Receipt of a request made in accordance with § 1008.6 shall be promptly acknowledged by the Privacy Act Officer.
Each request shall be acted upon promptly. Every effort will be made to respond within ten working days of the date of receipt by the System Manager or designee. If a response cannot be made within ten working days, the appropriate Privacy Act Officer shall send an interim response providing information on the status of the request, including an estimate of the time within which action is expected to be taken on the request and asking for any further information as may be necessary to respond to the request. Action will be completed as soon as possible, but not later than 20 working days after receipt of the original specific inquiry. In unusual circumstances and for good cause, the appropriate Privacy Act Officer may decide that action cannot be completed within the initial 20 working days. In such case, the appropriate Privacy Act Officer will advise the individual of the reason for the delay and the date (not to exceed an additional 20 working days) by which action can be expected to be completed.
The term unusual circumstances as used in this section includes situations where a search for requested records from inactive storage is necessary; cases where a voluminous amount of data is involved; instances where information on other individuals must be separated or expunged from the particular record; and cases where consultation with other agencies which have substantial interest in the response to the request is necessary.
Upon receiving a request, the Privacy Act Officer shall ascertain which System Manager or Managers of the DOE have primary responsibility for, custody of, or concern with the system or systems of records subject to the request and shall forward the request to such System Manager or Managers. The System Manager or Managers shall promptly identify and, in consultation with the General Counsel, review the records encompassed by the request.
Where the request is for access to or information about records, after reviewing the material the System Manager or Managers concerned shall transmit to the Privacy Act Officer the requested material. The transmission to the Privacy Act Officer shall include any recommendation that the request be granted or wholly or partially denied and shall set forth any exemption categories supporting denials. Any denial recommendation must be concurred in by the appropriate General Counsel.
Where the request is for correction or amendment of records, after reviewing the material the System Manager or Managers shall transmit a recommended decision to the Privacy Act Officer. Any recommendation that the request be granted or wholly or partially denied shall cite the exemption relied on and set forth the policy considerations supporting a denial. Any recommendation of denial must be concurred in by General Counsel.