[ table of contents ] [ next section ]


The fastest way to make a Privacy Act request is to identify the specific system of records. The request can be addressed to the system manager. Few people do this. Instead, most people address their requests to the head of the agency that has the records or to the agency's Privacy Act/FOIA officer. The envelope containing the written request should be marked "Privacy Act/FOIA Request" in the bottom left-hand corner.\35\

There are three basic elements to a request for records under the Privacy Act. First, the letter should state that the request is being made under the Privacy Act. Second, the letter should include the name, address, and signature of the requester. Third, the request should describe the records as specifically as possible. Appendix 1 includes a sample Privacy Act request letter.

It is a common practice for an individual seeking records about himself or herself to make the request under both the Privacy Act of 1974 and the Freedom of Information Act. See the discussion in the front of this Guide about which act to use.

A requester can describe the records by identifying a specific system of records, by describing his or her contacts with an agency, or by simply asking for all records about himself or herself. The broader and less specific a request is, the longer it may take for an agency to respond.

It is a good practice for a requester to describe the type of records that he or she expects to find. For example, an individual seeking a copy of his service record in the Army should state that he was in the Army and include the approximate dates of service. This will help the Defense Department narrow its search to record systems that are likely to contain the information being sought. An individual seeking records from the Federal Bureau of Investigation may ask that files in specific field offices be searched in addition to the FBI's central office files. The FBI does not routinely search field office records without a specific request.

An agency will generally require a requester to provide some proof of identity before records will be disclosed. Agencies may have different requirements. Some agencies will accept a signature; others may require certification of identity by a notarized signature or by a declaration by the requester under penalty of perjury. If an individual goes to the agency to inspect records, standard personal identification may be acceptable. More stringent requirements may apply if the records being sought are especially sensitive. An agency will inform requesters of any special identification requirements. Requesters who need records quickly should first consult agency regulations or talk to the agency's Privacy Act/FOIA officer to find out how to provide adequate identification.

An individual who visits an agency office to inspect a Privacy Act record may bring along a friend or relative to review the record. When a requester brings another person, the agency may ask the requester to sign a written statement authorizing discussion of the record in the presence of that person.

It is a crime to knowingly and willfully request or obtain records under the Privacy Act under false pretenses. A request for access under the Privacy Act can only be made by the subject of the record. An individual cannot make a request under the Privacy Act for a record about another person. The only exception is for a parent or legal guardian who may request records on behalf of a minor or a person who has been declared incompetent.


\35\ All agencies have Privacy Act regulations that describe the request process in greater detail. Large agencies may have several components, each of which has its own Privacy Act rules. Requesters who can find agency Privacy Act regulations in the Code of Federal Regulations (available in many libraries and an electronic version may be found on the Office of the Federal Register website provided in note 20) might read these regulations before making a request. A requester who follows the agency's specific procedures may receive a faster response. However, the simple procedures suggested in this guide are adequate to meet the minimum statutory requirements for a Privacy Act request.