(a) A request by an individual for information about or access to a record or information pertaining to that individual that is contained in a system of records may be denied only upon a determination by the appropriate System Manager, with the concurrence of the appropriate General Counsel, that:
(1) The record is subject to an exemption under § 1008.12;
(2) The record is information compiled in reasonable anticipation of a civil action or proceeding; or
(3) The individual has unreasonably failed to comply with the procedural requirements of this part.
(b) The Privacy Act Officer shall give written notice of the denial of a request of information about or access to records or information pertaining to the individual and contained in a system of records. Such written notice shall be sent by certified or registered mail, return receipt requested and shall include the following information:
(1) The System Manager's name and title;
(2) The reasons for the denial, including citation to the appropriate sections of the Privacy Act and this part; and
(3) Notification of the individual's right to appeal the denial pursuant to § 1008.11 and to administrative and judicial review under 5 U.S.C. 552a(g)(1)(B), as limited by 552a(g)(5).
(c) Nothing in this section shall:
(1) Require the furnishing of information or records that are not retrieved by the name or by some other identifying number, symbol or identifying particular of the individual making the request;
(2) Prevent a System Manager from waiving any exemption authorizing the denial of records, in accordance with § 1008.12.