as the circumstances in §504.2(i)(2)(ii) through (iv).

(3) Coordination. When a delay of notice is appropriate, the law enforcement office involved will consult with the supporting staff judge advocate to obtain such a delay. Applications for delays of notice should contain reasonable detail.

(4) After delay expiration. Upon the expiration of a delay of notice under above and required by—

(i) Section 504.2(d)(1), the law enforcement office obtaining financial records will mail to the customer a copy of the search warrant and the following notice.

Records or information concerning your transactions held by the financial institution named in the attached search warrant were obtained by this (agency or office) on (date). Notification was delayed beyond the statutory 90-day delay period pursuant to a determination by the court that such notice would seriously jeopardize an investigation concerning (state with reasonable detail). You may have rights under the Right to Financial Privacy Act of 1978.

(ii) Section 504.2(f)(3), the law enforcement office obtaining financial records will serve personally or mail to the customer a copy of the process or request and the following notice:

Records or information concerning your transactions which are held by the financial institution named in the attached process or request were supplied to or requested by the government authority named in the process or request on (date). Notification was withheld pursuant to a determination by the (title of the court so ordering) under the Right to Financial Privacy Act of 1978 that such notice might (state reason). The purpose of the investigation or official proceeding was (state purpose with reasonable detail).

(iii) Section 504.2(g)(3), the law enforcement office obtaining financial records will serve personally or mail to the customer a copy of the request and the notice required by § 504.2(g)(3).

(iv) Section 504.2(h)(2), the law enforcement office transferring financial records will serve personally or mail to the customer the notice required by § 504.2(f)(3). If the law enforcement office was responsible for obtaining the court order authoriziang the delay, such office shall also serve personally

or by mail to the customer the notice required in § 504.2(f)(3).

(5) Annual reports. The annual reporting requirements of §504.2(m) apply to delays of notice sought or granted under this paragraph.

(j) Foreign intelligence and foreign counterintelligence activities. (1) Except as indicated below, nothing in this regulation applies to requests for financial information in connection with authorized foreign intelligence and foreign counterintelligence activities as de

fined in Executive Order 12036. Appropriate foreign intelligence and counterintelligence directives should be consulted in these instances.

(2) However, to comply with the Financial Privacy Act of 1978, the following guidance will be followed for such requests. When a request for financial records is made

(i) A military intelligence group commander, the chief of an investigative control office, or the Commanding General (or Deputy CG), US Army Intelligence and Security Command, will certify to the financial institution that the requesting activity has complied with the provisions of 12 U.S.C. 3403(b).

(ii) The requesting official will notify the financial institution from which records are sought that 12 U.S.C. 3414(a)(3) prohibits disclosure to any person by the institution, its agents, or employees that financial records have been sought or obtained.

(3) The annual reporting requirements shown in §504.2(m) apply to any request for access under this section.

(k) Certification. A certificate of compliance with the Right of Financial Privacy Act of 1978 (app. C) will be provided to the financial institution as a prequisite to obtaining access to financial records under the following access procedures:

(1) Customer consent (§ 504.2(b)). (2) Search warrant (§ 504.2(d)). (3) Judicial subpoena (§ 504.2(e)). (4) Formal written request (§ 504.2(f)). (5) Emergency access (§ 504.2(g)). (6) Foreign intelligence and foreign counterintelligence activities (§504.2

(j)).

(1) Penalties. Obtaining or disclosing financial records or financial information on a customer from a financial institution in violation of the Act or this

regulation may subject the Army to payment of civil penalties, actual damages, punitive damages as the court may allow, and cost with reasonable attorney fees. Military and civilian personnel who willfully or intentionally violate the Act or this regulation may be subject to disciplinary action.

(m) Right to Financial Privacy Act of 1978 Annual Report (RCS DDCOMP(A)1538). (1) Major Army commanders will submit this report to HQDA(DAPE-HRE) concerning requests for financial information from financial institutions. Reports are to include all queries requested or information obtained under the provisions of this regulation by subordinate Army law enforcement offices (as defined in § 504.1(c)(6)). Negative reports will be submitted.

the

(iv) Customer challenges to transfer of information and whether they were successful.

(v) Applications for delay of notice, the number granted, and the names of the officials requesting such delays.

(vi) Delay of notice extensions sought and the number granted.

(vii) Refusals by financial institutions to grant access, by category of authorization, such as customer consent or formal written request.

(4) A consolidated Army report will be submitted by HQDA(DAPE-HRE) to the Defense Privacy Board, Office of the Deputy Assistant Secretary of Defense (Administration), by 15 February each year.

Chief Teller (as appropriate), First National Bank, Little Rock, AR 72203. Dear Mr./Mrs. : In connection with a legitimate law enforcement inquiry and pursuant to section 3414(g) of the Right to Financial Privacy Act of 1978, section 3401 et seq., Title 12, United States Code, you are requested to provide the following account information: (name, address, account number, and type of account of any customer or ascertainable group of customers associated with a certain financial transaction or class of financial transactions as set forth in § 504.1(f)).

I hereby certify, pursuant to section 3403(b) of the Right to Financial Privacy Act of 1978, that the provisions of the Act have been complied with as to this request for account information.

(Official Signature Block)

Under section 3417(c) of the Act, good faith reliance upon this certification relieves your institution and its employees and agents of any possible liability to the subject in connection with the disclosure of the requested financial records.

APPENDIX B TO PART 504 CUSTOMER CONSENT AND AUTHORIZATION FOR ACCESS SAMPLE FORMAT

Pursuant to section 3404(a) of the Right to Financial Privacy Act of 1978, I, (name of customer), having read the explanation of my rights on the reverse side, hereby authorize the (name and address of financial institution) to disclose these financial records: (list of particular financial records) to (Army law enforcement office) for the following purpose(s): (specify the purpose(s)).

I understand that this authorization may be revoked by me in writing at any time before my records, as described above, are disclosed, and that this authorization is valid for no more than 3 months from the date of my signature.

Date: Signature: (Typed name)

(Mailing address of customer)

STATEMENT OF CUSTOMER RIGHTS UNDER THE RIGHT TO FINANCIAL PRIVACY ACT OF 1978

Federal law protects the privacy of your financial records. Before banks, savings and loan associations, credit unions, credit card issuers, or other financial institutions may give financial information about you to a

Federal agency, certain procedures must be followed.

Consent to Financial Records

You may be asked to consent to the financial institution making your financial records available to the Government. You may withhold your consent, and your consent is not required as a condition of doing business with any financial institution. If you give your consent, it can be revoked in writing at any time before your records are disclosed. Futhermore, any consent you give is effective for only 3 months and your financial institution must keep a record of the instances in which it discloses your financial information.

Without Your Consent

Without your consent, a Federal agency that wants to see your financial records may do so ordinarily only by means of a lawful subpoena, summons, formal written request, or search warrant for that purpose. Generally, the Federal agency must give you advance notice of its request for your records explaining why the information is being sought and telling you how to object in court. The Federal agency must also send you copies of court documents to be prepared by you with instructions for filling them out. While these procedures will be kept as simple as possible, you may want to consult an attorney before making a challenge to a Federal agency's request.

Exceptions

In some circumstances, a Federal agency may obtain financial information about you without advance notice or your consent. In most of these cases, the Federal agency will be required to go to court for permission to obtain your records without giving you notice beforehand. In these instances, the court will make the Government show that its investigation and request for your records are proper. When the reason for the delay of notice no longer exists, you will usually be notified that your records were obtained.

Transfer of Information

Generally, a Federal agency that obtains your financial records is prohibited from transferring them to another Federal agency unless it certifies in writing the transfer is proper and sends a notice to you that your records have been sent to another agency.

Penalties

If the Federal agency or financial institution violates the Right to Financial Privacy Act, you may sue for damages or seek compliance with the law. If you win, you may be repaid your attorney's fee and costs.

The Army has no authority to issue an administrative summons or subpoena for access to these financial records which are required for (describe the nature or purpose of the inquiry).

A copy of this request was (personally served upon or mailed to) the subject on (date) who has (10 or 14) days in which to challenge this request by filing an application in an appropriate United States district court if the subject desires to do so.

Upon expiration of the above mentioned time period and in the absence of any filing or challenge by the subject, you will be furnished a certification certifying in writing that the applicable provisions of the Act have been complied with prior to obtaining the requested records. Upon your receipt of a Certificate of Compliance with the Right to Financial Privacy Act of 1978, you will be relieved of any possible liability to the subject in connection with the disclosure of the requested financial records. (Official Signature Block)

d. Be prepared to come to court and present your position in further detail.

You do not need to have a lawyer, although you may wish to employ one to represent you and protect your rights.

If you do not follow the above procedures, upon the expiration of (10 days from the date of personal service) (14 days from the date of mailing) of this notice, the records or information requested therein may be made available.

These records may be transferred to other Government authorities for legitimate law enforcement inquiries, in which event you will be notified after the transfer if such transfer is made.

3 Inclosures (see para(Signature)

PART 505-THE ARMY PRIVACY PROGRAM

Sec.

505.1 General information.

505.2 Individual rights of access and amend

ment.

505.3 Disclosure of personal information to other agencies and third parties.

505.4 Record-keeping requirements under the Privacy Act.

505.5 Exemptions.

APPENDIX A TO PART 505-EXAMPLE OF SYSTEM OF RECORDS NOTICE

APPENDIX B TO PART 505-EXAMPLE OF REPORT FOR NEW SYSTEM OF RECORDS APPENDIX С TO PART 505-PROVISIONS OF THE

PRIVACY ACT FROM WHICH A GENERAL OR SPECIFIC EXEMPTION MAY BE CLAIMED APPENDIX D TO PART 505-GLOSSARY OF TERMS

AUTHORITY: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).

SOURCE: 50 FR 42164, Oct. 18, 1985, unless otherwised noted.

§ 505.1

General information.

(a) Purpose. This regulation sets forth policies and procedures that govern personal information kept by the Department of the Army in systems of records.

(b) References (1) Required publications. (i) AR 195–2, Criminal Investigation Activities. (Cited in § 505.2(j))

(ii) AR 340-17, Release of Information and Records from Army Files. (Cited in §§ 505.2(h) and 505.4(d))

(iii) AR 430-21-8, The Army Privacy Program; System Notices and Exemption Rules for Civilian Personnel Functions. (Cited in § 505.2(i))

(iv) AR 380-380, Automated System Security. (Cited in § 505.4(d) and (f))

(2) Related publications. (A related publication is merely a source of additional information. The user does not have to read it to understand this regulation.)

(i) DOD Directive 5400.11, DOD Privacy Program.

(ii) DOD Regulation 5400.11-R, DOD Privacy Program.

(iii) Treasury Fiscal Requirements Manual. This publication can be obtained from The Treasury Department, 15th and Pennsylvania Ave., NW, Washington, DC 20220

(c) Explanation of abbreviations and terms. Abbreviations and special terms used in this regulation are explained in the glossary.

(d) Responsibilities. (1) The Director of Information Systems for Command, Control, Communications, and Computers (DISC4) is responsible for issuing policy and guidance for the Army Privacy Program in consultation with the Army General Counsel.

(2) The Commander, U.S. Army Information Systems Command is responsible for developing policy for and executing the Privacy Act Program under the policy and guidance of the DISC4.

(3) Heads of Joint Service agencies or commands for which the Army is the Executive Agent, or otherwise has responsibility for providing fiscal, logistical, or administrative support, will adhere to the policies and procedures in this regulation.

(4) Commander, Army and Air Force Exchange Service (AAFES), is responsible for the supervision and execution of the privacy program within that command pursuant to this regulation.

(e) Policy. Army Policy concerning the privacy rights of individuals and the Army's responsibilities for compliance with operational requirements established by the Privacy Act are as follows:

(1) Protect, as required by the Privacy Act of 1974 (5 U.S.C. 552a), as amended, the privacy of individuals from unwarranted intrusion. Individuals covered by this protection are living citizens of the United States and aliens lawfully admitted for permanent residence.

(2) Collect only the personal information about an individual that is legally authorized and necessary to support Army operations. Disclose this information only as authorized by the Privacy Act and this regulation.

(3) Keep only personal information that is timely, accurate, complete, and relevant to the purpose for which it was collected.

(4) Safeguard personal information to prevent unauthorized use, access, disclosure, alteration, or destruction.

(5) Let individuals know what records the Army keeps on them and let them review or get copies of these records, subject to exemptions authorized by law and approved by the Secretary of the Army. (See §505.5.)

(6) Permit individuals to amend records about themselves contained in Army systems of records, which they can prove are factually in error, not up-to-date, not complete, or not relevant.

(7) Allow individuals to ask for an administrative review or decisions that deny them access to or the right to amend their records.

(8) Maintain only information about an individual that is relevant and necessary for Army purposes required to be accomplished by statute or Executive Order.

(9) Act on all requests promptly, accurately, and fairly.

(f) Authority. The Privacy Act of 1974 (5 U.S.C. 552a), as amended, is the statutory basis for the Army Privacy Program. With in the Department of Defense, the Act is implemented by DOD Directive 5400.11 and DOD 5400.11-R. The Act Assigns

(1) Overall Government-wide responsibilities for implementation to the Office of Management and Budget.

(2) Specific responsibilities to the Office of Personnel Management and the General Services Administration.

(g) Access and Amendment Refusal Authority (AARA). Each Access and Amendment Refusal Authority (AARA) is responsible for action on requests for access to, or amendment of, records referred to them under this part. The officials listed below are the only AARA for records in their authority. Authority may be delegated to an officer or