CENTRAL INTELLIGENCE AGENCY ANNUAL PRIVACY ACT REPORT, PART II, FOR 1977

Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 CENTRAL INTELLIGENCE AGENCY WASHINGTON. D.C. 20505 MEMORANDUM FOR: Mr. James T. McIntyre Director Office of Management and Budget ATTENTION: Mr. Walter W. Haase Deputy Associate Director for Information Systems Policy FROM: John F. Blake Deputy Director for Administration SUBJECT: Central Intelligence Agency Annual Privacy Act Report, Part II, for 1977 REFERENCE: Agency Memorandum of 10 March 1978 Containing Part I of the Annual Report In accordance with 0MB Circular No. A-108, Transmittal Memorandum No. 4, and 0MB Memorandum of 25 January 1978, forwarded herewith is the balance of the CIA Annual Privacy Act Report for 1977. John F. Blake AORI/CDF Approved For Release 2006/08/02 CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 CIA ANNUAL PRIVACY ACT REPORT FOR 1977 NARRATIVE 1. Whereas technical and descriptive data of the Agency's records systems comprised our response of 10 March 1978, this portion of the Annual Report addresses the accom- plishments, plans, administration, processing difficulties and recommendations for change vis-a-vis the Privacy Act of 1974. The following discussions correlate to subparagraphs 2 (a through g) of the attachment to your memorandum of inquiry of 25 January 1978. 2(a) Summary of Accomplishments and Future Plans: (1) Protecting Individual Privacy: As a matter of course, the sensitive nature of records held by the Agency and our basic policies governing access to them assist in preserving an individual's privacy. Since the preponderance of our documentation is classified, only properly cleared personnel can review documents, and then on a need-to-know principle. Moreover, the Agency does not have a centralized file system; there- fore, this built-in compartmentation limits the amount of information available to any one person. All offices and files are secured whenever staff personnel are not present and all visitors are asked to state their business and verify their need for records. Visits by non-Agency personnel are recorded, and the visitors' movements are closely monitored at all times. (2) Reducing the Scope of Personal Recordkeeping: Current reductions in holdings of documen- tation have been virtually impossible due to a number of overlapping and repetitive non- destruction directives. The Agency is currently under such an order issued by the House Select Committee on Assassinations. However, with the view that these record destruction moratoriums will eventually end, extensive reviews have been initiated to determine what records will be retained, declassified or destroyed. One signi- ficant step in making possible future reductions Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 in our holdings has been the approval of all of the Agency's Records Control Schedules by the National Archives and Records Service. Given this approval, it is likely that the number of Agency records systems currently maintained may be decreased by two. There are indications, however, that approximately five new systems will have to be declared in the near future. The scope of maintained records is contained by our review and the removal of extraneous data prior to its in- clusion in a system. There has been concern expressed that future access to records may in- hibit the input of current documentation, leading to bland and incomplete files. Although this has been expressed by some records managers, to date we have seen very little evidence of such an occurrence. (b) Scope and Nature of Federal Personal Recordkeeping; Analysis of C anges to Systems of Recor s: (1) During 1977, CIA--22 was merged with CIA--21. This incorporated the case files maintained on the Agency's Freedom of Information Act and E.O. 11652 document declassification requesters with those for persons who filed Privacy Act requests. Two new systems were declared, namely: CIA--60, Personal and Professional Associates of the Director of Central Intelligence; and CIA--61, Supplemental Personnel (Soft) Files. This latter system was created when the Director established the position of Special Assistant to the Deputy to the Director for Resource Management as an integral part of the intelligence community as a whole. Each of the new systems was required because, as Director of Central Intelligence, Admiral Turner assumed responsibility for directing the intelligence community and effectual support was needed. (2) No great change in the use of computer support was noted in 1977. However, in order to meet quick response demands for information, significant increases can be expected within the next two years in computer-assisted records systems. A number of developmental programs are currently being studied for possible implementation. (3) The size of new systems can be expected to be significantly large at the outset, but a leveling off or reduction will be accomplished as permission Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 is granted to remove obsolete information. The scope of new systems will be limited to the effi- cient, effective and necessary requirements to be served, not only for the sake of privacy considera- tions, but also because of the considerable costs involved. (c) Agency Administration of the Act: (1) Accounting for Disclosures: Records are maintained of instances when information is released and, where necessary, waivers are requested from the individuals concerned. (2) Maintenance of Only That Information Necessary for an Authorized Function: Routine uses of records are the determining factors in placing a document into a system. Prior to insertion into a system, records and information are reviewed for relevance. (3) Publication Requirements: All changes to a system of records are pro- mulgated in the Federal Register with due regard for the 30-day note to be given to the general public for their comment and our consideration of their views. In addition, significant additions and deletions to the Agency's systems of records are submitted to the President of the Senate, the Speaker of the House, the Privacy Protection Study Commission and the Office of Management and Budget. (4) Standard of Accuracy, Relevance, Timeliness and Completeness: Within the limits of our Records Control Schedules and the current prohibition on destruction of records, the relevance and timeliness of records are considered. Accuracy and completeness of files are accomplished by placing a copy of the correspondence from the subject, purporting to correct or clarify records, with the document in question. In this way, a complete analysis of the record can be made by an authorized officer when reviewing the information. Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 (5) Validation of Records Before Disclosure utsi e t e Agency: Validation of information is accomplished through normal verification procedures. Where prudent or necessary, the individual will be contacted for additional supporting data. (6) Restrictions on Recordkee in About First Amen meet Activities Collectors and recipients of personal infor- mation are acutely aware of this requirement. Documents are reviewed prior to becoming part of the system. (7) Rules of Conduct for Agency Personnel: Personnel having access to personal records have been instructed in depth as to their respon- sibilities in this regard and the possible con- sequences of a breach of this trust. Formal instruction and realistic situational workshops have been developed to further understanding of the Privacy Act. Extensive formal and on-the-job training are required for those directly implementing the Act. (8) Safeguards on information: Agency personnel have been well trained in handling sensitive information. Records are maintained in combination lock safes or in vaulted areas. Computers can be accessed only by those personnel who have been assigned controlled pass- words and/or other coded identifiers. (9) Operation of the Exemption Provisions: A. The CIA regulations promulgated pursuant to subsection (j) of the Act authorize the withholding of any information pertaining to an individual which would reveal intelligence sources and methods. Polygraph records are exempt from all sections as provided under the exemption except fors~hrouto5(e)(5}, (c) (1) and (2), (e)(4) (A through F), Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 (6), (7), (9), (10), and (11), and (i). Under subsection (j) of the Act, systems of records that contain sources and methods are exempt from sub- sections (c) (3) , (d) , (e) (3) (A through D) , (e) (4) (E) , and (f) (1) . B. Under subsection (k), regulations were promulgated which provide that all provisions of this subsection apply to all systems of records. Information meeting the criteria defined in provisions (k)(1) through (k)(7) may be exempted from subsection (d). C. In conformity with the express intent of the Privacy Act, information in a records system pertaining to an individual is exempt from disclosure, subsection (d), except as permitted in subsection (b)(l through 11). Written permission must be obtained from an individual when personal information pertaining to that person is requested by another individual or entity. D. The Privacy Act permits the Director wide latitude in implementing exemptions for access to records; however, this has been done only to a limited extent. As a system, CIA--23, Polygraph Files, is totally exempt from access. The remaining 57 systems of records are searched, as appropriate, in response to inquiries from requesters. When the above exemptions do not apply, documents are released; and, where they are applicable, segregable portions of records are released whenever feasible. E. There were 644 inquiries in which the request was totally or partially denied and the above discussed subsections were invoked. The con- version to an ADP system in June 1977, did not permit a complete exemption breakout of all the cases but does provide a sample of the results for 388 cases as follows: (b)(i.e., Privacy)....204 (j)(1) ................352 (k)(1) ................207 (k)(5)? ................56 Also, the word "Privacy" was cited previously; however, in order to refer to a specific sub- section of the Act, subsection (b) replaced "Privacy" in July 1977. Approved For Release 2006/08/02 CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00986R000200010019-9 F. In lieu of permitting direct access to records by requesters, as provided for in subsection (d), the Agency duplicates re- leasable documentation for requesters at no cost. (d) Changes in Patterns of Information Exchange: (1) Agency employees or applicants are the primary source of information on themselves. Where verification of data is necessary, waivers are requested. Where sensitive opera- tional and security considerations are para- mount, liaison with some Federal agencies has been curtailed or abandoned. This has resulted from possible exposure, via the Privacy Act, of the Agency's interest in a person and where those agencies cannot exert exemptions to protect our interests. (2) There have been some changes in procedure to segregate out that information which is considered strictly personal and that which is directly related to employment. A Privacy Act statement gives the individual a high degree of awareness as to the limits to which information will be used. These are fully discussed and the problems that can develop are explained, should the desired information not be provided or a waiver for specific purposes not obtained. (3) Initially, officials expressed concern that the Act would cause a significant reduction in third party-provided information. As for Agency employees, this factor has not been noticed. How ever, those interviewed may be narrowing their answers to the questions being asked, with less extemporaneous comment being offered. Pledges of confidentiality requested remain at a level paral- leling the past. Sources in the private sector, having become more aware of their rights, seem somewhat more reluctant to provide information to government officials, with pledges of confiden- tiality more often requested. (4) Alternative sources of information have not been developed. (5) Except for procedural requirements, no significant effect on Agency activities has been noted, due to the Act's limitations on information disclosure. Approved Fbr Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 NI00980R000200010019-9 (6) The Agency's sixth General Routine Use was promulgated in the Federal Register on 16 May 1977, at Vol. 42, No. 94, Pg. 24760. It made provision for a record from a system of records to be disclosed to NARS (GSA) in records manage- ment inspections conducted under authority of 44 U.S.C. 2904 and 2906. This is responsive to of subsections the Act. (b) (6) and (1) (1) , (2) and (3) (7) Although not significant, there have been instances where local authorities have denied Agency investigators access to their records. Vigilance will be exercised by the Agency to stay abreast of local Freedom and Privacy legis- lation, especially in the area of exemption provisions. It could well develop that Agency- exempted information may be releasable at the local level. (e) Exercise of Individual Rights: (1) Number and Disposition of Privacy Actuests: A. Carried over from 1976 .............. 598 Received in 1977... .................. Total Available in 1977 ............ 3621 Final Responses .................... 2397 Granted in Full ..................... 195 Granted in Part ..................... 520* Denied ... ....... ...... ...124* Canceled, Withdrawn or No Record ... 1558 Carried over to 1978 ............... 1224 Request for Amendment .................1 *Usage of subsections for denial of information: Please refer to 2(c)(9)(E) of this report. B. Appeals Carried over from 1976 ............... 66 Received in 1977 ...... ..............94 Total Available in 1977 ............. 160 Final Responses ......................45 Sustained Fully .. ...................17 Sustained Partially .................. 28 Reversed .... ....................0 Canceled or Withdrawn .............. ..0 Carried over to 1978 ................115 Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-R DP81 M00980R000200010019-9 C. Civil Actions: Filed Against Agency .................. 6 Cases Decided in Agency Favor ......... 1** Cases Decided Against Agency .......... O Cases Remaining in Litigation ......... 5 **This case was decided in favor of the Agency. However, the plaintiff appealed one document; the District court upheld the Agency's posi- tion but will still review the record in camera. (2)(A) The Agency's estimate of current and former employees making Privacy Act requests is less than 10 percent of the total. However, the number of requesters in this group appears to be increasing. Also, these figures do not take into account informal requests from current employees where procedures have been in existence since the inception of the Act to permit review of one's files. Approximately 10 percent of Agency em- ployees have availed themselves of this informal approach. (B) Although the Agency does not maintain statistics on which Act a person cites in making a request, Agency employees most often cite the correct Act, given our readily available assist- ance. When anyone wishes to receive information on himself, we encourage processing under the Privacy Act. The requester is assured that all information will be provided as can be allowed under both Acts. If he is insistent, however, we will process such a request under the Freedom Act or provide the exemptions from both Acts. (C) Rarely will the general public cite a system to be searched unless requests for Office of Strategic Services' documents, drug experiment information, or Agency intercepted mail can be so considered. Requesters using commercial services will often cite records systems. Agency personnel use a check-off form. (D) Since all systems are potentially exempt, the requests for access to exempt systems can be considered 100 percent. Also, if releasing a record, where one exists, is considered as access Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9 to an exempt system, we permit this to over 80 percent of the requesters, the balance being denied in full. (f) Public Scrutiny of Federal Personal Recordkee~in& ractices: (1) No reaction of'a substantive nature to any Agency Privacy Act issuance promulgated in the Federal RResister has been received from the general public, the Congress or OMB. If the public wants something, they write or call. Presently existing rules and regulations are largely unknown; so, we properly channel their requests and explain the requirements and pro- cedures necessary to service their requests. To say the least, the Act is expensive in terms of employee time and machine support expended. From the Agency's standpoint, our costs will not lessen simply because the number of our requests are increasing each year, all other factors aside. (g) Problem Areas and Recommendations for Change: Although the discussion below may not pertain specifically to the Privacy Act, it does address personally identifiable information. (1) Agency concern over material released under the Privacy Act is increasing. Problems are being experienced with former staff employees and cooper- ating individuals whose Agency affiliation has not heretofore been disclosed. Serious security breaches could be in the offing. The mere possession of a seemingly innocuous Agency document could, under certain circumstances, cause embarrassment or danger to the person involved, not to mention problems for the Agency. (2) Since deceased individuals have no privacy rights, it is possible that personally identifiable information might have to be released connecting the Agency with undeclared persons. This information, if pursued by hostile elements, could cause serious consequences for vital operational activities and could place in physical jeopardy those who were in association with such an individual. Hostile security and intelligence organizations, in view of their presumed thorough documentation of an American's activities, could quickly identify suspected intelligence sources. Through merely Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-RDP81 M00980R0G0200010019-9 the exposure of the name of a CIA man, a hostile country could determine whether and when he was there. (3) Because of information which might be re- leased, liaison equities between the Agency and its foreign counterparts are being seriously questioned by the latter. They foresee the possi- bility of their information being released and we suspect that they may be withholding information. This very real problem will affect our national security more and more as time elapses. (4) Our experience has shown that the public seldom uses the published systems of records as a key to obtain access to their files. The public generally requests all records retrievable under their name. The possi- bility of each agency making available directly to the public on request a descrip- tive list of records systems should be con- sidered. Expensive publication costs in pro- mulgating systems in the Federal Register could then be limited to only the deletion of an existing system of the declaration of a new system. Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9  Approved For Release 2006/08/02 : CIA-R DP81 M009MOR060200010019-9 IPS/DM/9 May 78 Distribution: Orig. + 4 - 0MB (w/attach) DDA Chrono (w/attach) AI/DDA (w/attach) IPS h o (w /attach) IPS w/attach) Approved For Release 2006/08/02 : CIA-RDP81 M00980R000200010019-9