National Security Agency/Central Security Service

GNSA 28

SYSTEM NAME:

Freedom of Information Act, Privacy Act and Mandatory Declassification Review Records  (January 19, 2011,  76 FR 3098)

SYSTEM LOCATION:

National Security Agency/Central Security Service, 9800 Savage Road, Ft. George G. Meade, MD 20755-6000.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who submit Freedom of Information Act (FOIA) requests, Privacy Act (PA) requests, and Mandatory Declassification Review (MDR) requests or administrative appeals. Individuals whose requests and/or records have been referred to the National Security Agency/Central Security Service (NSA/CSS) by other agencies and in some instances includes attorneys representing individuals submitting such requests and appeals.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records created or compiled in response to FOIA, PA, MDR requests and administrative appeals. Records include the original requests and administrative appeals, responses to such requests and administrative appeals, copies of requested records and records under administrative appeal, all related memoranda, correspondence, notes and any related or supporting documentation; name of requester or appellant, home address, home phone numbers, Social Security Numbers (SSN), case number, and name and address of attorney representing a requester or appellant.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, Departmental Regulations; 5 U.S.C. 552, Freedom of Information Act; 5 U.S.C. 552a, The Privacy Act of 1974 (as amended); E.O. 13526, Classified National Security Information; DoD 5400.7-R, Department of Defense Freedom of Information Act Program; DoD 5400.11-R, Department of Defense Privacy Program; NSA/CSS Policy 1-5; NSA/CSS Freedom of Information Act Program; NSA/CSS Policy 1-34; Implementation of the Privacy Act of 1974; NSA/CSS Policy 1-15, Mandatory Declassification Review Program; and E.O. 9397 (SSN), as amended.

PURPOSE(S):

This system is maintained for the purpose of processing requests and administrative appeals under the FOIA, PA, and MDR; for participating in Interagency Security Classification Appeals Panel (ISCAP) review of MDR; for participating in litigation regarding agency actions on such FOIA and PA requests and appeals, and to provide information for compiling reports.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, these records contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

Information in this system may be provided to other Federal agencies when it is necessary to coordinate responses.

The DoD Blanket Routine Uses set forth at the beginning of the NSA/CSS compilation of systems of records notices apply to this system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:


STORAGE:

Paper records in file folders and electronic storage media.

RETRIEVABILITY:

Records are retrieved by the name of the requester or appellant, the number assigned to the request or appeal, and in some instances may be retrieved by the name of the attorney representing the requester or appellant.

SAFEGUARDS:

Buildings are secured by a series of guarded pedestrian gates and checkpoints. Access to facilities is limited to security-cleared personnel and escorted visitors only. Within the facilities themselves, access to paper and computer printouts are controlled by limited-access facilities and lockable containers. Access to electronic means is limited and controlled by computer password protection, as well as other access controls placed on specific case types.

RETENTION AND DISPOSAL:

FOIA and MDR records:

Granted access destroy 2 years after date of Agency reply. Denied access, but no appeal by requester destroy 6 years after date of Agency reply. Contested records destroy 6 years after final denial by Agency, or 3 years after final adjudication by courts, whichever is later.

Privacy Act Records:

Granted access destroy 2 years after date of Agency reply. Denied access, but no appeal by requester destroy 5 years after date of Agency reply. Contested records destroy 4 years after final denial by Agency, or 3 years after final adjudication by courts, whichever is later.

Records are destroyed by pulping, burning, shredding, or erasure or destruction of magnet media.

SYSTEM MANAGER(S) AND ADDRESS:

Deputy Associate Director, Policy and Records, National Security Agency/Central Security Service, 9800 Savage Road, Fort George G. Meade, MD 207855-6000.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether records about themselves is contained in this record system should address written inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written requests should contain the individuals full name, individuals full name who is the subject of the record if different from the requester, current address and telephone number. All requests must be signed.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written requests should contain the individuals full name, individuals full name who is the subject of the record if different from the requester, current address and telephone number. All requests must be signed.

CONTESTING RECORD PROCEDURES:

The NSA/CSS rules for contesting contents and appealing initial agency determinations may be obtained by written request addressed to the National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

RECORD SOURCE CATEGORIES:

Information is collected from the individual requesters, agency officials, and other Federal agencies that have referred requests concerning NSA/CSS records, or have consulted with NSA/CSS regarding the handling of particular requests.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

During the course of a FOIA/Privacy Act and/or MDR action, exempt materials from other system of records may become part of the case records in this system of records. To the extent that copies of exempt records from those other systems of records are entered into these case records, NSA/CSS hereby claims the same exemptions for the records as claimed in the original primary system of records of which they are a part.

An exemption rule for this system has been promulgated in accordance with requirements of 5 U.S.C. 553(b)(1), (2) and (3), (c) and (e) and published in 32 CFR part 322. For additional information contact the system manager.

FEDERAL REGISTER HISTORY:

January 19, 2011, 76 FR 3098