Changeflow GovPing Defense Regulation Privacy Act of 1974 System of Records and Routi...
Priority review Notice Amended Consultation

Privacy Act of 1974 System of Records and Routine Uses

Favicon for www.federalregister.gov FR: Central Intelligence Agency
Published January 15th, 2026
Detected March 14th, 2026
Email

Summary

The Central Intelligence Agency (CIA) has published a notice proposing modifications to its Privacy Act system of records and routine uses. This action includes adding one new general routine use and modifying two existing ones, primarily to align with Executive Order 14249 regarding fraud prevention.

View original document View source feed page

What changed

The Central Intelligence Agency (CIA) is proposing to modify its Privacy Act System of Records Notices by adding one new general routine use and amending two existing ones. These changes are prompted by Executive Order 14249, which mandates agencies to allow disclosure of records to the U.S. Department of the Treasury for fraud prevention and recoupment purposes. Specifically, a minor edit will correct an error in General Routine Use 7, and General Routine Use 19 will be modified, with a new General Routine Use 20 being added to facilitate information sharing with the Treasury Department.

Regulated entities, particularly government agencies that interact with CIA systems or data, should be aware of these proposed changes. While this notice is primarily internal to the CIA's operations, it signifies a broader governmental push for enhanced data sharing for fraud prevention. A 30-day public comment period is open until February 17, 2026, allowing interested parties to submit feedback on the proposed modifications to the routine uses.

What to do next

  1. Review proposed modifications to CIA's Privacy Act System of Records Notices.
  2. Submit comments on the modified routine uses by February 17, 2026, if applicable.

Source document (simplified)

Notice

Privacy Act of 1974; System of Records and Routine Uses

A Notice by the Central Intelligence Agency on 01/15/2026

  • PDF

  • Document Details

  • Document Dates

- Table of Contents

  • Public Comments
  • Regulations.gov Data

- Sharing

  • Print
  • Document Statistics
  • Other Formats
  • Public Inspection Published Document: 2026-00727 (91 FR 1743) Document Headings ###### Central Intelligence Agency

AGENCY:

Central Intelligence Agency.

ACTION:

Notice of Modified Systems of Records; General Routine Uses of the Central Intelligence Agency.

SUMMARY:

Pursuant to the Privacy Act of 1974, as amended, and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Central Intelligence Agency (“CIA” or “the Agency”) proposes to modify the CIA System of Records Notices for the CIA systems of records, listed below. Specifically, CIA is adding one (1) General Routine Use to its “Statement of General Routine Uses,” and modifying two (2) General Routine Uses in its “Statement of General Routine Uses.”

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is subject to a 30-day period to comment on the modified routine uses, described below. Please submit any comments by February 17, 2026.

ADDRESSES:

Comments may be submitted by the following methods: By mail to Mark Mouser, Privacy and Civil Liberties Officer, Central Intelligence Agency, Washington, DC 20505, by telephone at (571) 280-2700, or by email to FedRegLiaison@uce.cia.gov. Please include “NOTICE OF CIA ROUTINE USES” in the subject line of the message.

FOR FURTHER INFORMATION CONTACT:

Mark Mouser, Privacy and Civil Liberties Officer, Central Intelligence Agency, Washington, DC 20505, (571) 280-2700.

SUPPLEMENTARY INFORMATION:

CIA last published its “Statement of General Routine Uses for the Central Intelligence Agency” in 87 FR 73198 (November 28, 2022), in order to clarify and increase the public's knowledge of the circumstances in which the Agency may disclose, as a routine use, records from Privacy Act systems of records and to enhance the Agency's ability to share information essential to the conduct of its national security mission. CIA is now updating its “Statement of General Routine Uses for the Central Intelligence Agency,” applicable to all of the CIA systems of records listed below, by adding one (1) General Routine Use and modifying two (2) General Routine Uses.

Modification to General Routine Use 7

The Agency proposes a minor edit to correct an error in the second sentence in General Routine Use 7, by adding the word “use” after the word “routine,” to read: “This routine use is not intended to supplant the other routine uses published by the Central Intelligence Agency.”

Modification to General Routine Use 19 and New General Routine Use 20

Executive Order 14249, Protecting America's Bank Account Against Fraud, Waste, and Abuse, 90 FR 14011 (March 25, 2025) requires agencies to review and modify, as applicable, the agency's relevant System of Records Notices to include a “routine use” that would allow for the disclosure of records to the U.S. Department of the Treasury for the purposes of identifying, preventing, or recouping fraud and improper payments, to the extent permissible by law. Following this Executive Order, the Office of Management and Budget (OMB) issued M-25-32, Preventing Improper Payments and Protecting Privacy Through Do Not Pay (August 20, 2025). OMB M-25-32 provided specific instructions to agencies on how to assess which agency systems of records may maintain information that would be relevant and necessary for the U.S. Department of the Treasury to identify, prevent, or recoup improper payments through the Do Not Pay Working System, and provided agencies with the specific routine use to publish for its applicable System of Records Notice.

Following the Agency's review of Executive Order 14249 and OMB M-25-32, the Agency determined that it would add the routine use provided by OMB as a General Routine Use, to ensure that the U.S. Department of the Treasury will have access to any records relevant to identifying, preventing, or recouping improper payments, in accordance with federal law and OMB policy. The Agency proposes to insert this as a new General Routine Use 19, and modify the existing General Routine Use 19 by renumbering it as General Routine Use 20. The substance of the now renumbered General Routine Use 20 has not changed.

For ease of reference, the full Statement of General Routine Uses for the Central Intelligence Agency is republished, below. This notice modifies the previously published Statement of General Routine Uses for the Central Intelligence Agency, as detailed above, and does not affect any other routine uses that may apply to CIA systems of records.

Nothing in the new or modified General Routine Uses change the Central Intelligence Agency's authorities regarding the collection and maintenance of information about citizens and lawful permanent residents of the United States, nor do the changes impact any individual's rights to access or to amend their records pursuant to the Privacy Act.

The Agency is providing an opportunity for interested persons to submit comments on the Agency's new and modified General Routine Uses. Unless CIA determines that, based on the submitted comments, substantial modifications are required, the routine uses will take effect 30 days after publication. In accordance with 5 U.S.C. 552a(r), the Agency has provided a report to OMB and Congress on the new and modified General Routine Use.

Mark J. Mouser,

Privacy and Civil Liberties Officer, Central Intelligence Agency.

The CIA System of Records Notices modified by this notice and the citations to the last full Federal Register notice that included all of the elements that are required to be in a System of Records Notice, follow.

| System No. and name | Federal Register citation(s) |
| --- | --- |
| CIA-01, Financial Records | 87 FR 73198, 73200 (November 28, 2022). |
| CIA-02, Training Records | 87 FR 73198, 73201 (November 28, 2022). |
| CIA-03, Language Program Records | 87 FR 73198, 73202 (November 28, 2022). |
| CIA-04, CIA Declassification Center (CDC) External Liaison Records | 87 FR 73198, 73203 (November 28, 2022). |
| CIA-05, Center for the Study of Intelligence (CSI) Records | 87 FR 73198, 73203 (November 28, 2022). |
| CIA-06, Manuscript Review Records | 87 FR 73198, 73204 (November 28, 2022). |
| CIA-07, Security Access Records | 87 FR 73198, 73205 (November 28, 2022). |
| CIA-08, Security Operations Records | 87 FR 73198, 73206 (November 28, 2022). |
| CIA-09, Industrial Security Clearance Records | 87 FR 73198, 73207 (November 28, 2022). |
| CIA-10, Parking Records | 87 FR 73198, 73208 (November 28, 2022). |
| CIA-12, Vehicle Operator Records | 87 FR 73198, 73208 (November 28, 2022). |
| CIA-13, Component Human Resource Records | 87 FR 73198, 73209 (November 28, 2022). |
| CIA-14, Information Release Records | 87 FR 73198, 73210 (November 28, 2022). |
| CIA-15, Guest Speaker Records | 87 FR 73198, 73211 (November 28, 2022). |
| CIA-16, Employee Clinical and Psychiatric Records | 87 FR 73198, 73212 (November 28, 2022). |
| CIA-17, Applicant Clinical and Psychiatric Records | 87 FR 73198, 73213 (November 28, 2022). |
| CIA-18, Psychological Testing Data Records | 87 FR 73198, 73214 (November 28, 2022). |
| CIA-19, Agency Human Resource Records | 87 FR 73198, 73215 (November 28, 2022). |
| CIA-21, Applicant Records | 87 FR 73198, 73216 (November 28, 2022). |
| CIA-22, Personnel Security Records | 87 FR 73198, 73217 (November 28, 2022). |
| CIA-24, Polygraph Records | 87 FR 73198, 73218 (November 28, 2022). |
| CIA-25, Office of the Director Action Center (DAC) Records | 87 FR 73198, 73219 (November 28, 2022). |
| CIA-26, Office of General Counsel Records | 87 FR 73198, 73220 (November 28, 2022). |
| CIA-27, Office of Equal Employment Opportunity (OEEO) Records | 87 FR 73198, 73221 (November 28, 2022). |
| CIA-28, Congressional Liaison Records | 87 FR 73198, 73222 (November 28, 2022). |
| CIA-29, Public Affairs Records | 87 FR 73198, 73223 (November 28, 2022). |
| CIA-30, Inspector General Research Records | 87 FR 73198, 73224 (November 28, 2022). |
| CIA-31, Inspector General Investigation and Interview Records | 87 FR 73198, 73224 (November 28, 2022). |
| CIA-32, Office of the Deputy Director of Central Intelligence (DDCI) for Community Management Records | 70 FR 42418, 42445 (July 22, 2005). |
| CIA-34, Arms Control Records | 87 FR 73198, 73226 (November 28, 2022). |
| CIA-35, Directorate of Science & Technology (DS&T) Private Sector Contact Information | 87 FR 73198, 73227 (November 28, 2022). |
| CIA-36, Alumni Relations Records | 90 FR 44625, 44626 (September 16, 2025). |
| CIA-37, Directorate of Operations Records | 87 FR 73198, 73228 (November 28, 2022). |
| CIA-38, Academic and Business Contact Records | 70 FR 42418, 42450 (July 22, 2005). |
| CIA-39, Customer Relations Records | 87 FR 73198, 73229 (November 28, 2022). |
| CIA-40, Research System Records | 87 FR 73198, 73230 (November 28, 2022). |
| CIA-41, Intelligence Analysis Records | 87 FR 73198, 73231 (November 28, 2022). |
| CIA-42, Insider Threat Program Records | 87 FR 73198, 73232 (November 28, 2022). |
| CIA-43, Environmental Safety Records | 87 FR 73198, 73233 (November 28, 2022). |
| CIA-44, Business Analytics Records | 89 FR 92891 (November 25, 2024). |
| CIA-45, Resolution Office Records | 90 FR 44625, 44627 (September 16, 2025). |
The “Statement of General Routine Uses for the Central Intelligence Agency,” last published in 87 FR 73198 (November 28, 2022), is hereby rescinded for the CIA System of Records Notices, listed above, and replaced as follows:

Statement of General Routine Uses for the Central Intelligence Agency

The following routine uses apply to, and are incorporated by reference into, each system of records maintained by the CIA:

  1. Disclosure of a record indicating or relating to a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program pursuant thereto, to the appropriate agency whether federal, state, local or foreign, charged with the responsibility of investigating or prosecuting such violation, charged with the responsibility to take appropriate administrative action, or charged with enforcing or implementing the law related to the violation or potential violation.

  2. Disclosure to a federal, state or local agency maintaining civil, criminal, relevant enforcement information, or other pertinent information, such as current licenses, to the extent necessary to obtain information relevant to a Central Intelligence Agency decision concerning hiring or retention of an employee, issuance of a security clearance or special access, or performance of the CIA's acquisition functions.

  3. Disclosure to a federal, state, or local agency, or other appropriate entities or individuals, in connection with the hiring or retention of an employee, the issuance of a security clearance or special access, the reporting or an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit, to the extent that the information is relevant and necessary to the entity's decision on the matter.

  4. Disclosure in the course of presenting information or evidence to a court, magistrate, special master, administrative law judge, or administrative board or panel, including disclosures made pursuant to statutes or regulations governing the conduct of such proceedings.

  5. Disclosure to the Office of Management and Budget (OMB) in connection with the review of private relief legislation, as set forth in OMB Circular No. A-19, or its successor, at any stage of the legislative coordination and clearance process.

  6. Disclosure to the National Archives and Records Administration (NARA) in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

  7. Disclosure to a federal, state, or local agency, other appropriate entities or individuals, or, through established liaison channels, to select foreign governments, provided such disclosure is compatible with the purpose for which the record was collected and is undertaken to enable the Central Intelligence Agency to carry out its intelligence mission in support of U.S. ( printed page 1745) national security objectives under authorizing laws, statutes, policies, and regulations or any successor order, national security directives applicable to the Agency and implementing procedures approved by the Attorney General promulgated pursuant to such Orders and directives, as well as statutes, Executive orders and directives of general applicability. This routine use is not intended to supplant the other routine uses published by the Central Intelligence Agency.

  8. Disclosure to a Member of Congress or Congressional staffer acting upon the Member's behalf in response to an inquiry from that Member or staffer made at the written request of the constituent who is the subject of the record.

  9. Disclosure to the public or to the media for release to the public, to enable the CIA to respond to charges of illegal or improper activity, professional misconduct, or incompetence when such allegations have become publicly known, and the General Counsel in consultation with the Privacy and Civil Liberties Officer, determines that such disclosures are necessary to preserve public confidence in the Agency and the integrity of its processes, or to demonstrate the accountability of the Agency and its employees, and such disclosures do not clearly constitute an unwarranted invasion of personal privacy.

  10. Disclosure to any Federal agency when information obtained from that agency is used in compiling the record, and the record is relevant to the official responsibilities of that agency.

  11. Disclosure to representatives of the Department of Justice or of any other entity responsible for representing the interests of the Central Intelligence Agency in connection with judicial, administrative, or other proceedings. Records may also be disclosed to representatives of the Department of Justice and other U.S. Government entities designated by the CIA to represent CIA interests, to the extent necessary to obtain advice on any matter.

  12. Disclosure to individual Members or staff of the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence in connection with the exercise of the Committees' intelligence oversight and legislative functions, when such limited disclosures are necessary to a lawful activity of the United States, and the CIA General Counsel has determined that such disclosures are otherwise lawful.

  13. Disclosure to the President's Intelligence Advisory Board, the Intelligence Oversight Board, any successor organizations, and other intelligence or independent oversight entities established by the President or Congress, when the Director of the Central Intelligence Agency determines that such disclosures will assist these entities in the performance of their oversight functions.

  14. Disclosure to appropriate Federal agencies, entities, and individuals when the CIA: (1) suspects or has confirmed that there has been a breach of a Privacy Act system of records; (2) has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the CIA (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and individuals is reasonably necessary to assist in connection with the CIA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

  15. Disclosure to appropriate Federal agencies, entities, and individuals when the CIA determines that information from a Privacy Act system of records is reasonably necessary to assist the recipient agency, entity or individual in: (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

  16. Disclosure to any individual or entity that the CIA has reason to believe possesses information regarding a matter within the jurisdiction of the CIA, to the extent deemed to be necessary in order to elicit such information or cooperation from the recipient for use in the performance of an authorized activity.

  17. Disclosure to complainants, Responsible Management Officials (RMOs), witnesses, and other individuals to the extent necessary to conduct or report the progress and/or results of an investigation or inquiry into claims of discrimination or harassment brought pursuant to either federal employment laws or internal Agency regulations.

  18. Disclosure to the Office of the Director of National Intelligence (ODNI) to the extent that CIA maintains ODNI or ODNI-related records pursuant to a service level agreement, when access to such records is necessary to perform the function or service for which the CIA has been engaged by ODNI.

  19. Disclosure to the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

  20. In accordance with the CIA's approved Attorney General Guidelines, disclosure to other appropriate recipients, if such dissemination is necessary to a lawful activity of the United States, including for a foreign intelligence, counterintelligence, and counterterrorism purpose, with approval from the Director of the CIA or designee, concurrence by the Privacy and Civil Liberties Officer, and concurrence by the General Counsel after consultation with the National Security Division of the Department of Justice. Any such disclosure will require a written assessment that the anticipated benefits outweigh the potential risks resulting from dissemination and whether the receiving entities will be subject to further restrictions on the use and dissemination of the record.

[FR Doc. 2026-00727 Filed 1-14-26; 8:45 am]

BILLING CODE 6310-02-P

Published Document: 2026-00727 (91 FR 1743)

Related changes

Favicon for www.federalregister.gov National Commission on Manufactured Housing Meeting Notice
Routine Mar 14, 2026 FR: National Commission on Manufactured Housing Housing Regulation
Favicon for www.federalregister.gov National Commission on Manufactured Housing Meeting Announcement
Routine Mar 14, 2026 FR: National Commission on Manufactured Housing Housing Regulation
Favicon for www.federalregister.gov National Commission on Manufactured Housing Meeting Notice
Routine Mar 14, 2026 FR: National Commission on Manufactured Housing Housing Regulation
Favicon for www.pcpd.org.hk Hong Kong PCPD Arrests Two for Suspected Doxxing
Urgent Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Global Privacy Authorities Joint Statement on AI-Generated Imagery
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Privacy Commissioner Reports 2025 Work and Data Security Incidents
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection

Source

Favicon for www.federalregister.gov
FR: Central Intelligence Agency federalregister.gov/documents/search?conditions%5Bagencies%5D%5B%5D=central-intelligence-agency&order=newest
Defense Regulation
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Office of the Federal Register
Published
January 15th, 2026
Compliance deadline
February 17th, 2026 (25 days ago)
Instrument
Notice
Legal weight
Non-binding
Stage
Consultation
Change scope
Substantive

Who this affects

Applies to
Government agencies
Geographic scope
National (US)

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Government Operations National Security

Browse Categories

Federal Courts 25 State Courts 91 Securities Regulation 7 Financial Regulation 76 Consumer Protection 7 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 43 Energy Regulation 42 Environment 3 Labor & Employment 2 Tax 1

Get Defense Regulation alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when FR: Central Intelligence Agency publishes new changes.

Free. Unsubscribe anytime.