2504.9—Identification requirements.
(a)
A requestor should be prepared to identify himself (or herself) by signature, i.e., to note by signature the date of access and/or to produce two other legal forms of identification (driver's license, employee identification, annuitant card, passport, etc.).
(b)
If an individual is unable to produce adequate identification, the individual shall sign a statement asserting identity and acknowledging that knowingly or willfully seeking or obtaining access to records about another person under false pretenses may result in a fine of up to $5,000 (see § 2504.18 ). In addition, depending upon the sensitivity of the records, the Privacy Act Officer after consulting with the appropriate system manager, may require further reasonable assurances, such as statements of other individuals who can attest to the identity of the requestor.
(c)
If access is granted by mail, the identity of the requestor shall be verified by comparing signatures. If, in the opinion of the Privacy Act Officer, after consulting with the appropriate system manager, the granting of access through the mail may result in harm or embarrassment if disclosed to a person other than the subject individual, a notarized statement of identify or some other similar assurance of identity will be required.