Privacy Act Policy

SIGAR, through the Office of Privacy, Records, and Disclosure, is committed to protecting the privacy and confidentiality of information about individuals that the agency collects, uses and maintains. SIGAR does so through compliance with the Privacy Act of 1974 (Public Law No. 93-579), M-03-22, OMB Guidance for Implementing the Privacy Provisions of Section 208 of the E-Government Act of 2002 exemption 6 of the Freedom of Information Act (Exemption 6), the Federal Records Act of 1950 (Federal Records Act), and SIGAR’s Privacy Policy.

Privacy Act of 1974

The Privacy Act of 1974 provides safeguards against unwarranted invasions of privacy through the misuse of records by Federal agencies by restricting disclosure of personally identifiable records maintained by agencies; granting individuals increased rights of access to records maintained about them; granting individuals the right to seek amendment of records maintained about them upon a showing that the records are not accurate, relevant, timely or complete; and establishing a code of "fair information practices" which requires agencies to comply with statutory norms for collection, maintenance, use and dissemination of records.

The Privacy Act only covers information filed within a “system of records.” A system of records is a group of files, electronic or hard-copy format, that contain information in identifiable form about individuals and which information is retrieved by an identifier unique to the individual. Examples of "information in identifiable form" or "unique identifiers" include, but are not limited to: an individual’s name; Social Security Number; fingerprints; DNA; or retinal eye scan. Agencies with systems of records must publish in the Federal Register systems of records notices (SORN).

Privacy Impact Assessments and System of Records Notices

SIGAR Privacy Act Regulations

• Freedom of Information Act and Privacy Act Procedures
• Freedom of Information Act and Privacy Act Procedures (Electronic Code of Federal Regulations)

Making a Privacy Act Request

Your request applies only to records maintained in a Privacy Act "System of Records” which are records under the control of SIGAR and from which personal information about an individual is retrieved by the name of the individual, or by some other identifying number or symbol, that is unique to the individual. Requests may be made by you or your duly authorized agent.

Requests for access must be in writing and be “properly” received. Your request is considered “properly” received when it meets all of the following criteria:

1. Identifies the particular "systems of records” you want searched;
2. Provides the information listed under the “Notification procedures” or “Record access procedures” elements of the applicable system of records notice;
3. Verifies your identity. SIGAR can use certain minimum identifying data provided in your written request; however, when the information sought is of a sensitive nature, additional identifying data may be required. Such as:
   1. An unsworn declaration under penalty of perjury in accordance with 28 U.S.C. 1746. The requester provides a signed and dated statement that reads
      1. If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct Executed on (date), (Signature)”
      2. If executed without the United States, “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct Executed on (date), (Signature)”
   2. Notarized signatures.
4. Adequately explains a request for expedited processing, if applicable;
5. States whether you agree to pay fees associated with the processing of your request;
6. Contains a written release authority if records are to be released to a third party. Third parties could be a law firm, a Congressman’s office, a union official, or a private entity.

Where to send a Privacy Act Request

When submitting your request via mail, email, or fax please label the subject line “Privacy Act Request”. Correspondence to the FOIA and Privacy Office may be sent to:

Making an Appeal Under the Privacy Act

If you are denied access in whole or in part to records pertaining to yourself, you may file an appeal of that denial with SIGAR, Office of Privacy, Records, and Disclosure. Your appeal letter must be postmarked no later than 35 days after the date of the denial letter from SIGAR.

Upon receipt of your appeal, SIGAR’s Privacy Act Appeal Official will consult with the system manager, legal counsel, and such other officials as may be appropriate. If SIGAR’s Privacy Act Appeal Official determines that the records you requested are not exempt from release, SIGAR grants you access and so notifies you.

If SIGAR’s Privacy Act Appeal Official determines that your appeal must be rejected, SIGAR will immediately notify you in writing of that determination. This decision is final and cannot be appealed further within SIGAR. Within two years of receipt of a SIGAR final determination, you may seek judicial review by filing a civil action in a Federal District Court.

When submitting your appeal via mail, email, or fax please label the subject line "Privacy Act Appeal".