agency may be disclosed to the Office of Personnel Management concerning information on pay and leave, benefits, retirement reductions, and any other information necessary for the Office of Personnel Management to carry out its legally authorized Governmentwide personnel management functions and studies. I. DISCLOSURE TO THE DEPARTMENT OF JUSTICE FOR LITIGATION ROUTINE USE A record from a system of records maintained by this agency may be disclosed as a routine use to any component of the Department of Justice for the purpose of representing the agency, or any officer, employee or member of the agency in pending or potential litigation to which the record is pertinent. J. DISCLOSURE TO MILITARY BANKING FACILITIES OVERSEAS ROUTINE USE Information as to current military addresses and assignments may be provided to military banking facilities that provide banking services overseas and that are reimbursed by the Government for certain checking and loan losses. For personnel separated, discharged, or retired from the Armed Forces, information as to last known residential or home of record address to the military banking facility upon certification by a banking facility officer that the facility has a returned or dishonored check negotiated by the individual or the individual has defaulted on a loan and that if restitution is not made by the individual, the U.S. Government will be liable for the losses the facility may incur. search and reporting No No No No (b)(6) Disclosure to National Archives (b)(7) Disclosure for law enforcement 22 22 2 2 2 2 2 No No No No No 22 2 2222 22 2 2 2 2 2 No No No No No No Yes Yes Yes No (d)(2) Amending records (d)(3) Review of the Component's re 2 2 2 2 (e)(4)(1) Describing categories of infor (e)(5) Standards of accuracy (e)(6) Validating records before disclo sure (e)(7) Records of First Amendment activities (e)(8) Notification of disclosures under compulsory legal process (e)(9) Rules of conduct (e)(10) Administrative, technical and physical safeguards (e)(11) Notice of new and revised routine uses (f)(1) Rules for determining if an individual is subject of a record (f)(2) Rules for handling access requests (f)(3) Rules for granting access (f)(4) Rules for amending records (1)(5) Rules regarding fees (g)(1) Basis for civil action (g)(2) Basis for judicial review and remedies for refusal to amend (g)(3) Basis for judicial review and remedies for denial of access (g)(4) Basis for judicial review and remedies for other failure to comply (9)(5) Jurisdiction and time limits (h) Rights legal guardians (i)(1) Criminal penalties for unauthorized disclosure (i)(2) Criminal penalties for failure to publish (i)(3) Criminal penalties for obtaining records under false pretenses (i) Rulemaking requirement ()(1) Federal exemption for the Central Intelligence Agency ()(2) General exemption for criminal law enforcement records (k)(1) Exemption for classified material (k)(2) Exemption for law enforcement material (k)(3) Exemption for records pertaining to Presidential protection (k)(4) Exemption for statistical record No Section of the Privacy Act (k)(5) Exemption for investigatory material compiled for determining suitability for employment or service (k)(6) Exemption for testing or examination material (k)(7) Exemption for promotion evaluation materials used by the Armed Forces (1)(1) Records stored in NARA records centers (1)(2) Records archived before September 27, 1975 (1)(3) Records archived on or after September 27, 1975 (m) Applicability to government contractors (n) Mailing lists (0) Reports on new systems (p) Biennial report (Note: Department of Defense requires an annual report) Enforcement actions. 318.14 Blanket routine uses. 318.15 Rules of conduct. 318.16 Exemption rules. AUTHORITY: Pub. L. 93-579, 88 Stat 1896 (5 U.S.C. 552a). SOURCE: 65 FR 18894, Apr. 10, 2000, unless otherwise noted. $318.1 Reissuance and purpose. (a) This part updates the policies, responsibilities, and procedures of the DTRA Privacy Program under the Privacy Act of 1974, as amended (5 U.S.C. 552a), OMB Circular A-130,1 and the DoD Privacy Program (32 CFR part 310). (b) This rule establishes procedures whereby individuals can: (1) Request notification of whether Defense Threat Reduction Agency (DTRA) maintains or has disclosed a record pertaining to them in any nonexempt system of records; (2) Request a copy or other access to such a record or to an accounting of its disclosure; (3) Request that the record be amended; and (4) Appeal any initial adverse determination of any such request. (c) Specifies those system of records which the Director, Defense Threat Reduction Agency has determined to be exempt from the procedures established by this rule and by certain provisions of the Privacy Act. (d) DTRA policy encompasses the safeguarding of individual privacy from any misuse of DTRA records and the provides the fullest access practicable by individuals to DTRA records concerning them. $318.2 Applicability. (a) This part applies to all members of the Armed Forces and Department of Defense civilians assigned to the DTRA at any of its duty locations. 32 CFR Ch. 1 (7-1-00 Edition) (b) This part shall be made applicable to DoD contractors who are operating a system of records on behalf of DTRA, to include any of the activities, such as collecting and disseminating records, associated with maintaining a system of records. $318.3 Definitions. Access. The review of a record or a copy of a record or parts thereof in a system of records by any individual. Agency. For the purposes of disclosing records subject to the Privacy Act among DoD Components, the Department of Defense is considered a single agency. For all other purposes to include applications for access and amendment, denial of access or amendment, appeals from denials, and record keeping as regards release to non-DoD agencies; each DoD Component is considered an agency within the meaning of the Privacy Act. Confidential source. A person or organization who has furnished information to the federal government under an express promise that the person's or the organization's identity will be held in confidence or under an implied promise of such confidentiality if this implied promise was made before September 27, 1975. Disclosure. The transfer of any personal information from a system of records by any means of communication (such as oral, written, electronic, mechanical, or actual review) to any person, private entity, or government agency, other than the subject of the record, the subject's designated agent or the subject's legal guardian. Individual. A living person who is a citizen of the United States or an alien lawfully admitted for permanent residence. The parent of a minor or the legal guardian of any individual also may act on behalf of an individual. Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not "individuals.” Law enforcement activity. Any activity engaged in the enforcement of criminal laws, including efforts to prevent, control, or reduce crime or to apprehend about an individual that identifies, relates or is unique to, or describes him or her; e.g., a social security number, age, military rank, civilian grade, marital status, race, salary, home/office phone numbers, etc. Privacy Act request. A request from an individual for notification as to the existence of, access to, or amendment of records pertaining to that individual. These records must be maintained in a system of records. Member of the public. Any individual or party acting in a private capacity to include federal employees or military personnel. or Record. Any item, collection, grouping of information, whatever the storage media (e.g., paper, electronic, etc.), about an individual that is maintained by a DoD Component, including but not limited to, his or her education, financial transactions, medical history, criminal or employment history and that contains his or her name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph. Risk assessment. An analysis considering information sensitivity, vulnerabilities, and the cost to a computer facility or word processing activity in safeguarding personal information processed or stored in the facility or activity. Routine use. The disclosure of a record outside the Department of Defense for a use that is compatible with the purpose for which the information was collected and maintained by the Department of Defense. The routine use must be included in the published system notice for the system of records involved. Statistical record. A record maintained only for statistical research or reporting purposes and not used in whole or in part in making determinations about specific individuals. System manager. The DoD Component official who is responsible for the operation and management of a system of records. System of records. A group of records under the control of a DoD Component from which personal information is retrieved by the individual's name or by some identifying number, symbol, or other identifying particular assigned to an individual. Word processing system. A combination of equipment employing automated technology, systematic procedures, and trained personnel for the primary purpose of manipulating human thoughts and verbal or written or graphic presentations intended to communicate verbally or visually with another individual. Word processing equipment. Any combination of electronic hardware and computer software integrated in a variety of forms (firmware, programmable software, handwiring, or similar equipment) that permits the processing of textual data. Generally, the equipment contains a device to receive information, a computer-like processor with various capabilities to manipulate the information, a storage medium, and an output device $318.4 Policy. (a) It is DTRA policy that: (1) The personal privacy of an individual shall be respected and protected. Personal information shall be collected, maintained, used, or disclosed to insure that: (2) It shall be relevant and necessary to accomplish a lawful DTRA purpose required to be accomplished by Federal statute or Executive order; (3) It shall be collected to the greatest extent practicable directly from the individual; (4) The individual shall be informed as to why the information is being collected, the authority for collection, $318.5 what uses will be made of it, whether disclosure is mandatory or voluntary, and the consequences of not providing the information; (5) It shall be relevant, timely, complete and accurate for its intended use; and (6) Appropriate administrative, technical, and physical safeguards shall be established, based on the media (e.g., paper, electronic, etc.) involved, to ensure the security of the records and to prevent compromise or misuse during storage or transfer. (b) No record shall be maintained on how an individual exercises rights guaranteed by the First Amendment to the Constitution, except as specifically authorized by statute; expressly authorized by the individual on whom the record is maintained; or when the record is pertinent to and within the scope of an authorized law enforcement activity. (c) Notices shall be published in the FEDERAL REGISTER and reports shall be submitted to Congress and the Office of Management and Budget, in accordance with, and as required by 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310, as to the existence and character of any system of records being established or revised by the DoD Components. Information shall not be collected, maintained, or disseminated until the required publication/review requirements are satisfied. (d) Individuals shall be permitted, to the extent authorized by this part: (1) To determine what records pertaining to them are contained in a system of records; (2) Gain access to such records and obtain a copy of those records or a part thereof; (3) Correct or amend such records on a showing the records are not accurate, relevant, timely, or complete. (4) Appeal a denial of access or a request for amendment. (e) Disclosure of records pertaining to an individual from a system of records shall be prohibited except with the consent of the individual or as otherwise authorized by 5 U.S.C. 552a and 32 CFR part 286. When disclosures are made, the individual shall be permitted, to the extent authorized by 5 U.S.C. 552a and 32 CFR part 310, to seek an accounting of such disclosures from DTRA. (f) Computer matching programs between DTRA and Federal, State, or local governmental agencies shall be conducted in accordance with the requirements of 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310. (g) DTRA personnel and Systems Managers shall conduct themselves, pursuant to established rules of conduct, so that personal information to be stored in a system of records shall only be collected, maintained, used, and disseminated as authorized by this part. $318.5 Designations and responsibil ities (a) The Director, DTRA shall: (1) Provide adequate funding and personnel to establish and support an effective Privacy Program. (2) Appoint a senior official to serve as the Agency Privacy Act Officer. (3) Serve as the Agency Appellate Authority. (b) The Privacy Act Officer shall: (1) Implement the Agency's Privacy Program in accordance with the specific requirements set forth in this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310. (2) Establish procedures, as well as rules of conduct, necessary to implement this part so as to ensure compliance with the requirements of 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310. (3) Ensure that the DTRA Privacy Program periodically shall be reviewed by the DTRA Inspectors General or other officials, who shall have specialized knowledge of the DoD Privacy Program. (4) Serve as the Agency Initial Denial Authority. (c) The Privacy Act Program Manager shall: (1) Manage activities in support of the DTRA Program oversight in accordance with part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310. (2) Provide operational support, guidance and assistance to Systems Managers for responding to requests for access/amendment of records. (3) Direct the day-by-day activities of the DTRA Privacy Program. |