Legislative Mandates

Att 1 - Legislative Mandates.pdf

National Health Interview Survey

Legislative Mandates

OMB: 0920-0214

Document [pdf]
Download: pdf | pdf
Attachment 1 - Legislative Mandate (Excerpts)

National Center for Health Statistics (42 USC 242K)
Sec. 306 [242k]
(a) There is established in the Department of Health and Services the National Center for Health
Statistics (hereinafter in this section referred to as the “Center” which shall be under the direction of a
Director who shall be appointed by the Secretary. The Secretary, acting through the Center, shall
conduct and support statistical and epidemiological activities for the purpose of improving the
effectiveness, efficiency, and quality of health services in the United States.
(b) In carrying out subsection (a), the Secretary, acting through the Center--(1) shall collect statistics on--(A) the extent and nature of illness and disability of the population of the United States (or of any
groupings of the people included in the population), including life expectancy, the incidence of various
acute and chronic illnesses, and infant and maternal morbidity and mortality,
(B) the impact of illness and disability of the population on the economy on the economy of the United
States and on other aspects of the well-being of its population (or of such groupings),
(C) environmental , social, and other health hazards,
(D) determinants of health
(E) health resources, including physicians, dentists, nurses, and other health professionals by specialty
and type of practice and the supply of services by hospitals, extended care facilities, home health
agencies, and other health institutions,
(F) utilization of health care, including utilization of
(i) ambulatory health services by specialties, and
(ii) services of hospitals, extended care facilities, home health agencies, and other institutions,
(G) health care costs and financing, including the trends in health care prices and cost, the sources of
payments for health care services, and
(H) family formation, growth, and dissolution;

(2) shall undertake and support (by grant or contract) research, demonstrations, and evaluations
respecting new or improved methods for obtaining new or improved methods for obtaining current
data on the matters referred to in paragraph (1);
(3) may undertake and support (by grant or contract) epidemiological research, demonstrations, and
evaluations on the matters referred to in paragraph (1); and
(4) may collect, furnish, tabulate, and analyze statistics, and prepare studies, on matters referred to in
paragraph (1) upon request of public and nonprofit private entities under arrangements under which
the entities will pay the cost of the service provided.
Amounts appropriated to the Secretary from payments made under arrangements made under
paragraph (4) shall be available to the Secretary for obligation until expended
Sec. 308 [242m]
(d) Information; publication restrictions
No information, if an establishment or person supplying the information or described in it is
identifiable, obtained in the course of activities undertaken or supported under section 242b, 242k, or
242l of this title may be used for any purpose other than the purpose for which it was supplied unless
such establishment or person has consented (as determined under regulations of the Secretary) to its
use for such other purpose; and in the case of information obtained in the course of health statistical
or epidemiological activities under section 242b or 242k of this title, such information may not be
published or released in other form if the particular establishment or person supplying the information
or described in it is identifiable unless such establishment or person has consented (as determined
under regulations of the Secretary) to its publication or release in other form.
Confidential Information Protection and Statistical Efficiency Act (PL 107-347)
Subtitle A—Confidential Information Protection
SEC. 511. FINDINGS AND PURPOSES.
(a) FINDINGS.—The Congress finds the following:
(1) Individuals, businesses, and other organizations have varying degrees of legal protection when
providing information to the agencies for strictly statistical purposes.
(2) Pledges of confidentiality by agencies provide assurances to the public that information about
individuals or organizations or provided by individuals or organizations for exclusively statistical
purposes will be held in confidence and will not be used against such individuals or organizations in
any agency action.
(3) Protecting the confidentiality interests of individuals or organizations who provide information
under a pledge of confidentiality for Federal statistical programs serves both the interests of the public
and the needs of society.

(4) Declining trust of the public in the protection of information provided under a pledge of
confidentiality to the agencies adversely affects both the accuracy and completeness of statistical
analyses.
(5) Ensuring that information provided under a pledge of confidentiality for statistical purposes
receives protection is essential in continuing public cooperation in statistical programs.
(b) PURPOSES.—The purposes of this subtitle are the following:
(1) To ensure that information supplied by individuals or organizations to an agency for statistical
purposes under a pledge of confidentiality is used exclusively for statistical purposes.
(2) To ensure that individuals or organizations who supply information under a pledge of
confidentiality to agencies for statistical purposes will neither have that information disclosed
in identifiable form to anyone not authorized by this title nor have that information used for any
purpose other than a statistical purpose.
(3) To safeguard the confidentiality of individually identifiable information acquired under a pledge of
confidentiality for statistical purposes by controlling access to, and uses made of, such information.
SEC. 512. LIMITATIONS ON USE AND DISCLOSURE OF DATA AND INFORMATION.
(a) USE OF STATISTICAL DATA OR INFORMATION.—Data or information acquired by an agency under a
pledge of confidentiality and for exclusively statistical purposes shall be used by officers, employees, or
agents of the agency exclusively for statistical purposes.
(b) DISCLOSURE OF STATISTICAL DATA OR INFORMATION.—
(1) Data or information acquired by an agency under a pledge of confidentiality for exclusively
statistical purposes shall not be disclosed by an agency in identifiable form, for any use other than an
exclusively statistical purpose, except with the informed consent of the respondent.
(2) A disclosure pursuant to paragraph (1) is authorized only when the head of the agency approves
such disclosure and the disclosure is not prohibited by any other law.
(3) This section does not restrict or diminish any confidentiality protections in law that otherwise apply
to data or information acquired by an agency under a pledge of confidentiality for exclusively statistical
purposes.
(c) RULE FOR USE OF DATA OR INFORMATION FOR NONSTATISTICAL
PURPOSES.—A statistical agency or unit shall clearly distinguish any data or information it collects for
nonstatistical purposes (as authorized by law) and provide notice to the public, before the data or
information is collected, that the data or information could be used for nonstatistical purposes.
(d) DESIGNATION OF AGENTS.—A statistical agency or unit may designate agents, by contract or by
entering into a special agreement containing the provisions required under section 502(2) for
treatment as an agent under that section, who may perform exclusively statistical activities, subject to
the limitations and penalties described in this title.

SEC. 513. FINES AND PENALTIES.
Whoever, being an officer, employee, or agent of an agency acquiring information for exclusively
statistical purposes, having taken and subscribed the oath of office, or having sworn to observe
the limitations imposed by section 512, comes into possession of such information by reason of his or
her being an officer, employee, or agent and, knowing that the disclosure of the specific information
is prohibited under the provisions of this title, willfully discloses the information in any manner to a
person or agency not entitled to receive it, shall be guilty of a class E felony and imprisoned
for not more than 5 years, or fined not more than $250,000, or both.

Federal Cybersecurity Enhancement Act of 2015
II

114TH CONGRESS
1ST SESSION

S. 1869

To improve Federal network security and authorize and enhance an existing
intrusion detection and prevention system for civilian Federal networks.

IN THE SENATE OF THE UNITED STATES
JULY 27, 2015
Mr. CARPER (for himself and Mr. JOHNSON) introduced the following bill;
which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

A BILL
To improve Federal network security and authorize and enhance an existing intrusion detection and prevention system for civilian Federal networks.
1

Be it enacted by the Senate and House of Representa-

2 tives of the United States of America in Congress assembled,
3
4

SECTION 1. SHORT TITLE.

This Act may be cited as the ‘‘Federal Cybersecurity

5 Enhancement Act of 2015’’.
6
mstockstill on DSK4VPTVN1PROD with BILLS

7

VerDate Sep 11 2014

22:11 Jul 29, 2015

SEC. 2. DEFINITIONS.

In this Act—

Jkt 049200

PO 00000

Frm 00001

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

2
1

(1) the term ‘‘agency’’ has the meaning given

2

the term in section 3502 of title 44, United States

3

Code;

4

(2) the term ‘‘agency information system’’ has

5

the meaning given the term in section 228 of the

6

Homeland Security Act of 2002, as added by section

7

3(a);

8
9

(3) the term ‘‘appropriate congressional committees’’ means—

10

(A) the Committee on Homeland Security

11

and Governmental Affairs of the Senate; and

12

(B) the Committee on Homeland Security

13

of the House of Representatives;

14

(4) the terms ‘‘cybersecurity risk’’ and ‘‘infor-

15

mation system’’ have the meanings given those

16

terms in section 227 of the Homeland Security Act

17

of 2002, as so redesignated by section 3(a);

18

mstockstill on DSK4VPTVN1PROD with BILLS

19

(5) the term ‘‘Director’’ means the Director of
the Office of Management and Budget;

20

(6) the term ‘‘intelligence community’’ has the

21

meaning given the term in section 3(4) of the Na-

22

tional Security Act of 1947 (50 U.S.C. 3003(4));

23

and

24
25

(7) the term ‘‘Secretary’’ means the Secretary
of Homeland Security.

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00002

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

3
1

SEC. 3. IMPROVED FEDERAL NETWORK SECURITY.

2

(a) IN GENERAL.—Subtitle C of title II of the Home-

3 land Security Act of 2002 (6 U.S.C. 141 et seq.) is amend4 ed—
5

(1) by redesignating section 228 as section 229;

6

(2) by redesignating section 227 as subsection

7

(c) of section 228, as added by paragraph (4), and

8

adjusting the margins accordingly;

9

(3) by redesignating the second section des-

10

ignated as section 226 (relating to the national cy-

11

bersecurity and communications integration center)

12

as section 227;

13
14
15

mstockstill on DSK4VPTVN1PROD with BILLS

16

(4) by inserting after section 227, as so redesignated, the following:
‘‘SEC. 228. CYBERSECURITY PLANS.

‘‘(a) DEFINITIONS.—In this section—

17

‘‘(1) the term ‘agency information system’

18

means an information system used or operated by an

19

agency, by a contractor of an agency, or by another

20

entity on behalf of an agency;

21

‘‘(2) the terms ‘cybersecurity risk’ and ‘infor-

22

mation system’ have the meanings given those terms

23

in section 227;

24

‘‘(3) the term ‘information sharing and analysis

25

organization’ has the meaning given the term in sec-

26

tion 212(5); and
•S 1869 IS

VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00003

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

4
1

‘‘(4) the term ‘intelligence community’ has the

2

meaning given the term in section 3(4) of the Na-

3

tional Security Act of 1947 (50 U.S.C. 3003(4)).

4

‘‘(b) INTRUSION ASSESSMENT PLAN.—

5

‘‘(1) REQUIREMENT.—The Secretary, in coordi-

6

nation with the Director of the Office of Manage-

7

ment and Budget, shall develop and implement an

8

intrusion assessment plan to identify and remove in-

9

truders in agency information systems.

10

‘‘(2) EXCEPTION.—The intrusion assessment

11

plan required under paragraph (1) shall not apply to

12

the Department of Defense or an element of the in-

13

telligence community.’’;

14

(5) in section 228(c), as so redesignated, by

15

striking ‘‘section 226’’ and inserting ‘‘section 227’’;

16

and

17
18
19

(6) by inserting after section 229, as so redesignated, the following:
‘‘SEC. 230. FEDERAL INTRUSION DETECTION AND PREVEN-

20

mstockstill on DSK4VPTVN1PROD with BILLS

21

TION SYSTEM.

‘‘(a) DEFINITIONS.—In this section—

22

‘‘(1) the term ‘agency’ has the meaning given

23

that term in section 3502 of title 44, United States

24

Code;

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00004

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

5
1

‘‘(2) the term ‘agency information’ means infor-

2

mation collected or maintained by or on behalf of an

3

agency;

4
5

‘‘(3) the term ‘agency information system’ has
the meaning given the term in section 228; and

6

‘‘(4) the terms ‘cybersecurity risk’ and ‘infor-

7

mation system’ have the meanings given those terms

8

in section 227.

9

‘‘(b) REQUIREMENT.—

mstockstill on DSK4VPTVN1PROD with BILLS

10

‘‘(1) IN

GENERAL.—Not

later than 1 year after

11

the date of enactment of this section, the Secretary

12

shall deploy, operate, and maintain, to make avail-

13

able for use by any agency, with or without reim-

14

bursement—

15

‘‘(A) a capability to detect cybersecurity

16

risks in network traffic transiting or traveling

17

to or from an agency information system; and

18

‘‘(B) a capability to prevent network traffic

19

associated with such cybersecurity risks from

20

transiting or traveling to or from an agency in-

21

formation system or modify such network traf-

22

fic to remove the cybersecurity risk.

23

‘‘(2) REGULAR

IMPROVEMENT.—The

24

shall regularly deploy new technologies and modify

25

existing technologies to the intrusion detection and

•S 1869 IS
VerDate Sep 11 2014

Secretary

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00005

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

6
1

prevention capabilities described in paragraph (1) as

2

appropriate to improve the intrusion detection and

3

prevention capabilities.

4

‘‘(c) ACTIVITIES.—In carrying out subsection (b), the

mstockstill on DSK4VPTVN1PROD with BILLS

5 Secretary—
6

‘‘(1) may access, and the head of an agency

7

may disclose to the Secretary or a private entity pro-

8

viding assistance to the Secretary under paragraph

9

(2), information transiting or traveling to or from an

10

agency information system, regardless of the location

11

from which the Secretary or a private entity pro-

12

viding assistance to the Secretary under paragraph

13

(2) accesses such information, notwithstanding any

14

other provision of law that would otherwise restrict

15

or prevent the head of an agency from disclosing

16

such information to the Secretary or a private entity

17

providing assistance to the Secretary under para-

18

graph (2);

19

‘‘(2) may enter into contracts or other agree-

20

ments with, or otherwise request and obtain the as-

21

sistance of, private entities to deploy and operate

22

technologies in accordance with subsection (b);

23

‘‘(3) may retain, use, and disclose information

24

obtained through the conduct of activities authorized

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00006

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

7
1

under this section only to protect information and

2

information systems from cybersecurity risks;

3

‘‘(4) shall regularly assess through operational

4

test and evaluation in real world or simulated envi-

5

ronments available advanced protective technologies

6

to improve detection and prevention capabilities, in-

7

cluding commercial and non-commercial technologies

8

and detection technologies beyond signature-based

9

detection, and utilize such technologies when appro-

10

priate;

11

‘‘(5) shall establish a pilot to acquire, test, and

12

deploy, as rapidly as possible, technologies described

13

in paragraph (4); and

14

‘‘(6) shall periodically update the privacy im-

15

pact assessment required under section 208(b) of

16

the E-Government Act of 2002 (44 U.S.C. 3501

17

note).

18

‘‘(d) PRIVATE ENTITIES.—

19

mstockstill on DSK4VPTVN1PROD with BILLS

20

‘‘(1) CONDITIONS.—A private entity described
in subsection (c)(2) may not—

21

‘‘(A) disclose any network traffic transiting

22

or traveling to or from an agency information

23

system to any entity other than the Department

24

or the agency that disclosed the information

25

under subsection (c)(1); or

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00007

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

8
1

‘‘(B) use any network traffic transiting or

2

traveling to or from an agency information sys-

3

tem to which the private entity gains access in

4

accordance with this section for any purpose

5

other than to protect agency information and

6

agency information systems against cybersecu-

7

rity risks or to administer a contract or other

8

agreement entered into pursuant to subsection

9

(c)(2) or as part of another contract with the

10

Secretary.

11

‘‘(2) LIMITATION

ON LIABILITY.—No

cause of

12

action shall lie in any court against a private entity

13

for assistance provided to the Secretary in accord-

14

ance with this section and any contract or agree-

15

ment entered into pursuant to subsection (c)(2).’’.

16

(b) PRIORITIZING ADVANCED SECURITY TOOLS.—

17 The Director and the Secretary, in consultation with ap18 propriate agencies, shall—
19

(1) review and update Governmentwide policies

20

and programs to ensure appropriate prioritization

21

and use of network security monitoring tools within

22

agency networks; and

mstockstill on DSK4VPTVN1PROD with BILLS

23

(2) brief appropriate congressional committees

24

on such prioritization and use.

25

(c) AGENCY RESPONSIBILITIES.—

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00008

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

9
1

mstockstill on DSK4VPTVN1PROD with BILLS

2

(1) IN

GENERAL.—Except

as provided in para-

graph (2)—

3

(A) not later than 1 year after the date of

4

enactment of this Act or 2 months after the

5

date on which the Secretary makes available the

6

intrusion detection and prevention capabilities

7

under section 230(b)(1) of the Homeland Secu-

8

rity Act of 2002, as added by subsection (a),

9

whichever is later, the head of each agency shall

10

apply and continue to utilize the capabilities to

11

all information traveling between an agency in-

12

formation system and any information system

13

other than an agency information system; and

14

(B) not later than 6 months after the date

15

on which the Secretary makes available im-

16

provements to the intrusion detection and pre-

17

vention

18

230(b)(2) of the Homeland Security Act of

19

2002, as added by subsection (a), the head of

20

each agency shall apply and continue to utilize

21

the improved intrusion detection and prevention

22

capabilities.

23

(2)

capabilities

pursuant

EXCEPTION.—The

to

requirements

under

24

paragraph (1) shall not apply to the Department of

25

Defense or an element of the intelligence community.

•S 1869 IS
VerDate Sep 11 2014

section

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00009

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

10
1

(d) TABLE

OF

CONTENTS AMENDMENT.—The table

2 of contents in section 1(b) of the Homeland Security Act
3 of 2002 (6 U.S.C. 101 note) is amended by striking the
4 items relating to the first section designated as section
5 226, the second section designated as section 226 (relating
6 to the national cybersecurity and communications integra7 tion center), section 227, and section 228 and inserting
8 the following:
‘‘Sec.
‘‘Sec.
‘‘Sec.
‘‘Sec.
‘‘Sec.

9
10

226.
227.
228.
229.
230.

Cybersecurity recruitment and retention.
National cybersecurity and communications integration center.
Cybersecurity plans.
Clearances.
Federal intrusion detection and prevention system.’’.

SEC. 4. ADVANCED INTERNAL DEFENSES.

(a) ADVANCED NETWORK SECURITY TOOLS.—

11

(1) IN

Secretary shall include

12

in the Continuous Diagnostics and Mitigation Pro-

13

gram advanced network security tools to improve

14

visibility of network activity, including through the

15

use of commercial and free or open source tools, to

16

detect and mitigate intrusions and anomalous activ-

17

ity.

18

mstockstill on DSK4VPTVN1PROD with BILLS

GENERAL.—The

(2) DEVELOPMENT

OF PLAN.—The

19

shall develop and implement a plan to ensure that

20

each agency utilizes advanced network security tools,

21

including those described in paragraph (1), to detect

22

and mitigate intrusions and anomalous activity.

•S 1869 IS
VerDate Sep 11 2014

Director

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00010

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

11
1

(b) IMPROVED METRICS.—The Secretary, in collabo-

2 ration with the Director, shall review and update the
3 metrics used to measure security under section 3554 of
4 title 44, United States Code, to include measures of intru5 sion and incident detection and response times.
6

(c) TRANSPARENCY AND ACCOUNTABILITY.—The Di-

7 rector, in consultation with the Secretary, shall increase
8 transparency to the public on agency cybersecurity pos9 ture, including by increasing the number of metrics avail10 able on Federal Government performance websites and, to
11 the greatest extent practicable, displaying metrics for de12 partment components, small agencies, and micro agencies.
13

(d) MAINTENANCE

OF

TECHNOLOGIES.—Section

14 3553(b)(6)(B) of title 44, United States Code, is amended
15 by inserting ‘‘, operating, and maintaining’’ after ‘‘deploy16 ing’’.
17
18

SEC. 5. FEDERAL CYBERSECURITY BEST PRACTICES.

(a) ASSESSMENT OF BEST PRACTICES FOR FEDERAL

19 CYBERSECURITY.—The Secretary, in consultation with
20 the Director, shall regularly assess and require implemen21 tation of best practices for securing agency information
22 systems against intrusion and preventing data exfiltration

mstockstill on DSK4VPTVN1PROD with BILLS

23 in the event of an intrusion.
24
25

(b) CYBERSECURITY REQUIREMENTS

AT

CIES.—

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00011

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

AGEN-

12
1

(1) IN

as provided in para-

2

graph (2), not later than 1 year after the date of en-

3

actment of this Act, the head of each agency shall—

4

(A) identify sensitive and mission critical

5

data stored by the agency consistent with the

6

inventory required under the first subsection (c)

7

(relating to the inventory of major information

8

systems) and the second subsection (c) (relating

9

to the inventory of information systems) of sec-

10

mstockstill on DSK4VPTVN1PROD with BILLS

GENERAL.—Except

tion 3505 of title 44, United States Code;

11

(B) assess access controls to the data de-

12

scribed in subparagraph (A), the need for read-

13

ily accessible storage of the data, and individ-

14

uals’ need to access the data;

15

(C) encrypt the data described in subpara-

16

graph (A) that is stored on or transiting agency

17

information systems consistent with standards

18

and

19

11331 of title 40, United States Code;

guidelines

promulgated

under

20

(D) implement a single sign-on trusted

21

identity platform for individuals accessing each

22

public website of the agency that requires user

23

authentication, as developed by the Adminis-

24

trator of General Services in collaboration with

25

the Secretary; and

•S 1869 IS
VerDate Sep 11 2014

section

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00012

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

13
1

(E) implement multi-factor authentication

2

consistent with standards and guidelines pro-

3

mulgated under section 11331 of title 40,

4

United States Code, for—

5

(i) remote access to an agency infor-

6

mation system; and

7

(ii) each user account with elevated

8

privileges on an agency information sys-

9

tem.

10

EXCEPTION.—The

requirements

paragraph (1) shall not apply to the Department of

12

Defense or an element of the intelligence community.

14

SEC. 6. ASSESSMENT; REPORTS.

(a) DEFINITIONS.—In this section—

15

(1) the term ‘‘intrusion assessments’’ means ac-

16

tions taken under the intrusion assessment plan to

17

identify and remove intruders in agency information

18

systems;

19

(2) the term ‘‘intrusion assessment plan’’

20

means the plan required under section 228(b)(1) of

21

the Homeland Security Act of 2002, as added by

22

section 3(a) of this Act; and

23

(3) the term ‘‘intrusion detection and preven-

24

tion capabilities’’ means the capabilities required

•S 1869 IS
VerDate Sep 11 2014

under

11

13

mstockstill on DSK4VPTVN1PROD with BILLS

(2)

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00013

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

14
1

under section 230(b) of the Homeland Security Act

2

of 2002, as added by section 3(a) of this Act.

3

(b) THIRD-PARTY ASSESSMENT.—Not later than 3

4 years after the date of enactment of this Act, the Govern5 ment Accountability Office shall conduct a study and pub6 lish a report on the effectiveness of the approach and
7 strategy of the Federal Government to securing agency in8 formation systems, including the intrusion detection and
9 prevention capabilities and the intrusion assessment plan.
10

(c) REPORTS TO CONGRESS.—

11
12

(1) INTRUSION
CAPABILITIES.—

13

mstockstill on DSK4VPTVN1PROD with BILLS

DETECTION AND PREVENTION

(A) SECRETARY

OF HOMELAND SECURITY

14

REPORT.—Not

15

date of enactment of this Act, and annually

16

thereafter, the Secretary shall submit to the ap-

17

propriate congressional committees a report on

18

the status of implementation of the intrusion

19

detection and prevention capabilities, includ-

20

ing—

later than 6 months after the

21

(i) a description of privacy controls;

22

(ii) a description of the technologies

23

and capabilities utilized to detect cyberse-

24

curity risks in network traffic, including

25

the extent to which those technologies and

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00014

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

15
1

capabilities include existing commercial

2

and non-commercial technologies;

3

(iii) a description of the technologies

4

and capabilities utilized to prevent network

5

traffic associated with cybersecurity risks

6

from transiting or traveling to or from

7

agency information systems, including the

8

extent to which those technologies and ca-

9

pabilities include existing commercial and

mstockstill on DSK4VPTVN1PROD with BILLS

10

non-commercial technologies;

11

(iv) a list of the types of indicators or

12

other identifiers or techniques used to de-

13

tect cybersecurity risks in network traffic

14

transiting or traveling to or from agency

15

information systems on each iteration of

16

the intrusion detection and prevention ca-

17

pabilities and the number of each such

18

type of indicator, identifier, and technique;

19

(v) the number of instances in which

20

the intrusion detection and prevention ca-

21

pabilities detected a cybersecurity risk in

22

network traffic transiting or traveling to or

23

from agency information systems and the

24

number of times the intrusion detection

25

and prevention capabilities blocked net-

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00015

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

16
1

work traffic associated with cybersecurity

2

risk; and

3

(vi) a description of the pilot estab-

4

lished under section 230(c)(5) of the

5

Homeland Security Act of 2002, as added

6

by section 3(a) of this Act, including the

7

number of new technologies tested and the

8

number of participating agencies.

9

(B) OMB

later than 18

10

months after the date of enactment of this Act,

11

and annually thereafter, the Director shall sub-

12

mit to Congress, as part of the report required

13

under section 3553(c) of title 44, United States

14

Code, an analysis of agency application of the

15

intrusion detection and prevention capabilities,

16

including—

17

(i) a list of each agency and the de-

18

gree to which each agency has applied the

19

intrusion detection and prevention capabili-

20

ties to an agency information system; and

21

mstockstill on DSK4VPTVN1PROD with BILLS

REPORT.—Not

(ii) a list by agency of—

22

(I) the number of instances in

23

which the intrusion detection and pre-

24

vention capabilities detected a cyber-

25

security

risk

in

network

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00016

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

traffic

17
1

transiting or traveling to or from an

2

agency information system and the

3

types of indicators, identifiers, and

4

techniques used to detect such cyber-

5

security risks; and

6

(II) the number of instances in

7

which the intrusion detection and pre-

8

vention capabilities prevented network

9

traffic associated with a cybersecurity

10

risk from transiting or traveling to or

11

from an agency information system

12

and the types of indicators, identi-

13

fiers, and techniques used to detect

14

such agency information systems.

mstockstill on DSK4VPTVN1PROD with BILLS

15

(2) OMB

REPORT ON DEVELOPMENT AND IM-

16

PLEMENTATION OF INTRUSION ASSESSMENT PLAN,

17

ADVANCED INTERNAL DEFENSES, AND FEDERAL CY-

18

BERSECURITY

19

shall—

BEST

PRACTICES.—The

20

(A) not later than 6 months after the date

21

of enactment of this Act, and 30 days after any

22

update thereto, submit the intrusion assessment

23

plan to the appropriate congressional commit-

24

tees;

•S 1869 IS
VerDate Sep 11 2014

Director

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00017

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

18
1

(B) not later than 1 year after the date of

2

enactment of this Act, and annually thereafter,

3

submit to Congress, as part of the report re-

4

quired under section 3553(c) of title 44, United

5

States Code—

6

(i) a description of the implementation

7

of the intrusion assessment plan;

8

(ii) the findings of the intrusion as-

9

sessments conducted pursuant to the intru-

10

sion assessment plan;

11

(iii) advanced network security tools

12

included in the Continuous Diagnostics

13

and Mitigation Program pursuant to sec-

14

tion 4(a)(1);

15

(iv) the results of the assessment of

16

the Secretary of best practices for Federal

17

cybersecurity pursuant to section 5(a); and

18

(v) a list by agency of compliance with

19

the requirements of section 5(b); and

20

(C) not later than 1 year after the date of

21

enactment of this Act, submit to the appro-

22

priate congressional committees—

mstockstill on DSK4VPTVN1PROD with BILLS

23

(i) a copy of the plan developed pursu-

24

ant to section 4(a)(2); and

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00018

Fmt 6652

Sfmt 6201

E:\BILLS\S1869.IS

S1869

19
1

(ii) the improved metrics developed

2
3
4

pursuant to section 4(b).
SEC. 7. TERMINATION.

(a) IN GENERAL.—The authority provided under sec-

5 tion 230 of the Homeland Security Act of 2002, as added
6 by section 3(a) of this Act, and the reporting requirements
7 under section 6(c) shall terminate on the date that is 7
8 years after the date of enactment of this Act.
9

(b) RULE

OF

CONSTRUCTION.—Nothing in sub-

10 section (a) shall be construed to affect the limitation of
11 liability of a private entity for assistance provided to the
12 Secretary under section 230(d)(2) of the Homeland Secu13 rity Act of 2002, as added by section 3(a) of this Act,
14 if such assistance was rendered before the termination
15 date under subsection (a) or otherwise during a period in
16 which the assistance was authorized.

mstockstill on DSK4VPTVN1PROD with BILLS

Æ

•S 1869 IS
VerDate Sep 11 2014

01:41 Jul 29, 2015

Jkt 049200

PO 00000

Frm 00019

Fmt 6652

Sfmt 6301

E:\BILLS\S1869.IS

S1869

Privacy Act of 1974, 5 U.S.C. § 552a
§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

(c) Agency Reports to the Attorney General and OMB Director.
(i) The head of each agency shall submit a report, no
later than 6 months from the date of this order, to the
Attorney General and the OMB Director that summarizes the results of the review under section 3(a) of this
order and encloses a copy of the agency’s plan under
section 3(b) of this order. The agency shall publish a
copy of the agency’s report on the agency’s website or,
in the case of an agency without a website, on the
Firstgov.gov website, or, in the case of any agency with
neither a website nor the capability to publish on the
Firstgov.gov website, in the Federal Register.
(ii) The head of each agency shall include in the agency’s annual FOIA reports for fiscal years 2006 and 2007
a report on the agency’s development and implementation of its plan under section 3(b) of this order and on
the agency’s performance in meeting the milestones set
forth in that plan, consistent with any related guidelines the Attorney General may issue under section
552(e) of title 5, United States Code.
(iii) If the agency does not meet a milestone in its
plan, the head of the agency shall:
(A) identify this deficiency in the annual FOIA report to the Attorney General;
(B) explain in the annual report the reasons for the
agency’s failure to meet the milestone;
(C) outline in the annual report the steps that the
agency has already taken, and will be taking, to address the deficiency; and
(D) report this deficiency to the President’s Management Council.
SEC. 4. Attorney General.
(a) Report. The Attorney General, using the reports
submitted by the agencies under subsection 3(c)(i) of
this order and the information submitted by agencies
in their annual FOIA reports for fiscal year 2005, shall
submit to the President, no later than 10 months from
the date of this order, a report on agency FOIA implementation. The Attorney General shall consult the
OMB Director in the preparation of the report and shall
include in the report appropriate recommendations on
administrative or other agency actions for continued
agency dissemination and release of public information. The Attorney General shall thereafter submit two
further annual reports, by June 1, 2007, and June 1, 2008,
that provide the President with an update on the agencies’ implementation of the FOIA and of their plans
under section 3(b) of this order.
(b) Guidance. The Attorney General shall issue such
instructions and guidance to the heads of departments
and agencies as may be appropriate to implement sections 3(b) and 3(c) of this order.
SEC. 5. OMB Director. The OMB Director may issue
such instructions to the heads of agencies as are necessary to implement this order, other than sections 3(b)
and 3(c) of this order.
SEC. 6. Definitions. As used in this order:
(a) the term ‘‘agency’’ has the same meaning as the
term ‘‘agency’’ under section 552(f)(1) of title 5, United
States Code; and
(b) the term ‘‘record’’ has the same meaning as the
term ‘‘record’’ under section 552(f)(2) of title 5, United
States Code.
SEC. 7. General Provisions.
(a) The agency reviews under section 3(a) of this
order and agency plans under section 3(b) of this order
shall be conducted and developed in accordance with
applicable law and applicable guidance issued by the
President, the Attorney General, and the OMB Director, including the laws and guidance regarding information technology and the dissemination of information.
(b) This order:
(i) shall be implemented in a manner consistent with
applicable law and subject to the availability of appropriations;
(ii) shall not be construed to impair or otherwise affect the functions of the OMB Director relating to
budget, legislative, or administrative proposals; and
(iii) is intended only to improve the internal management of the executive branch and is not intended to,

Page 44

and does not, create any right or benefit, substantive
or procedural, enforceable at law or in equity by a
party against the United States, its departments, agencies, instrumentalities, or entities, its officers or employees, or any other person.
GEORGE W. BUSH.
FREEDOM OF INFORMATION ACT
Memorandum of President of the United States, Jan.
21, 2009, 74 F.R. 4683, provided:
Memorandum for the Heads of Executive Departments and Agencies
A democracy requires accountability, and accountability requires transparency. As Justice Louis Brandeis wrote, ‘‘sunlight is said to be the best of disinfectants.’’ In our democracy, the Freedom of Information
Act (FOIA), which encourages accountability through
transparency, is the most prominent expression of a
profound national commitment to ensuring an open
Government. At the heart of that commitment is the
idea that accountability is in the interest of the Government and the citizenry alike.
The Freedom of Information Act should be administered with a clear presumption: In the face of doubt,
openness prevails. The Government should not keep information confidential merely because public officials
might be embarrassed by disclosure, because errors and
failures might be revealed, or because of speculative or
abstract fears. Nondisclosure should never be based on
an effort to protect the personal interests of Government officials at the expense of those they are supposed
to serve. In responding to requests under the FOIA, executive branch agencies (agencies) should act promptly
and in a spirit of cooperation, recognizing that such
agencies are servants of the public.
All agencies should adopt a presumption in favor of
disclosure, in order to renew their commitment to the
principles embodied in FOIA, and to usher in a new era
of open Government. The presumption of disclosure
should be applied to all decisions involving FOIA.
The presumption of disclosure also means that agencies should take affirmative steps to make information
public. They should not wait for specific requests from
the public. All agencies should use modern technology
to inform citizens about what is known and done by
their Government. Disclosure should be timely.
I direct the Attorney General to issue new guidelines
governing the FOIA to the heads of executive departments and agencies, reaffirming the commitment to accountability and transparency, and to publish such
guidelines in the Federal Register. In doing so, the Attorney General should review FOIA reports produced by
the agencies under Executive Order 13392 of December
14, 2005. I also direct the Director of the Office of Management and Budget to update guidance to the agencies
to increase and improve information dissemination to
the public, including through the use of new technologies, and to publish such guidance in the Federal
Register.
This memorandum does not create any right or benefit, substantive or procedural, enforceable at law or in
equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
The Director of the Office of Management and Budget
is hereby authorized and directed to publish this memorandum in the Federal Register.
BARACK OBAMA.

§ 552a. Records maintained on individuals
(a) DEFINITIONS.—For purposes of this section—
(1) the term ‘‘agency’’ means agency as defined in section 552(e) 1 of this title;
(2) the term ‘‘individual’’ means a citizen of
the United States or an alien lawfully admitted for permanent residence;
1 See

References in Text note below.

Page 45

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

(3) the term ‘‘maintain’’ includes maintain,
collect, use, or disseminate;
(4) the term ‘‘record’’ means any item, collection, or grouping of information about an
individual that is maintained by an agency,
including, but not limited to, his education, financial transactions, medical history, and
criminal or employment history and that contains his name, or the identifying number,
symbol, or other identifying particular assigned to the individual, such as a finger or
voice print or a photograph;
(5) the term ‘‘system of records’’ means a
group of any records under the control of any
agency from which information is retrieved by
the name of the individual or by some identifying number, symbol, or other identifying
particular assigned to the individual;
(6) the term ‘‘statistical record’’ means a
record in a system of records maintained for
statistical research or reporting purposes only
and not used in whole or in part in making
any determination about an identifiable individual, except as provided by section 8 of title
13;
(7) the term ‘‘routine use’’ means, with respect to the disclosure of a record, the use of
such record for a purpose which is compatible
with the purpose for which it was collected;
(8) the term ‘‘matching program’’—
(A) means any computerized comparison
of—
(i) two or more automated systems of
records or a system of records with nonFederal records for the purpose of—
(I) establishing or verifying the eligibility of, or continuing compliance with
statutory and regulatory requirements
by, applicants for, recipients or beneficiaries of, participants in, or providers
of services with respect to, cash or inkind assistance or payments under Federal benefit programs, or
(II) recouping payments or delinquent
debts under such Federal benefit programs, or

§ 552a

Revenue Code of 1986, (II) for purposes of
tax administration as defined in section
6103(b)(4) of such Code, (III) for the purpose
of intercepting a tax refund due an individual under authority granted by section
404(e), 464, or 1137 of the Social Security
Act; or (IV) for the purpose of intercepting
a tax refund due an individual under any
other tax refund intercept program authorized by statute which has been determined by the Director of the Office of
Management and Budget to contain verification, notice, and hearing requirements
that are substantially similar to the procedures in section 1137 of the Social Security Act;
(v) matches—
(I) using records predominantly relating to Federal personnel, that are performed for routine administrative purposes (subject to guidance provided by
the Director of the Office of Management
and Budget pursuant to subsection (v));
or
(II) conducted by an agency using only
records from systems of records maintained by that agency;

(ii) two or more automated Federal personnel or payroll systems of records or a
system of Federal personnel or payroll
records with non-Federal records,

if the purpose of the match is not to take
any adverse financial, personnel, disciplinary, or other adverse action against Federal personnel;
(vi) matches performed for foreign
counterintelligence purposes or to produce
background checks for security clearances
of Federal personnel or Federal contractor
personnel;
(vii) matches performed incident to a
levy described in section 6103(k)(8) of the
Internal Revenue Code of 1986;
(viii) matches performed pursuant to
section 202(x)(3) or 1611(e)(1) of the Social
Security Act (42 U.S.C. 402(x)(3), 1382(e)(1));
or
(ix) matches performed by the Secretary
of Health and Human Services or the Inspector General of the Department of
Health and Human Services with respect
to potential fraud, waste, and abuse, including matches of a system of records
with non-Federal records;

(B) but does not include—
(i) matches performed to produce aggregate statistical data without any personal
identifiers;
(ii) matches performed to support any
research or statistical project, the specific
data of which may not be used to make decisions concerning the rights, benefits, or
privileges of specific individuals;
(iii) matches performed, by an agency (or
component thereof) which performs as its
principal function any activity pertaining
to the enforcement of criminal laws, subsequent to the initiation of a specific
criminal or civil law enforcement investigation of a named person or persons for
the purpose of gathering evidence against
such person or persons;
(iv) matches of tax information (I) pursuant to section 6103(d) of the Internal

(9) the term ‘‘recipient agency’’ means any
agency, or contractor thereof, receiving
records contained in a system of records from
a source agency for use in a matching program;
(10) the term ‘‘non-Federal agency’’ means
any State or local government, or agency
thereof, which receives records contained in a
system of records from a source agency for use
in a matching program;
(11) the term ‘‘source agency’’ means any
agency which discloses records contained in a
system of records to be used in a matching
program, or any State or local government, or
agency thereof, which discloses records to be
used in a matching program;
(12) the term ‘‘Federal benefit program’’
means any program administered or funded by
the Federal Government, or by any agent or
State on behalf of the Federal Government,

§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

providing cash or in-kind assistance in the
form of payments, grants, loans, or loan guarantees to individuals; and
(13) the term ‘‘Federal personnel’’ means officers and employees of the Government of the
United States, members of the uniformed services (including members of the Reserve Components), individuals entitled to receive immediate or deferred retirement benefits under
any retirement program of the Government of
the United States (including survivor benefits).
(b) CONDITIONS OF DISCLOSURE.—No agency
shall disclose any record which is contained in a
system of records by any means of communication to any person, or to another agency, except
pursuant to a written request by, or with the
prior written consent of, the individual to whom
the record pertains, unless disclosure of the
record would be—
(1) to those officers and employees of the
agency which maintains the record who have a
need for the record in the performance of their
duties;
(2) required under section 552 of this title;
(3) for a routine use as defined in subsection
(a)(7) of this section and described under subsection (e)(4)(D) of this section;
(4) to the Bureau of the Census for purposes
of planning or carrying out a census or survey
or related activity pursuant to the provisions
of title 13;
(5) to a recipient who has provided the agency with advance adequate written assurance
that the record will be used solely as a statistical research or reporting record, and the
record is to be transferred in a form that is
not individually identifiable;
(6) to the National Archives and Records Administration as a record which has sufficient
historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of
the United States or the designee of the Archivist to determine whether the record has such
value;
(7) to another agency or to an instrumentality of any governmental jurisdiction within or
under the control of the United States for a
civil or criminal law enforcement activity if
the activity is authorized by law, and if the
head of the agency or instrumentality has
made a written request to the agency which
maintains the record specifying the particular
portion desired and the law enforcement activity for which the record is sought;
(8) to a person pursuant to a showing of compelling circumstances affecting the health or
safety of an individual if upon such disclosure
notification is transmitted to the last known
address of such individual;
(9) to either House of Congress, or, to the extent of matter within its jurisdiction, any
committee or subcommittee thereof, any joint
committee of Congress or subcommittee of
any such joint committee;
(10) to the Comptroller General, or any of his
authorized representatives, in the course of
the performance of the duties of the Government Accountability Office;
(11) pursuant to the order of a court of competent jurisdiction; or

Page 46

(12) to a consumer reporting agency in accordance with section 3711(e) of title 31.
(c) ACCOUNTING OF CERTAIN DISCLOSURES.—
Each agency, with respect to each system of
records under its control, shall—
(1) except for disclosures made under subsections (b)(1) or (b)(2) of this section, keep an
accurate accounting of—
(A) the date, nature, and purpose of each
disclosure of a record to any person or to another agency made under subsection (b) of
this section; and
(B) the name and address of the person or
agency to whom the disclosure is made;
(2) retain the accounting made under paragraph (1) of this subsection for at least five
years or the life of the record, whichever is
longer, after the disclosure for which the accounting is made;
(3) except for disclosures made under subsection (b)(7) of this section, make the accounting made under paragraph (1) of this subsection available to the individual named in
the record at his request; and
(4) inform any person or other agency about
any correction or notation of dispute made by
the agency in accordance with subsection (d)
of this section of any record that has been disclosed to the person or agency if an accounting of the disclosure was made.
(d) ACCESS TO RECORDS.—Each agency that
maintains a system of records shall—
(1) upon request by any individual to gain
access to his record or to any information pertaining to him which is contained in the system, permit him and upon his request, a person of his own choosing to accompany him, to
review the record and have a copy made of all
or any portion thereof in a form comprehensible to him, except that the agency may require the individual to furnish a written statement authorizing discussion of that individual’s record in the accompanying person’s
presence;
(2) permit the individual to request amendment of a record pertaining to him and—
(A) not later than 10 days (excluding Saturdays, Sundays, and legal public holidays)
after the date of receipt of such request, acknowledge in writing such receipt; and
(B) promptly, either—
(i) make any correction of any portion
thereof which the individual believes is
not accurate, relevant, timely, or complete; or
(ii) inform the individual of its refusal to
amend the record in accordance with his
request, the reason for the refusal, the procedures established by the agency for the
individual to request a review of that refusal by the head of the agency or an officer designated by the head of the agency,
and the name and business address of that
official;
(3) permit the individual who disagrees with
the refusal of the agency to amend his record
to request a review of such refusal, and not
later than 30 days (excluding Saturdays, Sundays, and legal public holidays) from the date

Page 47

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

on which the individual requests such review,
complete such review and make a final determination unless, for good cause shown, the
head of the agency extends such 30-day period;
and if, after his review, the reviewing official
also refuses to amend the record in accordance
with the request, permit the individual to file
with the agency a concise statement setting
forth the reasons for his disagreement with
the refusal of the agency, and notify the individual of the provisions for judicial review of
the reviewing official’s determination under
subsection (g)(1)(A) of this section;
(4) in any disclosure, containing information
about which the individual has filed a statement of disagreement, occurring after the filing of the statement under paragraph (3) of
this subsection, clearly note any portion of
the record which is disputed and provide copies of the statement and, if the agency deems
it appropriate, copies of a concise statement of
the reasons of the agency for not making the
amendments requested, to persons or other
agencies to whom the disputed record has been
disclosed; and
(5) nothing in this section shall allow an individual access to any information compiled in
reasonable anticipation of a civil action or
proceeding.
(e) AGENCY REQUIREMENTS.—Each agency that
maintains a system of records shall—
(1) maintain in its records only such information about an individual as is relevant and
necessary to accomplish a purpose of the agency required to be accomplished by statute or
by executive order of the President;
(2) collect information to the greatest extent
practicable directly from the subject individual when the information may result in adverse determinations about an individual’s
rights, benefits, and privileges under Federal
programs;
(3) inform each individual whom it asks to
supply information, on the form which it uses
to collect the information or on a separate
form that can be retained by the individual—
(A) the authority (whether granted by
statute, or by executive order of the President) which authorizes the solicitation of
the information and whether disclosure of
such information is mandatory or voluntary;
(B) the principal purpose or purposes for
which the information is intended to be
used;
(C) the routine uses which may be made of
the information, as published pursuant to
paragraph (4)(D) of this subsection; and
(D) the effects on him, if any, of not providing all or any part of the requested information;
(4) subject to the provisions of paragraph (11)
of this subsection, publish in the Federal Register upon establishment or revision a notice
of the existence and character of the system of
records, which notice shall include—
(A) the name and location of the system;
(B) the categories of individuals on whom
records are maintained in the system;
(C) the categories of records maintained in
the system;

§ 552a

(D) each routine use of the records contained in the system, including the categories of users and the purpose of such use;
(E) the policies and practices of the agency
regarding storage, retrievability, access controls, retention, and disposal of the records;
(F) the title and business address of the
agency official who is responsible for the
system of records;
(G) the agency procedures whereby an individual can be notified at his request if the
system of records contains a record pertaining to him;
(H) the agency procedures whereby an individual can be notified at his request how
he can gain access to any record pertaining
to him contained in the system of records,
and how he can contest its content; and
(I) the categories of sources of records in
the system;
(5) maintain all records which are used by
the agency in making any determination
about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination;
(6) prior to disseminating any record about
an individual to any person other than an
agency, unless the dissemination is made pursuant to subsection (b)(2) of this section, make
reasonable efforts to assure that such records
are accurate, complete, timely, and relevant
for agency purposes;
(7) maintain no record describing how any
individual exercises rights guaranteed by the
First Amendment unless expressly authorized
by statute or by the individual about whom
the record is maintained or unless pertinent to
and within the scope of an authorized law enforcement activity;
(8) make reasonable efforts to serve notice
on an individual when any record on such individual is made available to any person under
compulsory legal process when such process
becomes a matter of public record;
(9) establish rules of conduct for persons involved in the design, development, operation,
or maintenance of any system of records, or in
maintaining any record, and instruct each
such person with respect to such rules and the
requirements of this section, including any
other rules and procedures adopted pursuant
to this section and the penalties for noncompliance;
(10) establish appropriate administrative,
technical, and physical safeguards to insure
the security and confidentiality of records and
to protect against any anticipated threats or
hazards to their security or integrity which
could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained;
(11) at least 30 days prior to publication of
information under paragraph (4)(D) of this
subsection, publish in the Federal Register notice of any new use or intended use of the information in the system, and provide an opportunity for interested persons to submit
written data, views, or arguments to the agency; and
(12) if such agency is a recipient agency or a
source agency in a matching program with a

§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

non-Federal agency, with respect to any establishment or revision of a matching program,
at least 30 days prior to conducting such program, publish in the Federal Register notice of
such establishment or revision.
(f) AGENCY RULES.—In order to carry out the
provisions of this section, each agency that
maintains a system of records shall promulgate
rules, in accordance with the requirements (including general notice) of section 553 of this
title, which shall—
(1) establish procedures whereby an individual can be notified in response to his request
if any system of records named by the individual contains a record pertaining to him;
(2) define reasonable times, places, and requirements for identifying an individual who
requests his record or information pertaining
to him before the agency shall make the
record or information available to the individual;
(3) establish procedures for the disclosure to
an individual upon his request of his record or
information pertaining to him, including special procedure, if deemed necessary, for the
disclosure to an individual of medical records,
including psychological records, pertaining to
him;
(4) establish procedures for reviewing a request from an individual concerning the
amendment of any record or information pertaining to the individual, for making a determination on the request, for an appeal within
the agency of an initial adverse agency determination, and for whatever additional means
may be necessary for each individual to be
able to exercise fully his rights under this section; and
(5) establish fees to be charged, if any, to
any individual for making copies of his record,
excluding the cost of any search for and review of the record.
The Office of the Federal Register shall biennially compile and publish the rules promulgated
under this subsection and agency notices published under subsection (e)(4) of this section in a
form available to the public at low cost.
(g)(1) CIVIL REMEDIES.—Whenever any agency
(A) makes a determination under subsection
(d)(3) of this section not to amend an individual’s record in accordance with his request, or
fails to make such review in conformity with
that subsection;
(B) refuses to comply with an individual request under subsection (d)(1) of this section;
(C) fails to maintain any record concerning
any individual with such accuracy, relevance,
timeliness, and completeness as is necessary
to assure fairness in any determination relating to the qualifications, character, rights, or
opportunities of, or benefits to the individual
that may be made on the basis of such record,
and consequently a determination is made
which is adverse to the individual; or
(D) fails to comply with any other provision
of this section, or any rule promulgated thereunder, in such a way as to have an adverse effect on an individual,
the individual may bring a civil action against
the agency, and the district courts of the United

Page 48

States shall have jurisdiction in the matters
under the provisions of this subsection.
(2)(A) In any suit brought under the provisions
of subsection (g)(1)(A) of this section, the court
may order the agency to amend the individual’s
record in accordance with his request or in such
other way as the court may direct. In such a
case the court shall determine the matter de
novo.
(B) The court may assess against the United
States reasonable attorney fees and other litigation costs reasonably incurred in any case under
this paragraph in which the complainant has
substantially prevailed.
(3)(A) In any suit brought under the provisions
of subsection (g)(1)(B) of this section, the court
may enjoin the agency from withholding the
records and order the production to the complainant of any agency records improperly withheld from him. In such a case the court shall determine the matter de novo, and may examine
the contents of any agency records in camera to
determine whether the records or any portion
thereof may be withheld under any of the exemptions set forth in subsection (k) of this section, and the burden is on the agency to sustain
its action.
(B) The court may assess against the United
States reasonable attorney fees and other litigation costs reasonably incurred in any case under
this paragraph in which the complainant has
substantially prevailed.
(4) In any suit brought under the provisions of
subsection (g)(1)(C) or (D) of this section in
which the court determines that the agency
acted in a manner which was intentional or willful, the United States shall be liable to the individual in an amount equal to the sum of—
(A) actual damages sustained by the individual as a result of the refusal or failure, but in
no case shall a person entitled to recovery receive less than the sum of $1,000; and
(B) the costs of the action together with reasonable attorney fees as determined by the
court.
(5) An action to enforce any liability created
under this section may be brought in the district court of the United States in the district in
which the complainant resides, or has his principal place of business, or in which the agency
records are situated, or in the District of Columbia, without regard to the amount in controversy, within two years from the date on
which the cause of action arises, except that
where an agency has materially and willfully
misrepresented any information required under
this section to be disclosed to an individual and
the information so misrepresented is material to
establishment of the liability of the agency to
the individual under this section, the action
may be brought at any time within two years
after discovery by the individual of the misrepresentation. Nothing in this section shall be
construed to authorize any civil action by reason of any injury sustained as the result of a disclosure of a record prior to September 27, 1975.
(h) RIGHTS OF LEGAL GUARDIANS.—For the purposes of this section, the parent of any minor, or
the legal guardian of any individual who has
been declared to be incompetent due to physical
or mental incapacity or age by a court of com-

Page 49

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

petent jurisdiction, may act on behalf of the individual.
(i)(1) CRIMINAL PENALTIES.—Any officer or employee of an agency, who by virtue of his employment or official position, has possession of,
or access to, agency records which contain individually identifiable information the disclosure
of which is prohibited by this section or by rules
or regulations established thereunder, and who
knowing that disclosure of the specific material
is so prohibited, willfully discloses the material
in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.
(2) Any officer or employee of any agency who
willfully maintains a system of records without
meeting the notice requirements of subsection
(e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.
(3) Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses
shall be guilty of a misdemeanor and fined not
more than $5,000.
(j) GENERAL EXEMPTIONS.—The head of any
agency may promulgate rules, in accordance
with the requirements (including general notice)
of sections 553(b)(1), (2), and (3), (c), and (e) of
this title, to exempt any system of records within the agency from any part of this section except subsections (b), (c)(1) and (2), (e)(4)(A)
through (F), (e)(6), (7), (9), (10), and (11), and (i)
if the system of records is—
(1) maintained by the Central Intelligence
Agency; or
(2) maintained by an agency or component
thereof which performs as its principal function any activity pertaining to the enforcement of criminal laws, including police efforts
to prevent, control, or reduce crime or to apprehend criminals, and the activities of prosecutors, courts, correctional, probation, pardon, or parole authorities, and which consists
of (A) information compiled for the purpose of
identifying individual criminal offenders and
alleged offenders and consisting only of identifying data and notations of arrests, the nature
and disposition of criminal charges, sentencing, confinement, release, and parole and probation status; (B) information compiled for
the purpose of a criminal investigation, including reports of informants and investigators, and associated with an identifiable individual; or (C) reports identifiable to an individual compiled at any stage of the process of
enforcement of the criminal laws from arrest
or indictment through release from supervision.
At the time rules are adopted under this subsection, the agency shall include in the statement required under section 553(c) of this title,
the reasons why the system of records is to be
exempted from a provision of this section.
(k) SPECIFIC EXEMPTIONS.—The head of any
agency may promulgate rules, in accordance
with the requirements (including general notice)
of sections 553(b)(1), (2), and (3), (c), and (e) of
this title, to exempt any system of records within the agency from subsections (c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I) and (f) of this section if the
system of records is—

§ 552a

(1) subject to the provisions of section
552(b)(1) of this title;
(2) investigatory material compiled for law
enforcement purposes, other than material
within the scope of subsection (j)(2) of this section: Provided, however, That if any individual
is denied any right, privilege, or benefit that
he would otherwise be entitled by Federal law,
or for which he would otherwise be eligible, as
a result of the maintenance of such material,
such material shall be provided to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to
the Government under an express promise that
the identity of the source would be held in
confidence, or, prior to the effective date of
this section, under an implied promise that
the identity of the source would be held in
confidence;
(3) maintained in connection with providing
protective services to the President of the
United States or other individuals pursuant to
section 3056 of title 18;
(4) required by statute to be maintained and
used solely as statistical records;
(5) investigatory material compiled solely
for the purpose of determining suitability, eligibility, or qualifications for Federal civilian
employment, military service, Federal contracts, or access to classified information, but
only to the extent that the disclosure of such
material would reveal the identity of a source
who furnished information to the Government
under an express promise that the identity of
the source would be held in confidence, or,
prior to the effective date of this section,
under an implied promise that the identity of
the source would be held in confidence;
(6) testing or examination material used
solely to determine individual qualifications
for appointment or promotion in the Federal
service the disclosure of which would compromise the objectivity or fairness of the testing or examination process; or
(7) evaluation material used to determine
potential for promotion in the armed services,
but only to the extent that the disclosure of
such material would reveal the identity of a
source who furnished information to the Government under an express promise that the
identity of the source would be held in confidence, or, prior to the effective date of this
section, under an implied promise that the
identity of the source would be held in confidence.
At the time rules are adopted under this subsection, the agency shall include in the statement required under section 553(c) of this title,
the reasons why the system of records is to be
exempted from a provision of this section.
(l)(1) ARCHIVAL RECORDS.—Each agency record
which is accepted by the Archivist of the United
States for storage, processing, and servicing in
accordance with section 3103 of title 44 shall, for
the purposes of this section, be considered to be
maintained by the agency which deposited the
record and shall be subject to the provisions of
this section. The Archivist of the United States
shall not disclose the record except to the agency which maintains the record, or under rules

§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

established by that agency which are not inconsistent with the provisions of this section.
(2) Each agency record pertaining to an identifiable individual which was transferred to the
National Archives of the United States as a
record which has sufficient historical or other
value to warrant its continued preservation by
the United States Government, prior to the effective date of this section, shall, for the purposes of this section, be considered to be maintained by the National Archives and shall not be
subject to the provisions of this section, except
that a statement generally describing such
records (modeled after the requirements relating
to records subject to subsections (e)(4)(A)
through (G) of this section) shall be published in
the Federal Register.
(3) Each agency record pertaining to an identifiable individual which is transferred to the National Archives of the United States as a record
which has sufficient historical or other value to
warrant its continued preservation by the
United States Government, on or after the effective date of this section, shall, for the purposes
of this section, be considered to be maintained
by the National Archives and shall be exempt
from the requirements of this section except
subsections (e)(4)(A) through (G) and (e)(9) of
this section.
(m)(1) GOVERNMENT CONTRACTORS.—When an
agency provides by a contract for the operation
by or on behalf of the agency of a system of
records to accomplish an agency function, the
agency shall, consistent with its authority,
cause the requirements of this section to be applied to such system. For purposes of subsection
(i) of this section any such contractor and any
employee of such contractor, if such contract is
agreed to on or after the effective date of this
section, shall be considered to be an employee of
an agency.
(2) A consumer reporting agency to which a
record is disclosed under section 3711(e) of title
31 shall not be considered a contractor for the
purposes of this section.
(n) MAILING LISTS.—An individual’s name and
address may not be sold or rented by an agency
unless such action is specifically authorized by
law. This provision shall not be construed to require the withholding of names and addresses
otherwise permitted to be made public.
(o) MATCHING AGREEMENTS.—(1) No record
which is contained in a system of records may
be disclosed to a recipient agency or non-Federal agency for use in a computer matching program except pursuant to a written agreement
between the source agency and the recipient
agency or non-Federal agency specifying—
(A) the purpose and legal authority for conducting the program;
(B) the justification for the program and the
anticipated results, including a specific estimate of any savings;
(C) a description of the records that will be
matched, including each data element that
will be used, the approximate number of
records that will be matched, and the projected starting and completion dates of the
matching program;
(D) procedures for providing individualized
notice at the time of application, and notice

Page 50

periodically thereafter as directed by the Data
Integrity Board of such agency (subject to
guidance provided by the Director of the Office
of Management and Budget pursuant to subsection (v)), to—
(i) applicants for and recipients of financial assistance or payments under Federal
benefit programs, and
(ii) applicants for and holders of positions
as Federal personnel,
that any information provided by such applicants, recipients, holders, and individuals may
be subject to verification through matching
programs;
(E) procedures for verifying information produced in such matching program as required
by subsection (p);
(F) procedures for the retention and timely
destruction of identifiable records created by a
recipient agency or non-Federal agency in
such matching program;
(G) procedures for ensuring the administrative, technical, and physical security of the
records matched and the results of such programs;
(H) prohibitions on duplication and redisclosure of records provided by the source agency within or outside the recipient agency or
the non-Federal agency, except where required
by law or essential to the conduct of the
matching program;
(I) procedures governing the use by a recipient agency or non-Federal agency of records
provided in a matching program by a source
agency, including procedures governing return
of the records to the source agency or destruction of records used in such program;
(J) information on assessments that have
been made on the accuracy of the records that
will be used in such matching program; and
(K) that the Comptroller General may have
access to all records of a recipient agency or a
non-Federal agency that the Comptroller General deems necessary in order to monitor or
verify compliance with the agreement.
(2)(A) A copy of each agreement entered into
pursuant to paragraph (1) shall—
(i) be transmitted to the Committee on Governmental Affairs of the Senate and the Committee on Government Operations of the
House of Representatives; and
(ii) be available upon request to the public.
(B) No such agreement shall be effective until
30 days after the date on which such a copy is
transmitted pursuant to subparagraph (A)(i).
(C) Such an agreement shall remain in effect
only for such period, not to exceed 18 months, as
the Data Integrity Board of the agency determines is appropriate in light of the purposes,
and length of time necessary for the conduct, of
the matching program.
(D) Within 3 months prior to the expiration of
such an agreement pursuant to subparagraph
(C), the Data Integrity Board of the agency may,
without additional review, renew the matching
agreement for a current, ongoing matching program for not more than one additional year if—
(i) such program will be conducted without
any change; and
(ii) each party to the agreement certifies to
the Board in writing that the program has

Page 51

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

been conducted in compliance with the agreement.
(p) VERIFICATION AND OPPORTUNITY TO CONTEST
FINDINGS.—(1) In order to protect any individual
whose records are used in a matching program,
no recipient agency, non-Federal agency, or
source agency may suspend, terminate, reduce,
or make a final denial of any financial assistance or payment under a Federal benefit program to such individual, or take other adverse
action against such individual, as a result of information produced by such matching program,
until—
(A)(i) the agency has independently verified
the information; or
(ii) the Data Integrity Board of the agency,
or in the case of a non-Federal agency the
Data Integrity Board of the source agency, determines in accordance with guidance issued
by the Director of the Office of Management
and Budget that—
(I) the information is limited to identification and amount of benefits paid by the
source agency under a Federal benefit program; and
(II) there is a high degree of confidence
that the information provided to the recipient agency is accurate;
(B) the individual receives a notice from the
agency containing a statement of its findings
and informing the individual of the opportunity to contest such findings; and
(C)(i) the expiration of any time period established for the program by statute or regulation for the individual to respond to that notice; or
(ii) in the case of a program for which no
such period is established, the end of the 30day period beginning on the date on which notice under subparagraph (B) is mailed or
otherwise provided to the individual.
(2) Independent verification referred to in
paragraph (1) requires investigation and confirmation of specific information relating to an
individual that is used as a basis for an adverse
action against the individual, including where
applicable investigation and confirmation of—
(A) the amount of any asset or income involved;
(B) whether such individual actually has or
had access to such asset or income for such individual’s own use; and
(C) the period or periods when the individual
actually had such asset or income.
(3) Notwithstanding paragraph (1), an agency
may take any appropriate action otherwise prohibited by such paragraph if the agency determines that the public health or public safety
may be adversely affected or significantly
threatened during any notice period required by
such paragraph.
(q) SANCTIONS.—(1) Notwithstanding any other
provision of law, no source agency may disclose
any record which is contained in a system of
records to a recipient agency or non-Federal
agency for a matching program if such source
agency has reason to believe that the requirements of subsection (p), or any matching agreement entered into pursuant to subsection (o), or

§ 552a

both, are not being met by such recipient agency.
(2) No source agency may renew a matching
agreement unless—
(A) the recipient agency or non-Federal
agency has certified that it has complied with
the provisions of that agreement; and
(B) the source agency has no reason to believe that the certification is inaccurate.
(r) REPORT ON NEW SYSTEMS AND MATCHING
PROGRAMS.—Each agency that proposes to establish or make a significant change in a system of
records or a matching program shall provide
adequate advance notice of any such proposal
(in duplicate) to the Committee on Government
Operations of the House of Representatives, the
Committee on Governmental Affairs of the Senate, and the Office of Management and Budget
in order to permit an evaluation of the probable
or potential effect of such proposal on the privacy or other rights of individuals.
(s) BIENNIAL REPORT.—The President shall biennially submit to the Speaker of the House of
Representatives and the President pro tempore
of the Senate a report—
(1) describing the actions of the Director of
the Office of Management and Budget pursuant to section 6 of the Privacy Act of 1974 during the preceding 2 years;
(2) describing the exercise of individual
rights of access and amendment under this
section during such years;
(3) identifying changes in or additions to
systems of records;
(4) containing such other information concerning administration of this section as may
be necessary or useful to the Congress in reviewing the effectiveness of this section in
carrying out the purposes of the Privacy Act
of 1974.
(t)(1) EFFECT OF OTHER LAWS.—No agency
shall rely on any exemption contained in section
552 of this title to withhold from an individual
any record which is otherwise accessible to such
individual under the provisions of this section.
(2) No agency shall rely on any exemption in
this section to withhold from an individual any
record which is otherwise accessible to such individual under the provisions of section 552 of
this title.
(u) DATA INTEGRITY BOARDS.—(1) Every agency
conducting or participating in a matching program shall establish a Data Integrity Board to
oversee and coordinate among the various components of such agency the agency’s implementation of this section.
(2) Each Data Integrity Board shall consist of
senior officials designated by the head of the
agency, and shall include any senior official designated by the head of the agency as responsible
for implementation of this section, and the inspector general of the agency, if any. The inspector general shall not serve as chairman of
the Data Integrity Board.
(3) Each Data Integrity Board—
(A) shall review, approve, and maintain all
written agreements for receipt or disclosure of
agency records for matching programs to ensure compliance with subsection (o), and all
relevant statutes, regulations, and guidelines;

§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

(B) shall review all matching programs in
which the agency has participated during the
year, either as a source agency or recipient
agency, determine compliance with applicable
laws, regulations, guidelines, and agency
agreements, and assess the costs and benefits
of such programs;
(C) shall review all recurring matching programs in which the agency has participated
during the year, either as a source agency or
recipient agency, for continued justification
for such disclosures;
(D) shall compile an annual report, which
shall be submitted to the head of the agency
and the Office of Management and Budget and
made available to the public on request, describing the matching activities of the agency,
including—
(i) matching programs in which the agency
has participated as a source agency or recipient agency;
(ii) matching agreements proposed under
subsection (o) that were disapproved by the
Board;
(iii) any changes in membership or structure of the Board in the preceding year;
(iv) the reasons for any waiver of the requirement in paragraph (4) of this section
for completion and submission of a cost-benefit analysis prior to the approval of a
matching program;
(v) any violations of matching agreements
that have been alleged or identified and any
corrective action taken; and
(vi) any other information required by the
Director of the Office of Management and
Budget to be included in such report;
(E) shall serve as a clearinghouse for receiving and providing information on the accuracy, completeness, and reliability of records
used in matching programs;
(F) shall provide interpretation and guidance to agency components and personnel on
the requirements of this section for matching
programs;
(G) shall review agency recordkeeping and
disposal policies and practices for matching
programs to assure compliance with this section; and
(H) may review and report on any agency
matching activities that are not matching
programs.
(4)(A) Except as provided in subparagraphs (B)
and (C), a Data Integrity Board shall not approve any written agreement for a matching
program unless the agency has completed and
submitted to such Board a cost-benefit analysis
of the proposed program and such analysis demonstrates that the program is likely to be cost
effective.2
(B) The Board may waive the requirements of
subparagraph (A) of this paragraph if it determines in writing, in accordance with guidelines
prescribed by the Director of the Office of Management and Budget, that a cost-benefit analysis is not required.
(C) A cost-benefit analysis shall not be required under subparagraph (A) prior to the ini2 So

in original. Probably should be ‘‘cost-effective.’’

Page 52

tial approval of a written agreement for a
matching program that is specifically required
by statute. Any subsequent written agreement
for such a program shall not be approved by the
Data Integrity Board unless the agency has submitted a cost-benefit analysis of the program as
conducted under the preceding approval of such
agreement.
(5)(A) If a matching agreement is disapproved
by a Data Integrity Board, any party to such
agreement may appeal the disapproval to the
Director of the Office of Management and Budget. Timely notice of the filing of such an appeal
shall be provided by the Director of the Office of
Management and Budget to the Committee on
Governmental Affairs of the Senate and the
Committee on Government Operations of the
House of Representatives.
(B) The Director of the Office of Management
and Budget may approve a matching agreement
notwithstanding the disapproval of a Data Integrity Board if the Director determines that—
(i) the matching program will be consistent
with all applicable legal, regulatory, and policy requirements;
(ii) there is adequate evidence that the
matching agreement will be cost-effective; and
(iii) the matching program is in the public
interest.
(C) The decision of the Director to approve a
matching agreement shall not take effect until
30 days after it is reported to committees described in subparagraph (A).
(D) If the Data Integrity Board and the Director of the Office of Management and Budget disapprove a matching program proposed by the inspector general of an agency, the inspector general may report the disapproval to the head of
the agency and to the Congress.
(6) In the reports required by paragraph (3)(D),
agency matching activities that are not matching programs may be reported on an aggregate
basis, if and to the extent necessary to protect
ongoing law enforcement or counterintelligence
investigations.
(v) OFFICE OF MANAGEMENT AND BUDGET RESPONSIBILITIES.—The Director of the Office of
Management and Budget shall—
(1) develop and, after notice and opportunity
for public comment, prescribe guidelines and
regulations for the use of agencies in implementing the provisions of this section; and
(2) provide continuing assistance to and
oversight of the implementation of this section by agencies.
(w) APPLICABILITY TO BUREAU OF CONSUMER FINANCIAL PROTECTION.—Except as provided in the
Consumer Financial Protection Act of 2010, this
section shall apply with respect to the Bureau of
Consumer Financial Protection.
(Added Pub. L. 93–579, § 3, Dec. 31, 1974, 88 Stat.
1897; amended Pub. L. 94–183, § 2(2), Dec. 31, 1975,
89 Stat. 1057; Pub. L. 97–365, § 2, Oct. 25, 1982, 96
Stat. 1749; Pub. L. 97–375, title II, § 201(a), (b),
Dec. 21, 1982, 96 Stat. 1821; Pub. L. 97–452,
§ 2(a)(1), Jan. 12, 1983, 96 Stat. 2478; Pub. L.
98–477, § 2(c), Oct. 15, 1984, 98 Stat. 2211; Pub. L.
98–497, title I, § 107(g), Oct. 19, 1984, 98 Stat. 2292;
Pub. L. 100–503, §§ 2–6(a), 7, 8, Oct. 18, 1988, 102
Stat. 2507–2514; Pub. L. 101–508, title VII,

Page 53

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

§ 7201(b)(1), Nov. 5, 1990, 104 Stat. 1388–334; Pub. L.
103–66, title XIII, § 13581(c), Aug. 10, 1993, 107
Stat. 611; Pub. L. 104–193, title I, § 110(w), Aug. 22,
1996, 110 Stat. 2175; Pub. L. 104–226, § 1(b)(3), Oct.
2, 1996, 110 Stat. 3033; Pub. L. 104–316, title I,
§ 115(g)(2)(B), Oct. 19, 1996, 110 Stat. 3835; Pub. L.
105–34, title X, § 1026(b)(2), Aug. 5, 1997, 111 Stat.
925; Pub. L. 105–362, title XIII, § 1301(d), Nov. 10,
1998, 112 Stat. 3293; Pub. L. 106–170, title IV,
§ 402(a)(2), Dec. 17, 1999, 113 Stat. 1908; Pub. L.
108–271, § 8(b), July 7, 2004, 118 Stat. 814; Pub. L.
111–148, title VI, § 6402(b)(2), Mar. 23, 2010, 124
Stat. 756; Pub. L. 111–203, title X, § 1082, July 21,
2010, 124 Stat. 2080.)
REFERENCES IN TEXT
Section 552(e) of this title, referred to in subsec.
(a)(1), was redesignated section 552(f) of this title by
section 1802(b) of Pub. L. 99–570.
Section 6103 of the Internal Revenue Code of 1986, referred to in subsec. (a)(8)(B)(iv), (vii), is classified to
section 6103 of Title 26, Internal Revenue Code.
Sections 404, 464, and 1137 of the Social Security Act,
referred to in subsec. (a)(8)(B)(iv), are classified to sections 604, 664, and 1320b–7, respectively, of Title 42, The
Public Health and Welfare.
For effective date of this section, referred to in subsecs. (k)(2), (5), (7), (l)(2), (3), and (m), see Effective Date
note below.
Section 6 of the Privacy Act of 1974, referred to in
subsec. (s)(1), is section 6 of Pub. L. 93–579, which was
set out below and was repealed by section 6(c) of Pub.
L. 100–503.
For classification of the Privacy Act of 1974, referred
to in subsec. (s)(4), see Short Title note below.
The Consumer Financial Protection Act of 2010, referred to in subsec. (w), is title X of Pub. L. 111–203,
July 21, 2010, 124 Stat. 1955, which enacted subchapter V
(§ 5481 et seq.) of chapter 53 of Title 12, Banks and Banking, and enacted and amended numerous other sections
and notes in the Code. For complete classification of
this Act to the Code, see Short Title note set out under
section 5301 of Title 12 and Tables.
CODIFICATION
Section 552a of former Title 5, Executive Departments and Government Officers and Employees, was
transferred to section 2244 of Title 7, Agriculture.
AMENDMENTS
2010—Subsec. (a)(8)(B)(ix). Pub. L. 111–148 added cl.
(ix).
Subsec. (w). Pub. L. 111–203 added subsec. (w).
2004—Subsec. (b)(10). Pub. L. 108–271 substituted
‘‘Government Accountability Office’’ for ‘‘General Accounting Office’’.
1999—Subsec. (a)(8)(B)(viii). Pub. L. 106–170 added cl.
(viii).
1998—Subsec. (u)(6), (7). Pub. L. 105–362 redesignated
par. (7) as (6), substituted ‘‘paragraph (3)(D)’’ for ‘‘paragraphs (3)(D) and (6)’’, and struck out former par. (6)
which read as follows: ‘‘The Director of the Office of
Management and Budget shall, annually during the
first 3 years after the date of enactment of this subsection and biennially thereafter, consolidate in a report to the Congress the information contained in the
reports from the various Data Integrity Boards under
paragraph (3)(D). Such report shall include detailed information about costs and benefits of matching programs that are conducted during the period covered by
such consolidated report, and shall identify each waiver
granted by a Data Integrity Board of the requirement
for completion and submission of a cost-benefit analysis and the reasons for granting the waiver.’’
1997—Subsec. (a)(8)(B)(vii). Pub. L. 105–34 added cl.
(vii).
1996—Subsec. (a)(8)(B)(iv)(III). Pub. L. 104–193 substituted ‘‘section 404(e), 464,’’ for ‘‘section 464’’.

§ 552a

Subsec. (a)(8)(B)(v) to (vii). Pub. L. 104–226 inserted
‘‘or’’ at end of cl. (v), struck out ‘‘or’’ at end of cl. (vi),
and struck out cl. (vii) which read as follows: ‘‘matches
performed pursuant to section 6103(l)(12) of the Internal
Revenue Code of 1986 and section 1144 of the Social Security Act;’’.
Subsecs. (b)(12), (m)(2). Pub. L. 104–316 substituted
‘‘3711(e)’’ for ‘‘3711(f)’’.
1993—Subsec. (a)(8)(B)(vii). Pub. L. 103–66 added cl.
(vii).
1990—Subsec. (p). Pub. L. 101–508 amended subsec. (p)
generally, restating former pars. (1) and (3) as par. (1),
adding provisions relating to Data Integrity Boards,
and restating former pars. (2) and (4) as (2) and (3), respectively.
1988—Subsec. (a)(8) to (13). Pub. L. 100–503, § 5, added
pars. (8) to (13).
Subsec. (e)(12). Pub. L. 100–503, § 3(a), added par. (12).
Subsec. (f). Pub. L. 100–503, § 7, substituted ‘‘biennially’’ for ‘‘annually’’ in last sentence.
Subsecs. (o) to (q). Pub. L. 100–503, § 2(2), added subsecs. (o) to (q). Former subsecs. (o) to (q) redesignated
(r) to (t), respectively.
Subsec. (r). Pub. L. 100–503, § 3(b), inserted ‘‘and
matching programs’’ in heading and amended text generally. Prior to amendment, text read as follows: ‘‘Each
agency shall provide adequate advance notice to Congress and the Office of Management and Budget of any
proposal to establish or alter any system of records in
order to permit an evaluation of the probable or potential effect of such proposal on the privacy and other
personal or property rights of individuals or the disclosure of information relating to such individuals, and its
effect on the preservation of the constitutional principles of federalism and separation of powers.’’
Pub. L. 100–503, § 2(1), redesignated former subsec. (o)
as (r).
Subsec. (s). Pub. L. 100–503, § 8, substituted ‘‘Biennial’’
for ‘‘Annual’’ in heading, ‘‘biennially submit’’ for ‘‘annually submit’’ in introductory provisions, ‘‘preceding
2 years’’ for ‘‘preceding year’’ in par. (1), and ‘‘such
years’’ for ‘‘such year’’ in par. (2).
Pub. L. 100–503, § 2(1), redesignated former subsec. (p)
as (s).
Subsec. (t). Pub. L. 100–503, § 2(1), redesignated former
subsec. (q) as (t).
Subsec. (u). Pub. L. 100–503, § 4, added subsec. (u).
Subsec. (v). Pub. L. 100–503, § 6(a), added subsec. (v).
1984—Subsec. (b)(6). Pub. L. 98–497, § 107(g)(1), substituted ‘‘National Archives and Records Administration’’ for ‘‘National Archives of the United States’’, and
‘‘Archivist of the United States or the designee of the
Archivist’’ for ‘‘Administrator of General Services or
his designee’’.
Subsec. (l)(1). Pub. L. 98–497, § 107(g)(2), substituted
‘‘Archivist of the United States’’ for ‘‘Administrator of
General Services’’ in two places.
Subsec. (q). Pub. L. 98–477 designated existing provisions as par. (1) and added par. (2).
1983—Subsec. (b)(12). Pub. L. 97–452 substituted ‘‘section 3711(f) of title 31’’ for ‘‘section 3(d) of the Federal
Claims Collection Act of 1966 (31 U.S.C. 952(d))’’.
Subsec. (m)(2). Pub. L. 97–452 substituted ‘‘section
3711(f) of title 31’’ for ‘‘section 3(d) of the Federal
Claims Collection Act of 1966 (31 U.S.C. 952(d))’’.
1982—Subsec. (b)(12). Pub. L. 97–365, § 2(a), added par.
(12).
Subsec. (e)(4). Pub. L. 97–375, § 201(a), substituted
‘‘upon establishment or revision’’ for ‘‘at least annually’’ after ‘‘Federal Register’’.
Subsec. (m). Pub. L. 97–365, § 2(b), designated existing
provisions as par. (1) and added par. (2).
Subsec. (p). Pub. L. 97–375, § 201(b), substituted provisions requiring annual submission of a report by the
President to the Speaker of the House and President
pro tempore of the Senate relating to the Director of
the Office of Management and Budget, individual rights
of access, changes or additions to systems of records,
and other necessary or useful information, for provisions which had directed the President to submit to the

§ 552a

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

Speaker of the House and the President of the Senate,
by June 30 of each calendar year, a consolidated report,
separately listing for each Federal agency the number
of records contained in any system of records which
were exempted from the application of this section
under the provisions of subsections (j) and (k) of this
section during the preceding calendar year, and the
reasons for the exemptions, and such other information
as indicate efforts to administer fully this section.
1975—Subsec. (g)(5). Pub. L. 94–183 substituted ‘‘to
September 27, 1975’’ for ‘‘to the effective date of this
section’’.
CHANGE OF NAME
Committee on Governmental Affairs of Senate
changed to Committee on Homeland Security and Governmental Affairs of Senate, effective Jan. 4, 2005, by
Senate Resolution No. 445, One Hundred Eighth Congress, Oct. 9, 2004.
Committee on Government Operations of House of
Representatives treated as referring to Committee on
Government Reform and Oversight of House of Representatives by section 1(a) of Pub. L. 104–14, set out as
a note under section 21 of Title 2, The Congress. Committee on Government Reform and Oversight of House
of Representatives changed to Committee on Government Reform of House of Representatives by House
Resolution No. 5, One Hundred Sixth Congress, Jan. 6,
1999. Committee on Government Reform of House of
Representatives changed to Committee on Oversight
and Government Reform of House of Representatives
by House Resolution No. 6, One Hundred Tenth Congress, Jan. 5, 2007.
EFFECTIVE DATE OF 2010 AMENDMENT
Pub. L. 111–203, title X, § 1082, July 21, 2010, 124 Stat.
2080, provided that the amendment made by section
1082 is effective on July 21, 2010.
Pub. L. 111–203, title X, § 1100H, July 21, 2010, 124 Stat.
2113, provided that: ‘‘Except as otherwise provided in
this subtitle [subtitle H (§§ 1081–1100H) of title X of Pub.
L. 111–203, see Tables for classification] and the amendments made by this subtitle, this subtitle and the
amendments made by this subtitle, other than sections
1081 [amending section 8G of Pub. L. 95–452, set out in
the Appendix to this title, and enacting provisions set
out as a note under section 8G of Pub. L. 95–452] and
1082 [amending this section and enacting provisions set
out as a note under this section], shall become effective
on the designated transfer date.’’
[The term ‘‘designated transfer date’’ is defined in
section 5481(9) of Title 12, Banks and Banking, as the
date established under section 5582 of Title 12, which is
July 21, 2011.]
EFFECTIVE DATE OF 1999 AMENDMENT
Amendment by Pub. L. 106–170 applicable to individuals whose period of confinement in an institution
commences on or after the first day of the fourth
month beginning after December 1999, see section
402(a)(4) of Pub. L. 106–170, set out as a note under section 402 of Title 42, The Public Health and Welfare.
EFFECTIVE DATE OF 1997 AMENDMENT
Amendment by Pub. L. 105–34 applicable to levies issued after Aug. 5, 1997, see section 1026(c) of Pub. L.
105–34, set out as a note under section 6103 of Title 26,
Internal Revenue Code.

Page 54

set out as an Effective Date note under section 601 of
Title 42, The Public Health and Welfare.
EFFECTIVE DATE OF 1993 AMENDMENT
Amendment by Pub. L. 103–66 effective Jan. 1, 1994,
see section 13581(d) of Pub. L. 103–66, set out as a note
under section 1395y of Title 42, The Public Health and
Welfare.
EFFECTIVE DATE OF 1988 AMENDMENT
Pub. L. 100–503, § 10, Oct. 18, 1988, 102 Stat. 2514, as
amended by Pub. L. 101–56, § 2, July 19, 1989, 103 Stat.
149, provided that:
‘‘(a) IN GENERAL.—Except as provided in subsections
(b) and (c), the amendments made by this Act [amending this section and repealing provisions set out as a
note below] shall take effect 9 months after the date of
enactment of this Act [Oct. 18, 1988].
‘‘(b) EXCEPTIONS.—The amendment made by sections
3(b), 6, 7, and 8 of this Act [amending this section and
repealing provisions set out as a note below] shall take
effect upon enactment.
‘‘(c) EFFECTIVE DATE DELAYED FOR EXISTING PROGRAMS.—In the case of any matching program (as defined in section 552a(a)(8) of title 5, United States Code,
as added by section 5 of this Act) in operation before
June 1, 1989, the amendments made by this Act (other
than the amendments described in subsection (b)) shall
take effect January 1, 1990, if—
‘‘(1) such matching program is identified by an
agency as being in operation before June 1, 1989; and
‘‘(2) such identification is—
‘‘(A) submitted by the agency to the Committee
on Governmental Affairs of the Senate, the Committee on Government Operations of the House of
Representatives, and the Office of Management and
Budget before August 1, 1989, in a report which contains a schedule showing the dates on which the
agency expects to have such matching program in
compliance with the amendments made by this Act,
and
‘‘(B) published by the Office of Management and
Budget in the Federal Register, before September
15, 1989.’’
EFFECTIVE DATE OF 1984 AMENDMENT
Amendment by Pub. L. 98–497 effective Apr. 1, 1985,
see section 301 of Pub. L. 98–497, set out as a note under
section 2102 of Title 44, Public Printing and Documents.
EFFECTIVE DATE
Pub. L. 93–579, § 8, Dec. 31, 1974, 88 Stat. 1910, provided
that: ‘‘The provisions of this Act [enacting this section
and provisions set out as notes under this section] shall
be effective on and after the date of enactment [Dec. 31,
1974], except that the amendments made by sections 3
and 4 [enacting this section and amending analysis preceding section 500 of this title] shall become effective
270 days following the day on which this Act is enacted.’’
SHORT TITLE OF 1990 AMENDMENT
Pub. L. 101–508, title VII, § 7201(a), Nov. 5, 1990, 104
Stat. 1388–334, provided that: ‘‘This section [amending
this section and enacting provisions set out as notes
below] may be cited as the ‘Computer Matching and
Privacy Protection Amendments of 1990’.’’

EFFECTIVE DATE OF 1996 AMENDMENT

SHORT TITLE OF 1989 AMENDMENT

Amendment by Pub. L. 104–193 effective July 1, 1997,
with transition rules relating to State options to accelerate such date, rules relating to claims, actions, and
proceedings commenced before such date, rules relating
to closing out of accounts for terminated or substantially modified programs and continuance in office of
Assistant Secretary for Family Support, and provisions
relating to termination of entitlement under AFDC
program, see section 116 of Pub. L. 104–193, as amended,

Pub. L. 101–56, § 1, July 19, 1989, 103 Stat. 149, provided
that: ‘‘This Act [amending section 10 of Pub. L. 100–503,
set out as a note above] may be cited as the ‘Computer
Matching and Privacy Protection Act Amendments of
1989’.’’
SHORT TITLE OF 1988 AMENDMENT
Pub. L. 100–503, § 1, Oct. 18, 1988, 102 Stat. 2507, provided that: ‘‘This Act [amending this section, enacting

Page 55

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES

provisions set out as notes above and below, and repealing provisions set out as a note below] may be cited as
the ‘Computer Matching and Privacy Protection Act of
1988’.’’
SHORT TITLE OF 1974 AMENDMENT
Pub. L. 93–579, § 1, Dec. 31, 1974, 88 Stat. 1896, provided:
‘‘That this Act [enacting this section and provisions set
out as notes under this section] may be cited as the
‘Privacy Act of 1974’.’’
SHORT TITLE
This section is popularly known as the ‘‘Privacy
Act’’.
TERMINATION OF REPORTING REQUIREMENTS
For termination, effective May 15, 2000, of reporting
provisions in subsec. (s) of this section, see section 3003
of Pub. L. 104–66, as amended, set out as a note under
section 1113 of Title 31, Money and Finance, and page 31
of House Document No. 103–7.
DELEGATION OF FUNCTIONS
Functions of Director of Office of Management and
Budget under this section delegated to Administrator
for Office of Information and Regulatory Affairs by section 3 of Pub. L. 96–511, Dec. 11, 1980, 94 Stat. 2825, set
out as a note under section 3503 of Title 44, Public
Printing and Documents.
PUBLICATION OF GUIDANCE UNDER SUBSECTION
(p)(1)(A)(ii)
Pub. L. 101–508, title VII, § 7201(b)(2), Nov. 5, 1990, 104
Stat. 1388–334, provided that: ‘‘Not later than 90 days
after the date of the enactment of this Act [Nov. 5,
1990], the Director of the Office of Management and
Budget shall publish guidance under subsection
(p)(1)(A)(ii) of section 552a of title 5, United States
Code, as amended by this Act.’’
LIMITATION ON APPLICATION OF VERIFICATION
REQUIREMENT
Pub. L. 101–508, title VII, § 7201(c), Nov. 5, 1990, 104
Stat.
1388–335,
provided
that:
‘‘Section
552a(p)(1)(A)(ii)(II) of title 5, United States Code, as
amended by section 2 [probably means section 7201(b)(1)
of Pub. L. 101–508], shall not apply to a program referred to in paragraph (1), (2), or (4) of section 1137(b) of
the Social Security Act (42 U.S.C. 1320b–7), until the
earlier of—
‘‘(1) the date on which the Data Integrity Board of
the Federal agency which administers that program
determines that there is not a high degree of confidence that information provided by that agency
under Federal matching programs is accurate; or
‘‘(2) 30 days after the date of publication of guidance under section 2(b) [probably means section
7201(b)(2) of Pub. L. 101–508, set out as a note above].’’
EFFECTIVE DATE DELAYED FOR CERTAIN EDUCATION
BENEFITS COMPUTER MATCHING PROGRAMS
Pub. L. 101–366, title II, § 206(d), Aug. 15, 1990, 104 Stat.
442, provided that:
‘‘(1) In the case of computer matching programs between the Department of Veterans Affairs and the Department of Defense in the administration of education
benefits programs under chapters 30 and 32 of title 38
and chapter 106 of title 10, United States Code, the
amendments made to section 552a of title 5, United
States Code, by the Computer Matching and Privacy
Protection Act of 1988 [Pub. L. 100–503] (other than the
amendments made by section 10(b) of that Act) [see Effective Date of 1988 Amendment note above] shall take
effect on October 1, 1990.
‘‘(2) For purposes of this subsection, the term ‘matching program’ has the same meaning provided in section
552a(a)(8) of title 5, United States Code.’’
IMPLEMENTATION GUIDANCE FOR 1988 AMENDMENTS
Pub. L. 100–503, § 6(b), Oct. 18, 1988, 102 Stat. 2513, provided that: ‘‘The Director shall, pursuant to section

§ 552a

552a(v) of title 5, United States Code, develop guidelines
and regulations for the use of agencies in implementing
the amendments made by this Act [amending this section and repealing provisions set out as a note below]
not later than 8 months after the date of enactment of
this Act [Oct. 18, 1988].’’
CONSTRUCTION OF 1988 AMENDMENTS
Pub. L. 100–503, § 9, Oct. 18, 1988, 102 Stat. 2514, provided that: ‘‘Nothing in the amendments made by this
Act [amending this section and repealing provisions set
out as a note below] shall be construed to authorize—
‘‘(1) the establishment or maintenance by any agency of a national data bank that combines, merges, or
links information on individuals maintained in systems of records by other Federal agencies;
‘‘(2) the direct linking of computerized systems of
records maintained by Federal agencies;
‘‘(3) the computer matching of records not otherwise authorized by law; or
‘‘(4) the disclosure of records for computer matching except to a Federal, State, or local agency.’’
CONGRESSIONAL FINDINGS AND STATEMENT OF PURPOSE
Pub. L. 93–579, § 2, Dec. 31, 1974, 88 Stat. 1896, provided
that:
‘‘(a) The Congress finds that—
‘‘(1) the privacy of an individual is directly affected
by the collection, maintenance, use, and dissemination of personal information by Federal agencies;
‘‘(2) the increasing use of computers and sophisticated information technology, while essential to the
efficient operations of the Government, has greatly
magnified the harm to individual privacy that can
occur from any collection, maintenance, use, or dissemination of personal information;
‘‘(3) the opportunities for an individual to secure
employment, insurance, and credit, and his right to
due process, and other legal protections are endangered by the misuse of certain information systems;
‘‘(4) the right to privacy is a personal and fundamental right protected by the Constitution of the
United States; and
‘‘(5) in order to protect the privacy of individuals
identified in information systems maintained by Federal agencies, it is necessary and proper for the Congress to regulate the collection, maintenance, use,
and dissemination of information by such agencies.
‘‘(b) The purpose of this Act [enacting this section
and provisions set out as notes under this section] is to
provide certain safeguards for an individual against an
invasion of personal privacy by requiring Federal agencies, except as otherwise provided by law, to—
‘‘(1) permit an individual to determine what records
pertaining to him are collected, maintained, used, or
disseminated by such agencies;
‘‘(2) permit an individual to prevent records pertaining to him obtained by such agencies for a particular purpose from being used or made available for
another purpose without his consent;
‘‘(3) permit an individual to gain access to information pertaining to him in Federal agency records, to
have a copy made of all or any portion thereof, and
to correct or amend such records;
‘‘(4) collect, maintain, use, or disseminate any
record of identifiable personal information in a manner that assures that such action is for a necessary
and lawful purpose, that the information is current
and accurate for its intended use, and that adequate
safeguards are provided to prevent misuse of such information;
‘‘(5) permit exemptions from the requirements with
respect to records provided in this Act only in those
cases where there is an important public policy need
for such exemption as has been determined by specific statutory authority; and
‘‘(6) be subject to civil suit for any damages which
occur as a result of willful or intentional action
which violates any individual’s rights under this
Act.’’

§ 552b

TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES
PRIVACY PROTECTION STUDY COMMISSION

Pub. L. 93–579, § 5, Dec. 31, 1974, 88 Stat. 1905, as
amended by Pub. L. 95–38, June 1, 1977, 91 Stat. 179,
which established the Privacy Protection Study Commission and provided that the Commission study data
banks, automated data processing programs and information systems of governmental, regional and private
organizations to determine standards and procedures in
force for protection of personal information, that the
Commission report to the President and Congress the
extent to which requirements and principles of section
552a of title 5 should be applied to the information
practices of those organizations, and that it make
other legislative recommendations to protect the privacy of individuals while meeting the legitimate informational needs of government and society, ceased to
exist on September 30, 1977, pursuant to section 5(g) of
Pub. L. 93–579.
GUIDELINES AND REGULATIONS FOR MAINTENANCE OF
PRIVACY AND PROTECTION OF RECORDS OF INDIVIDUALS
Pub. L. 93–579, § 6, Dec. 31, 1974, 88 Stat. 1909, which
provided that the Office of Management and Budget
shall develop guidelines and regulations for use of
agencies in implementing provisions of this section and
provide continuing assistance to and oversight of the
implementation of the provisions of such section by
agencies, was repealed by Pub. L. 100–503, § 6(c), Oct. 18,
1988, 102 Stat. 2513.
DISCLOSURE OF SOCIAL SECURITY NUMBER
Pub. L. 93–579, § 7, Dec. 31, 1974, 88 Stat. 1909, provided
that:
‘‘(a)(1) It shall be unlawful for any Federal, State or
local government agency to deny to any individual any
right, benefit, or privilege provided by law because of
such individual’s refusal to disclose his social security
account number.
‘‘(2) the [The] provisions of paragraph (1) of this subsection shall not apply with respect to—
‘‘(A) any disclosure which is required by Federal
statute, or
‘‘(B) the disclosure of a social security number to
any Federal, State, or local agency maintaining a
system of records in existence and operating before
January 1, 1975, if such disclosure was required under
statute or regulation adopted prior to such date to
verify the identity of an individual.
‘‘(b) Any Federal, State, or local government agency
which requests an individual to disclose his social security account number shall inform that individual
whether that disclosure is mandatory or voluntary, by
what statutory or other authority such number is solicited, and what uses will be made of it.’’
AUTHORIZATION OF APPROPRIATIONS TO PRIVACY
PROTECTION STUDY COMMISSION
Pub. L. 93–579, § 9, Dec. 31, 1974, 88 Stat. 1910, as
amended by Pub. L. 94–394, Sept. 3, 1976, 90 Stat. 1198,
authorized appropriations for the period beginning July
1, 1975, and ending on September 30, 1977.
EX. ORD. NO. 9397. NUMBERING SYSTEM FOR FEDERAL
ACCOUNTS RELATING TO INDIVIDUAL PERSONS
Ex. Ord. No. 9397, Nov. 22, 1943, 8 F.R. 16095, as amended by Ex. Ord. No. 13478, § 2, Nov. 18, 2008, 73 F.R. 70239,
provided:
WHEREAS certain Federal agencies from time to
time require in the administration of their activities a
system of numerical identification of accounts of individual persons; and
WHEREAS some seventy million persons have heretofore been assigned account numbers pursuant to the
Social Security Act; and
WHEREAS a large percentage of Federal employees
have already been assigned account numbers pursuant
to the Social Security Act; and
WHEREAS it is desirable in the interest of economy
and orderly administration that the Federal Govern-

Page 56

ment move towards the use of a single, unduplicated
numerical identification system of accounts and avoid
the unnecessary establishment of additional systems:
NOW, THEREFORE, by virtue of the authority vested
in me as President of the United States, it is hereby ordered as follows:
1. Hereafter any Federal department, establishment,
or agency may, whenever the head thereof finds it advisable to establish a new system of permanent account
numbers pertaining to individual persons, utilize the
Social Security Act account numbers assigned pursuant to title 20, section 422.103 of the Code of Federal
Regulations and pursuant to paragraph 2 of this order.
2. The Social Security Administration shall provide
for the assignment of an account number to each person who is required by any Federal agency to have such
a number but who has not previously been assigned
such number by the Administration. The Administration may accomplish this purpose by (a) assigning such
numbers to individual persons, (b) assigning blocks of
numbers to Federal agencies for reassignment to individual persons, or (c) making such other arrangements
for the assignment of numbers as it may deem appropriate.
3. The Social Security Administration shall furnish,
upon request of any Federal agency utilizing the numerical identification system of accounts provided for
in this order, the account number pertaining to any
person with whom such agency has an account or the
name and other identifying data pertaining to any account number of any such person.
4. The Social Security Administration and each Federal agency shall maintain the confidential character
of information relating to individual persons obtained
pursuant to the provisions of this order.
5. There shall be transferred to the Social Security
Administration, from time to time, such amounts as
the Director of the Office of Management and Budget
shall determine to be required for reimbursement by
any Federal agency for the services rendered by the Administration pursuant to the provisions of this order.
6. This order shall be implemented in accordance with
applicable law and subject to the availability of appropriations.
7. This order is not intended to, and does not, create
any right or benefit, substantive or procedural, enforceable at law or in equity, by any party against the
United States, its departments, agencies, instrumentalities, or entities, its officers, employees, or agents, or
any other person.
8. This order shall be published in the Federal Register.
CLASSIFIED NATIONAL SECURITY INFORMATION
For provisions relating to a response to a request for
information under this section when the fact of its existence or nonexistence is itself classified or when it
was originally classified by another agency, see Ex.
Ord. No. 13526, § 3.6, Dec. 29, 2009, 75 F.R. 718, set out as
a note under section 435 of Title 50, War and National
Defense.

§ 552b. Open meetings
(a) For purposes of this section—
(1) the term ‘‘agency’’ means any agency, as
defined in section 552(e) 1 of this title, headed
by a collegial body composed of two or more
individual members, a majority of whom are
appointed to such position by the President
with the advice and consent of the Senate, and
any subdivision thereof authorized to act on
behalf of the agency;
(2) the term ‘‘meeting’’ means the deliberations of at least the number of individual
agency members required to take action on
1 See

References in Text note below.


File Typeapplication/pdf
AuthorCDC User
File Modified2016-11-14
File Created2014-11-24

© 2024 OMB.report | Privacy Policy