Accessing Your Federal Records Under the Privacy Act
Understand how the Privacy Act lets you access, review, and correct personal records held by U.S. federal agencies.
The U.S. federal government maintains many records about individuals, from immigration and tax files to benefit applications and security clearances. The Privacy Act of 1974 gives you important rights to see, obtain copies of, and request corrections to these records when they are kept in a qualifying federal system of records.
This guide explains what those rights are, how they differ from the Freedom of Information Act (FOIA), and how you can effectively request and update information about yourself that federal agencies hold.
1. Key Privacy Rights You Have With Federal Records
Under the Privacy Act, most U.S. citizens and lawful permanent residents have specific rights when federal agencies keep personally identifiable information about them in certain record systems.
- Right to know what systems of records exist that may contain your information.
- Right to access records about yourself in many federal systems of records.
- Right to request copies of those records, often for a reasonable fee.
- Right to request correction or amendment of information that is inaccurate, incomplete, untimely, or irrelevant.
- Right to an agency review if your correction request is denied.
- Right to seek judicial review in federal court for certain violations, such as improper disclosures or wrongful denials of access.
These protections apply only to records held by federal executive branch agencies in what the law calls a system of records—a group of records indexed by personal identifiers such as your name or Social Security number.
2. How the Privacy Act Differs From FOIA
The Privacy Act and the Freedom of Information Act (FOIA) both provide ways to obtain federal records, but they serve different purposes and apply to different requesters and types of information.
| Feature | Privacy Act | FOIA |
|---|---|---|
| Who can request | U.S. citizens and lawful permanent residents requesting records about themselves (and sometimes their minor children or those they legally represent) | Any person (including non-citizens, organizations, and the media), usually for any agency records |
| Focus of the law | Privacy, accuracy, and fairness of personal records | Government transparency and public access to information |
| Type of records | Records in a system of records retrieved by a personal identifier | Broad range of agency records, regardless of subject, unless exempt |
| Primary purpose | Let you see and correct what the government keeps about you | Let the public see what the government is doing |
| Ability to correct | Yes, you can request amendment of covered records | No general right to correct; mainly access only |
The Future of AI: Preventing a Big Tech Monopoly >
In many cases, agencies will process a request for your records under both the Privacy Act and FOIA to maximize what can be released. This is common when parts of your file are subject to Privacy Act limitations, while other portions may be releasable under FOIA’s broader access rules.
3. What Counts as a “System of Records”
The Privacy Act only applies when records are kept in a system of records as defined by law.
A system of records has these characteristics:
- It is under the control of a federal agency.
- It contains one or more records about individuals.
- Information is retrieved by a personal identifier, such as a name, Social Security number, employee number, or other unique symbol.
Agencies must publish a description of each system of records in the Federal Register through a System of Records Notice (SORN). These notices describe:
- What types of individuals are covered by the system.
- What kinds of data are collected.
- The purpose of the system.
- How information is routinely shared outside the agency.
You can usually find SORNs on an agency’s website or by searching the Federal Register. Reviewing a SORN can help you identify which system may contain your information and where to send your request.
4. Preparing to Request Your Government Files
Before sending a formal Privacy Act request, a bit of preparation can save time and reduce back-and-forth with the agency.
4.1 Identify the likely agency or agencies
Think about which federal office reasonably would have the records you seek. Examples include:
- Department of Homeland Security – immigration, border, and travel records.
- Social Security Administration – Social Security earnings and benefit records.
- Department of Veterans Affairs – veterans’ health and benefit records.
- Internal Revenue Service – federal tax records.
- Office of Personnel Management – federal employment and security clearance records.
4.2 Narrow the scope of your request
Agencies must make reasonable efforts to locate your records, but overly broad requests can slow the process.
Try to specify:
- The type of record (for example, “my immigration A-file,” “my VA medical records,” or “my personnel security investigation file”).
- Approximate dates or time periods.
- Relevant case numbers, claim numbers, or other identifiers, if you know them.
- Any offices or locations that may have created or used the records.
4.3 Gather identity and contact details
To protect privacy, agencies require enough information to verify who you are. Requirements differ somewhat by agency, but you should be ready to provide:
- Your full legal name (and any other names you have used in dealings with the agency).
- Current mailing address, email address, and a phone number where you can be reached.
- Your date and place of birth.
- Any relevant identifying numbers (for example, Alien Registration Number, claim number, or employee ID), when appropriate.
- A statement, certification, or notarized signature affirming your identity, depending on the agency’s rules.
5. How to Submit a Privacy Act Request
Most agencies accept Privacy Act requests by mail, and many now accept them by email or via web forms. Always check the specific instructions posted by the agency you are contacting.
5.1 Typical elements of a written request
While formats vary, an effective written request usually contains:
- Heading or subject line indicating that this is a “Privacy Act request” (optionally, “Privacy Act/FOIA request”).
- Statement of purpose saying you are seeking records about yourself under the Privacy Act of 1974.
- Your identifying information as described above.
- A clear description of the records you want, as specifically as you can reasonably manage.
- Preferred format for receiving records (paper copies, electronic format, or in-person inspection, if allowed).
- Statement regarding fees (for example, that you are willing to pay up to a specified amount in duplication fees, or asking to be contacted if fees exceed a certain amount).
- Your signature, dated, and any additional verification required by agency rules.
5.2 Where to send your request
Agencies designate offices or officials to handle Privacy Act and FOIA requests. Instructions are typically published in:
- The agency’s Privacy Act/FOIA web page.
- The relevant System of Records Notice (SORN).
- Agency regulations or guidance documents.
Use the mailing address, email address, or online portal specified there. Incorrect routing can delay processing, though agencies often forward misdirected requests when possible.
6. What to Expect After You File
Once your request is received, the agency will log it and begin processing. While each agency’s timeline varies, most respond within a set period unless the request is complex or involves records in multiple locations.
6.1 Agency acknowledgment and clarification
- You may receive an acknowledgment letter or email with a tracking number.
- If your request is unclear or too broad, the agency may ask you to clarify or narrow it.
- If there are fees, you may be asked to agree to any estimated costs before processing continues.
6.2 Possible outcomes
The agency’s decision may include:
- Full access – you are provided with all responsive, non-exempt records.
- Partial access – some information is released, but portions are withheld under one or more Privacy Act or FOIA exemptions (for example, law enforcement or national security exemptions).
- Denial – access is denied, usually with an explanation and notice of your right to appeal.
- No records response – the agency reports that it located no records matching your request.
7. Correcting or Amending Your Records
A core protection of the Privacy Act is your right to request that agencies correct certain inaccurate, incomplete, untimely, or irrelevant information about you.
7.1 When you can request a correction
You can generally seek amendment when:
- The information is factually wrong (for example, an incorrect date of birth or address).
- Important information is missing and makes the record misleading.
- The record is out of date in a way that affects how it is used.
- The information is not relevant to the system’s stated purpose.
Disagreements over policy judgments or professional opinions are generally not considered proper subjects for amendment under the Privacy Act; however, you may be able to add a statement of disagreement in some circumstances.
7.2 How to request an amendment
To request a correction:
- State clearly that you are making a Privacy Act amendment request.
- Identify the specific record or records you want changed (include dates, titles, and locations if possible).
- Explain exactly what is wrong and how it should be corrected.
- Provide supporting documentation when available (such as court orders, birth certificates, or other official records).
- Send your request to the office designated in the agency’s Privacy Act regulations or SORN.
7.3 Appeals and court review
If the agency denies or only partially grants your amendment request, it must generally inform you in writing and explain your right to appeal. If an administrative appeal is also denied, the Privacy Act allows you, in some circumstances, to file a civil lawsuit in federal court.
8. Limits and Exemptions Under the Privacy Act
While the Privacy Act is a powerful tool, it does not guarantee access to all records in all situations. Congress allowed agencies to exempt certain systems from some provisions of the law.
8.1 Common exemption categories
Systems of records may be exempt from or partially exempt from access and amendment requirements when they involve:
- Law enforcement and criminal investigations, where access might interfere with investigations or reveal sensitive techniques.
- National security or intelligence activities, where exposure could harm national defense or foreign policy interests.
- Protective services, such as records related to the safety of high-level officials.
- Certain statistical or research records that are not used to make decisions about specific individuals.
Agencies must generally publish any exemptions and explain the reasons for them in regulations or system notices.
8.2 Relationship to other privacy laws
The Privacy Act is one part of a broader U.S. privacy framework. Other federal and state laws may provide additional protections for specific types of data, such as health, financial, or education records.
- Health information may be protected by laws like the Health Insurance Portability and Accountability Act (HIPAA), which sets rules for covered health entities.
- Consumer data held by private companies may be governed by federal and state consumer protection and privacy laws rather than the Privacy Act.
- Agency-specific policies, such as the Department of State’s privacy policy, may further limit how information is shared and used.
9. Practical Tips for a Successful Request
To make your Privacy Act request more effective and reduce delays:
- Use agency guidance – Review the agency’s official Privacy Act or FOIA webpages for sample language and submission instructions.
- Be as specific as possible – Narrow time frames, locations, and types of records when you can.
- Track your request – Keep copies of what you send, note dates, and keep your tracking number.
- Respond promptly – If an agency contacts you for clarification or fee authorization, answer quickly to avoid your request being closed.
- Consider combined language – Indicating that you are making a “Privacy Act/FOIA” request can help ensure the broadest review under both laws when appropriate.
Frequently Asked Questions (FAQs)
Q1: Can non-U.S. citizens use the Privacy Act to get their records?
The Privacy Act generally applies to U.S. citizens and lawful permanent residents for records about themselves in agency systems of records. However, non-U.S. persons may still be able to obtain some records about themselves under FOIA or under specific agency policies.
Q2: How long does it take to receive my records?
Processing times vary widely by agency, the complexity of your request, and the volume of responsive records. Agencies strive to respond within set statutory or regulatory time frames, but backlogs and consultations with other offices can lead to delays.
Q3: Do I have to pay to get copies of my records?
Agencies may charge reasonable fees for searching, duplicating, or mailing records, though many do not charge for simple, small-volume requests. You can state the maximum amount you are willing to pay and ask to be notified if estimated fees will exceed that amount.
Q4: Can someone else request my records for me?
Yes, in some cases. Parents or legal guardians may request records for minor children, and individuals may authorize a representative (such as an attorney) to act on their behalf. The agency will typically require written consent and sufficient information to verify both identities.
Q5: What if I think an agency improperly disclosed my information?
The Privacy Act generally prohibits agencies from disclosing personal records without consent, subject to statutory exceptions. If you believe your information was improperly shared, you may file a complaint with the agency and, in some circumstances, bring a civil lawsuit for damages.
References
- Privacy Act of 1974 — U.S. Department of Justice, Office of Privacy and Civil Liberties. 2020-12-15. https://www.justice.gov/opcl/privacy-act-1974
- Privacy Act — U.S. Department of the Treasury. 2023-09-19. https://home.treasury.gov/footer/privacy-act
- Privacy Act and Records — U.S. Department of Defense, DoD Open Government. 2016-08-01. https://open.defense.gov/Transparency/Privacy-Act-and-Records/
- Get copies of your government files through the Privacy Act — USA.gov. 2025-11-17. https://www.usa.gov/government-files-privacy
- Data protection laws in the United States — DLA Piper. 2024-10-24. https://www.dlapiperdataprotection.com/?c=US
- Privacy Policy — U.S. Department of State. 2023-05-10. https://www.state.gov/privacy-policy
- The Privacy Act — U.S. Department of Health and Human Services (HHS). 2022-06-01. https://www.hhs.gov/foia/privacy/index.html
- Privacy Act Requests — U.S. Department of the Interior. 2022-04-28. https://www.doi.gov/privacy/privacy-act-requests
- FOIA.gov — U.S. Department of Justice, Office of Information Policy. 2024-03-01. https://www.foia.gov
Read full bio of Sneha Tete





