A request by an individual for information about or access to a record or information pertaining to that individual that is contained in a system of records may be denied only upon a determination by the appropriate System Manager, with the concurrence of the appropriate General Counsel, that:

The record is subject to an exemption under § 1008.12;

The record is information compiled in reasonable anticipation of a civil action or proceeding; or

The individual has unreasonably failed to comply with the procedural requirements of this part.

The Privacy Act Officer shall give written notice of the denial of a request of information about or access to records or information pertaining to the individual and contained in a system of records. Such written notice shall be sent by certified or registered mail, return receipt requested and shall include the following information:

The System Manager's name and title;

The reasons for the denial, including citation to the appropriate sections of the Privacy Act and this part; and

Notification of the individual's right to appeal the denial pursuant to § 1008.11 and to administrative and judicial review under 5 U.S.C. 552a(g)(1)(B), as limited by 552a(g)(5).

Nothing in this section shall:

Require the furnishing of information or records that are not retrieved by the name or by some other identifying number, symbol or identifying particular of the individual making the request;

Prevent a System Manager from waiving any exemption authorizing the denial of records, in accordance with § 1008.12.