Research Policy Analysis and Coordination

This Act applies generally to all federal executive and military agencies and departments. Government-owned contractor-operated facilities are specifically exempt.

The Act covers all "collection of information" activities when an agency obtains or solicits information from ten or more persons.  Collection of information activities include federal agency requirements or requests which:

(A) means the obtaining, causing to be obtained, soliciting, or requiring the disclosure to third parties or the public, of facts or opinions by or for an agency, regardless of form or format, calling for either--

(i) answers to identical questions posed to, or identical reporting or recordkeeping requirements imposed on, ten or more persons, other than agencies, instrumentalities, or employees of the United States; or

(ii) answers to questions posed to agencies, instrumentalities, or employees of the United States which are to be used for general statistical purposes; Such requirements or requests include:

--written forms, schedules or questionnaires;

--regulations, policy statements or instructions;

--contracts, agreements, RFPs, procurement requirements; or

--oral communications.

See 5 CFR Part 1320.3 for specific applicability and exceptions. LEAD AGENCY Office of Management and Budget

Summary of Provision

Agencies shall not engage in a collection of information without obtaining an OMB approval and displaying a currently valid OMB control number and expiration date.  Control numbers must be displayed on all federal forms and in federal regulations that include a collection of information requirement. (If the collection falls outside the scope of the FPRA because it is directed to nine or fewer persons, potential respondents must be so informed.) To obtain OMB approval, the collection must:

(1) be the least burdensome necessary for the proper performance of the agency's function;

(2) be not duplicative of information otherwise accessible to the agency; and

(3) have practical utility.  “The agency shall also seek to minimize the cost to itself of collecting, processing, and using the information, but shall not do so by means of shifting disproportionate costs or burdens onto the public.”The public shall have opportunities to participate in and provide comments during the OMB collection of information clearance and approval process. UNIVERSITY IMPLEMENTATION Contract and Grant Manual, Sections 17-400 and 17-410.

 External Requirements Federal

17-F02  Federal Privacy Act of 1974

Implementing Regulations

OMB Privacy Guidance

OMB Circular No. A-130, Management of Federal Information Resources, Appendix I, "Federal Agency Responsibilities for Maintaining Records About Individuals"

FAR Part 24, Protection of Privacy and Freedom of Information, and FAR Clauses 52.224-1, Privacy Notification, and 52.224-2, Privacy Act Individual federal agency regulations

Purpose

The Federal Privacy Act of 1974 is intended to assure that personal information about individuals collected by federal agencies is limited to what is authorized and necessary and is maintained in a manner that precludes unwarranted intrusions upon individual privacy.

Lead Agency

Office of Management and Budget

Summary of Provisions

Records under Federal Contracts:

a. Applicability

The applicability provision of the Federal Privacy Act for federal government contractors is the definition of “record” in  5 USC 552(a), which includes:

(2) "record" and any other term used in this section in reference to information include

(A) any information that would be an agency record subject to the requirements of this section when maintained by an agency in any format, including an electronic format; and

(B) any information described under subparagraph (A) that is maintained for an agency by an entity under Government contract, for the purposes of records management.

Subsection (m) of the Act stipulates that “systems of records operating under contract or, in some instances, State or local governments operating under Federal mandates by or on behalf of the agency ….to accomplish an agency function are subject to provisions of Section 3 of the Act.”

When an agency provides by a contract for the operation of a system of records by or on behalf of the agency to accomplish an agency function, the agency applies the requirement of this section to be applied to such system.

OMB Privacy Guidance, which provides federal agencies with implementing guidelines for the Federal Privacy Act, clarifies the Act's applicability language as follows:

Not only must the terms of the contract provide for the operation (as opposed to design) of such a system, but the operation of the system must be to accomplish an agency function. This was intended to limit the scope of coverage to those systems actually taking the place of a Federal system which, but for the contract, would have been performed by an agency and covered by the Privacy Act.

Additional information and background regarding the applicability of the Privacy Act to the University is provided via RPAC  Contract and Grant Memo.

b.Summary of Provisions 

For those federal contracts to the University that are covered by the Federal Privacy Act, the Act's requirements and standards are lengthy and complex.  Contracts and Grants Officers should work closely with their local Coordinators of Information Practices to assess and understand the applicable provisions of the Privacy Act on a case-by-case basis.

For your information, provisions of the Federal Privacy Act generally concern:

(1) identification of systems of records and assessment of the appropriateness of information contained in such records,

(2) public notification of the existence and description of systems of records,

(3) the appropriate sources of information about individuals and the individuals' right to know the source of information,

(4) requirements to inform individuals about their rights and obligations when collecting information from such individuals,

(5) disclosure and protection of records on individuals, (6) maintenance of records on disclosure,

(7) accuracy and fairness of information in records,

(8) access to and correction of records by the individual about whom the record pertains,

(9) obligation to notify record reviewers of amendments to or disputes about records,

(10) flow down of Privacy Act provisions to subcontractors,

(11) records' employee training, and

(12) civil and criminal sanctions for violations of provisions.

c. Primary University Responsibility

Contract and Grant Officers should not accept any contract provision that requires the University to comply with the provisions of the Federal Privacy Act of 1974 in accordance with the University's policy implementation as discussed in the following Section.

The Office of General Counsel is responsible for reviewing any contract document that includes provisions of the Federal Privacy Act.

More generally, the responsibility to assure that the University comply with general requirements of the Federal Privacy Act, when it is applicable, is shared by numerous University personnel at all levels. An overview of such responsibilities is presented in Section 17-S01.

d. University Implementation

In general, primary University guidance regarding the Federal Privacy Act is found in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information. Additional procedural guidance for Contract and Grant Officers is provided via Contract and Grant Memo.

Any contract provision making the University subject to the Federal Privacy Act of 1974 is unacceptable unless the Statement of Work sets out in specific terms that the University assumes a function of the Federal sponsoring agency in designing, developing, or operating a system of records on individuals. If it has been determined that the University is indeed undertaking in a contract an obligation to operate on behalf of a Federal agency a "system of records to accomplish an agency function," the inclusion of a Federal Privacy Act clause would thereby become acceptable in principle. Such a clause should, however, also contain language that limits the obligation of the University, in complying with the Federal Privacy Act, to the scope and terms of the contract being entered into. It is important to avoid language that would extend the University's agreement to the terms of the Federal Privacy Act beyond the scope of work of the contract. In addition, it is desirable that the contract language clearly specify measures required of the University to comply with the privacy of information requirements.

Any contract that does include a Federal Privacy Act clause should be submitted to the Office of the General Counsel for review prior to execution (see Chapter 13, Section  13-332, of this Manual).

a. Applicability

The Federal Privacy Act does pertain to the University in relation to use of social security numbers.

b. Summary of Provisions

Provisions of the Federal Privacy Act regarding use of social security numbers are summarized in Section III of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.

While the Federal Privacy Act does limit the University's authority to require employees to disclose to the University their social security numbers and limits the University's use of those numbers, the Act does not prohibit the University from disclosing social security numbers in its records to governmental agencies that have a statutory right to obtain them. These agencies should offer evidence of the law upon which they rely.

c. Primary University Responsibility

The responsibility to assure that the University complies with the social security number related provisions of the Federal Privacy Act is shared by numerous University personnel as outlined in Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities. An overview of the assignment of these responsibilities is presented under Primary University Responsibility, Section 17-S01.

Implementing Regulation

5 USC 552

Purpose

The Freedom of Information Act (FOIA) provides for public access to records of federal agencies. Under the FOIA, federal agencies must make agency records available to the public, unless the records fall into certain narrow exemptions.

Applicability

a. General

The provisions of the federal FOIA apply to records of federal agencies.  Regarding the applicability of FOIA provisions to grantee records, the U.S. Supreme Court in Forsham v. Califano, 587 F.2d 1128 (D.C. Cir. 1978) held that:

Written data generated, owned, and possessed by a privately controlled organization receiving Federal study grants are not agency records within the meaning of the Act when copies of those data have not been obtained by a Federal agency subject to the FOIA. Federal participation in the generation of the data by means of a grant from HEW does not make the private organization a Federal 'agency' within the terms of the Act....

Grants of federal funds generally do not create a partnership or joint venture with the recipient, nor serve to convert the acts to governmental acts absent extensive, detailed, and virtually day-to-day supervision.  Thus, records held by a grantee are not generally subject to the FOIA.  Even records held by the recipient of a federal cooperative agreement are generally not covered by the FOIA, since the requisite "extensive, detailed, and virtually day-to-day supervision" of the federal agency over the recipient, which may require that recipient records be considered agency records, is usually not present.

However, any University record actually transferred to a federal agency becomes an agency record subject to the FOIA.  Such University records in the possession of a federal agency would, therefore, be available for public access.  The FOIA, however, does authorize (though does not mandate) agencies to withhold certain agency records that fall into the FOIA's exemption categories.

b. Extramural Sponsored Projects Proposals

University proposals submitted to extramural federal sponsors become agency records under the FOIA.  Federal agencies may, however, apply FOIA Exemption 4 to such proposals (or to portions of such proposals), thus protecting them from public access.

Exemption 4 of the Act concerns matters that are "trade secrets and commercial or financial information obtained from a person and [that are] privileged or confidential."

c. Extramural Awards

Award documents in the custody of a federal agency are subject to the FOIA.  Agencies typically do not consider such documents protected under Exemption 4 of the FOIA and routinely release such documents to the public upon request.

Implementing Regulation

Each federal agency has developed its own implementing regulations.

Summary of Provisions

University records are not directly covered by the FOIA.  Generally, the Act provides for public access to federal records, comparable, but not identical in its coverage to public access requirements of the California Public Records Act (see Section 17-S01).

Primary University Responsibility

Contracts and Grants Officers must be aware that any records transferred to a federal agency will be available for release to the public under the FOIA and, even though the records may fall under a FOIA exemption, federal agencies are not precluded from disclosing exempted records. Interpretations of exemption criteria may vary from agency to agency. More generally, the responsibility to ensure that the University protects its records from inappropriate release under the FOIA is shared by numerous University personnel at all levels. An overview of such responsibilities is presented under Primary University Responsibility, Section 17-S01.

University Implementation

Because University records are not directly covered by the FOIA, no specific University implementation has been issued.

External Requirements Federal

17-F04  2 CFR 215, Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations (OMB Circular A-110), Section 215.53, Retention and Access Requirements for Records

Purpose

The purpose of OMB Circular A-110, Section 215.53, is to set forth criteria and procedures to be followed by federal sponsoring agencies in requiring recipients to maintain and retain grant and cooperative agreement records.

Applicability

The standards promulgated in Section 215.53, are applicable to all federal agencies in their administration of grants to, and other agreements with, public and private institutions of higher education, public and private hospitals, and other quasi-public and private non-profit organizations.  The term "other agreements" does not include procurement contracts, but does include cooperative agreements.

Summary of Provisions

The following is the complete text of Section 215.53, Retention and Access Requirements for Records:

215.53 Retention and access requirements for records.

(a) This section sets forth requirements for record retention and access to records for awards to recipients. Federal awarding agencies shall not impose any other record retention or access requirements upon recipients.

(b) Financial records, supporting documents, statistical records, and all other records pertinent to an award shall be retained for a period of three years from the date of submission of the final expenditure report or, for awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, as authorized by the Federal awarding agency. The only exceptions are the following.

(1) If any litigation, claim, or audit is started before the expiration of the 3-year period, the records shall be retained until all litigation, claims or audit findings involving the records have been resolved and final action taken.

(2) Records for real property and equipment acquired with Federal funds shall be retained for 3 years after final disposition.

(3) When records are transferred to or maintained by the Federal awarding agency, the 3- year retention requirement is not applicable to the recipient.

(4) Indirect cost rate proposals, cost allocations plans, etc. as specified in paragraph Sec. 215.53(g).

(c) Copies of original records may be substituted for the original records if authorized by the Federal awarding agency.

(d) The Federal awarding agency shall request transfer of certain records to its custody from recipients when it determines that the records possess long term retention value. However, in order to avoid duplicate recordkeeping, a Federal awarding agency may make arrangements for recipients to retain any records that are continuously needed for joint use.

(e) The Federal awarding agency, the Inspector General, Comptroller General of the United States, or any of their duly authorized representatives, have the right of timely and unrestricted access to any books, documents, papers, or other records of recipients that are pertinent to the awards, in order to make audits, examinations, excerpts, transcripts and copies of such documents. This right also includes timely and reasonable access to a recipient's personnel for the purpose of interview and discussion related to such documents. The rights of access in this paragraph are not limited to the required retention period, but shall last as long as records are retained.

(f) Unless required by statute, no Federal awarding agency shall place restrictions on recipients that limit public access to the records of recipients that are pertinent to an award, except when the Federal awarding agency can demonstrate that such records shall be kept confidential and would have been exempted from disclosure pursuant to the Freedom of Information Act (5 U.S.C. 552) if the records had belonged to the Federal awarding agency.

(g) Indirect cost rate proposals, cost allocations plans, etc. Paragraphs (g) (1) and (g) (2) apply to the following types of documents, and their supporting records: indirect cost rate computations or proposals, cost allocation plans, and any similar accounting computations of the rate at which a particular group of costs is chargeable (such as computer usage chargeback rates or composite fringe benefit rates).

(1) If submitted for negotiation. If the recipient submits to the Federal awarding agency or the subrecipient submits to the recipient the proposal, plan, or other computation to form the basis for negotiation of the rate, then the 3-year retention period for its supporting records starts on the date of such submission.

(2) If not submitted for negotiation. If the recipient is not required to submit to the Federal awarding agency or the subrecipient is not required to submit to the recipient the proposal, plan, or other computation for negotiation purposes, then the 3-year retention period for the proposal, plan, or other computation and its supporting records starts at the end of the fiscal year (or other accounting period) covered by the proposal, plan, or other computation.

Primary University Responsibility

The Office the General Counsel, Office of Public Records, publishes guidance on access to University records. Each campus and LBNL has  Information Practices Coordinators responsible for guidance and responses to records requests to campuses.  OP Information Technology Services is responsible for University policies on records management and privacy.

University Implementation

University records retention requirements are contained in the Records Disposition Schedules Manual.

External Requirements State

17-S01 California Public Records Act

Implementing Regulation

State of California Government Code 6250 et seq.

Purpose

The California Public Records Act declares that access to information concerning the conduct of the people's business is a fundamental and necessary right of every person in the State.  Unless exempted, public records are open to inspection at all times during the regular office hours, and are subject to inspection and copying by every person except as provided in the Act (Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information).

Applicability

The California Public Records Act applies to the University.

Summary of Provisions

a. The California Public Records Act defines public records as:

any writing containing information relating to the conduct of the public's business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics. 

……………………

"Writing" means any handwriting, typewriting, printing, photostating, photographing, photocopying, transmitting by electronic mail or facsimile, and every other means of recording upon any tangible thing any form of communication or representation, including letters, words, pictures, sounds, or symbols, or combinations thereof, and any record thereby created, regardless of the manner in which the record has been stored.

The Act provides that such records are open to inspection at all times during the office hours of the University and every person has a right to inspect any public record, with some exceptions as discussed below.

b. Right to Copy of Public Records; Time Limits

The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.2.

Any person may receive a copy of any identifiable public record or copy thereof. The University is required to determine within 10 days after receipt of a records request whether or not to comply with the request and to notify the person making the request of such determination and the reasons therefore. In unusual circumstances, as specified below, the time limit may be extended by written notice to the person making the request. The notice will set forth the reasons for the extension and the date on which a determination is expected to be dispatched. No notice shall specify a date that would result in an extension for more than 10 working days. "Unusual circumstances" means:

(1) The need to search for and collect the requested records from field facilities or other establishments that are separate from the office processing the request.

(2) The need to search for, collect, and appropriately examine a voluminous amount of separate and distinct records that are demanded in a single request.

(3) The need for consultation, which shall be conducted with all practicable speed, among two or more components of the University having substantial subject matter interest therein.

c. Denial of Request for Records

The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.3.

Any notification of denial of any request for records shall set forth the names and titles or positions of each person responsible for the denial.

d. Fees for Copies

The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.4.

A fee may be charged for copies of records, or information produced therefrom, covering the direct costs of duplication.

e. Records Exempt from Disclosure Requirements

Business and Finance Bulletin RMP-8, Section VI.C., provides a summary of those types of records for which there are statutory exemptions from the California Public Records Act disclosure requirements.  The following exemptions may be of particular interest to Contracts and Grants Officers:

Preliminary drafts, notes, or inter-agency or intra-University memoranda not retained by the University in the ordinary course of business, provided that the public interest in withholding those records clearly outweighs the public interest in disclosure.………………….

The University may withhold any records for which it can be demonstrated that the public interest served by not making the record public clearly, not minimally, outweighs the public interest served by disclosure of the record. The interest of the public and not just the interest of the University is to be considered. Generally speaking, campus  Information Practices Coordinators and/or the  Office of the General Counsel should be consulted to determine whether or not in fact a public interest argument can be defended in relation to a particular record. It should be noted, however, that under the Act, once the University discloses a public record that is otherwise exempt from the provisions of the Public Records Act to any member of the public, that disclosure generally shall constitute a waiver of the exemptions for that document or type of document.

Lead Agency

The State of California Office of the Attorney General

Primary University Responsibility

The responsibility to assure that the University complies with the complex and broad requirements of the California Public Records Act is shared by numerous University personnel as outlined in Section IV of Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities.  OP Information Technology Services has universitywide policy responsibility for records and information practices, including records retention and destruction, privacy of information, and access to information.  Policy development is coordinated by the University Records Management Committee.

The Office of the General Counsel (OGC) provides guidance, as appropriate, on overall records privacy and access policy and procedural guidance to campuses, LBNL, and Office of the President, as well as liaison with the State Office of Information Practices.  Within OGC, the Office of Public Records oversees disclosure of Office of the President records’ requests. As stated in RMP-7,

(1) Chancellors, Laboratory Director, the Executive Vice President—Business Operations, and the Vice President--Agriculture and Natural Resources are responsible for ensuring that departments and other units under their respective jurisdictions comply with all records privacy and access requirements.  To facilitate this responsibility, and because of the complexity of the task of implementing access and privacy requirements and the likelihood of lawsuits if requirements are not met, each of these officers appoints an administrator as Coordinator of Information Practices.

(2) The local Coordinators of Information Practices are responsible for developing privacy and access guidelines, and for providing technical and practical assistance to all offices at their location.  To assure that local records procedures and practices are consistent with University policies and federal and State laws, the Coordinators are responsible for liaison with the Office of the President Coordinator of Information Practices and Special Projects.

Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities, provides a detailed listing of specific responsibilities of local Coordinators.

University Implementation

The basic University implementation of the California Public Records Act is issued in Section VI of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.

See additional coverage on University implementation of the Act specific to research administration in Section 17-112 on public access to extramural proposals; Section 17-113 on public access to extramural awards; and  Section 17-114 on public access to Contract and Grant CGX reports.

External Requirements State

17-S02 California Information Practices Act of 1977 (IPA)

Implementing Regulation

State of California Civil Code Section 1798, et seq.

Purpose

The IPA is an omnibus-type statute that is intended to balance the competing interests of access to public records held by the State government and the right to privacy of individuals.

Applicability

The IPA applies to all information about an individual collected and maintained by State agencies, including the University.  It does not, however, apply to student records, i.e., those records pertaining to an individual directly in his or her capacity as a student (see Business and Finance Bulletin RMP-11, Student Applicant Records).

Summary of Provisions

The IPA provisions are outlined in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.

The IPA originally defined three categories of information (confidential, personal, and nonpersonal) for which different standards of privacy and access were established.  Recent amendments to the IPA have altered or deleted these three categories.  Nevertheless, University policy continues to classify information as confidential, personal, or nonpersonal.  In addition, University policy establishes a special category of confidential academic review records.

a. Confidential Information

See Section VII.B.1. of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, for a list of the kinds of information that are considered confidential.

b. Confidential Academic Review Records

The University has defined a special category of information pertaining to confidential academic review records.  This category pertains to academic evaluations and letters of recommendation. Access to this type of information is specially controlled both for the individual to whom the information pertains and to all third parties.  Academic Personnel Manual Sections 160-20-c and160-20-d define these access rights.

c. Nonpersonal information

is limited factual data which could not, in any reasonable way, reflect or convey anything detrimental, disparaging, or threatening to an individual's reputation, rights, benefits, privileges, or qualifications.  The University has determined that the following information about University employees is nonpersonal:

(1) Name.

(2) Date of hire or separation.

(3) Current position title.

(4) Current rate of pay.

(5) Organization unit assignment, including office address and telephone number. (6) Current job description.

(7) Full time or part time, and career, casual or probationary status.

(8) Additional employment information may be required to be released to the public as determined by the General Counsel and the Senior Vice President--Business and Finance.

Non personal information is available to any person upon request as well as to the individual about whom the information pertains. (See Sections VII.B.3. and VII.G.1. of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.)

d. Personal information is information, except that which is determined to be confidential, confidential academic, or nonpersonal as discussed above, that identifies or describes an individual and the disclosure of which would constitute an unwarranted invasion of personal privacy, including, but not limited to:

(1) Birthdate

(2) Citizenship

(3) Social security number

(4) Home address and telephone number

(5) Income tax withholding

(6) Staff performance evaluations or letters of corrective actions

(7) Spouse's or other relatives' names

Generally, personal information is not available to the public upon request, nor to University employees who do not have a need for such information, but is available to the individual to whom the information pertains.

Lead Agency

California Office of Privacy Protection