (see 
instead the SORNs for System Nos. 09-90-0062 ``Administrative Claims'' 
and 09-90-0064 ``Litigation Files, Administrative Complaints and 
Adverse Personnel Actions''); and
     Records about agency personnel who process FOIA and 
Privacy Act requests (see instead SORNs covering personnel records; 
e.g., 09-90-0018 ``Personnel Records in Operating Offices,'' 09-40-0001 
``Public Health Service (PHS) Commissioned Corps General Personnel 
Records,'' and OPM/GOVT-2 ``Employee Performance File System 
Records'').

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 552, 552a; 44 U.S.C. 3301.

PURPOSE(S) OF THE SYSTEM:
    FOIA and Privacy Act tracking records and case files are used on a 
need-to-know basis within the agency, primarily by FOIA office 
personnel, FOIA Coordinators and subject matter experts in program 
offices who locate and provide records responsive to requests, 
attorneys in the Office of General Counsel, Privacy Officers, and 
System Managers for Privacy Act systems of records. HHS uses the 
tracking records and case files to:
     Track, process, and respond to the requests and any 
related administrative appeals, litigation, and mediation actions and 
communicate with the requesters and appellants;
     locate records responsive to requests and appeals and 
verify the identity of first-party requesters and appellants;
     identify related requests and records frequently requested 
under FOIA and generate publicly-releasable versions of FOIA request 
logs;
     provide aggregate and statistical data for reports and 
facilitate management and oversight reviews of FOIA and Privacy Act 
operations; and
     share relevant information with other HHS offices that 
manage related matters arising from processing FOIA and Privacy Act 
requests and appeals, such as investigating erroneous release incidents 
and responding to lawsuits alleging Privacy Act violation claims or 
other claims. (Records used for such purposes, if retrieved by personal 
identifier, would be covered under other SORNs.)

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The Privacy Act allows us to disclose information without an 
individual's consent to parties outside the agency if the information 
is to be used for a purpose that is compatible with the purpose(s) for 
which the information was collected. Any such compatible use of data is 
known as a ``routine use.'' The proposed routine uses in this system 
meet the compatibility requirement of the Privacy Act. To the extent 
this system contains Protected Health Information (PHI) as defined by 
HHS regulation ``Standards for Privacy of Individually Identifiable 
Health Information'' (45 CFR parts 160 and 164, 65 FR 82462 (December 
28, 2000), Subparts A and E), disclosures of such PHI that are 
otherwise authorized by these routine uses may only be made if, and as, 
permitted or required by the ``Standards for Privacy of Individually 
Identifiable Health Information.'' This system may make the following 
routine use disclosures:
    1. Records may be disclosed to the Department of Justice (DOJ) for 
the purpose of obtaining DOJ's advice as to whether or not records are 
required to be disclosed under FOIA and/or the Privacy Act in response 
to an access request.
    2. Records may be disclosed to federal agencies and Department 
contractors that have been engaged by HHS to assist in accomplishing an 
HHS function related to the purposes of the system and that need to 
have access to the records in order to assist HHS. Any contractor will 
be required to comply with the requirements of the Privacy Act of 1974 
and appropriately safeguard the records. These safeguards are explained 
in the ``Safeguards'' section.
    3. Records may be disclosed to student volunteers and other 
individuals performing functions for the Department but technically not 
having the status of agency employees, if they need access to the 
records in order to perform their assigned agency functions.
    4. Records may be disclosed to a Member of Congress or to a 
congressional staff member in response to a written inquiry of the 
congressional office made at the written request of the constituent 
about whom the record is maintained. The Member of Congress does not 
have any greater authority to obtain records than the individual would 
have if requesting the records directly.
    5. Records may be disclosed to the Department of Justice (DOJ) or 
to a court or other tribunal when:
    a. The agency or any component thereof, or
    b. any employee of the agency in his or her official capacity, or
    c. any employee of the agency in his or her individual capacity 
where DOJ has agreed to represent the employee, or
    d. the United States Government, is a party to litigation or has an 
interest in such litigation and, by careful review, HHS determines that 
the records are both relevant and necessary to the litigation and that, 
therefore, the use of such records by the DOJ, court, or other tribunal 
is deemed by HHS to be compatible with the purpose for which the agency 
collected the records.
    6. Records may be disclosed to another federal, foreign, state, 
local, tribal, or other public agency with an interest in or control 
over information in records responsive to or otherwise related to an 
access or amendment request, for the following purposes:

[[Page 17466]]

    a. Consulting the other agency for its views about providing access 
to the information or assistance in verifying the identity of an 
individual or the accuracy of information sought to be amended or 
corrected;
    b. informing the other agency of HHS' response or intended response 
to the request; or
    c. referring the request to the most appropriate federal agency for 
response.
    7. The identity of the requester or appellant may be disclosed to a 
submitter of business records that are sought by that requester or 
appellant, when obtaining the submitter's views concerning release of 
the submitter's business information under FOIA.
    8. Records may be disclosed to the National Archives and Records 
Administration, Office of Government Information Services (OGIS), to 
the extent necessary to fulfill its responsibilities under 5 U.S.C. 
552(h) to review administrative agency policies, procedures, and 
compliance with FOIA, and to facilitate OGIS' offering of mediation 
services to resolve disputes between persons making FOIA requests and 
administrative agencies.
    9. Records may be disclosed to appropriate federal agencies and 
Department contractors that have a need to know the information for the 
purpose of assisting the Department's efforts to respond to a suspected 
or confirmed breach of the security or confidentiality of information 
maintained in this system of records, when the information disclosed is 
relevant and necessary for that assistance.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM--
STORAGE:
    Electronic records are stored in secure electronic tracking and/or 
storage applications, and on compact disks, DVDs, and network drives. 
Hard-copy files are stored at office locations, in file rooms, shelves, 
safes, cabinets, bookcases or desks.

RETRIEVAL:
    Records are retrieved by personal identifier (i.e., requester or 
appellant name).

SAFEGUARDS:
    Safeguards conform to the HHS Information Security and Privacy 
Program, http://www.hhs.gov/ocio/securityprivacy/index.html and HHS 
Office of Security and Strategic Information (OSSI) policies regarding 
classified information, and include the following:
    Administrative Safeguards: Authorized users are limited to HHS 
employees and officials who are responsible for processing FOIA and 
Privacy Act requests and appeals, authorized personnel of any 
contractors or federal agencies assisting HHS with those functions, and 
any other authorized individuals who work for HHS and assist HHS with 
those functions but technically do not have the status of agency 
employees. Only personnel with a ``need to know'' and appropriate 
security clearances issued by OSSI or the Office of Inspector General 
(OIG) regarding OIG personnel are allowed to access classified records. 
Each user's access is limited, based on the user's role, to the records 
that are essential to the user's duties. Security safeguards are 
imposed on contractors through inclusion of Privacy Act-required 
clauses in contracts and through monitoring by contract and project 
officers.
    Technical Safeguards: Access to electronic systems and records is 
controlled and protected by a secure log-in method (using passwords 
that are unique, complex, and frequently changed), time-out features, 
NSA and/or NIST-approved encryption methods, firewalls, intrusion 
detection systems, and cybersecurity monitoring systems.
    Physical Safeguards: Hard-copy records and records displayed on 
computer screens are protected from the view of unauthorized 
individuals while the records are in use by an authorized employee. 
Hard-copy records and electronic storage media are secured during 
nonbusiness hours in locked file cabinets, locked desk drawers, locked 
offices, or locked storage areas. Office buildings are protected by 
cameras and uniformed guards. When records are photocopied, printed, 
scanned, or faxed for authorized purposes, care is taken to ensure that 
no copies are left where they can be read by unauthorized individuals. 
When eligible for destruction, records are securely disposed of using 
destruction methods prescribed by NSA and/or NIST SP 800-88.

RETENTION AND DISPOSAL:
    Records are retained and disposed of in accordance with General 
Records Schedule (GRS) 4.2 ``Information Access and Protection 
Records'' (superseding GRS 14 ``Information Services Records''), which 
prescribes retention periods ranging from approximately two years to 
six years after final agency action or adjudication by a court, date of 
closure, or last entry. For specific periods, see GRS 4.2 Items 020 
access and disclosure request files; 030 general administrative 
(tracking) records; 050 Privacy Act accounting of disclosure files; and 
090 Privacy Act amendment request files.

SYSTEM MANAGER(S) AND ADDRESS(ES):
    HHS Privacy Act Officer, Freedom of Information/Privacy Acts 
Division, OS/ASPA, Hubert H. Humphrey Building--Suite 729H, 200 
Independence Avenue SW., Washington, DC 20201.

NOTIFICATION PROCEDURE:
    An individual who wishes to know if this system contains tracking 
records and case files for FOIA and Privacy Act requests or appeals in 
which he was the requester or appellant must submit a written request 
to the System Manager identified above. The request should include the 
full name of the individual, information to verify the individual's 
identity, and the individual's current address.

RECORD ACCESS PROCEDURE:
    An individual requester or appellant may request access to tracking 
records and case files about his FOIA or Privacy Act request or appeal 
by making a written request to the System Manager identified above, and 
by identifying or describing the records sought, providing information 
to verify his identity, and including his current address.

CONTESTING RECORD PROCEDURES:
    An individual may contest information in tracking records and case 
files about his FOIA or Privacy Act request or appeal by contacting the 
System Manager identified above, and by identifying the information 
contested, the corrective action sought, and the reasons for requesting 
the correction, along with supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Information is obtained from individual requesters and appellants, 
responsive records, program offices that provide responsive records, 
and personnel at HHS, other agencies, and outside organizations (e.g., 
consultants and business submitters) who provide information relevant 
to processing the requests.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    This system of records is not a type of system eligible to 
promulgate exemptions under subsections (j) and (k) of the Privacy Act 
(5 U.S.C. 552a(j), (k)); however, any record in this system that is 
from another Privacy Act system of records that has promulgated 
exemptions will be exempt from access and other requirements of the 
Privacy Act if and to the same extent that the

[[Page 17467]]

record is exempt from such requirements in the source system. Records 
in this system that are from a system described in 5 U.S.C. 552a(j)(2) 
may be exempt from the requirements in these subsections of the Privacy 
Act: (c)(3), (c)(4), (d), (e)(1), (e)(2), (e)(3), (e)(4)G), (e)(4)(H), 
(e)(4)(I), (e)(5), (e)(8), (e)(12), (f), (g), and (h). Records in this 
system that are from a system described in 5 U.S.C. 552a(k) may be 
exempt from the requirements in these subsections of the Privacy Act: 
(c)(3), (d), (e)(1), (e)(4)G), (e)(4)(H), (e)(4)(I), and (f). Any 
records compiled in reasonable anticipation of a civil action or 
proceeding are excluded from the Privacy Act access requirement in all 
systems of records, as provided in 5 U.S.C. 552a(d)(5).

    Dated: March 9, 2016.
Catherine Teti,
Executive Officer, Deputy Agency Chief FOIA Officer, Assistant 
Secretary for Public Affairs.
[FR Doc. 2016-07060 Filed 3-28-16; 8:45 am]
 BILLING CODE 4150-25-P