Privacy Act Requests

Requesting Your Records Under the Privacy Act 

The Privacy Act of 1974, 5 U.S.C. 552a, as amended, allows individuals to gain access to their own personal records subject to certain exemptions, and to seek correction or amendment of records maintained by Federal agencies that are inaccurate, incomplete, untimely, or irrelevant.  It also safeguards confidentiality by limiting or restricting disclosure of personally identifiable records maintained by Federal agencies and balances the Government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy resulting from the collection, maintenance, use, and disclosure of personal information. 

The Privacy Act pertains only to information that is maintained in a "system of records", which is defined as a group of agency-controlled records from which information is retrieved by a unique identifier, such as an individual's name or employee identification number.  The Privacy Act further defines a "record" as any individually identifiable set of information that an agency might maintain about a person.  For example, a record that may be sought by an individual includes employment records.   

These rights are outlined in the Department of the Interior (DOI) Privacy Act regulations at 43 CFR Part 2, Subpart K, which provide procedural guidance to individuals on how they can request notification of existence of records on themselves, and how they can access those records maintained by DOI. 

How to File a Privacy Act Request 

The Privacy Act allows individuals to seek access to records about themselves that are maintained in a DOI system of records. For a list of Government-wide and DOI systems of records, visit the DOI System of Records Notices (SORNs) webpage. A request may be processed under both the Privacy Act and the Freedom of Information Act (FOIA) to provide the greatest access permitted by law. 

DOI provides both electronic and non-electronic options for submitting Privacy Act requests. Individuals may use DOI’s published DI-4016 and DI-4017 forms to request access to Privacy Act records or to authorize disclosure of Privacy Act records to another person or entity. Where available, individuals may also submit a Privacy Act request electronically through the Department’s FOIA Public Access Link, FOIAXpress PAL. A Login.gov account is required to access FOIAXpress PAL and complete remote identity proofing and authentication, where required. 

The electronic process supports DOI’s implementation of the Creating Advanced Streamlined Electronic Services for Constituents Act of 2019 (CASES Act) and OMB Memorandum M-21-04, Modernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act. Individuals who do not use the electronic process may continue to submit signed requests using the procedures described below. 

Privacy Act requests for notification, access to, or correction or amendment of Privacy Act records must be submitted in writing or through an approved electronic submission process. Requests must include sufficient information for DOI to verify identity, locate responsive records, identify the applicable SORN, and process the request in accordance with DOI Privacy Act regulations at 43 CFR Part 2, Subpart K

DOI may require additional information to verify your identity and locate responsive records. Depending on how the request is submitted, identity verification may be completed through Login.gov remote identity proofing and authentication, a notarized statement, or a statement signed under penalty of perjury stating that you are the person who is the subject of the requested record, or that you are otherwise authorized to request the record. 

Individuals may use the following DOI forms to request access to Privacy Act records or to authorize disclosure of Privacy Act records to another person or entity. These forms support DOI’s implementation of the CASES Act and OMB Memorandum M-21-04. Please read the forms carefully and provide all requested information so DOI can verify your identity, locate responsive records, and process the request.   

Whether submitted electronically or by mail, DOI must receive enough information to verify your identity, determine whether DOI maintains responsive records, locate the applicable system of records, and process the request consistent with the Privacy Act, DOI regulations, and applicable SORNs. 

Important: Do not include unnecessary sensitive personal information in your request. Provide only the information needed to verify your identity and help DOI locate the records you are seeking. 

The following information may be required from you to process your Privacy Act request. 

  1. Full name, aliases, or other names used.
  2. Current address.
  3. Telephone number and contact information so we may contact you if necessary.
  4. Any additional identifying information that would help us verify your identity.
  5. Bureau, office, or program that maintains the requested record(s).
  6. The specific system of records, or a clear description of the record(s) including date range, subject matter, contacts or persons involved, place records were created, applicable system of records, and other pertinent details.  The description should be specific enough to help us locate the records you are seeking.
  7. A notarized statement or a statement signed under penalty of perjury, if required.
  8. Date.
  9. Your signature, if required based on the submission method. 

If you submit a request outside an approved electronic identity proofing and authentication process, DOI may require your signature and either a notarized statement or a statement signed under penalty of perjury. If you submit a request through an approved electronic process, DOI may use remote identity proofing and authentication, such as Login.gov, where available. 

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct, and that I am the person named above and requesting access to my records, or records that I am entitled to request as the parent of a minor or the legal guardian of an incompetent, and I understand that any falsification of this statement is punishable under the provisions of 18 U.S.C. § 1001 by a fine, imprisonment of not more than five years, or both, and that requesting or obtaining any record(s) under false pretenses is punishable under the provisions of 5 U.S.C. § 552a(i)(3) by a fine of not more than $5,000.  

Please note that we will notify you if we need further information or if your request lacks sufficient information to enable us to process it.  You should keep a copy of your request as a reference for further correspondence with DOI.   

Requests submitted by mail should be labeled “PRIVACY ACT REQUEST” and sent to the System Manager identified in the applicable SORN or to the Privacy Officer or Privacy Analyst supporting the bureau or office that maintains the requested records. Individuals may also submit Privacy Act requests electronically through the Department’s FOIA Public Access Link, FOIAXpress PAL. A Login.gov account is required to access the electronic submission process and complete remote identity proofing and authentication, where required. Current DOI bureau and office privacy contact information is available on the DOI Privacy Contacts webpage. Privacy Act requests may also be submitted to the DOI Privacy Office, 1849 C Street NW, Room 7112, Washington, DC 20240, Attention: Privacy Act Request. When a request is submitted to the DOI Privacy Office, the request will be reviewed and routed to the appropriate DOI bureau, office, System Manager, Privacy Officer, or Privacy Analyst for processing. 

If you are seeking records about yourself, DOI may process the request under both the Privacy Act and FOIA to provide the greatest access permitted by law. If you are seeking agency records that are not about yourself, the request should generally be submitted as a FOIA request by completing the DOI FOIA Request Form on the DOI FOIA Program website. If you are seeking records about yourself, DOI may process the request under both the Privacy Act and FOIA to provide the greatest access permitted by law. If you are seeking agency records that are not about yourself, the request should generally be submitted as a FOIA request. 

Electronic Submission and Identity Verification  

DOI uses FOIAXpress as an electronic platform for certain FOIA and Privacy Act request workflows. To submit a Privacy Act request electronically, proceed to the Department’s FOIA Public Access Link, FOIAXpress PAL. A Login.gov account is required to access FOIAXpress PAL and complete remote identity proofing and authentication, where required, before DOI accepts an electronic Privacy Act access or consent submission or provides access to Privacy Act-protected records. 

DOI posts the DI-4016 and DI-4017 access and consent forms on this page. The electronic process supports DOI’s implementation of the CASES Act and OMB Memorandum M-21-04 by providing a process for electronic submission, identity proofing, authentication, and request tracking. 

Login.gov is operated by the General Services Administration and provides identity verification and authentication services for participating government agencies. 

Privacy Notice for Electronic Privacy Act Requests 

DOI provides Privacy Act statements and privacy notices for Privacy Act access and consent requests through the DI-4016 and DI-4017 forms, the DOI Privacy Act Requests page, and applicable DOI privacy compliance documentation. DOI’s FOIAXpress Privacy Impact Assessment describes how DOI uses FOIAXpress to support FOIA and Privacy Act request processing, including combined FOIA/Privacy Act requests and appeal files. DOI’s Access and Consent Forms Privacy Impact Assessment describes DOI’s use of DI-4016 and DI-4017 and DOI’s implementation of electronic access and consent forms under the CASES Act and OMB M-21-04. 

Requesters who use Login.gov for remote identity proofing and authentication should also review Login.gov’s privacy policy, Privacy Act statement, and applicable GSA privacy notices. DOI does not use Login.gov to determine whether responsive DOI records exist or whether records may be released; DOI uses Login.gov to support identity proofing and authentication for eligible electronic request workflows. 

Requesting Amendment or Correction of Records under the Privacy Act 

The Privacy Act allows you to request amendment or correction of records about you that you believe are inaccurate, irrelevant, untimely, or incomplete. Amendment rights generally apply to factual matters and do not require DOI to change opinions, judgments, or discretionary determinations that are properly maintained in the record. 

Requests for amendment or correction of records must be submitted in writing to the System Manager identified in the applicable SORN, must be signed, and must meet requirements identified in the published SORN and DOI Privacy Act regulations at 43 CFR Part 2, Subpart K.  DOI may require additional information to verify your identity and confirm that you are the person who is the subject of the record, or that you are otherwise authorized to act on behalf of that individual. Depending on how the amendment request is submitted, identity verification may be completed through Login.gov remote identity proofing and authentication, a notarized statement, or a statement signed under penalty of perjury. 

The following information may be required from you to process your Privacy Act request. 

  1. Full name, aliases, or other names used.
  2. Current address.
  3. Telephone number and contact information so we may contact you if necessary.
  4. Any additional identifying information that would help us verify your identity.
  5. Bureau, office, or program that maintains the requested record(s).
  6. The specific system of records, and a clear description of the record(s) to be amended including date range, subject matter, contacts or persons involved, place records were created, applicable system of records, and other pertinent details.  The description should be specific enough to help us locate the records.
  7. A description of why the individual believes the record is not accurate, relevant, timely or complete; with copies of documents or evidence in support of the request.
  8. The request must specify in detail the requested changes to the record; and must include proposed language if the change involves rewriting the record or adding new language to the record.
  9. A notarized statement or a statement signed under penalty of perjury, if required.
  10. Date.
  11. Your signature, if required based on the submission method. 

For requests submitted outside an approved electronic identity proofing and authentication process, DOI may require a signature and either a notarized statement or a statement signed under penalty of perjury. Requests submitted through an approved electronic process may use remote identity proofing and authentication, such as Login.gov, where available. 

I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct, and that I am the person named above and requesting access to my records, or records that I am entitled to request as the parent of a minor or the legal guardian of an incompetent, and I understand that any falsification of this statement is punishable under the provisions of 18 U.S.C. § 1001 by a fine, imprisonment of not more than five years, or both, and that requesting or obtaining any record(s) under false pretenses is punishable under the provisions of 5 U.S.C. § 552a(i)(3) by a fine of not more than $5,000.  

Please note that we will notify you if we need further information or if your request lacks sufficient information to enable us to process it.  You should keep a copy of your request as a reference for further correspondence with DOI.  Requests for amendment may be submitted only after the individual has previously requested and been granted access to the record and has inspected or been provided a copy of the record.  Please note it is important to include a specific description of the information to be amended and to provide copies of available evidence supporting the request as the burden of proof rests with the requesting individual. 

Requests submitted by mail should be labeled “PRIVACY ACT REQUEST” and sent to the System Manager identified in the applicable SORN or to the Privacy Officer or Privacy Analyst supporting the bureau or office that maintains the record. Individuals may also submit requests through DOI’s electronic request process, where available, using FOIAXpress and Login.gov for remote identity proofing and authentication. Current DOI bureau and office privacy contact information is available on the DOI Privacy Contacts webpage. If you do not know where to submit your request, you may send it to the DOI Privacy Office, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240. The DOI Privacy Office will review the request and route it to the appropriate System Manager, Privacy Officer, or Privacy Analyst for processing. 

For information on processing and decisions on Privacy Act requests, please see DOI Privacy Act regulations at 43 CFR Part 2, Subpart K. Records created to process Privacy Act access, amendment, consent, and related requests are maintained and disposed of in accordance with applicable National Archives and Records Administration-approved records schedules and DOI records management requirements. Retention periods may vary depending on the request type, outcome, appeal status, and whether the records are maintained as part of another official system of records. 

Freedom of Information Act (FOIA) Requests 

You can learn more about the DOI FOIA Program by visiting DOI.gov/FOIA.  

This page is periodically reviewed to ensure DOI’s Privacy Act request instructions remain aligned with the Privacy Act of 1974, DOI Privacy Act regulations at 43 CFR Part 2, Subpart K, the CASES Act, OMB M-21-04, DOI privacy compliance documentation, and current electronic request submission capabilities. 

For questions about the Privacy Program, please contact: 

DOI Privacy Office 
U.S. Department of the Interior 
1849 C Street NW, Room 7112  
Washington, DC 20240  
DOI_Privacy@ios.doi.gov 

Was this page helpful?

Please provide a comment