7 FAM 060
THE PRIVACY ACT AND AMERICAN CITIZENS SERVICES
(Office of Origin: CA/OCS)
7 FAM 061 SUMMARY
a. This section summarizes Privacy Act considerations applicable in consular protection cases and provides you general guidance and examples as to when you may release information that is otherwise protected. The Privacy Act is complicated, and not all aspects are discussed here. If you have any doubt about whether a disclosure of information about a U.S. citizen or lawful permanent resident (LPR) is permitted, you should contact CA/OCS/ACS or email CA/OCS/L at Ask-OCS-L@state.gov, which is monitored daily. You do not have to contact CA/OCS for guidance in an emergency involving the health and safety of a U.S. citizen if there isn’t time, see 7 FAM 066, or if you are merely confirming the U.S. citizenship of an individual for a U.S. or foreign law enforcement agency, see 7 FAM 064 (d) and 7 FAM 064 (f). In other cases, you should contact CA/OCS for guidance.
· 7 FAM Exhibit 060.1 provides links to additional reference and resource information about the Privacy Act
· 7 FAM Exhibit 060.2 provides sample scenarios to help you understand the Privacy Act
c. The Privacy Act of 1974, 5 U.S.C. 552a (Public Law 93-579), as amended,
(1) Permits any U.S. citizen or lawful permanent resident (LPR) to access records about him or her contained in a Department of State “system of records,” to learn about certain disclosures of those records, and to request amendment of any inaccuracies (Written comments, even if of a derogatory or speculative nature, whether in the body of the text or in marginal notes, must generally be released.)
(2) Requires the Department of State to identify each of its “systems of records” in the Federal Register. A “system of records” is any set of records about individual U.S. citizens or lawful permanent residents (LPRs) that is indexed and maintained under the individuals’ names or other personal identifiers (e.g., Social Security numbers). Virtually all American Citizens Services records are created and maintained in name retrievable systems of records, and have therefore been identified by the Department as “systems of records” subject to the Privacy Act. See State-05 (Overseas Citizens Services Records), State-26 (Passport Records) and the Department Prefatory Statement of Routine Uses, available on the Internet at the Department of State FOIA page, Privacy Act Issuances Index.
(3) Prohibits the disclosure of records from a Privacy Act “system of records” by any method (written, oral, or electronic) unless the individual to whom the records pertain has consented, in writing to the disclosure. See 7 FAM 062 Privacy Act Waivers unless the disclosure falls under one of the Act’s “conditions of disclosure,” commonly referred to as “exceptions” or “exemptions”, see 7 FAM 063 - 068.
(4) Requires that the Department keep a written accounting of many disclosures, see 7 FAM 069.1."
(5) Prescribes civil remedies and criminal penalties for non-compliance, see 7 FAM 069.2.
d. U.S. Citizens Arrested/Convicted Overseas: Unless arrest and/or conviction records in post's host country are matters of public knowledge or have received widespread media attention locally or stateside, you are not permitted under the Privacy Act to release information about an arrested and/or convicted U.S. citizen without either the latter's written permission or a determination that the release of the information falls under one of the exceptions to the Privacy Act. When releasing information regarding an arrested U.S. citizen on the basis of the fact that his/her arrest and/or conviction are in the public domain, you should be very circumspect in what you disseminate to inquirers. Absent a Privacy Act waiver or Privacy Act exception, you should limit your responses to what is clearly in the public record - e.g., date and place of arrest and/or conviction and nature of the charges. Information concerning the U.S. citizen's condition (physical, mental, or emotional), attorney, the U.S. citizen’s correspondence with post, post's communications with host country government on behalf of the U.S. citizen, etc. are not releasable because such information relates to matters not generally viewed as being in the public domain. Posts have to be careful because at times, the media reports and repeats unconfirmed information, see 7 FAM 423.6 Arrests.
e. Deceased Individuals: The Privacy Act does not protect records pertaining to deceased individuals. However, next-of-kin may have a “common law” privacy interest in not having information about the deceased released, e.g., if it could embarrass, endanger or cause emotional distress to them. See 7 FAM 200 Deaths and 7 FAM 1800 Consular Crisis Management.
f. Minors: The Privacy Act’s protections apply to records pertaining to all U.S. citizens and LPRs, including minors. Information about a minor generally may be released to the minor's parent(s). 5 U.S.C. 552a(h) of the Privacy Act – Rights of Legal Guardians – provides:
"Rights of legal guardians: For purposes of this section, the parent of any minor, or the legal guardian of any individual who has been declared incompetent due to physical or mental incapacity or age by a court of competent jurisdiction, may act on behalf of the individual.”
g. Parents, however, do not have an absolute right to the information under the Privacy Act and the wishes of the minor may, in some cases, override those of the parent(s). The OMB Privacy Act Guidelines note that subsection Section (h) of the Privacy Act is "discretionary and that individuals who are minors are authorized to exercise the rights given to them by the Privacy Act or, in the alternative, their parents or those acting in loco parentis may exercise them in their behalf." Office of Management and Budget (OMB) Guidelines, 40 Fed. Reg. 28,948, 28,970 (1975); see OMB Guidelines, 40 Federal Register. 56,741, 56,742 (1975) (noting that "[t]here is no absolute right of a parent to have access to a record about a child absent a court order or consent"). Normally, if you have been advised by a minor age 14 or older that he or she does not want any information released to a parent or guardian, you should honor those wishes absent the presence of compelling circumstances affecting the health or safety of the minor child. Bring the matter to the attention of CA/OCS immediately and we will provide an advisory opinion on a case-by-case basis. See 7 FAM 1700 Children’s Issues (7 FAM 1713.1 Privacy – Parental Child Abduction; 7 FAM 1721 b (Privacy - Child Abuse and Neglect; 7 FAM 1736.3 Privacy – Child Exploitation; 7 FAM 1767.2 Privacy – Runaways; 7 FAM 1785.3 Privacy – Behavior Modification Facilities.)
h. Passport Records: You may confirm or deny the U.S. citizenship of an individual in response to a written request from a federal, state, local or foreign law enforcement agency where there is reason to believe the individual has violated the law, see 7 FAM 064 (d). You may not, however, release copies of passport records. Refer requests for the release of copies of Passport Records to CA/PPT/S/TO/RS, which has the responsibility for releasing such records. See “Passport Information for Criminal Law Enforcement Officers” on the Consular Affairs (CA) Internet home page. See 7 FAM 1300 Appendix J regarding the procedure for release of Passport Records by CA/PPT/S/TO/RS
i. Loss of Nationality: You may confirm a finding of loss of nationality to a foreign government. You may not, however, release copies of Certificates of Loss of Nationality or related documents without consulting CA/OCS/L (Ask-OCS-L@state.gov). These questions frequently arise when a former U.S. citizen is seeking a high level position or elected political office in the host country, see 7 FAM 1200.
j. Visa Records: The release of visa records with respect to U.S. citizens and LPRs is governed by the Privacy Act. In addition, the release of visa records with respect to any individual (including non-LPRs) is governed by section 222(f) of the Immigration and Nationality Act (INA). Please refer to 9 FAM, 22 CFR 40.4 notes 3 through 11 and contact CA/VO/L/A for further guidance on the releasability of visa records.
k. Relationship to the Freedom of Information Act (FOIA): While the Privacy Act allows U.S. citizens and LPRs to request access to name-retrievable records about themselves, the FOIA (5 U.S.C. 552) allows any “person” (including foreign citizens and governments, and business entities) to request access to any federal agency record. Information requested under the FOIA must be released unless it falls under a FOIA exception. For purposes of consular work, two FOIA exceptions are most important. First, the government is not required to disclose information to an individual that would amount to an unwarranted invasion of the privacy of a third party (i.e., the person who is not requesting the information). For example, while records pertaining to deceased individual do not have any Privacy Act protections as noted above, a FOIA request for the decedent's file may be rejected in whole or in part where the release of information would unjustifiably invade the privacy of the latter's next-of-kin. Second, records need not be released if their release is prohibited by another statute. Thus, visa records are not releasable pursuant to the FOIA because of section 222(f) of the INA. The FOIA also includes exceptions for classified and pre-decisional or deliberative process documents, among others.
l. Requests Made Pursuant to the Privacy Act or the FOIA: Under Department regulations, requests for documents made pursuant to the Privacy Act or the FOIA must be made directly with:
Information and Privacy Coordinator
See 22 CFR 171.5(a), and “How to Make a FOIA Request” on the Department of State FOIA page on the Internet. If you are presented with a Privacy Act or FOIA request for information, you should advise the requester to make the request directly with the appropriate Department office.
m. No Carte Blanche Authority To Other Agencies: the Privacy Act does not give blanket access to the Department's records to any government agency. Consular records may only be released (without the consent of the person to whom the records pertain) pursuant to one of the statutory exceptions in the Privacy Act. The two most frequently used exceptions for disclosures of consular records to other government agencies are for a “routine use", see 7 FAM 064, or under the "law enforcement" exception see 7 FAM 065.
7 FAM 062 PRIVACY ACT WAIVERS (PAW)
a. The Importance of a Privacy Act Waiver: Unless an exception applies (7 FAM 063 - 068), the Privacy Act requires “a written request by, or . . . the prior written consent of, the individual to whom the record pertains”, before any such records can be released (5 U.S.C. 552a(b)).
b. Form DS-5505, Authorization for Release of Information Under the Privacy Act, known colloquially as the Privacy Act Waiver, is the document to be used when seeking to obtain permission to release information on behalf of our citizens.
c. Obtaining a Privacy Act Waiver: You should not pressure (or appear to pressure) a U.S. citizen/non-citizen national to sign a Privacy Act Waiver (PAW). Explain the individual’s Privacy Act rights. Also note that it may be helpful to advise that a waiver can help facilitate the Department’s communication with family members and others potentially able to help, and that it is possible to limit the scope of the PAW so that it covers only certain people or categories of people. Then let the individual decide whether or not to sign the PAW.
d. Oral Waivers Not Acceptable: A faxed written waiver, which is followed by the signed original, can be accepted. An "oral" waiver, however, may not. You may wish to use a consular agent or Citizen Liaison Volunteer to secure a written Privacy Act waiver in a situation where it is impossible for you to obtain a timely waiver and the interests of the U.S. citizen would clearly be advanced by the release of information to persons (such as family members) who might not otherwise be authorized to receive it. Note that the absence of a written waiver does not preclude you from making disclosures on behalf of a U.S. citizen if the Department has an alternative basis for making a disclosure, such as a published "routine use" -- see 7 FAM 064b.
e. Email: You may accept an e-mail message affirming Privacy Act rights received only for the purposes of registration under the Consular Smart Traveler Enrollment Program (STEP), see 7 FAM 040.
f. Waiver Duration and Applicability: The Privacy Act is silent as to the temporal duration and scope of a Privacy Act waiver; however, as a general rule, the Department considers that a waiver granted in connection with a specific incident - e.g., arrest or illness – is limited to the duration of the incident. Thus, for example, an individual who waives his/her Privacy Act rights in the context of an illness is not deemed to have waived his/her rights with respect to a subsequent and unrelated illness.
7 FAM 063 Intra-Departmental Release of Information EXCEPTION
The Privacy Act permits the release of information within a department or agency responsible for that record on a need-to-know basis without a Privacy Act Waiver (PAW), see 5 U.S.C. 552a(b)(1). You may therefore disclose information about an individual to another Department of State employee who needs to know it to carry out his/her assigned duties. Employees of other agencies at post are not considered U.S. Department of State employees for purposes of this exception; however, the Act provides other bases for sharing information with other agencies pursuant to written requests. See 7 FAM 064 Routine Use Exception and 7 FAM 065 Law Enforcement Exception.
7 FAM 064 ROUTINE USE Exception
a. Routine Uses: The Privacy Act permits the Department to release information without a PAW for a “routine use,” which must be (a) published in the Federal Register, (b) compatible with the Department's objectives in collecting the information, and (c) consistent with the reasonable expectations of the individual who provided the information to the Department, see 5 U.S.C. 552a(b)(3). These releases are permissible, not mandatory.
b. Department of State Issuances of Routine Uses: In accordance with the Privacy Act, in 1995, the Department published “issuances” listing permissible routine uses for each of its systems of records, including CA/OCS and CA/PPT records. See State-05 (Overseas Citizen Services Records) and State-26 (Passport Records), available at “Privacy Act Issuances” at the U.S. Department of State Internet FOIA page; see Prefatory Statement of Routine Uses, which applies to all Department of State systems of records. For example, the Overseas Citizen Services (OCS) Privacy Act issuance (State-05) permits disclosures to, among many other recipients:
(1) Family members when the subject of the record is unable or unavailable to sign a waiver and is involved in an emergency situation, and the release is for the benefit of the subject;
(2) Private ‘‘Citizen Liaison Volunteers’’ or ‘‘consular liaisons’’ designated by U.S. embassies and U.S. consulates and further defined by 7 FAM 070 American Liaison Networks, to serve as channels of communication with other individuals in the local community, to prepare for and assist with evacuations, disasters, and other emergency situations;
(3) The Department of Health and Human Services, and its contractors/ designers (including international service providers), in connection with repatriation of individuals abroad;
(4) Although a few of the more significant “routine uses” are described in this section of the FAM, the Privacy Act issuances should be reviewed for a complete list of permissible routine uses. Questions about whether a given routine use is applicable in a given situation should be directed to CA/OCS/L, which in turn will consult with the Office of the Legal Adviser as appropriate.
c. Routine Use Releases to Government Agencies Related to Employment: It is not unusual to receive requests for disclosure to a federal agency, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency’s decision on the matter.
d. Routine Use Releases to Government Law Enforcement Agencies:
(1) There are several circumstances in which information from any of the Department’s systems of records may be released to law enforcement agencies:
· Information regarding “a violation or potential violation of law, whether civil, criminal, or regulatory in nature,” may be “referred to the appropriate agency, whether federal, state, local or foreign,” responsible for the alleged violation
· Information may be disclosed “to a Federal, State, local or foreign agency” in response to such an agency's written request “where there is reason to believe that an individual has violated the law,” but “only to the extent necessary to enable such agency to discharge its responsibilities” with respect to the alleged violation
· Information may be disclosed to a federal agency (but not a state, local, or foreign agency) “for the integration and use of such information to protect against terrorism, if that record is about one or more individuals known, or suspected, to be or to have been involved in activities constituting, in preparation for, in aid of, or related to terrorism”
(2) This does not mean that other government agencies have unfettered access to consular files. Under these routine uses:
· You may, for example, refer a letter threatening harm to a federal official to the FBI on your own initiative (i.e., without a written request). You may refer a letter threatening physical harm or worse to former spouses of private U.S. citizens.
· You may furnish information to a Drug Enforcement Agency (DEA) official inquiring by means of a written request as to whether a particular U.S. citizen has been arrested on narcotics charges. You may also release a passport record in response to a written request from a DEA agent investigating an incarcerated U.S. citizen on a drug violation. However, as noted below, authorization to disclose a passport record must be provided by CA/PPT/S/TO/RS. See Passport Information for Criminal Law Enforcement Officers on the CA Internet home page.
· You may not, however, furnish DEA with the identities of all U.S. citizens registered or arrested in the consular district or the names of all U.S. citizens whose passports have been reported to be lost or stolen.
· You may not permit DEA to pursue the registration files at post to ascertain if particular U.S. citizens of "interest" might emerge from such a search.
· You may routinely give the Internal Revenue Service (IRS) information concerning the current address of a taxpayer who is the subject of either a tax investigation or action to collect taxes owed.
· However, you may not permit an IRS official randomly to search consular files in the absence of an ongoing investigation pertaining to a specific individual. Citing incompatibility, the Department has declined to allow IRS officers to search randomly consular records to determine tax compliance by overseas U.S. citizens since consular records are used to assist U.S. citizens abroad, and the latter would be less inclined to register at overseas consular sections were they to know that IRS routinely had access to their consular records without any other basis to suspect a violation of the tax code.
· You may verify U.S. citizenship/nationality or a finding of loss of U.S. nationality to a host government immigration or social security authority in response to a written request.
· You may not release copies of passport and citizenship records from Passport Information Electronic Records System (PIERS) or other sources without specific authorization from the Department (CA/PPT/S/TO/RS) CA/OCS/L will coordinate this authorization with CA/PPT/PAS and CA/PPT/S/TO/RS. See Passport Information for Criminal Law Enforcement Officers on the CA Internet home page.
e. You should share information with the regional security officer (RSO) and U.S. law enforcement agencies about child exploitation, sexual predators and pedophiles that come to your attention in the course of American Citizens Services work, including cases involving U.S. citizen alleged perpetrators. This authority under the "routine use" condition of disclosure is of particular importance with respect to the enforcement of criminal statutes of the United States that are aimed at preventing the international exploitation of children. The U.S. Government maintains zero tolerance of those individuals intent on exploiting children either in the United States or abroad. Specifically, "the Violent Crime Control And Law Enforcement Act of 1994" makes it a violation of U.S. law for a U.S. citizen to travel abroad in order to have sex with a minor (a person under the age of 18). This has been codified at 18 U.S.C. 2423(b). The Protect Act of 2003, codified at 18 U.S.C. 2423(c), further makes it a crime for a U.S. citizen or legal permanent resident alien to engage in illicit sexual conduct with a person under the age of 18 in a foreign country, regardless of whether there was intent. See 7 FAM 1736.3 Child Exploitation, for specific guidance.
f. Release of Information to Foreign Governments to Adjudicate Entitlement to Rights and Benefits: The Department may release documents from its systems of records to a foreign government agency upon request to allow the foreign agency "to adjudicate and determine an individual's entitlement to rights and benefits, or obligations owed to the foreign agency, such as information necessary to establish identity or nationality." Additionally, the Department may release information from passport records to foreign governments on request in order “to permit such governments to fulfill passport control and immigration duties.”
· Under these routine uses:
· You may release information (verify U.S. citizenship), including passport number, from post's passport files, to a foreign immigration agency upon receipt of a written request from the foreign agency head, or designated agent, setting forth the specific record sought and the reason for seeking it (e.g. issuance of a residence permit). You may not release a copy of a passport or Report of Birth application from PIERS or other records. Authorization and release of passport records may only be done by Passport Services (CA/PPT/S/TO/RS). See Passport Information for Criminal Law Enforcement Officers on the CA Internet home page.
· If a host government asks post whether an individual running for an elective political office or being considered for an appointed political position in the host country is a U.S. citizen, you may provide a substantive response to that written query.
· In the extremely rare situation where confirmation of citizenship might either prejudice the physical well being of the U.S. citizen or impact adversely on our foreign policy interests, however, you should seek guidance from the Department (CA/OCS).
7 FAM 065 Law Enforcement EXCEPTION
As explained in 7 FAM 064, certain disclosures of information to law enforcement agencies qualify as “routine use” exceptions to the Privacy Act. However, if a particular disclosure does not qualify as a "routine use," the information may still be released to a United States (federal, state or local) agency for criminal or civil law enforcement activity without a PAW if:
(1) The enforcement activity in question is authorized by law; and
(2) The head of the law enforcement agency has made a written request specifying the particular information requested and the law enforcement activity for which the information is sought, see 5 U.S.C. 552a(b)(7). Information cannot be disclosed to foreign law enforcement agencies under this exception.
7 FAM 066 Health or safety exception
a. The Privacy Act's "health or safety" exception allows disclosure of information without a PAW “to a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual” (5 U.S.C. 552a(b)(8)).
b. Only Emergencies – Don’t Use Health and Safety as a Catchall: You should not use this exception as a catchall to release information when it seems the "expedient" or the "right" thing to do. In most instances, an individual's privacy must be safeguarded.
c. Circumstances Affecting Health or Safety: This exception requires a "showing of compelling circumstances affecting the health or safety of an individual”. This section of the Act may be invoked to save the life of the U.S. citizen/national, notwithstanding his/her written affirmation of his/her right to privacy. You are also permitted to disclose Privacy Act-protected information about an individual in order to remove that person from harm's way. In determining whether the "health or safety" exception is applicable in any given case, you should consider what reasonable course of action would safeguard the welfare of an individual whose physical or mental well-being is at stake in light of all the relevant circumstances - i.e., age of individual, nature of condition, availability of medical facilities, degree to which individual and/or local health facilities can communicate with next-of-kin or friends stateside, etc. The officer should document contemporaneously in writing the basis for acting pursuant to 5 U.S.C. 552a(b)(8).
d. Persons To Whom Information May Be Released: Information may be released to any person who can reasonably be expected to assist the individual whose health or safety is at risk, e.g., relative, friend, attorney, clergyman, member of Congress, etc.
e. Notification: When information is disclosed pursuant to the "health or safety" exception, the individual who is the subject of the released information must be notified of the disclosure in writing. Therefore, whenever you make a “health or safety” disclosure, you should advise CA/OCS/L and provide any information about the individual's last known address so that CA/OCS/L may attempt to effect the requisite notification.
f. ”Health or Safety” of a Third Party: The individual about whom records are disclosed need not be the individual whose health or safety is at peril. Thus, for example, a Privacy Act-protected record about an individual can be released to a physician treating a third person if it can be shown that the latter's illness is in some way linked to the individual who is the subject of the Privacy Act-protected record.
g. Incompetency Determination: In a true health or safety emergency, the health or safety exception can be invoked regardless of whether a person has been declared incompetent, or is experiencing mental problems, etc. A judicial determination of incompetency is not required to release information in a manner consistent with 5 U.S.C. 552a(b)(8). The relevant standard is that the mental problems preclude the person from making rational decisions about his/her self-interest. It is preferable, but not required, to have a statement in writing from a health practitioner. If it is not in writing, you should place a memo in the file documenting conversations with the health practitioner or other local authorities. In emergency situations, you may place a memorandum in the file concerning a U.S. citizens’ appreciation of his/her privacy rights, see 7 FAM 340.
7 FAM 067 CONGRESSional exceptions
a. The "congressional committee” exception permits the disclosure of information in a covered record without a PAW to a congressional committee or subcommittee to the extent that the matter falls within the committee or subcommittee's jurisdiction, see 5 U.S.C. 552a(b)(9). Such requests must come from a committee or subcommittee chair. Refer such requests to the Department (CA/OCS/L) for appropriate action.
b. You can also release information without a PAW as a “routine use” in response to an inquiry from a congressional office made at the request of that individual. See the “Members of Congress” in the Department’s Prefatory Statement of Routine Uses. However, this exception does not permit the disclosure of protected information to individual members of Congress unless the individual to whom the record pertains has requested congressional assistance.
7 FAM 068 COURTS exceptions
a. Protected information may be disclosed without a PAW pursuant to certain court orders, see 5 U.S.C. 552a(b)(12).
b. In addition, information may be made available “to any court of competent jurisdiction, whether federal, state, local or foreign, when necessary for the litigation and adjudication of a case involving an individual who is the subject of a Department record.” See the Prefatory Statement of Routine Uses. Note that this “routine use” does not authorize public filing of the information, so it is Department practice to seek a protective order and/or a court order when releasing Privacy Act protected information in court.
c. You should refer all requests for release of information to a court, or for use in a court, whether in the United States or abroad, to CA/OCS/L. See, e.g., 7 FAM 980 Subpoena of Consular Officers and/or Records and 2 FAM 510.
· 22 CFR 172 and 2 FAM 510 govern release of information for use in U.S. courts. If you are asked to provide information or documents from overseas citizens services or passport files for use in a U.S. court (e.g., you are asked to sign an affidavit or to provide copies of consular files), contact CA/OCS/L for an advisory opinion.
· 7 FAM 985 and 2 FAM 220 govern requests for use of consular information in foreign courts. You cannot testify or release records from overseas citizens services files for use in foreign courts or other proceedings without permission from L/DL.
7 FAM 069 ACCOUNTING REQUIREMENTS, ACKNOWLEDGEMENT OF DISCLOSURES AND PENALTIES FOR UNAUTHORIZED RELEASE
It is important for you to understand your responsibilities for record keeping regarding disclosures and the penalties for unauthorized release of Privacy Act protected information.
7 FAM 069.1 Accounting Requirements and Acknowledgement of Disclosures
a. The Privacy Act requires the Department to keep an accurate accounting of virtually all disclosures made pursuant to a Privacy Act exception (i.e., all disclosures made without a Privacy Act waiver from the individual to whom the records pertain), see 5 U.S.C. 552a(c). Only intra-departmental disclosures (7 FAM 063) and disclosures made in response to a FOIA request are exempt from the accounting requirement.
b. You should create a written accounting of all covered disclosures. The accounting record must include, among other things, the date, nature, and purpose of the disclosure, as well as the name and address of the individual or agency to which the disclosure has been made, see U.S.C. 552a(c)(1). This accounting record must be retained with the disclosed record(s) for five years or the life of the records(s) whichever is longer. This may be done in the American Citizens Services (ACS) system, in post records or post may forward a paper record of the release to the Office of Legal Affairs for Overseas Citizens Services (CA/OCS/L) for record keeping for the required 5-year period.
c. Accounting records must generally be made available to the individual who is the subject of the record at the request of that individual.
7 FAM 069.2 Penalties For Unauthorized Release
a. Civil Penalties: Persons covered by the Privacy Act can sue the Department for alleged violations of the Act. (Most frequently, an individual will sue the Department to compel disclosure of information from records pertaining to that individual.) Monetary damages are available for certain “intentional or willful” violations of the Act. 5 U.S.C. 552a(g).
b. Criminal Penalties: An individual who “willfully” discloses information “knowing” that the disclosure contravenes the Privacy Act and/or attendant implementing regulations is guilty of a misdemeanor and is subject to a fine of up to $5,000. Similar penalties apply for “willfully” collecting and maintaining a covered system of records without public notice, and for requesting and obtaining records from an agency under “false pretenses”, (5 U.S.C. 552a(i)). However, emphasis must be placed on the words "willfully”, "knowing,” and “false pretenses”. The law's criminal sanction arises out of the obvious need to deter egregious invasions of an individual's personal privacy where an official knowingly and willfully violates the Act (e.g., the selling of registration files to local travel agents). An honest mistake in implementing the Act generally would not subject an individual to prosecution.
7 FAM EXHIBIT 060.1
REFERENCE AND RESOURCES EXHIBIT
A Citizen’s Guide to Using the Freedom of Information Act and the Privacy Act to Obtain Government Records
National Archives – Privacy Act Issuances
U.S. Department of Justice Freedom of Information Act and Privacy Act Page
Department of Justice FOIA Reference Guide
Department of Justice Privacy Act Overview
U.S. State Department Privacy and Freedom of Information Act Internet Home Page
Department of State’s Prefatory Statement of Routine Uses
State-05 Overseas Citizens Services Records
State-26 Passport Records
OMB General Privacy Act Guidance
7 FAM EXHIBIT 060.2
PRIVACY ACT EXERCISES
Scenario 1. A U.S. citizen is a victim of a crime in your consular district but does not report the crime to the police and asks that you do not do so either.
A. Consistent with the Privacy Act, can you report the crime? See 7 FAM 064(d).
B. If so, should you report the crime?
C. The victim’s attorney contacts you for information. Can you discuss the case with the attorney without obtaining a Privacy Act release from the victim?
A. Can you report the crime? The Department’s Prefatory Statement of Routine Uses provides that this kind of information “may be referred” to the local, state, federal or foreign law enforcement agency charged with investigating such crimes.
B. Should you report the crime? This is largely a judgment call, which probably should involve consultations with supervisory personnel. It would depend, for example, on whether the crime was serious or violent in nature, whether it was likely to be repeated or perpetrated on others, and whether it was part of a pattern that ought to be brought to the attention of authorities.
C. Can you discuss the case with the attorney without obtaining a Privacy Act release from the victim? State-05 provides that a routine use includes release of information to “Attorneys when the individual to whom the information pertains is the client of the attorney making the request, when the attorney is acting on behalf of some other individual to whom access is authorized under these rules.” It has been our practice to accept as sufficient an attorney’s statement on letterhead that he or she “represents” the person or that he or she is the person’s attorney of record. We do not require a special form, or separate writing signed by the client. But see 7 FAM 980 and 22 CFR 172 regarding restrictions on release of consular records and provision of statements or testimony.
The first option in such a case, however, would almost certainly be to urge the person who was victimized by the crime to report it directly to the appropriate authorities explaining why it would be important to do so. Only after the individual declined to do so, and after discussions with supervisory personnel, would the consular officer act independently to advise the authorities. Even then, however, the person involved should be informed of the intention to advise authorities. Consult CA/OCS/L at Ask-OCS-L@state.gov or via cable, email, phone or fax.
7 FAM 1900 Crime Victim Assistance; 7 FAM 980 Subpoena Of Consular Officers And/Or Consular Records.
Scenario 2. You are contacted by host country immigration authorities who ask that you confirm that a particular person (not an arrestee) who asserts he is a U.S. citizen is in fact a U.S. citizen.
Can you, consistent with the Privacy Act, reply?
If so, should you?
A. Can you reply? You may confirm the U.S. citizenship of the individual provided the request is made in connection with a determination of a “right” or “benefit” of the individual, e.g., whether the individual is admissible or eligible to stay in the host country. You can also release the information to permit such governments to fulfill passport control and immigration duties.
B. Should you reply? It should be remembered that all releases of information under the Privacy Act are permissive, not mandatory. If there was reason to be concerned about the motive or purposes of the foreign government, e.g., to locate and detain political dissenters, the information need not be provided or, at the very least, inquiry can and should be made as to the reason for which the information is sought.
7 FAM 1300.
Scenario 3. A U.S. citizen dies in your consular district and his remains are shipped back to the United States. While the remains are in transit to the United States, you get a phone call from the funeral director in the hometown saying he misplaced the contact information relating to the next-of-kin and asks that you provide it.
If so, should you? Yes.
A. Can you provide information? Yes, you may provide the information. Information retrieved from the decedent’s records is not subject to Privacy Act protection. It may not be protected if there is not a file in the name (or under some other identifier) of the next of kin, but even if it is, there is a routine use for Overseas Citizens Records for disclosures to “funeral homes in connection with the death abroad of citizens of the United States.” (State-05) You should provide the information unless you have reason to believe that the caller has not already been hired by the next-of-kin.
B. Should you provide the information? Yes, of course.
7 FAM 200.
Scenario 4. Waiting at your post when you arrive one morning is a 15-year old U.S. citizen (minor) who wants your help. He confides that he has run away from home. He wants to go back to the United States (and has sufficient funds) but wants your help in arranging travel. He wants to “slip back” into the United States without telling his parents though he “promises” he will contact them when he gets back.
Should you comply with the minor’s request?
What if he says, “Don’t tell my parents that I’ve been traveling with my girlfriend.” Can/should you comply?
A. Can you comply with the minor’s request? Cases involving minors can present some difficulties, in part, because “the law” (primarily court decisions) continues to evolve in this area. In general, however, the younger a minor, the more information can and should be disclosed to a parent. In the example above, the parents may be very worried about their child and, at the very least, they should be contacted immediately to be assured that the minor has been located and is safe. Moreover, they may well have filed a missing person report with local police who may be diligently searching “in all the wrong places.” Again, in such a case the first option would be to strongly encourage the minor to contact his parents offering to facilitate the call, and perhaps, confirming yourself that the information has been conveyed.
B. Should you comply? This aspect demonstrates some of the complexities in this area of dealing with minors. The considerations applicable to advising parents of the minor child’s whereabouts and safety do not necessarily apply to all the details, which in any event the consular officer may not have independent confirmation of. Certainly, there is no obligation to convey to 3rd parties, even parents, all known or suspected facts. When in doubt, contact CA/OCS/ACS, CA/OCS/CI or CA/OCS/L (Ask-OCS-L@state.gov) as appropriate.
REFERENCE: 7 FAM 061 e – Minors and Privacy; 7 FAM 1760 Runaways; 7 FAM 1780 Behavior Modification Facilities; 7 FAM 1720 Child Abuse and Neglect; 7 FAM 1730 Child Exploitation; 7 FAM 1740 Forced Marriage of Minors; 7 FAM 1770 Return of Children.
Scenario 5. The host government is on the phone. They have picked up a person bearing a U.S. passport and they suspect photo substitution in the passport. They are asking you to provide information about whether the passport number can be verified and whether it was reported lost or stolen. You check PIERS and CLASP and those automated records confirm the issuance of the passport and the fact that the person to whom it was issued reported it stolen.
Confirm that the passport was issued and reported stolen?
Request a written (faxed) request from the host government and then confirm that the passport was issued and reported stolen?
Direct the inquiry to the Department (CA/PPT/S/TO/RS). (See Passport Information for Criminal Law Enforcement Officers on the CA Internet home page.)
ANSWER: You may confirm that the passport was issued and reported stolen after you receive a written (faxed) request from the host government citing the reason for the request. You should not release any written record from PIERS or CLASP without authorization from CA/PPT/S/TO/RS. You may not testify or provide written statements for use in foreign proceedings without specific authorization from the Department (CA/OCS/L; L/CA; L/DL).