Privacy Act: [DEFENSE DEPARTMENT]...

	Web GovRecords.org

<DOC>
 

PRIVACY ACT RULES

DEFENSE DEPARTMENT

Title 32-National Defense

Subtitle A-Department of Defense

Chapter I-Office of the Secretary of Defense

PART 310--DOD PRIVACY PROGRAM

Subpart A--General provisions

Sec.

310.1  Reissuance and purpose.
310.2  Applicability and scope.
310.3  Definitions.
310.4  Policy.
310.5  Organization.
310.6  Responsibilities

Subpart B--Systems of Records.

310.10  General.
310.11  Standards of accuracy.
310.12  Government contractors.
310.13  Safeguarding personal information.

Subpart C--Collecting Personal Information

310.20  General considerations.
310.21  Forms.

Subpart D--Access by Individuals

310.30  Individual access to personal information.
310.31  Denial of individual access.
310.32  Amendment of records.
310.33  Reproduction fees.

Supart E--Disclosure of Personal Information to Other Agencies and Third 
Parties

310.40  Conditions of disclosure.
310.41  Nonconsensual disclosures.
310.42  Disclosures to commercial enterprises.
310.43  Disclosures to the public health care records.
310.44  Disclosure accounting.

Subpart F--Exemptions

310.50  Use and establishment of exemptions.
310.51  General exemptions.
310.52  Specific exemptions.

Subpart G--Publication Requirements

310.60  Federal Register publication.
310.61  Exemption rules.
310.62  System notices.
310.63  New and altered record systems.
310.64  Amendment and deletion of systems notices.

Subpart H--Training Requirements

310.70  Statutory training requirements.
310.71  OMB training guidelines.
310.72  DoD training programs.
310.73  Training methodology and procedures.
310.74  Funding for training.

Subpart I--Reports

310.80  Requirement for reports.
310.81  Suspense for submission of reports.
310.82  Reports control symbol.

Subpart J--Inspections

310.90  Privacy Act inspections.
310.91  Inspection reporting.

Subpart K--Privacy Act Enforcement Actions

310.100  Administrative remedies.
310.101  Civil actions.
310.102  Civil remedies.
310.103  Criminal penalties.
310.104  Litigation status sheet.

Subpart L--Matching Program Procedures

310.110  OMB Matching guidelines.
310.111  Requesting matching programs.
310.112  Time limits for submitting matching reports.
310.113  Matching programs among DoD Components.
310.114  Annual review of systems of records.

Appendix A--Special Considerations for Safeguarding Personal Information 
    in ADP Systems
Appendix B--Special Considerations for Safeguarding Personal Information 
    During Word Processing
Appendix C--DoD Blanket Routine Uses
Appendix D--Provisions of the Privacy Act from which a General or 
    Specific Exemption May be Claimed
Appendix E--Sample of New or Altered System of Record Notice in Federal 
    Register Format
Appendix F--Format for New or Altered System Report
Appendix G--Sample Deletions and Amendments to Systems Notices in 
    Federal Register Format
Appendix H--Litigation Status Sheet
Appendix I--Office of Management and Budget (OMB) Matching Guidelines.

  Authority:Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).
  Source:51 FR 2364, Jan. 16, 1986. Redesignated from part 286a at 56 FR 
55631, Oct. 29, 2991.

Subpart A--General Provisions

   Sec. 310.1  Reissuance and purpose.

  (a) This part is reissued to consolidate into a single document (32 
CFR part 310) Department of Defense (DoD) policies and procedures for 
implementing the Privacy Act of 1974, as amended (5 U.S.C. 522a,) by 
authorizing the development, publication and maintenance of the DoD 
Privacy Program set forth by DoD Directive 5400.11, June 9, 1982, and 
5400.11-R, August 31, 1983, both entitled: ``Department of the Defense 
Privacy Program.''
  (b) Its purpose is to delegate authorities and assign responsibilities 
for the administration of the DoD Privacy Program and to prescribe 
uniform procedures for DoD Components consistent with DoD 5025.1-M, 
``Directives Systems Procedures,'' April 1981.

  [51 FR 1364, Jan. 16, 1986. Redesignated at 56 FR 55631, Oct. 29, 1991 
and amended at 56 FR 57800, Nov. 14, 1991]

   Sec. 310.2  Applicability and scope.

  (a) The provisions of this part apply to the Office of the Secretary 
of Defense, the Military Departments, the Organization of the Joint 
Chiefs of Staff, the Unified and Specified Commands, and the Defense 
Agencies (hereafter referred to collectively as ``DoD Components''). 
This part is mandatory for use by all DoD Components. Heads of DoD 
Components may issue supplementary instructions only when necessary to 
provide for unique requirements within their Components. Such 
instructions will not conflict with the provisions of this part.
  (b) The DoD Privacy Program is applicable, but not limited, to the 
following DoD Components:
  (1) Office of the Secretary of Defense and its field activities;
  (2) Department of the Army;
  (3) Department of the Navy;
  (4) Department of the Air Force;
  (5) U.S. Marine Corps;
  (6) Organization of the Joint Chiefs of Staff;
  (7) Unified and Specified Commands;
  (8) Office of the Inspector General, DoD;
  (9) Defense Advanced Research Projects Agency;
  (10) Defense Communications Agency;
  (11) Defense Contract Audit Agency;
  (12) Defense Intelligence Agency;
  (13) Defense Investigative Service;
  (14) Defense Logistics Agency;
  (15) Defense Mapping Agency;
  (16) Defense Nuclear Agency;
  (17) Defense Security Assistance Agency;
  (18) National Security Agency/Central Security Service;
  (19) Uniformed Services University of the Health Sciences.
  (c) The provisions of this part shall be made applicable by contract 
or other legally binding action to U.S. Government contractors whenever 
a DoD contract is let for the operation of a system of records. For 
purposes of liability under the Privacy Act of 1974 (5 U.S.C. 552a) the 
employees of the contractor are considered employees of the contracting 
DoD Component. See also Sec. 310.12.
  (d) This part does not apply to:
  (1) Requests for information from records maintained by the National 
Security Agency pursuant to Pub. L. 86-36, ``National Security 
Information Exemption,'' May 29, 1959, and Pub. L. 88-290, ``Personnel 
Security Procedures in the National Security Agency,'' March 26, 1964. 
All other systems of records maintained by the Agency are subject to the 
provisions of this part.
  (2) Requests for information from systems of records controlled by the 
Office of Personnel Management (OPM), although maintained by a DoD 
Component. These are processed under the applicable parts of the OPM's 
Federal Personnel Manual (5 CFR part 297).
  (3) Requests for personal information from the General Accounting 
Office (GAO). These are processed in accordance with DoD Directive 
7650.1, ``General Accounting Office Access to Records,'' August 26, 
1982.
  (4) Requests for personal information from Congress. These are 
processed in accordance with DoD Directive 5400.4, ``Provisions of 
Information to Congress,'' January 30, 1978, except for those specific 
provisions in Subpart E--Disclosure of Personal Information to Other 
Agencies and Third Parties.
  (5) Requests for information made under the Freedom of Information Act 
(5 U.S.C. 552). These are processed in accordance with ``DoD Freedom of 
Information Act Program'' (32 CFR part 286).

  [51 FR 1364, Jan. 16, 1986. Redesignated at 56 FR 55631, Oct. 29, 1991 
and amended at 56 FR 57800, Nov. 14, 1991]

   Sec. 310.3  Definitions.

  Access. The review of a record or a copy of a record or parts thereof 
in a system of records by any individual (see also paragraph (h) of this 
section).
  Agency. For the purposes of disclosing records subject to the Privacy 
Act among DoD Components, the Department of Defense is considered a 
single agency. For all other purposes to include applications for access 
and amendment, denial of access or amendment, appeals from denials, and 
record keeping as regards release to non-DoD agencies; each DoD 
Component is considered an agency within the meaning of the Privacy Act.
  Confidential source. A person or organization who has furnished 
information to the federal government under an express promise that the 
person's or the organization's identity will be held in confidence or 
under an implied promise of such confidentialness if this implied 
promise was made before September 27, 1975.
  Disclosure. The transfer of any personal information from a system of 
records by any means of communication (such as oral, written, 
electronic, mechanical, or actual review) to any person, private entity, 
or government agency, other than the subject of the record, the 
subject's designated agent or the subject's legal guardian.
  Individual. A living citizen of the United States or an alien lawfully 
admitted to the United States for permanent residence. The legal 
guardian of an individual has the same rights as the individual and may 
act on his or her behalf. All members of U.S. Armed Forces are 
considered individuals for Privacy Act purposes. No rights are vested in 
the representative of a dead person under this part and the term 
``individual'' does not embrace an individual acting in an interpersonal 
capacity, for example, sole proprietorship or partnership.
  Individual access. Access to information pertaining to the individual 
by the individual or his designated agent or legal guardian.
  Law Enforcement Activity. Any activity engaged in the enforcement of 
criminal laws, including efforts to prevent, control, or reduce crime or 
to apprehend criminals, and the activities of prosecutors, courts, 
correctional, probation, pardon, or parole authorities.
  Maintain. Includes maintain, collect, use or disseminate.
  Official use. Within the context of this part, this term is used when 
officials and employees of a DoD Component have a demonstrated need for 
the use of any record or the information contained therein in the 
performance of their official duties, subject to the ``DoD Information 
Security Program Regulation'': (32 CFR part 159).
  Personal information. Information about an individual that is intimate 
or private to the individual, as distinguished from information related 
solely to the individual's official functions or public life.
  Privacy Act. The Privacy Act of 1974, as amended (5 U.S.C. 552a).
  Privacy Act request. A request from an individual for notification as 
to the existence of, access to, or amendment of records pertaining to 
that individual. These records must be maintained in a system of 
records.
  Member of the public. Any individual or party acting in a private 
capacity to include federal employees or military personnel.
  Record. Any item, collection, or grouping of information about an 
individual that is maintained by an agency, including, but not limited 
to, the individual's education, financial transactions, medical history, 
and criminal or employment history and that contains the individual's 
name, or the identifying number, symbol, or other identifying particular 
assigned to the individual, such as a finger or voice print or a 
photograph.
  Risk assessment. An analysis considering information sensitivity, 
vulnerabilities, and the cost to a computer facility or word processing 
activity in safeguarding personal information processed or stored in the 
facility or activity.
  Routine use. The disclosure of a record outside the Department of 
Defense for a use that is compatible with the purpose for which the 
information was collected and maintained by the Department of Defense. 
The routine use must be included in the published system notice for the 
system of records involved.
  Statistical record. A record maintained only for statistical research 
or reporting purposes and not used in whole or in part in making 
determinations about specific individuals.
  System of records. A group of records under the control of a DoD 
Component from which information is retrieved by the individual's name 
or by some identifying number, symbol, or other identifying particular 
assigned to the individual. System notices for all Privacy Act systems 
of records must be published in the Federal Register.
  Word processing system. A combination of equipment employing automated 
technology, systematic procedures, and trained personnel for the primary 
purpose of manipulating human thoughts and verbal or written or graphic 
presentations intended to communicate verbally or visually with another 
individual.
  Word processing equipment. Any combination of electronic hardware and 
computer software integrated in a variety of forms (firmware, 
programmable software, handwiring, or similar equipment) that permits 
the processing of textual data. Generally, the equipment contains a 
device to receive information, a computer-like processor with various 
capabilities to manipulate the information, a storage medium, and an 
output device.

   Sec. 310.4  Policy.

  (a) General Policy. It is the policy of the Department of Defense to 
safeguard personal information contained in any system of records 
maintained by DoD Components and to make that information available to 
the individual to whom it pertains to the maximum extent practicable.

Other Popular 1995 Privacy Act Documents Documents:

Other Documents:

1995 Privacy Act Documents Records and Documents