11.3.18 Privacy Act Access and Amendment of Records

Manual Transmittal

August 20, 2018

Purpose

(1) This transmits revised IRM 11.3.18, Disclosure of Official Information, Privacy Act Access and Amendment of Records.

Material Changes

(1) Editorial changes have been made throughout to update IRM/statute/organizational references and terms. Web references were added/updated throughout to make the text easier to research in electronic media.

(2) Changed ownership and responsibilities throughout from Governmental Liaison and Disclosure (GLD) to Privacy Policy and Compliance (PPC).

(3) IRM 11.3.18.1 - Revised the title to Program, Scope and Objectives, to properly reflect the information communicated in this subsection. Included important information to conform to the new internal and management control standards under the following titles:

  1. IRM 11.3.18.1.1, Background - Information from prior subsection 11.3.18.1 was incorporated into this new subsection.

  2. IRM 11.3.18.1.2, Authorities - Added legal authorities governing Privacy Act access and amendment of records.

  3. IRM 11.3.18.1.3, Responsibilities - Added new information regarding responsibilities for the programs and procedures outlined in this IRM.

  4. IRM 11.3.18.1.4, Terms and Definitions - Added relevant terms and definitions as provided in the Privacy Act.

  5. IRM 11.3.18.1.5, Acronyms - Compiled a list of frequently used acronyms and their definitions for Privacy Act access and amendment of records.

(4) IRM 11.3.18.2 - Clarified that a Privacy Act access request will be processed under the statute that provides the greatest right of access to the individual regardless of the statute cited in the individual’s request.

(5) Added new IRM 11.3.18.2.1 with information about access to records of deceased employees.

(6) IRM 11.3.18.3 - Added Code of Federal Regulations (CFR) information and restructured the content.

(7) IRM 11.3.18.5 - Added CFR information and instructions for processing requests to amend Privacy Act records.

(8) IRMs 11.3.18.5.3, 11.3.18.6, and 11.3.18.7 - Changed contact responsibility from the Chief, Governmental Liaison and Disclosure (GLD) to the Associate Director, Disclosure.

(9) IRM 11.3.18.8.1 - Added reference to IRM 11.3.37, Recordkeeping and Accounting for Disclosures.

Effect on Other Documents

This supersedes IRM 11.3.18 dated September 16, 2013.

Audience

All Operating Divisions and Functions.

Effective Date

(08-20-2018)

Related Resources

The Disclosure and Privacy Knowledge Base is available at:
https://portal.ds.irsnet.gov/sites/vl003/pages/default.aspx.

Frances Kleckley
Director, Privacy Policy and Compliance

Program Scope and Objectives

  1. Purpose: This section contains instructions for processing an individual’s formal written Privacy Act request for information contained in IRS systems of records.

  2. Audience: The information and guidance in this IRM applies to all IRS employees and contractors.

  3. Policy Owner: Privacy Policy and Knowledge Management (PPKM) office under Privacy Policy and Compliance (PPC) is the Privacy Act access and amendment matters policy owner.

  4. Program Owner: The PPC office, under Privacy, Governmental Liaison and Disclosure (PGLD), is the program office responsible for oversight of Servicewide Privacy Act access and amendment matters.

Background

  1. The Privacy Act of 1974, as amended (Privacy Act), affords individuals certain rights as to records contained in agency systems of records. Such rights, subject to various exemptions and restrictions, include the rights of being informed, in response to a request, if any system of records named contains a record pertaining to the requester; obtaining access to such records; requesting amendment of such records; and accounting for disclosures made from such records.

Authorities

  1. The Privacy Act of 1974, as amended, 5 United States Code (USC) § 552a.

  2. 5 USC §552, Freedom of Information Act (FOIA)

  3. IRC § 6103, Confidentiality and disclosure of returns and return information.

  4. IRC §7852(e), Statutory exemption for tax records from certain provisions of the Privacy Act of 1974.

  5. Department of the Treasury Regulations appear at Title 31, Part I, Subpart C, of the Code of Federal Regulations. Additional information specific to the IRS is in Appendix B of these regulations.

Responsibilities

  1. PGLD has responsibility for IRS wide compliance oversight with Privacy Act access and amendment provisions and will control and process written requests citing the Privacy Act. Written requests will be processed under the FOIA or Privacy Act, whichever gives greater access. See IRM 11.3.13, Freedom of Information Act.

  2. Business units must forward any formal written Privacy Act requests to PPC via the *Privacy mailbox. Business units have a responsibility for responding timely to PGLD requests for records subject to the Privacy Act.

  3. All employees and contractors have responsibility for ensuring IRS records (hard copy and electronic) are appropriately managed, retained, and archived in accordance with IRM 1.15 series, Records and Information Management, for records retention and disposition requirements before documents can be destroyed. Refer to Document 12990, IRS Records Control Schedules (RCS), for the National Archives and Records Administration (NARA)-approved IRS records disposition to prevent unauthorized/unlawful destruction of records. Refer to Document 12829, General Records Schedules (GRS), for the NARA-issued disposal authorizations for temporary administrative records common to all Federal agencies. See also IRM 1.15 series.

  4. PGLD process Privacy Act Complaints. See IRM 11.3.15.5.5.

Terms and Definitions

  1. For purposes of this IRM section, the following Privacy Act definitions apply:

    Term Definition
    Agency Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the [federal] government (including the Executive Office of the President), or any independent regulatory agency.
    Individual A citizen of the United States or an alien lawfully admitted for permanent residence (including sole proprietors). The Privacy Act does not apply to any entity which is not a natural person, such as a partnership, corporation, decedent, estate or trust.
    Records Any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.
    System of Records A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.

Acronyms

  1. The following acronyms are used in this IRM section:

    Acronym Definition
    CFR Code of Federal Regulations
    FOIA Freedom of Information Act
    GLDS Governmental Liaison, Disclosure and Safeguards
    PGLD Privacy, Governmental Liaison and Disclosure
    PII Personally Identifiable Information
    PPC Privacy Policy and Compliance
    SBU Sensitive But Unclassified
    USC United States Code

Access to Records

  1. Individuals making a written request for notification and access to IRS systems of records should:

    1. Furnish their name and address and sign the request.

    2. Clearly mark the request, "Request for Notification and Access."

    3. Insert a statement that the request is being made under the Privacy Act of 1974.

    4. Provide their social security number if the system being accessed is accessed by social security number. Requests for records maintained in the name of two or more individuals (e.g., husband and wife) must contain the names, addresses and social security numbers (if necessary) of both individuals.

    5. Specify the name and location of the system of records being accessed.

    6. Address or deliver requests to the IRS official maintaining the system of records.

    7. Make a separate request for each official maintaining a system of records and for each location at which a system of records is maintained. Only one request is required where two or more systems are maintained by the same official at the same location.

    8. Indicate whether the requester wishes merely to be notified whether the system contains a record pertaining to himself or herself; whether he or she wishes to inspect the record in person; or whether he or she wishes to have a copy made and furnished by the IRS. If the individual requests copies, the request must include an agreement to pay the fee for copying records, if such fee is anticipated to be for $25.00 or more.

    9. In the case of records which are maintained by specific dates or periods, indicate whether the requester wishes notification and access to other than the latest period available. Unless otherwise specified, requests will be deemed to be limited to the latest period available.

    10. In the case of requests for notification and access to material maintained in a system of records which is exempt from notification and access under 5 USC § 552a(k)(2), establish that the requester has been denied a right, privilege, or benefit that he or she would have otherwise been entitled to under Federal law as a result of the maintenance of such material.

  2. Although individuals are encouraged to meet all the requirements stated above, all of the requested information may not be necessary to process every request. Disclosure Managers are to exercise discretion in accepting requests as filed if they substantially meet procedural requirements and are adequate to permit processing.

  3. If a request for access to a system of records mentions the Freedom of Information Act, the request must be processed in accordance with procedures for administering that Act to the extent that the description reasonably permits the identification of the records. See IRM 11.3.13, Freedom of Information Act, for further instructions. A Privacy Act access request, like a first-party FOIA request, will be processed under the statute that provides the greatest right of access to the individual regardless of the statute cited by the individual.

Records of Deceased Employees

  1. The Privacy Act only applies to living individuals. See OMB Guidelines, 40 Fed. Reg. 28,948, 28,951 (July 9, 1975). While the Privacy Act does not provide deceased employees confidentiality, their surviving families and friends have some expectations of privacy concerning certain aspects of records of deceased employees.

  2. Generally, IRS privacy policy is to keep information about employees who died confidential. Sometimes the IRS may be required to disclose limited information about the deceased person to executors and relatives when the disclosure is necessary for implementation of a will or other necessary business to finalize the deceased person's affairs.

  3. The Freedom of Information Act may also exempt from disclosure certain information about the deceased from FOIA requesters if a surviving family member warrants protection of particularly sensitive graphic details about a death or other very sensitive information when disclosure would cause mental anguish and pain to the survivor. Keep the following in mind:

    • Survivors have the right to keep their privacy from being invaded by the disclosure of embarrassing, painful or distressing information about the employee who died.

    • You may share basic information about an employee’s death (name, date of death, date/time/location of announced memorial services) with co-workers.

    • The cause of death or the identities of surviving relatives and friends shall be treated as confidential until/unless the next of kin states that you may share the information.

    • As with ill employees, information provided unofficially by the next of kin is not an agency record.

    • Be clear about what the next of kin wants co-workers to be told. Ask if there is a newspaper announcement that you can share, or invite the family/friend to ensure the accuracy of the information by emailing a message for you to forward to co-workers.

  4. Email privacy and security standards require the use of encryption to protect sensitive but unclassified (SBU) information sent via email or when sharing personally identifiable information (PII). See IRM 10.5.1.6.5, Email, for additional information.

Processing Privacy Act Requests for Notification and Access

  1. Guidance for processing requests for notification and access are found in section 3, Appendix B, Title 31, Part I, Subpart C, of the Code of Federal Regulations.

  2. IRS employees should follow routine procedures for information on data available under other procedures. For example, a taxpayer requesting a copy of his or her own tax return, or information relating to the balance due on his or her account, or an employee seeking to review his or her personnel folder. Employee may provide such information under existing procedures, although the request may mention the Privacy Act.

  3. Individuals will not be required to submit Privacy Act requests for data available to them under other procedures.

  4. All written requests citing the Privacy Act for notification and access to IRS systems of records will be routed to the Disclosure Managers on an expedite basis.

  5. Disclosure Managers will determine if the request is processed under the Privacy Act or FOIA. If the request is processed under the FOIA, refer to IRM 11.3.13. If greater access is provided by processing under the Privacy Act, the following procedures apply:

    1. If a request for notification and access omits any information which is essential to processing the request: the requester will be advised within ten days (excluding Saturdays, Sundays, and legal public holidays), of the additional information which must be submitted before the request can be processed. The case will then be closed.

    2. Disclosure will contact the business unit that has jurisdiction over the requested records. Disclosure will respond directly to the requester after the business unit provides a response.

    3. In the event that a request extends to numerous systems of records, or systems which could not possibly contain information relating to the requester, the Disclosure employee should correspond with or telephone the requester in order to assist him or her in refining the request.

    4. Disclosure will provide a copy of any valid request for records to the official having control of the records, requesting that notification information, records, and/or a disclosure recommendation be provided.

    5. Notification as to whether the system of records contains a record pertaining to the requester will be made unless the system is exempt from the notification requirement.

    6. Access to requested records (by inspection or copying) will be permitted unless the system of records is exempt from the access provision.

    7. When access is requested to medical records, including psychological records, the Disclosure employee will consult with the system manager to determine if release could have an adverse effect on the individual, and that release will be made only to a physician authorized in writing to have access to such records.

    8. All disclosures made pursuant to the access and notification provisions must be consistent with all other disclosure requirements. Deletions may be necessary in order to protect information pertaining to persons other than the requester. All provisions of IRC § 6103 must be adhered to accordingly.

    9. A response authorizing disclosure must be signed by the system manager, or by a Disclosure employee having an appropriate delegation from the system manager, and having obtained the concurrence of the function responsible for the records being disclosed.

    10. The determination to grant or deny access should be made within 30 days (excluding Saturdays, Sundays, and legal public holidays) after receipt of a valid request. If the response cannot be made within 30 days, the Disclosure Manager will advise the requester of the reasons for the delay and of the approximate date when the request will be answered.

    11. There is no provision for the administrative appeal of access denials. Responses should not mention any right to judicial review when a request does not substantially comply with appropriate regulations and is not adequate to permit processing. No mention should be made of a right to judicial review when requested records are contained in an exempt system of records, or where the requester has not established that he or she was denied a specific right, privilege, or benefit to which he or she would otherwise be entitled under Federal law as a result of the maintenance of such material.

Verification of Identity

  1. IRS employees assisting individuals in making requests for notification and access pursuant to the Privacy Act should verify that the requester is actually the person to whom the record pertains before processing the request. The requester will be asked to establish his or her identity by presenting either one document bearing a photograph (such as a passport or identification badge) or two items of identification which do not bear a photograph, but do bear both a name and address (such as a driver's license or a credit card) and a signature.

  2. Circumspection should be used in decedent Privacy Act situations. IRS should disclose only the minimum information necessary to a person who has documentation to prove he/she has legal responsibilities to the decedent to allow that person to fulfill his/her legal duties. See IRM 11.3.18.2.1 above for further information about deceased employees.

  3. Requests received by IRS personnel and forwarded to the Disclosure Manager should include or be accompanied by a statement, signed by the IRS employee, indicating if the requester’s identity had been established and containing a short, written explanation of the substantiating documents that were reviewed to establish the identity of the requester.

  4. Requests for notification and access received by mail by the Disclosure Manager may not be processed unless the requester has established his or her identity in the request. The requester’s identity can be established by a signature, address, and one other item of identification such as a photocopy of a driver's license or other document bearing the individual's signature.

  5. An individual may also establish his or her identity either in person or by mail by providing a notarized statement swearing or affirming to his or her identity, and to the fact that he or she understands the penalties provided in 5 USC § 552a(i)(3) for requesting or obtaining access to records under false pretenses.

  6. Although the requirements for identification are discussed above, the employee receiving or processing the written request may require additional proof of an individual's identity before action will be taken necessary to protect against an unauthorized disclosure.

  7. A parent of any minor, the attorney-in-fact of a person, or the legal guardian of any individual who has been declared to be incompetent due to physical or mental incapacity by a court of competent jurisdiction, must (in addition to the identification requirements discussed above) provide adequate proof of legal relationship and authority before he or she may act on behalf of such minor or individual.

Requests to Amend Records

  1. Guidance for processing requests to amend records, including any review and adjudication of an adverse determination, are found in section 4, Appendix B, Title 31, Part I, Subpart C, of the Code of Federal Regulations. Also refer to IRM 11.3.18.6 below.

  2. Requests to amend a record under the Privacy Act will be addressed or delivered to the office of the official designated in the access section for a particular system of records.

  3. The record owner is responsible for processing requests to amend or correct records, except for amendments of Counsel Records. Any necessary correction of records will follow established procedures and be made at the direction of the system manager by the employees normally responsible for the maintenance of such records.

  4. The response authorizing an amendment must be signed by the system manager or delegated official with any required concurrence of the function responsible for the records being amended.

  5. If the official designated to respond to a request to amend a record, the individual will be notified in writing of the adverse determination, including the reasons and provide notice of the individual’s right for an independent review of the determination.

  6. Initial requests should be acknowledged not later than 10 days (excluding Saturdays, Sundays and legal public holidays) from the date of receipt of such request, unless the request can be acted upon and completed within that time frame. Responses to initial requests and to requests for review of refusal to amend a record should, if possible, be issued within 30 days of receipt (excluding Saturdays, Sundays, and legal public holidays.)

  7. If the individual disagrees with the refusal to amend a record, he or she may request in writing, within 35 days of being notified, an independent review of such refusal by a reviewing officer. Requests to review an adverse determination are processed in Disclosure and are submitted to the GLDS Data Services, Centralized Processing Unit. See IRM 11.3.13.4.1 . Reviewing officers for IRS records are the Commissioner or deputy commissioners. Reviewing officers for Chief Counsel records are the Chief Counsel or delegate.

  8. Disclosure Managers will coordinate with the reviewing officer and should be available to discuss amendments with the individual and to offer advice on how to file amendments, statements of disagreement, and to give information with respect to civil remedies.

  9. The Disclosure Manager will only establish a case file for an adverse determination to an amendment request. Requests for amendment which are initially granted in full require no case file. The purpose of the file is to document all actions from the initial refusal through the final civil action, including any statement from the individual who disagrees with any final adverse determination not to amend a record. The file should include a copy of the Privacy Act Request for Amendment and all correspondence and related material involving a particular record. The amendment case file should be retained until the period for civil action has elapsed (i.e., two years after denial of a right to appeal or an initial denial if no appeal was filed), at which time the case file should be destroyed. The case file may also contain copies of the statements of disagreement and agency justification which will be located with the record.

Statutory Exemption for Tax Records

  1. IRC §7852(e) provides that subsections (d)(2), (d)(3), (d)(4), and (g), of the Privacy Act of 1974 (i.e., the amendment provisions) shall not be applied, directly or indirectly, to the determination of liability of any person for any tax, penalty, interest, fine, forfeiture, other imposition or offense to which the provisions of the Internal Revenue Code apply.

  2. Requests to correct tax records which may affect a person's liability pursuant to the Privacy Act should be responded to by citing or quoting IRC §7852(e), within the context of an appropriate explanation. No statement explaining appeal rights should be furnished.

  3. Whenever information provided with a Privacy Act amendment request is sufficient to permit processing in accordance with an existing procedure, the request should be channeled into the appropriate processing stream and the requester should be advised accordingly.

Evaluating Requests to Amend Records

  1. An initial evaluation of a request to amend records should seek to determine whether the record itself is subject to the amendment provisions of the Privacy Act, rather than whether the particular amendment requested is appropriate, based on the following guidelines.

    1. Only records which are part of a system of records subject to the Privacy Act are required to be subject to the amendment provisions. All systems of records subject to the Privacy Act are published in the Federal Register.

    2. Records not containing any item of personal information about an individual, or not retrievable by the name, identifying number, symbol, or other particular about an individual, or which do not pertain to a natural person are not required to be amended under the Privacy Act.

    3. Records which pertain to or are retrieved by the identity of a corporation, estate, trust, partnership, or sole proprietorship, are not required to be amended under the Privacy Act.

    4. Various systems of records have been determined to be exempt from some provisions of the Privacy Act, and notice of these exemptions has been published in the Federal Register. Systems of records exempt in accordance with 5 USC § 552a(j)(2), (k)(2), (k)(4), (k)(5) and (k)(6) are not required to be amended under the Privacy Act.

    5. Invalid requests may be closed by correspondence advising the requester that the records are not subject to amendment. No statement explaining appeal rights should be furnished.

  2. If the request pertains to a record subject to the amendment provisions of the Privacy Act, the next step is to evaluate the adequacy of the request.

    1. A request for amendment of a record must be in writing.

    2. The request must be signed by the individual making the request, or a duly authorized representative, and must pertain to that individual's records. The parent or guardian of a minor or a person judicially determined to be incompetent shall, in addition to establishing the identity of the minor or other person he or she represents, establish parentage or guardianship before being recognized to act on behalf of such individual. Parentage may be established by furnishing a copy of a birth certificate. Guardianship may be established by furnishing a copy of a court order.

    3. The request must include adequate proof of identity of the requester (see IRM 11.3.18.4 above). In evaluating the adequacy of identification supplied, consideration should be given to the possibility that an amendment which appears to be unfavorable or contrary to the best interests of the requester may be an indication that an improper attempt to amend the record is being made by a third party. Less consideration need be given to the adequacy of the identification if the request for amendment is to be denied on other grounds.

    4. The request should be clearly marked, "Request for Amendment of Record," and should contain a statement that it is being made under provisions of the Privacy Act of 1974.

    5. The request must contain the name and address of the individual making the request. If a particular system of records employs an individual's social security number as an essential means of accessing the system, the request must include that number.

    6. In cases where the record is maintained in the names of two individuals (e.g., husband and wife), the request must contain the names, addresses, social security numbers (if necessary for access) of each individual, along with the signature and adequate identification of the requesting individual only.

    7. The request must specify the name and location of the system of records (as published in the Notice of System of Records) in which the record is maintained and the title and business address of the official designated as system manager for that system.

    8. The request must specify the particular record in the system which the individual is seeking to amend.

    9. The request must clearly state the specific changes which the individual wishes to make in the record and must contain a concise explanation of the reasons for the changes. If the individual wishes to correct or add any information, the request shall contain proposed specific language for the desired correction or addition.

    10. Requests to amend records which cannot be processed on the basis of (a) through (i) above will be returned to the requester with an appropriate explanation indicating the additional items necessary to perfect the request. Disclosure Managers may, however, exercise discretion in accepting an amendment request for processing provided the request substantially meets the foregoing requirements. It would, for instance, be pointless to suggest that a request be perfected if it is known that the proposed amendment would be unacceptable in any event, without additionally addressing that issue. A record will be maintained of the request and response, and any related information reflective of attempts to comply with the request. No statement of appeal rights will be provided if the response is only procedural to perfect a request, and there has been no refusal to amend a record.

  3. If the request is adequate to permit processing, action will be taken to obtain the record.

    1. Requests should be acknowledged not later than 10 days (excluding Saturdays, Sundays and legal public holidays) from the date of receipt of such request, unless the request can be acted upon and completed within that time frame.

    2. If further action can not be taken because the record cannot be located, does not exist, or has been destroyed, the requester will be advised accordingly and the request returned. A record will be maintained of the attempt to locate the record and of the response, but not of the content of the proposed amendment. No statement of appeal rights need be provided as there has been no refusal to amend a record.

  4. If the request pertains to a record subject to the amendment provisions and is adequate to permit proper processing, and the record exists and is available, a determination must be made as to whether the proposed amendments should be incorporated by considering the following:

    1. The processing official should keep in mind that the portion of a record which is subject to correction because it is not accurate, relevant, timely, or complete is generally the information which pertains to the individual—such as his or her education, financial transactions, medical history, criminal history, or employment history. The portion of the record must tell us something about the individual in order to be amendable. Records may contain information about other individuals, about actions taken by the IRS in regard to the individual (in a situation unrelated to tax administration), or other items which are in no way descriptive or characteristic of the individual; such information is not subject to the amendment provisions. However, the information may nevertheless be reflective upon the individual and subject to amendment if incorrect. For instance, a statement that the IRS has taken action against an individual would reflect upon the individual and should be amended if incorrect.

    2. Care should be taken that any amendment made does not trigger further actions that could result in altering matters not subject to the amendment provisions of the Privacy Act.

    3. Records may serve as a depository of information to be drawn upon for the purpose of making future determinations about an individual, or they may merely serve to record past activities. The nature of the record will determine whether the existing information to be corrected will be fully expunged from the record, or will be annotated to reflect the correction. Existing information which has already served as the basis for an IRS action or determination can not be fully expunged without distorting the historical nature which the record is intended to reflect. Care must be taken, however, that such existing information does not become the basis of future determinations.

    4. The individual is generally the most reliable source of information about himself or herself. Preference should be given to his or her statements if there is no basis for doubt. If doubt exists as to whether the correction should be made the individual may, however, be asked to supply verifying data or documentary evidence.

    5. Inaccurate information is information which is not now and never has been correct. It may be a single misstatement of fact or it may have pertained to some other individual. Such information should be corrected and should generally be completely expunged from the record.

    6. Irrelevant information may or may not be correct, but is not necessary to accomplish a purpose of the IRS required by statute or by Executive Order. Such information should be completely expunged from the record without being replaced by an amended statement.

    7. Information which is not timely may have been correct when originally recorded, but may have become out of date. Such information should not be expunged. The addition of more recently received information will clarify the individual's developing circumstances.

    8. Incomplete information is information to which the individual raises no objection other than that he or she wishes to have additional information inserted in the record. This situation does not call for expunging or altering existing information. Generally, the Service would have no objection to an individual adding information to his or her record, even though such information may seem irrelevant to interests.

    9. If the proposed amendment has been accepted, the requester will be advised and provided with a courtesy copy of the corrected record if practical. Any difference between the correction actually made and the correction requested should be explained.

    10. If it is determined that the requested amendment should not be made, the requester will be advised of the reasons for refusal and provided with a statement of procedures for applying for review of the refusal. A complete file of all denials (including a copy of the request, a copy of the portion of the record involved (if practical), and a copy of the response will be maintained. Notice 414, Rights and Procedures Under the Privacy Act of 1974, should be provided to the requester to explain appeal rights when there is a refusal to amend a record pursuant to 5 USC 552a.

Making the Amendment

  1. Whenever records are amended, the record will be clearly marked "Information expunged, corrected or added Privacy Act Request" (whichever may be appropriate) and dated.

  2. When paper records are involved, expunging the prior entry means to completely erase or otherwise render the information illegible. Corrections made without expunging the prior entry will consist of lining through the entry so as to make it apparent that it is no longer in effect, without rendering it illegible. Information added to the file may consist of entries by pen and ink or by attaching additional sheets to the record.

  3. Records other than paper will be corrected by whatever means are ordinarily available for correcting erroneous entries or inserting additional information, so long as results comparable to (1) and (2) above, are obtained.

  4. If difficulties are encountered in amending a record, contact the Associate Director, Disclosure.

  5. The foregoing instructions concerning amendment of records are intended to relate to situations in which one or more data elements within a record are to be amended or expunged, without resulting in the destruction of a record. If the amendments to be made are to result in the destruction of the entire record, or are to be so extensive so as to be tantamount to the destruction of the record, the advice of the Associate Director, Disclosure should be requested before proceeding.

Notifying Prior Recipients

  1. Whenever a record is corrected at the request of an individual pursuant to the Privacy Act, each person or agency to whom that record has previously been disclosed subsequent to September 26, 1975, must be notified of the exact nature of the correction, to the extent that accountings of disclosures were maintained and the agencies can be so identified.

  2. In order to make this notification, it must be determined by reference to the record itself or to the accounting of disclosure whether the specific portion of the record being corrected was disclosed after September 26, 1975. Only those persons or agencies who received the specific portion of the record being corrected need be notified of the correction.

  3. The usual manner of notification will be by providing the recipient with a photocopy of the amended record. In some circumstances it will be more practical to describe the correction made, rather than send a photocopy, such as when the entire correction consists of deleting information.

  4. If the corrections have been extensive and do not appear to be particularly relevant to the prior recipient's interests, or if sufficient time has passed to suggest that the recipient may not be maintaining the records disclosed any longer, the nature of the corrections may be described in sufficient detail to permit the recipient to determine if photocopies are to be requested.

Review of Refusal to Amend a Record

  1. A request for a review of a refusal to amend a record should be addressed or delivered to the Associate Director, Disclosure.

  2. The Associate Director, Disclosure will:

    1. Control the request,

    2. Prepare a proposed response, and

    3. Refer the request and proposed response to the appropriate reviewing officer for review and final determination.

  3. Requests will generally be reviewed by the function having jurisdiction over the system of records involved; except when the initial refusal was made by a Division Commissioner or equivalent, the reviewing officer will be the Deputy Commissioner.

    Exception:

    If the initial refusal was made by the Deputy Commissioner, the reviewing officer will be the Commissioner.

  4. A review is only available when there has been a refusal to amend a record which is subject to the amendment provisions. Requests for a review which is not required (such as when the system of records is exempt) may be responded to by the Associate Director, Disclosure.

  5. The Associate Director, Disclosure will evaluate the adequacy of the request for review in accordance with the following standards. The request must:

    1. Be in writing and mailed within 35 days of the date the individual was notified of an adverse determination.

    2. Be clearly marked "Request for review of adverse determination."

    3. Contain a statement that it is being made under the provisions of the Privacy Act of 1974.

    4. Contain the name and address of the individual making the request. In addition, if a particular system employs an individual's social security number as an essential means of accessing the system, the request must include that number. If the record is maintained in the names of two individuals (e.g., husband and wife), the request should include the names, addresses, and social security numbers of both individuals.

    5. Specify the particular record the individual is seeking to amend, the name and location of the system of records in which such record is maintained, and the title and business address of the designated official for such system.

    6. Include the date of the initial request for amendment of the record, and the date of the letter notifying the individual of the initial adverse determination.

    7. Clearly state the specific changes the individual wishes to make in the record and contain a concise explanation of the reasons for the changes. If the individual wished to correct or add any additional information, the request shall contain specific proposed language to make the desired correction or addition. If a copy of the initial request is attached, these requirements are satisfied.

  6. If the Associate Director, Disclosure determines that the request substantially meets the above requirements and is adequate to permit proper processing, discretion may be exercised to accept the request as filed.

  7. If the request is deficient, the requester will be provided with an appropriate explanation. A record will be maintained of the request, the response, and any related information reflective of attempts to comply with the request. Resubmitted requests will be deemed timely if the original request was timely.

  8. If the request is accepted for processing, the Disclosure Manager who prepared the original refusal will be requested to forward the file on the case and any other required materials to the Associate Director, Disclosure.

  9. The Associate Director, Disclosure will prepare a proposed determination to amend, partially amend, or not amend the record.

  10. If the determination is to amend the record:

    1. The requester will be informed accordingly; and

    2. The file will be returned to the Disclosure Manager who will coordinate with the system manager or record owner who will amend the record and inform any prior recipients of the corrections.

  11. If the determination is not to amend the record, the response to the requester will inform him or her of:

    1. The refusal and the reasons therefore;

    2. The right to file a concise statement of the requester's reasons for disagreeing with the decision of the reviewing officer;

    3. The procedures for filing a statement of disagreement;

    4. That any such statement will be made available to anyone to whom the record is subsequently disclosed;

    5. That prior recipients of the disputed record will be provided a copy of any statement of dispute to the extent that an accounting of disclosures was maintained; and

    6. The right to seek judicial review of the refusal to amend a record.

  12. If the determination is to partially amend the record, the requester will be informed accordingly.

    Note:

    Whenever a reviewing officer denies a request to amend in full or in part, the file should be retained in anticipation of possible litigation.

Statement of Disagreement

  1. An individual who disagrees with a final determination not to amend a record that is subject to amendment under the Privacy Act may submit a concise statement for insertion in the record, stating the reasons for disagreement with the refusal of the reviewing officer.

  2. A statement of disagreement should be addressed to or delivered in person to the Associate Director, Disclosure.

  3. The Associate Director, Disclosure will forward the statement to the appropriate designated official for insertion in the individual's record.

    Note:

    Whenever physically possible, the contested entries in the record will be bracketed and a notation placed on the record: "See attached Statement of Disagreement ."

  4. The Statement of Disagreement will be provided to all future recipients of the applicable portion of the record.

  5. The Disclosure Manager will follow the procedures in IRM 11.3.18.5.4 above, to ensure that prior recipients are notified of any Statement of Disagreement filed on the same basis as a correction.

Requests for Access to Accountings of Disclosure of a Privacy Act Record

  1. Subsection (c)(3) of the Privacy Act provides that accountings of disclosures made pursuant to the Privacy Act will be available to the individual named in the record at his or her request.

    Exception:

    IRC §6103(p)(3)(A) exempts certain tax disclosures from the Privacy Act accounting requirements.

  2. Certain systems of records are exempt from the above requirement in accordance with the Notice of Exempt Systems.

  3. A further exemption is provided for accountings of disclosures made pursuant to subsection (b)(7):

    "...to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought."

Form of Request

  1. The request must originate from an individual and must be for an accounting of disclosures that relates to records subject to the Privacy Act.

  2. The request must be in writing and signed by the individual.

  3. Identification sufficient to meet the requirements discussed in IRM 11.3.18.4 above, must be provided.

  4. Requests seeking access to accountings of disclosures maintained on non-tax records, i.e., Form 5482, Record of Disclosure (Privacy Act of 1974), must be sufficiently specific (generally stating the particular record and/or system of records, and the location in which maintained) to permit an orderly search of Form 5482 files.

  5. See IRM 11.3.37 , Recordkeeping and Accounting for Disclosures, for processing requests for access to accountings of disclosures.

Processing Requests

  1. Time limits and general processing steps for requests for access to accountings of disclosures are the same as those provided for general access requests in IRM 11.3.18.3, above.

  2. The Disclosure Manager will obtain the Forms 5482 necessary to process a request pertaining to non-tax records and/or will input the request for the accounting of the disclosure portion of the Privacy Act accounting transcript.

  3. Command Code PATRA is entered on IDRS to generate accountings of disclosures. Disclosure Managers must enter the command code on IDRS, pursuant to instructions provided for all requests of taxpayers desiring an accounting of disclosures pertaining to themselves.

  4. Once the Privacy Act accounting transcript is generated, the Disclosure Manager must interpret the entries and prepare a response, informing the requester that the listed items represent those accountings of disclosures which are maintained and required to be made available pursuant to the Privacy Act of 1974.

  5. The listed items should consist of:

    1. Date, nature, and purpose of the disclosure;

    2. System of records or specific record disclosed;

    3. Name of recipient agency, activity or person; and

    4. City and state address of recipient, if available.

  6. The response will be signed by the Disclosure Manager or other delegated official.

    Reminder:

    No appeal rights are provided.

    Caution:

    Do not release information from a Form 5482 if the disclosure was made from an exempt system or the box for (b)(7) is checked.

    Note:

    There is no responsibility to perform additional research in order to establish a basis for releasing a (b)(7) disclosure.

Exemptions

  1. In order to prevent a requester from obtaining premature knowledge of the existence of an investigation and thereby defeating the law enforcement process, accountings of disclosures must be reviewed prior to release and those which are exempt should be withheld.

  2. The method for determining which accountings of disclosures are to be withheld will be a process of elimination. By following these instructions in the order presented, the largest and most obvious categories to be withheld or to be released can be eliminated first, leaving only a small residue of determinations requiring a more careful analysis.

  3. Begin by examining the entry which appears after the line "Information Was Obtained From The System of Records Known As."

    If Then
    The entry does not identify a current or former Privacy Act system of records Withhold the accounting of disclosures, as no right of access exists, and eliminate from further consideration
    The entry identifies a current or former Privacy Act system of records for which any exemption has been established Withhold the accounting of disclosures and eliminate from further consideration
  4. The remaining accountings of disclosures will consist exclusively of items that are subject to the Privacy Act and that are not exempt from being made available to the subject by virtue of a (j) or (k) exemption.

    Caution:

    Further analysis will be required to determine if the accounting should be withheld because it relates to a (b)(7) request.

  5. Examine the entry which appears after the line "Method in Which Information Was Released."

    If Then
    This entry reads "Master File Tape Extract" Release the accounting and eliminate from further consideration.
  6. Examine the entry which appears after the line "Purpose And Authorization." These entries and their input codes are contained in IRM Exhibit 11.3.37-6, Multiple Record of Disclosure.

    If Then
    The entry refers to a reversal of a prior recordation Withhold the accounting and eliminate from further consideration
    The entry refers to one of the following:
    • IRC §6103(i)(3) to Federal or State officials or employees

    • IRC §6103(i)(7)(A)(i) or (i)(8) to GAO

    • IRC §6103(j) for statistical use

    • IRC §6103(k)(3) to correct misstatement of fact

    Release the accounting and eliminate from further consideration
    The entry refers to one of the following:
    • A (b)(7) disclosure may possibly (but not necessarily) have taken place

    • IRC §6103(d) to State tax officers

    • IRC §6103(f) and IRC §6405(a) to committees of Congress

    • IRC §6103(g) to the President or other persons for tax checks

    • IRC §6103(h)(3) to Department of Justice

    • IRC §6103(i)(1), (i)(5), and (i)(7)(C) to Federal officers pursuant to court order

    • IRC §6103(i)(2), or (i)(7)(A), or (i)(7)(B) to Department of Justice and other Federal employees for certain investigatory intelligence use

    • IRC §6103(k)(4) to competent authority of a foreign government

    • IRC §6103(k)(5) to State agencies for regulating tax return preparers

    • IRC §6103(l)(2) to the Department of Labor/Pension Benefit Guaranty Corporation

    • IRC §6103(l)(6) to child support enforcement agencies

    These items will require further consideration
  7. If the accounting showed any of the entries listed in (6) above, or was not eliminated by a prior step, further research will be necessary to obtain information to determine if a (b)(7) disclosure which should be withheld was involved.

    1. As (b)(7) disclosures are likely to have been processed by Disclosure Managers, utilize the name of the taxpayer and the date of disclosure to search disclosure files or correspondence controls.

    2. The Document Locator Number (DLN), may be utilized to determine the office in which the disclosure was made so that assistance may be requested from the appropriate Disclosure Manager.

    3. If the Disclosure Manager feels a search would be productive, the DLN may be utilized to retrieve the Form 5466-B, Multiple Records of Disclosure, which may have additional information in the remarks section or any attachments.

  8. If the foregoing search fails to produce information necessary to make a determination, withhold the accounting.

  9. In applying the foregoing instructions pertaining to (b)(7) disclosures, it will not be necessary to withhold an accounting of disclosure if information is:

    1. Available that the investigation which prompted the disclosure has become a matter of public record;

    2. Known to the requester; or

    3. No longer needing to be protected.

      Note:

      There is no responsibility to perform additional research in order to establish a basis for releasing a (b)(7) disclosure.