HomeMission CentersPersonnel VettingI am Government HR/ SecurityAgency Use, Dissemination & Retention of DCSA Records

Decentralized Copies: Agency Use & Retention
DCSA shall control the reports, information, and other investigative materials developed during the vetting process.  These materials are maintained as part of Personnel Vetting Records System, DUSDI 02-DoD, system of records notice.  When DCSA discloses a record from this record system to an agency, the disclosed record shall be considered a “decentralized copy”.  The decentralized copy remains a part of the Personnel Vetting Records System even while the copy is in the recipient agency’s custody. Under sections 1.1(e) and 1.3(q) of E.O. 13467, as amended, investigative records “developed during the vetting process,” including for “ongoing assessments,” are subject to the investigating agency’s controls while in use by recipient departments and agencies.

Retention of a Decentralized Copy
Decentralized copies shall be retained consistent with the guidance defined in applicable NARA General Records Schedules.  Under NARA General Records 5.6, section 170, investigative reports and related documents furnished to an agency by the investigation service provider (ISP) should be destroyed in accordance with the ISP’s instructions.   DCSA instructs that decentralized records may be maintained only so long as the subject of the report remains of interest to the agency for the purposes defined in the DUSDI 02-DoD SORN (e.g. suitability, security, credentialing purposes).  Upon separation or when the subject is no longer of interest to the agency, the agency must dispose of any/all background investigation records.

Internal Dissemination of a Decentralized Copy

Recipient departments and agencies may retain and use the decentralized copy (which include the received reports, information, and other investigative material) within that recipient for authorized purposes (including, but not limited to, adjudications, hearings and appeals, continuous evaluation (CE), inspector general functions, counterintelligence, research, and insider threat programs), in compliance with subsection (b)(1) of the Privacy Act of 1974, as amended (section 552a of title 5, United States Code). 

While EO 13467 section 1.1(e) allows agencies to release records, “any redisclosure” should be coordinated with the DCSA FOI/PA office to ensure that the redisclosure “…does not violate statutory restrictions or result in unauthorized disclosure….” 

If your office intends to share an DCSA background investigation record internally within your agency, and you question the releasability of certain items, you can contact the DCSA FOI/PA office at (724) 794-5612 ext.7000 and ask to speak with a Government Information Specialist in the Records Receipt & Maintenance branch.  

As a note of caution, DCSA background investigation records do include items that have been disclosed to NBIB with redisclosure limitations.   Even when internally sharing a background investigation, recipient agencies should be mindful of the purpose/need and should be cognizant of the following limitations:  

  • Appropriately marked classified material (Top Secret, Secret, Confidential data) may be part of the investigative file.  This type of data should only be disclosed if the recipient has a need to know, is properly cleared, and has the appropriate level of investigation and security clearance.
  • Other government agency data and reports.  Recipient agencies should accordingly consult directly with that other government agency prior to re-disclosing that other government agency’s record to another internal agency component for a purpose other than which it was collected.
  • Financial information protected by either the Fair Credit Reporting Act (e.g., a Credit Report) or the Right to Financial Privacy Act (e.g., FINL items collected with a special OFI-16A release) has redisclosure limitations.
  • FINCEN information is protected by the Bank Secrecy Act.
  • IRS Tax Information collected with a 4506-T release is potentially limited as a result of 26 U.S.C. 6103.
  • Fingerprint Name Check Only results; National Crime Information Center (NCIC) checks; and Interstate Identification Index (Triple I) searches;
  • Law Enforcement / Criminal History Record Information, collected under title 5, U.S.C. 9101(b)(1) is limited.  Part 9101(d) indicates redisclosure limitations.
  • Information that is otherwise exempt from release under the Privacy Act or the FOIA. 

External Dissemination of a Decentralized Copy to a Subject for the Purpose of Providing Procedural Rights or Administrative Due Process
Recipient departments and agencies may only release a decentralized record to an investigative subject for the purpose of providing procedural rights or administrative due process, in compliance with EO 13467, section 1.1(e), as amended.

Recipient agencies shall direct any other requests for external releases of copies of the reports, information, or other investigative materials to the DCSA FOI/PA office.  DCSA’s FOI/PA office will make a release determination by applying the routine uses described in DUDSI 02-DoD or other uses permitted in 5 U.S.C. 552a(b); or, in the case of a Freedom of Information Act (FOIA) referral, by applying the FOIA.

While EO 13467 section 1.1(e) allows agencies to release records, any redisclosure should be coordinated with the DCSA FOI/PA office to ensure that any redisclosure “…does not violate statutory restrictions or result in unauthorized disclosure….”
The received investigative information may include items disclosed to DCSA with redisclosure limitations.  Agencies should be cautious of:

  • Classified material such as Top Secret, Secret, Confidential, even if the Subject already has a clearance
  • Information that would reveal the identity of a source granted confidentiality
  • Sensitive or Restricted Medical information.  If a subject’s investigation includes sensitive medical data annotated as releasable only through another medical provider, recipient agencies should work through DCSA’s FOI/PA office prior to disclosing these records to a subject
  • Other government agency data and reports.  Recipient agencies must accordingly consult directly with that other government agency prior to disclosing that other government agency’s record to their subjects.
  • Fingerprint Name Check Only results; National Crime Information Center (NCIC) checks; and Interstate Identification Index (Triple I) searches;
  • Information that would reveal FINCEN as the source of the information provided
  • Law Enforcement information containing specific restrictive language unless requested pursuant to section 9101(b)(1) of title 5, U.S.C. 
  • Part 9101(d) indicates criminal history record information received under (b)(1) shall be made available to the individual to who is the subject of such information upon request.
  • Information that is otherwise exempt from release under the Privacy Act or the FOIA.  If the agency has reason to believe an investigative record contains exempt information, the agency should work through DCSA’S FOI/PA office prior to disclosing these records to a subject.  As explained below, the DCSA FOI/PA office can provide a sanitized copy of the investigative record for the agency to disclose to the subject.
  • Information concerning other persons (3rd party information)
  • OPM test material that includes reference to actual scoring, rating, or examining criteria

Requesting Releasable Copies: DCSA’s FOI/PA office can, if the agency requests, prepare a version of the background investigation report for release to the subject for due process or procedural purposes, such as the “materials relied upon”.  The request can be emailed to FOIPARequests@nbib.gov, faxed to (724) 794-4590, or sent to DCSA at the following address:

 

 

Defense Counterintelligence and Security Agency
Freedom of Information and Privacy Act Office
Supervisory Government Information Specialist
PO Box 618
Boyers, PA 16018
For deliveries requiring a street address use:
1137 Branchton Road
Boyers, PA 16016

 

 

 

If an Agency Receives a Privacy Act Access or Amendment Requests
Under 32 CFR 310, only DCSA’s FOI/PA office can respond to initial Privacy Act requests for background investigation records in the Personnel Vetting Records System, DUSDI 02-DoD, system of records.  If an agency receives, from the subject of investigation and/or their representative, a request for access to or amendment of the background investigation in their agency’s possession, the agency should contact the DCSA FOI/PA office and refer that request to DCSA’s FOI/PA office accordingly.
  Exceptions: Release of the following items may be made to the subject of investigation without first requesting permission from the DCSA FOI/PA:

  • the individual’s credit report
  • the individual’s fingerprint results (fingerprint results only, not any name-based search results from the FBI)
  • the individual’s completed Standard Form (e.g., SF86)