Privacy Act: [DEFENSE DEPARTMENT]...

	Web GovRecords.org

  (iii) On a tear-off sheet attached to the form; or
  (iv) As a separate supplement to the form.
  (b) Forms issued by non-DoD activities. (1) Forms subject to the 
Privacy Act issued by other federal agencies have a Privacy Act 
Statement attached or included. Always ensure that the statement 
prepared by the originating agency is adequate for the purpose for which 
the form will be used by the DoD activity. If the Privacy Act Statement 
provided is inadequate, the DoD Component concerned shall prepare a new 
statement or a supplement to the existing statement before using the 
form.
  (2) Forms issued by agencies not subject to the Privacy Act (state, 
municipal, and other local agencies) do not contain Privacy Act 
Statements. Before using a form prepared by such agencies to collect 
personal data subject to this part, an appropriate Privacy Act Statement 
must be added.

Subpart D--Access by Individuals

   Sec. 310.30  Individual access to personnel information.

  (a) Individual access. (1) The access provisions of this part are 
intended for use by individuals about whom records are maintained in 
systems of records. Release of personal information to individuals under 
this part is not considered public release of information.
  (2) Make available to the individual to whom the record pertains all 
of the personal information that can be released consistent with DoD 
responsibilities.
  (b) Individual requests for access. Individuals shall address requests 
for access to personal information in a system of records to the system 
manager or to the office designated in the DoD Component rules or the 
system notice.
  (c) Verification of identity. (1) Before granting access to personal 
data, an individual may be required to provide reasonable verification 
of his or her identity.
  (2) Identity verification procedures shall not:
  (i) Be so complicated as to discourage unnecessarily individuals from 
seeking access to information about themselves; or
  (ii) Be required of an individual seeking access to records which 
normally would be available under the ``DoD Freedom of Information Act 
Program'' (32 CFR part 286).
  (3) Normally, when individuals seek personal access to records 
pertaining to themselves, identification is made from documents that 
normally are readily available, such as employee and military 
identification cards, driver's license, other licenses, permits or 
passes used for routine identification purposes.
  (4) When access is requested by mail, identity verification may 
consist of the individual providing certain minimum identifying data, 
such as full name, date and place of birth, or such other personal 
information necessary to locate the record sought. If the information 
sought is of a sensitive nature, additional identifying data may be 
required. If notarization of requests is required, procedures shall be 
established for an alternate method of verification for individuals who 
do not have access to notary services, such as military members 
overseas.
  (5) If an individual wishes to be accompanied by a third party when 
seeking access to his or her records or to have the records released 
directly to a third party, the individual may be required to furnish a 
signed access authorization granting the third party access.
  (6) An individual shall not be refused access to his or her record 
solely because he or she refuses to divulge his or her SSN unless the 
SSN is the only method by which retrieval can be made. (See paragraph 
(b) of Sec. 310.20).
  (7) The individual is not required to explain or justify his or her 
need for access to any record under this part.
  (8) Only a denial authority may deny access and the denial must be in 
writing and contain the information required by paragraph (b) of 
Sec. 310.31.
  (d) Granting individual access to records. (1) Grant the individual 
access to the original record or an exact copy of the original record 
without any changes or deletions, except when changes or deletions have 
been made in accordance with paragraph (e) of this section. For the 
purpose of granting access, a record that has been amended under 
paragraph (b) of Sec. 310.31 is considered to be the original. See 
paragraph (e) of this section for the policy regarding the use of 
summaries and extracts.
  (2) Provide exact copies of the record when furnishing the individual 
copies of records under this part.
  (3) Explain in terms understood by the requestor any record or portion 
of a record that is not clear.
  (e) Illegible, incomplete, or partially exempt records. (1) Do not 
deny an individual access to a record or a copy of a record solely 
because the physical condition or format of the record does not make it 
readily available (for example, deteriorated state or on magnetic tape). 
Either prepare an extract or recopy the document exactly.
  (2) If a portion of the record contains information that is exempt 
from access, an extract or summary containing all of the information in 
the record that is releasable shall be prepared.
  (3) When the physical condition of the record or its state makes it 
necessary to prepare an extract for release, ensure that the extract can 
be understood by the requester.
  (4) Explain to the requester all deletions or changes to the records.
  (f) Access to medical records. (1) Disclose medical records to the 
individual to whom they pertain, even if a minor, unless a judgment is 
made that access to such records could have an adverse effect on the 
mental or physical health of the individual. Normally, this 
determination shall be made in consultation with a medical doctor.
  (2) If it is determined that the release of the medical information 
may be harmful to the mental or physical health of the individual:
  (i) Send the record to a physician named by the individual; and
  (ii) In the transmittal letter to the physician explain why access by 
the individual without proper professional supervision could be harmful 
(unless it is obvious from the record).
  (3) Do not require the physician to request the records for the 
individual.
  (4) If the individual refuses or fails to designate a physician, the 
record shall not be provided. Such refusal of access is not considered a 
denial for Privacy Act reporting purposes. (See paragraph (a) of 
Sec. 310.31).
  (5) Access to a minor's medical records may be granted to his or her 
parents or legal guardians. However, observe the following procedures:
  (i) In the United States, the laws of the particular state in which 
the records are located may afford special protection to certain types 
of medical records (for example, records dealing with treatment for drug 
or alcohol abuse and certain psychiatric records). Even if the records 
are maintained by a military medical facilities these statutes may 
apply.
  (ii) For the purposes of parental access to the medical records and 
medical determinations regarding minors at overseas installation the age 
of majority is 18 years except when:
  (A) A minor at the time he or she sought or consented to the treatment 
was between 15 and 17 years of age;
  (B) The treatment was sought in a program which was authorized by 
regulation or statute to offer confidentiality of treatment records as a 
part of the program;
  (C) The minor specifically requested or indicated that he or she 
wished the treatment record to be handled with confidence and not 
released to a parent or guardian; and
  (D) The parent or guardian seeking access does not have the written 
authorization of the minor or a valid court order granting access.
  (iii) If all four of the above conditions are met, the parent or 
guardian shall be denied access to the medical records of the minor. Do 
not use these procedures to deny the minor access to his or her own 
records under this part or any other statutes.
  (6) All members of the Military Services and all married persons are 
not considered minors regardless of age, and the parents of these 
individuals do not have access to their medical records without written 
consent of the individual.
  (g) Access to information compiled in anticipation of civil action. 
(1) An individual is not entitled under this part to gain access to 
information compiled in reasonable anticipation of a civil action or 
proceeding.
  (2) The term ``civil proceeding'' is intended to include quasi-
judicial and pretrial judicial proceedings that are the necessary 
preliminary steps to formal litigation.
  (3) Attorney work products prepared in conjunction with quasi-judicial 
pretrial, and trial proceedings, to include those prepared to advise DoD 
Component officials of the possible legal consequences of a given course 
of action, are protected.
  (h) Access to investigatory records. (1) Requests by individuals for 
access to investigatory records pertaining to themselves and compiled 
for law enforcement purposes are processed under this part of the DoD 
Freedom of Information Program (32 CFR part 286) depending on which part 
gives them the greatest degree of access.
  (2) Process requests by individuals for access to investigatory record 
pertaining to themselves compiled for law enforcement purposes and in 
the custody of law enforcement activities that have been incorporated 
into systems of records exempted from the access provisions of this part 
in accordance with section B. of Chapter 5 under reference (f). Do not 
deny an individual access to the record solely because it is in the 
exempt system, but give him or her automatically the same access he or 
she would receive under the Freedom of Information Act (5 U.S.C. 552). 
See also paragraph (h) of this section.
  (3) Process requests by individuals for access to investigatory 
records pertaining to themselves that are in records systems exempted 
from access provisions under paragraph (a) of Sec. 310.52, subpart F, 
under this part, or the DoD Freedom of Information Act Program (32 CFR 
part 286) depending upon which regulation gives the greatest degree of 
access (see also paragraph (j) of this section).
  (4) Refer individual requests for access to investigatory records 
exempted from access under a general exemption temporarily in the hands 
of a noninvestigatory element for adjudicative or personnel actions to 
the originating investigating agency. Inform the requester in writing of 
these referrals.
  (i) Nonagency records. (1) Certain documents under the physical 
control of DoD personnel and used to assist them in performing official 
functions, are not considered ``agency records'' within the meaning of 
this Regulation. Uncirculated personal notes and records that are not 
disseminated or circulated to any person or organization (for example, 
personal telephone lists or memory aids) that are retained or discarded 
at the author's discretion and over which the Component exercises no 
direct control, are not considered agency records. However, if personnel 
are officially directed or encouraged, either in writing or orally, to 
maintain such records, they may become ``agency records,'' and may be 
subject to this part.
  (2) The personal uncirculated handwritten notes of unit leaders, 
office supervisors, or military supervisory personnel concerning 
subordinates are not systems of records within the meaning of this part. 
Such notes are an extension of the individual's memory. These notes, 
however, must be maintained and discarded at the discretion of the 
individual supervisor and not circulated to others. Any established 
requirement to maintain such notes (such as, written or oral directives, 
regulations, or command policy) make these notes ``agency records'' and 
they then must be made a part of a system of records. If the notes are 
circulated, they must be made a part of a system of records. Any action 
that gives personal notes the appearance of official agency records is 
prohibited, unless the notes have been incorporated into a system of 
records.
  (j) Relationship between the Privacy Act and the Freedom of 
Information Act. (1) Process requests for individual access as follows:
  (i) Requests by individuals for access to records pertaining to 
themselves made under the Freedom of Information Act (5 U.S.C. 552) or 
the DoD Freedom of Information Act Program (32 CFR part 286) or DoD 
Component instuctions implementing the DoD Freedom of Information Act 
Program are processed under the provisions of that reference.
  (ii) Requests by individuals for access to records pertaining to 
themselves made under the Privacy Act of 1971 (5 U.S.C. 552a), this 
part, or the DoD Component instructions implementing this part are 
processed under this part.
  (iii) Requests by individuals for access to records about themselves 
that cite both Acts or the implementing regulations and instructions for 
both Acts are processed under this part except:
  (A) When the access provisions of the DoD Freedom of Information Act 
Program (32 CFR part 286) provide a greater degree of access; or
  (B) When access to the information sought is controlled by another 
federal statute.
  (C) If the former applies, follow the provisions of 32 CFR part 286; 
and if the later applies, follow the access procedures established under 
the controlling statute.
  (iv) Requests by individuals for access to information about 
themselves in systems of records that do not cite either Act or the 
implementing regulations or instructions for either Act are processed 
under the procedures established by this part. However, there is no 
requirement to cite the specific provisions of this part or the Privacy 
Act (5 U.S.C. 552a) when responding to such requests. Do not count these 
requests as Privacy Act request for reporting purposes (see subpart I).
  (2) Do not deny individuals access to personal information concerning 
themselves that would otherwise be releasable to them under either Act 
solely because they fail to cite either Act or cite the wrong Act, 
regulation, or instruction.
  (3) Explain to the requester which Act or procedures have been used 
when granting or denying access under either Act (see also paragraph 
(j)(1)(iv) of this section).
  (k) Time limits. Normally acknowledge requests for access within 10 
working days after receipt and provide access within 30 working days.
  (l) Privacy case file. Establish a Privacy Act case file when required 
(see paragraph (p) of Sec. 310.32 of this subpart).

  [51 FR 1364, Jan. 16, 1986. Redesignated at 56 FR 55631, Oct. 29, 1991 
and amended at 56 FR 57800, Nov. 14, 1991]

   Sec. 310.31  Denial of individual access.

  (a) Denying individual access. (1) An individual may be denied 
formally access to a record pertaining to him or her only if the record:
  (i) Was compiled in reasonable anticipation of civil action (see 
paragraph (g) of Sec. 310.30)
  (ii) Is in a system of records that has been exempted from the access 
provisions of this regulation under one of the permitted exemptions (see 
subpart F of this part).
  (iii) Contains classified information that has been exempted from the 
access provision of this part under blanket exemption for such material 
claimed for all DoD records system (see paragraph (c) of Sec. 310.50 of 
subpart F of this part).
  (iv) Is contained in a system of records for which access may be 
denied under some other federal statute.
  (2) Only deny the individual access to those portions of the records 
from which the denial of access serves some legitimate governmental 
purpose.
  (b) Other reasons to refuse access. (1) An individual may be refused 
access if:
  (i) The record is not described well enough to enable it to be located 
with a reasonable amount of effort on the part of an employee familiar 
with the file; or
  (ii) Access is sought by an individual who fails or refuses to comply 
with the established procedural requirements, including refusing to name 
a physician to receive medical records when required (see paragraph (f) 
of Sec. 310.30) or to pay fees (see Sec. 310.33 of this subpart).
  (2) Always explain to the individual the specific reason access has 
been refused and how he or she may obtain access.
  (c) Notifying the individual. Formal denials of access must be in 
writing and include as a minimum:
  (1) The name, title or position, and signature of a designated 
Component denial authority;
  (2) The date of the denial;
  (3) The specific reason for the denial, including specific citation to 
the appropriate sections of the Privacy Act (5 U.S.C. 552a) or other 
statutes, this part, DoD Component instructions or Code of Federal 
Regulations (CFR) authorizing the denial;
  (4) Notice to the individual of his or her right to appeal the denial 
through the Component appeal procedure within 60 calendar days; and
  (5) The title or position and address of the Privacy Act appeals 
official for the Component.
  (d) DoD Component appeal procedures. Establish internal appeal 
procedures that, as a minimum, provide for:
  (1) Review by the head of the Component or his or her designee of any 
appeal by an individual from a denial of access to Component records.
  (2) Formal written notification to the individual by the appeal 
authority that shall:
  (i) If the denial is sustained totally or in part, include as a 
minimum:
  (A) The exact reason for denying the appeal to include specific 
citation to the provisions of the Act or other statute, this part, 
Component instructions or the CFR upon which the determination is based;
  (B) The date of the appeal determination;
  (C) The name, title, and signature of the appeal authority;
  (D) A statement informing the applicant of his or her right to seek 
judicial relief.
  (ii) If the appeal is granted, notify the individual and provide 
access to the material to which access has been granted.
  (3) The written appeal notification granting or denying access is the 

Other Popular 1995 Privacy Act Documents Documents:

Other Documents:

1995 Privacy Act Documents Records and Documents