GN 03350: FOIA and Privacy Act Denials and Appeals
TN 3 (12-03)
A. Policy
The Privacy Act requires Federal agencies to:
Tell an individual upon request whether he/she is the subject of a record contained in one of the agency's systems of records.
-
Permit the individual to inspect and copy the record.
See GN 03340.005 for more information about access requests.
1. Access Requests
An individual's right of access under the Privacy Act extends only to records maintained in a system of records and retrieved by the individual's name or other unique identifier, such as SSN. See GN 03340.005.
Denials or partial denials of access requests are FOIA denials.
EXCEPTION: See GN 03340.035D.4. regarding refusal to grant access to medical records because the individual has failed to name an authorized representative.
a. Subject’s Own Records
The individual who is the subject of a record has access rights.
If the requester cannot adequately prove his/her identity, SSA's refusal to grant access is not a “denial,” and there are no appeal rights.
The requester does not necessarily have an access right to information about other individuals contained in his/her file. See GN 03340.055.
b. Request by Parent or Legal Guardian for Record of Minor or Incompetent
A natural or adoptive parent or the legal guardian of a minor child may have access to that child's records, except medical records (see GN 03340.035E. and GN 03340.035F.), if he/she is acting on behalf of the child (i.e., in the child's best interest) in making the request. (GN 03340.025A.1.)
A minor can exercise the right of access on his or her own behalf. See GN 03340.020.
An incompetent individual may exercise the right of access on his/her own behalf. See GN 03340.030B.
A legal guardian may access his/her ward's records when acting on behalf of the ward. See GN 03340.030B.
c. Medical Records
See GN 03340.035 for special procedures for access to medical records.
Requiring an individual to comply with the special procedures is not considered a denial of a request for access.
There are no appeal rights in this situation.
d. Exempt Systems of Records
Agencies may publish certain PA systems of records as exempt from the PA access provisions.
These are generally investigatory files. See GN 03340.050.
We must then consider requests for such records under FOIA.
e. Records Compiled in Anticipation of Litigation
The PA access provisions exempt records compiled in anticipation of litigation (5 U.S.C. § 552a(d)(5)).
We must then consider requests for such records under FOIA.
EXAMPLE: A file may contain a memorandum from the Office of the General Counsel.
2. Access Cannot Be Granted
If both the FOIA and the PA apply, process the denial under the FOIA (see GN 03350.005 and GN 03350.010).
3. Request to Amend or Delete a Record (See GN 03345.005) Correction or Amendment of Records
A subject individual may request SSA to correct, amend, or delete any record. See GN 03345.005A.1.
a. Disposal or Destruction of Records
Requests by individuals for disposal or destruction of records do not fall under the correction or amendment provisions of the PA.
See GN 03345.005A.2. for requests for disposal of records.
EXAMPLE: After filing a claim for disability benefits, a claimant decides to withdraw the claim because it will be reviewed by non-medical personnel and demands that we destroy the application and other records in the claim file.
b. Update Changes
SSA does not handle requests to update changes in name, address, family composition, etc., under the correction or amendment of record provisions of the PA. See GN 03345.005A.3.
c. Requests to Change Decisions
Most requests for changes to SSA records are subject to the administrative appeals procedures of the Administrative Procedure Act (APA) and Subpart J of SSA Regulations No. 4 (20 CFR § 404). Handle such requests according to instructions in GN 03100.000.
The PA does not give individuals administrative or judicial review rights that the Social Security Act, regulations, and the APA otherwise adequately provide.
4. Requests for Disclosure
The Privacy Act is the controlling law when another Federal agency requests disclosure. See GN 03313.000.
See GN 03350.005A.2.e. and chapter GN 03330.000 for the handling of subpoenas and court orders.
-
The FOIA is the controlling law on most other requests for disclosure.
See GN 03350.005.
B. Procedure
1. Access Requests
a. Time Limits and Acknowledgment Letters
Process requests and grant notification or access to a record promptly.
If there will be a delay in responding to a request for access, send an acknowledgment letter within 30 days informing the requester of the delay and when we expect to grant notification or access.
b. Denials of Access Requests
Process denials of access (except special procedures for medical records or inability to prove identity) as FOIA denials. See GN 03350.005B.
c. Request by Parent or Legal Guardian for the Record of a Minor or Incompetent
-
Parent of Minor
See GN 03340.025B. If access will not be granted (except for medical records), process as a FOIA request. See GN 03350.005B.
-
Legal Guardian
See GN 03340.030. If access will not be granted (except for medical records), process as a FOIA request. See GN 03350.005B.
d. Medical
See GN 03340.035 for special procedures for granting access to medical records.
e. Exempt Systems of Records
See GN 03340.050. If an individual requests notification or access to records in a system of records that we have published as exempt from the access requirements, the System Manager will determine whether access should be granted. If access will not be granted, process as a FOIA request. See GN 03350.005B.
2. Request to Amend or Delete a Record
a. Making a Request
Individuals should write to the manager identified in the Privacy Act System Notice and submit any available evidence to support the request. Field office personnel can help individuals prepare the request.
Requests for correction or amendment are handled by the manager of the system of records in which the information is maintained. See SSA Pub. No. 65-009, Privacy Act Notices of Systems of Records, which can be found at http://www.ssa.gov/foia/bluebook/bluebook.htm
b. Acknowledgment of Correction Request
Acknowledge receipt of a correction request within 10 working days, unless we can review and process the request and give an initial determination of denial or compliance before that time.
c. Record Found to be Correct
If the record is correct, send a written notice of the reason why we refuse to amend the record. See GN 03345.015.
Inform the individual of the right to seek a review of the refusal and the name and address of the review official. See GN 03350.020B.
d. Record Found to be Incorrect
Advise the individual in writing of any correction or amendment made in response to his or her request. See GN 03345.013.
If a correction or amendment to a record may affect a decision on a claim, take appropriate action.
e. Notice of Error
If the record is wrong, correct it promptly.
If wrong information was disclosed from the record, tell all known recipients that the information was wrong.
Give prior recipients the correct information.
EXCEPTION: No notice is necessary if the change is not due to an error, e.g., a change of name or address.
3. Request for Disclosure
-
The Privacy Act governs requests for disclosure from Federal agencies.
If we cannot disclose a record to a Federal agency, deny the request, citing appropriate sections of Regulation No. 1 or the Privacy Act. See GN 03313.105. Discuss questionable requests or those that may have implications that could affect nationwide policy with the Regional Privacy Act Coordinator. It may be appropriate to refer such requests to the Privacy Officer.
Refer requests for ongoing access to data, matches, data exchange or terminal access through the Regional Privacy Act Coordinator to the Privacy Officer.
See GN 03350.005A.2.e. and chapter GN 03330.000 for the handling of subpoenas and court orders.
Most other requests for disclosure that must be denied are handled as FOIA denials. See GN 03350.005B.