PRIVACY ACT RECORDS SYSTEM REPORTING

Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 ROUTING AND RECORD SHEET SUBJECT: (Optional) Priva Act Records and tem rting FROM: -:1 EXTENSION . No. ST Director for Administration DATE OIS 86-096 8 March 1986 S TO: (Officer designation, room numbor, and building) DATE OFFlCER'S COMMENTS (Number each comment to show from whom RECEIVED KWWNAROw IMMALS to whom. Draw a line ocross column ofter each comment.) DIOTS Mo 2. 3. LOGGED $1 IAM 4. s. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 1.79 FORM 610 EDITIOMs AT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 01S 86-096 28 March 1986 MEMORANDUM FOR: Records Management Officer, DCI Records Management Officer, DDA Records Management Officer, DDI Records Management Officer, DDO Records Management Officer, DDS&T Director ot nformation Services STAT SUBJECT: Privacy Act Records System Reporting REFERENCE: DDA 85-3425 of 11 October 1985, Same Subject 1. At a meeting on 7 February 1986, you were advised by the OIS Legal Advisor and the Information and Privacy Coordinator of a number of problems which had become apparent as a result of the your earlier review of the Agency Privacy Act Records Systems Listing for the Federal Register. You were promised a paper setting forth details of some additional work that would be required. That paper is attached. 2. Please be reminded that the requirement to list in the Federal Register all systems of records that fall within the provisions of the Privacy Act is mandatory not optional; further, that the penalty for failing to comply falls on the individual responsible, see 5 U.S.C. 552a(i)(2). 3. Please complete the necessary additional work and forward it to OIS/IRMD by 14 April 1986. Do not hesitate to call the briefing officers if additional questions arise during your review. Attachment: As Stated STAT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 PRIVACY ACT RECORDS SYSTEMS REPORTING The referent memorandum instructed that a review be conducted, throughout the Agency and the Intelligence Community Staff, of all records systems falling within the province of the Privacy Act. A copy of that memorandum is attached. The purpose of the review was to ensure an accurate updating of the listing of Agency files carried in the Federal Register. That listing had changed little in the last decade. I. The Problem 1. The results of the review have now been collected. Several facts have become evident which strongly suggest some further action. For example: A. A number of records systems which appear to meet the statutory criteria, for listing in the Federal Register, are not so listed. This is particularly true with many files listed in the Records Control Schedules which are not listed in the Privacy Act Lists in the Federal Register. B. Several groups of records systems listings appear to be redundant entries except for being in different Directorates or Offices. C. Some entries currently shown in the Federal Register Listing disclose information which would, under other circumstances, be regarded as exempt from public disclosure. 2. The circumstances described above suggest anomalies that are likely to invite questions to be dealt with in congressional hearings, in litigation, and in responding to public questions provoked by publication of the list in the Federal Register. The circumstance described in paragraph A above seems likely to be the most troublesome. The expected trouble may be illustrated by predictable questions, such as: Where are your files on Narcotics traffickers? Where are your files on Technology Transfer problems? Where are your files on National Security "Leaks"? Where are your files on "terrorists"? Where are your files on Americans used in Intelligence Operations? Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 Where are your files on Americans used in Covert Action Operations? Where are your files on Americans used in Counterintelligence Operations? 3. The answer to such questions is clearly that to acknowledge the existence of such files, and consequently such activities, is to acknowledge information which is exempt from disclosure under provisions of the Privacy Act, principally information which is classified or which discloses intelligence sources and methods. 4. Providing that answer, however, is not likely to remove the suspicion that there are files that we are not acknowledging and, more importantly, not searching. We must be prepared to show that there are files which we cannot acknowledge but which are searched for non-exempt information in response to Privacy Act requests. In that way we can deal with the ultimate suspicion that this Agency might be secretly spying on Americans. ii. Remedies 1. To remove the suspicion created by the circumstances described in paragraph A above, each Directorate and Independent office should create and maintain a classified listing of the actual files, by title, which are searched in response to Privacy Act requests. Records holdings which have not been titled may be identified on the basis of their purpose. These must be all files from which information about an individual U.S. citizen or Permanent Resident Alien is retrieved by the name or personal identifier of the individual, regardless of the prime purpose for which the files were created. 2. The classified lists will be used as a working guide by employees responsible for conducting Privacy Act searches. The lists will also be used to deal with questions from appropriate congressional oversight committees concerning the Agency's compliance with the provisions of the Privacy Act. The lists should also prove their value in any Privacy Act litigation in which the thoroughness of the search is contested. 3. After preparing its classified list, the originating component should compare it with the Component's current listing in the Federal Register. The unclassified listing in the Federal Register should be stated in terms that are broad enough and general enough to encompass the specific files on the classified list without disclosing information which is exempt from disclosure. If that is not the case the Federal Register listing should be amended to accomplish that purpose. Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 4. The problem identified in paragraph B will be dealt with by OIS as set forth in the Action section below. 5. With regard to the problem mentioned in paragraph C above, each component should review its unclassified list entries currently in the Federal Register and any proposed additions or amendments to ensure that the file descriptions do not unintentionally disclose exempt information. Particular attention should be given to the section concerned with, "Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system." Some entries in the sub-categories of "Safeguards" and "Retention and disposal" appear to be particularly detailed and revealing concerning Agency records methods. Additionally, 60 of the current 69 Records System listings show the means of storage as "Paper," which does not seem consistent with the marked increase in automation in Agency records systems in the last decade. Any amendments resulting from this review should be included in the revised unclassified listings. III. Action 1. Each Directorate and Independent office is requested to prepare the classified listing of its Privacy Act files and any related amendments to its unclassified Federal Register listing as described above. The action responsibility for assembling this list should rest with the office Records Management Officer (RMO) in consultation with the office FOIA/PA officers. The office lists should be forwarded to the Directorate IRO/RMO for review and verification. Both lists should be forwarded to Director, Office of Information Services, Attn Chief, IR[ID/OIS. The classified list will be reviewed by the Information and Privacy Coordinator, certified and returned to the component to be kept in the custody of the component. The unclassified list will be used in drafting the submission for the Federal Register. 2. Component RMOs are reminded that the individual items in their Records Control Schedules should be annotated to identify the related Privacy Act file listing in the Federal Register. If the Records Control Schedule does not contain an item which covers the content of specific Privacy Act listings, a new item for the Records Control Schedule must be prepared by the office RMO, forwarded to the Directorate RMO for review and verification, and then forwarded to OIS/IRMD for submission to the National Archives. 3. OIS will draft for coordination some consolidated listings to deal with the second general problem, mentioned in paragraph B above. The objective of that effort will be to identify and consolidate redundant entries in the listings, e.g. "Personnel Soft Files." Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 DA:D/OIS: Distribution: 1 - DCI/RMO 1 - DDA/PMO 1 - DDI/RMO 1 - DDI/IRO 1 - DDO/RMO 1 - DDO/IRO 1 -_ 1 - DDS&T/RMO 2 - D/OIS 1 - LA/OIS 1 - C/OIS/IRMD 1 - C/OIS/CRD STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  STAT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 STAT Iq Next 4 Page(s) In Document Denied STAT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 DDA 85-3425 11 October 1985 MEMORANDUM FOR: Director, Intelligence Community Staff Deputy Director for Intelligence Deputy Director for Operations Deputy Director for Science and Technology Chairman, E Career Service FROM: Harry E. Fitzwater Deputy Director for Administration SUBJECT: Records System Reporting 1. The Privacy Act of 1976 requires that each federal agency which maintains a system of records as defined by the Privacy Act -/Must publish, at least annually, a notice in the Federal Register of the existence and character of such system of records. CIA initially listed 67 such systems. The decade since the first listing, several amendments have increased the total system listed to 69. A copy of the current system listing is attached. Freedom of Information Act, Privacy Act and Executive Order 12356 STAT Chapter VIII, page 53 et seq. further defines the responsibilities of pertinent Agency components and describes procedures to use in satisfying those responsibilities. Additionally, all com- ponents have been periodically reminded of the need to keep the Agency listing of Privacy A systems of records current. The most recent .reminder was dated 18 July 1984, titled Records Systems Reporting. 3. Like much of the rest of our society, the Agency has not escaped the effects of the dramatic advances in information processing in the last decade. On its face, it would seem unlikely that there have been no revisions in the Agency's systems of records that would require a revision of the Agency's published listing. 1/'The term 'system of records' means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual,' 552a(a)(5). STAT Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058ROO0400040003-5 4. I ask that each addressee review their records systems to ensure that all proper systems of records are identified. To ensure that no one mistakes the seriousness of this requirement, I would remind you of the following provision of the Privacy Act; ?Any officer or employee of any agency who willfully main- tains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a mis- demeanor and fined not more than $5,000.' 5. The record system reviews must be done expeditiously. Each Directorate is expected to report its findings resulting from the review to the Deputy Director for Administration no later than 31 October 1985. The report should indicate which record system listings remain the same, which systems should be deleted from the listing, which systems listings should be modified and which new systems should be added. The DDA Office of Information Services is prepared to assist your components in dealing with questions which may arise in the process of your review. STAT H r E. Fitz r Attachment: As stated Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058ROO0400040003-5  Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5 SUBJECT: Records System Reporting Distribution: w/attachment 2 - DDCI 1 - EXREG 1 - Director, ICS 1-DDO 1 - DDI 1 - DDA 1 - DDS&T 1-OGC D/OIS LAOIS 1 - C/IPD/OIS 1 - C/IRMD/OIS 1 - C/CRD/OIS Declassified in Part - Sanitized Copy Approved for Release 2012/03/05: CIA-RDP87-00058R000400040003-5