| wiki | search |
Section 201. Definition of record and system of records
Section 552a(a) of title 5, United States Code, is amended as follows—
In (4) by striking ‘about an individual’; inserting after ‘maintained by an agency’ the text ‘that permits the identity of the party to whom the information applies to be reasonably inferred by either direct or indirect means’; striking the first instance of the word ‘his’; replacing the second instance of the word ‘his’ with the word ‘the’; and
In (5) by striking 'from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual';
Section 202. Clarifying uses and disclosures of records
(a) Internal use and external disclosure. Section 552a(a) of title 5, United States Code, is amended as follows—
strike (7) and insert —
'(7) The term “internal use” means a use of a record that is contained in a system of records by any person or organization within the agency that maintains the record.
(8) The term “external disclosure” means the disclosure of a record that is contained in a system of records, for a reason that is compatible with the purposes for which the system is maintained, by any means of communication to a person or organization not within the agency that maintains the record'
(b) Matching programs. Section 552a(a) of title 5, United States Code, is amended as follows—
(i) In present subsection (8)(A)(i), strike ‘two or more automated systems of records or a system of records with non-Federal records for the purpose of --’; inserting ‘data from a system of records for the purpose of --’. (ii) In Section 552a(u), strike subsections (3)(D), (5), (6), and (7). Renumber this section accordingly. (iii) In present subsection (8)(A)(i)(I) and (II), insert “or State” after the first use of the word “Federal.”
In present subsection (8)(A)(i)(I) and (II), insert “or State” after the first use of the word “Federal.”
(re-number this section accordingly)
Section 203. Amendments to conditions of disclosure
(a) Section 552a(b) of title 5, United States Code, is amended as follows —
(1) by amending the title to read 'Conditions of use or disclosure'
(2) by striking 'disclose any record which is contained in a system of records by any means of communication to any person, or to another agency' in the first sentence and inserting 'engage in internal use or external disclosure of any record which is contained in a system of records'.
(3) in (3) striking 'routine use' and inserting 'an external disclosure' and striking the number '7' and inserting the number '8'
(4) in (6) inserting 'or for records management inspections authorized by statute' at the end
(5) in (8) striking 'upon such disclosure notification is transmitted to the last known address of such individual' and inserting 'a reasonable attempt to notify the individual is made promptly after the disclosure';
(6) in (9) inserting ‘or, to a congressional office when that office is acting in response to a request of particular individual in writing’ at the end;
(7) in (10) striking 'General Accounting Office' and inserting 'Government Accountability Office'
(8) in (11) striking 'or' after the semicolon;
(9) in 12 replacing the period with a semicolon;
(10) by inserting new subparagraph (13) as follows—
'(13) to the Department of Justice (including U.S. Attorneys' offices) or a Federal agency that is a party to litigation or in proceedings before any court or adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
(A) the agency that maintains the system of records, or any component of the agency;
(B) any employee of the agency in his/her official capacity;
(C) any employee of the agency in his/her individual capacity where DOJ or the agency has agreed to represent the employee; or
(D) the United States or any agency thereof, [paragraph break] if the agency that maintains the system of records determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which the agency collected the records.'
(b) Section 552a(o)(2) of title 5, United States Code, is amended as follows – by inserting a new paragraph (8) which reads as follows – ‘(8) subject to a statute that prohibits compliance with the subsection’
(c) Section 552a(o)(2) of title 5, United States Code, is amended as follows –
by inserting a new subparagraph (E) which reads as follows –
'(E)(i) If such a matching program is being continued after at least one 18 month term as described in subparagraph (C), and one year term as described in subparagraph (D), and is otherwise compliant with the requirements of the computer matching provisions of this Act, the agreement may remain in effect only for such period, not to exceed 36 months, as the Data Integrity Board of the agency determines is appropriate in light of the purposes, and length of time necessary for the conduct, of the matching program.
(ii) When the conditions of subparagraph (E)(i) apply, the Data Integrity Board may, without additional review, renew the matching agreement for a current, ongoing matching program for not more than 24 additional months, subject to the conditions in subparagraphs (D)(i) and (D)(ii).'
Section 204. Amendments to improve notification
(a) Section 552a(c) of title 5, United States Code, is amended as follows –
(1) amending the title to read ‘Accounting of Certain External Disclosures and Internal Uses’;
(2) labeling the paragraph immediately following the title as paragraph 1 and renumbering the adjusting the numbering for the rest of the subsection accordingly;
(3) in the paragraph previously numbered as (3), striking ‘his request’ and inserting ‘the request of the individual’;
(4) in (4), inserting before ‘inform’ the text ‘at the request of the individual,’;
(5) inserting a new paragraph 2 that reads:
(2) Each agency, with respect to each system of records under its control in digital format, shall—
(A) keep an accurate accounting of –
(i) the date, nature, and purpose of each internal use of a record; and
(ii) the name or job title, and location, of the person or office to whom the disclosure is made;
(B) retain the accounting made under paragraph (1) of this subsection for at least five years or the life of the record, whichever is longer, after the internal use for which the accounting is made;
(C) at the request of the individual, make the accounting conducted under paragraph (1) of this subsection available to the individual named in the record;
(D) at the request of the individual, inform any person or office about any correction or notification of dispute made by the agency in accordance with subsection (d)[will become “e”] of this section of any record that has been internally used by the person or office if an accounting of the internal use was made;
(E) at the request of the individual[does it make sense to add this clause here? It was not in the draft language received], disclose any accounting or partial accounting that the agency maintains for an internal use even if maintenance of the accounting is not required by this subsection.
Except for requirement (E), the requirements of this subsection apply to: (1) a system of records that, on the effective date of this provision, has the capability to maintain digitally an accurate accounting for an internal use; (2) a system of record that, after the effective date of this provision, acquires the capability to maintain digitally an accurate accounting for an internal use; or (3) any digital system of records ten years after the effective date of this provision.
(c) Section 552a(d) of title 5, United States Code, is amended to be entitled ‘Access to and Correction of Records’.
(d) Section 552a(e)(3) of title 5, United States Code, is amended as follows —
(1) in striking ‘, on the form which it uses to collect the information or on a separate form that can be retained by the individual’ and inserting ‘for a system of records, at the time that the information is requested, of’;
(2) in (A) striking ‘mandatory or voluntary’ and inserting ‘mandatory, voluntary, or required to receive a right, benefit, or privilege’
(3) in (B) striking 'purpose or purposes' and inserting 'use or uses'to be used'
(4) in (C) striking 'the routine uses which', and inserting 'all secondary usespurposes that', and striking the word ‘and’ after the semicolon
(5) in inserting a new subsection (E) that reads as follows:
‘the procedures and contact information by which an individual can access and correct information about that individual; and’
(6) in inserting a new subsection (F) that reads as follows:
‘a reference to a location where more information on the practices relating to this system of records may be found, such as the address for the website where the current, specific system of records notice for this system of records is located.’
(e) Section 552a(e) of title 5, United States Code, is amended as follows —
(1) in replacing the text ‘Each agency that maintains a system of records shall’ with the text ‘Each agency shall’.
(2) in replacing the period at the end of subsection (12) with a semicolon followed by the word ‘and’ and in inserting a new subsection (13) that reads as follows:
‘define, to the greatest extent practicable, the number and scope of its systems of records in a manner that clearly and fairly describes its activities to individuals. An agency shall, to the extent practicable, include in the same system of records activities that relate to the same program and that have the same principal usespurposes; and.'
(3) in inserting a new subsection (14) that reads as follows:
‘make reasonable efforts to limit an external disclosure to the minimum information necessary to accomplish the purpose of the disclosure.’.
(f) Section 552a(e)(2) of title 5, United States Code, is amended as follows –
in striking the word ‘and’ and the words ‘under Federal Programs’.
(g) Section 552a(e)(4) of title 5, United States Code, is amended as follows —
(1) insert ', and on a centralized Website maintained by the office of the OMB Chief Privacy Officer, and on the agency’s website' after the word 'Register'
(2) relocate the current (I) to appear after the current (C)
(3) strike the current (D) and insert '(D) the principle use or purposes for which the information may be utilized and the legal authority for these purposes, granted by statute, or by Executive Order of the President, with a description of all internal or external disclosures for these purposes including a list of agencies with whom the information may be shared and the categories of information that may be shared;' and '(E) the secondary purposes for which the information may be utilized and the legal authority for these purposes, whether granted by statute, or by Executive Order of the President, with a description of all internal or external disclosures for these purposes including a list of agencies with whom the information may be shared and the categories of information that may be shared;'
(4) strike the current (H) and (I) and replace it with the following text:
‘the agency procedures whereby an individual can be notified at his request if the system of records contains a record pertaining to him, gain access to a record pertaining to him contained in the system of records, or contest its content.’
(re-number this section accordingly)
(h) Section 552a(e)(5) of title 5, United States Code, is amended as follows —
(1) insert ', including information from any source,' after 'maintain all records'.
(i) Section 552a(e)(8) of title 5, United States Code, is amended to read:
‘make reasonable efforts to notify an individual as promptly as practicable after the agency receives compulsory legal process for any record on the individual, except where notifying the individual is prohibited by law or court order;’
(j) Section 552a(e)(11) of title 5, United States Code, is amended to read:
‘at least 30 days prior to the establishment or revision of a system of records under paragraph (4) of this subsection,
(A) publish the entire text of the SORN, as revised, in the Federal Register, on a centralized Website maintained by the office of the OMB Chief Privacy Officer, and on the agency’s website to provide an opportunity for interested persons to submit written data, views, and arguments to the agency, and
(B) within 180 days of publishing the SORN, publish on a centralized Website maintained by the office of the OMB Chief Privacy Officer and on the agency’s website a response to the comments received, along with notice on whether the SORN as published under paragraph 11(A) has taken effect,
unless the Director of the Office of Management and Budget or the Chief Federal Privacy Officer grants an exception and the fact of this exception is published, on a centralized Website maintained by the office of the OMB Chief Privacy Officer, and on the agency’s website.’
(k) Section 552a(f) of title 5, United States Code, is amended as follows:
(1) in (1), replacing ‘named by the individual’ with ‘maintained by the agency’ and ‘him’ with ‘the individual’
(2) in (2), replacing ‘his’ with ‘a’ and ‘him’ with ‘the individual’
(3) in (3) striking the first appearance of ‘his’, replacing the second appearance of ‘his’ with ‘a’, and replacing both appearances of ‘him’ with ‘the individual’
(4) in (4) replacing ‘his’ with ‘the individual’s’
(5) in striking the text ‘The Office of the Federal Register shall biennially compile and publish the rules promulgated under this subsection and agency notices published under subsection (e)(4) of this section in a from available to the public at low cost’ and
(6) in adding a new subsection (6) that reads: ‘establish reasonable requirements for the form and content of a written request or written consent that authorizes the disclosure of an individual’s record to a third party, including, but not limited to, requirements that the request:
(A) specifically identify the agency;
(B) specifically identify the individual whose consent is requested;
(C) specifically describe the records requested;
(D) specifically identify the person or entity to whom the records may be disclosed;
(E) include an expiration date or event on which consent expires, which shall in no case be more than one year from the date the consent was signed;
(F) be signed by the individual, legal guardian, or persona legally authorized to act on the individual’s behalf;
(G) be dated the day that the consent was signed;
(H) state that the individual may revoke the consent in writing;
(I) state that the agency cannot deny any right, benefit, or privilege based on the individual’s refusal to consent;
(J) describe how the third party (other than a family member or person who has a fiduciary obligation to the individual) may use and disclose the record; and
(K) be received and maintained by the agency.’
(l) Section 552a(o)(2)(A)(ii) is amended by adding the words 'and published on agency websites' at the end
(m) Section 7 of the Privacy Act of 1974 shall be codified as a new subsection (w)
Section 205. Remedies and Attorney's Fees
(a) Amend 552a(g)(4)(A) to read as follows:
"(A) actual damages sustained by the individual as a result of the refusal or failure or the sum of $1,000, whichever is greater, except that in a class action, the minimum recovery for each individual shall be reduced as necessary to ensure that the total recovery in any class action or series of class actions arising out of the same refusal or failure to comply by the same agency shall not be more than $10,000,000; and".
(b) Amend 552a(g) by adding a new paragraph (6)
"(6) (A) In any suit brought under the provisions of subsection (g)(1)(C) or (D) of this section, the court may order the agency to comply with the provisions of this section or any rule promulgated thereunder and to take other remedial action. In such a case the court shall determine the matter de novo.
"(B) The court may assess against the United States reasonable attorney fees and other litigation costs reasonably incurred in any case under this paragraph in which the complainant has substantially prevailed."
Section 206. Criminal Penalties
(a) Amend 552a(i)(1) by adding a new paragraph (B) “A person who commits the offense described in subsection (A) with intent to sell, transfer, or use an agency record for commercial advantage, personal gain, or malicious harm shall be fined not more than $250,000, imprisoned not more than 10 years, or both."
(b) Amend 552a(i)(3) by striking ‘misdemeanor’ and inserting ‘felony’, and striking ‘$5,000’ and inserting ‘$50,000’.
‘When an agency provides by contract for the performance of an agency function that requires disclosure of a record to the contractor, the agency shall, consistent with its authority, cause the requirements of this section to be applied to the contractor’s use of the record. For purposes of subsection (i) of this section any such contract and any employee of such contractor, if such contract is agreed to on or before the effective date of this section, shall be considered to be an employee of an agency.’
Section 207. National Archives and Record Administration
Amend 552a(l) by replacing each instance of ‘National Archives’ or ‘National Archives of the United States’ with ‘National Archives and Record Administration’.
Section 208. Codification of Provisions for Social Security Account Number Disclosure
(a) Strike from Sec. 7(a)(1) of § 552a ‘It shall be unlawful for’ and insert ‘A district court of the United States may enjoin any Federal, State or local government agency from denying’ prior to ‘to any individual…’.
(b) Codify Sec. 7(a) of § 552a (note) as a new subsection (w) of 5 U.S.C. § 552a entitled ‘Unlawful To Deny Certain Rights, Benefits, or Privileges for Refusal To Disclose Social Security Account Number.’
(c) Codify Section 208(b)(3) of the E-Government Act of Sec.7(b) of § 552a (note) as a new subsection (x) of 5 U.S.C. § 552a entitled ;Mandatory Disclosure To Accompany Request for Social Security Account Number’.
