(4) Used only to generate aggregate data or for other similarly evaluative or analytic purposes and which are not used to make decisions on the rights, benefits, or entitlements of individuals except for the disclosure of a census record permitted by 13 U.S.C. 8. (5) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence. The Security Officer, DCAA, shall establish procedures governing the granting of confidentiality; (6) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service, the disclosure of which would compromise the objectivity or fairness of the testing or examination process; or (7) Evaluation material used to determine potential for promotion in the Armed Services, but only to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence or prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence. (a) (1) Each DCAA element shall maintain in its records systems only such personal information as is relevant and necessary to accomplish a purpose or mission required by statute or Executive Order of the President. (2) Each element shall identify the specific provision of law, or Executive Order, which provides authority for the maintenance of information in each system of records. (3) Statutory or regulatory authority to establish and maintain a system of records does not convey unlimited authority to collect and maintain all information which may be useful or convenient to have. The proponent of each system of records will evaluate each category of information in a system for both necessity and relevance. In performing this evaluation the following points will be considered: (i) Relationship of each item of information to the statutory or regulatory purpose for which the system is maintained. (ii) Specific adverse consequences of not collecting each category of information. (iii) Possibility of meeting the information requirement through use of information not individually identifiable or through sampling techniques. (iv) Length of time that the information is needed and, where appropriate, techniques for purging parts of the record. (v) Financial cost of information maintenance compared to risk or adverse consequence of not maintaining it. (vi) Necessity and relevance of this information to all individuals included in the system. ~ (4) Collection will be discontinued for each category or item of information which after the above evaluation does not appear to be reasonably justifiable. Moreover, such information will be withdrawn and destroyed provided it can be economically segregated from necessary and relevant information. (5) The evaluation described above will be performed by each proponent of a system of records: (i) During the design phase of a new system of records or a change in an existing system of records. (ii) Annually, prior to republication of all system notices in the FEDERAL REGISTER. (b) (1) The Privacy Act requires that a notice of the existence of each system of records, as defined in § 290a.5, be published in the FEDERAL REGISTER. Initial system notices will be submitted to the Office of the Assistant Secretary of Defense (Comptroller) (OASD (C)) by the Records Administrator. (2) Notices for new systems must be published in the FEDERAL REGISTER for public comment at least 30 days before the system may be legally implemented. The proposed notices shall be submitted to the Records Administrator at least 90 days before the proposed implementing date. The Records Administrator shall submit the proposed system notices to OASD(C) 60 days before the proposed implementing date. (3) (i) The following proposed changes to an existing system must be published in the FEDERAL REGISTER for public comment at least 30 days before the changes are implemented: (A) Those which expand the categories of individuals on whom records are maintained. (B) Those which add new categories or records to the system. (C) Those which add new categories to the sources. (D) New or changed routine uses which involve disclosure to a new category of recipient. (E) Changes in procedures governing access. (ii) Notices of proposed changes to existing systems will be submitted to the Records Administrator 90 days before implementation. (4) Changes in records systems not stated in paragraph (b) (3) (i) of this section, do not require advance publication, but must be submitted for inclusion in the annual consolidated listing of records systems. Accordingly, each DCAA element shall establish procedures to ensure that all such changes are forwarded to the Records Administrator by May 1 of each year for submission to the Office of the Assistant Secretary of Defense (Comptroller) by May 31 for annual publication in the FEDERAL REGISTER. (5) Concurrently with paragraphs (b) (3) and (4) of this section, the Office of the Assistant Secretary of Defense (Comptroller) shall provide the Office of Management and Budget and the Privacy Protection Study Commission advance notice of proposals to establish new systems or to change routine uses of existing system. (6) The Records Administrator shall ensure that information contained in each system notice, as published in the FEDERAL REGISTER, is incorporated in DCAA Manual 5015.1, Files Maintenance and Disposition. DCAA elements shall take immediate action to either publish a system notice, or discontinue any system of records not contained in the Files Maintenance and Disposition Manual. (c) (1) Records used by DCAA elements in making determinations about an individual will be maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in any determination. (2) Prior to disseminating any record about an individual to any person other than a Federal agency, unless the dissemination is made pursuant to the Freedom of Information Act, reasonable efforts will be made to ensure that such records are accurate, complete, timely, and relevant for agency purposes. (d) Maintenance of a system of records describing how individuals exercise rights guaranteed by the First Amendment is prohibited unless expressly authorized by Federal statute or by the individual concerned, unless pertinent to and within the scope of an authorized law enforcement activity. The exercise of these rights includes, but is not limited to, religious and political beliefs, freedom of speech and the press, and the right of assembly and to petition. (e) The head of each DCAA element shall assure that persons, including Government contractors or their employees, involved in the design, development, operation, maintenance, or control of any system of records, as defined in § 290a.5, are informed of all requirements to protect the privacy of the individuals who are subjects of the records. The following sanctions should be emphasized to personnel: (1) There are criminal penalties for knowingly and willfully disclosing a record about an individual without the written consent or the written request of that individual, or unless disclosure is for one of the reasons listed in § 290a.7 (2) The agency may be subject to civil suit for failure to comply with the privacy Act of 1974. (f) (1) Each DCAA element shall establish administrative and physical safeguards to protect each system of records from unauthorized or unintentional access, disclosure, modification, or destruction. These safeguards shall apply to systems of records, in whatever medium in which personal information is processed or stored. Such safeguards shall be tailored to the requirements of each system of records. (2) Access to personal information shall be restricted to those persons whose official duties require access and the individual concerned and in accordance with § 290a.7. (3) Each DCAA element shall ensure that all persons whose official duties require access to or processing and maintenance of personal information are trained in the proper safeguarding and use of such information. (4) Personal records and documents shall be stored so as to reasonably preclude unauthorized disclosure. (5) Disposal of records containing personal information which are no longer required will be accomplished in such a manner that will prevent the contents from being disclosed, e.g., tearing the record into pieces to prevent reconstruction, burning, or in the case of magnetic tapes, by degaussing. § 290.11 Annual report. (a) Each DCAA Region shall prepare an annual report for the preceding calendar year on its implementation of the Privacy Act. tem) requesting information on the existence of records pertaining to them, refusing to provide information, requesting access to their records, appealing initial refusals to amend records, and seeking redress through the courts. (7) Any available data, or estimates, of the cost of administering the Privacy Act of 1974. PART 291-AVAILABILITY TO THE PUBLIC OF DEFENSE NUCLEAR AGENCY INFORMATION Sec. 291.1 291.2 291.3 291.4 291.5 291.6 OASD(C) by 291.7 291.8 (b) Seven copies of the report shall be furnished to the Records Administrator by March 15 of each year for transmittal in six copies to the March 31 of each year. (c) The annual report shall contain the following: (1) A brief management summary of the status of actions taken to comply with the act, the results of these efforts, any problems encountered and recommendations for any changes in legislation, policies, or procedures. (2) A summary of major accomplishments; i.e., improvements in information practices and safeguards. (3) A summary of major plans for activities in the upcoming year, e.g., area of emphasis, additional securing of facilities. (4) A list of systems which are exempted during the year from any of the operative provisions of this law permitted under the terms of subsections (j) and (k) of the Privacy Act of 1974, whether or not the exemption was obtained during the year, the number of records in each system exempted from each specific provision and reasons for invoking the exemption. (5) A brief summary of changes to the total inventory of personal data systems subject to the provisions of the act, including reasons for major changes, e.g., the extent to which review of the relevance of and necessity for records has resulted in elimination of all or portions of systems of records or any reduction in the number of individuals on whom records are maintained. (6) A general description of operational experiences including estimates of the number of individuals (in relation to the total number of records in the sys 291.9 291.10 Purpose. Responsibilities. Procedures. Information which will be available on request. Material which may be withheld from public disclosure. For official use only markings. Headquarters, DNA and DNA command designated offices. Rates for copying and research. Identification and marking "For Official Use Only". AUTHORITY: Title 5 (U.S.C. 552), as amended by Pub. L. 93-502. SOURCE: 40 FR 27026, June 26, 1975, unless otherwise noted. (a) The Director and heads of DNA components (Commander, FC, and Director, AFRRI) are responsible for determining, based on current Directives and Instructions, what information in their custody may be released to the public. However, the Director has the sole responsibility for withholding any information requested under the FOI Act. (b) Each component will designate a representative to reply to all requests for public information. Replies should provide the requester as much assistance as possible in locating the document or information requested to include forwarding the request to the proper agency/ source. (c) Components will notify the Director, DNA, ATTN: PAO (FOI Act) of all written requests for records under the FOI Act. When components release information under this FOI Act, they will forward copies of the request and action taken to HQ DNA, ATTN: PAO, for file and compliance with the annual report to Office, Assistant Secretary of Defense (Public Affairs) (OASD (PA)). In all recommendations for denial of a request for a record, the components will immediately forward the request to Director, DNA, ATTN: PAO (FOI Act), and include an explanation of the substantive justification for withholding the information. (d) [Reserved] (e) An FOI Council will be appointed on orders at HQ, DNA to review all requests for records that a representative recommends not be released or is doubtful regarding releasability of the record. The Council will consist of the Assistant to the Deputy Director for Science and Technology (Theoretical Research) as Chairman; the Chief, Joint Atomic Information Exchange Group; and Director, Intelligence and Security Directorate as members; the Public Affairs Officer (PAO), HQ DNA, as the Secretary/Recorder; and the General Counsel (GC) HQ DNA, as legal advisor. The FOI Council will make its recommendations on such initial requests for records under the FOI Act directly to the Deputy Director (Operations and Administration). Recommendations upon appeals from initial denials of requests for records will be made directly to the Director, DNA. (f) The PAO, HQ DNA is the point of contact between DNA and the OASD (PA) Freedom of Information Office (FOIO). The PAO, HQ DNA, is responsible: (1) For advising OASD (PA) (FOIO) of any DNA denial of a request for records or appeals that may affect another DOD component. (2) For placing in the FEDERAL REGISTER a current description for the guidance of the public, of where, how, and by what authority the DNA performs any of its functions. Components will provide the PAO with appropriate information upon request. (3) To insure publication of the list of DNA indices in the FEDERAL REGISTER. Changes to the indices will be kept current on a quarterly or sooner basis by the appropriate DNA component/staff/ directorate. (g) The General Counsel, HQ DNA, shall insure uniformity in the legal position and interpretation by DNA of this Part, and coordinate with DOD General Counsel as necessary on all denials of requests for records that are likely to lead to litigation. (h) The Comptroller, HQ DNA, will insure that fees are properly received and forwarded to the Treasury of the United States. (i) Any request from a member of Congress or for information under the control of Congress or a Congressional Committee will be processed in accordance with current DNA Instructions. (j) When requests for a record have other government agency interest (i.e. DNA is not the original classifier in the case of classified records), the representative will insure that all actions are coordinated with those agencies or officials, and there is written agreement before determining what final action will be taken. The HQ, PAO, in coordination with the GC, will notify the Director and OASD(PA) of the coordination and actions taken. (k) Commander, FC; Director, AFRRI, and Directors and Chiefs of HQ DNA staff elements will insure that all DNA personnel who act in FOI matters will be familiar with all cited references, procedures and contents of this instruction prior to undertaking action on a request involving the FOI Act. A refresher briefing will be conducted by the PAO on an annual basis. (a) Any member of the public desiring information should be able to call or write any DNA element and be referred promptly to the representative designated for answering public inquiries. The current designated offices, with telephone numbers and addresses, is listed in § 291.8. (b) Due to security requirements at HQ DNA and its components, there may not be a reading room for a member of the public to use. However, the representative will assure ready access to the categories of documents requested (i.e., contract announcements, court rulings, etc.) and a place where the requester may review them. (c) Once the requester has clearly identified the record or information desired (must be in writing if request is based on the FOI Act), the representative will obtain copies of the document. If a search is required for the information, the representative will so inform the requester within 10 working days, giving him the approximate time the information will be available and the cost. Rates for copying material or for researching a subject are in § 291.9. A record will not be released prior to receipt of fees. (d) The representative's action on each request received under the FOI Act includes attached DNA Form 524; assigning a request number (i.e., 75-1, for year and request number, add FC for Field Command and AF for AFRRI); obtaining the complete information requested; forwarding copies of the request and action taken to HQ DNA, ATTN: PAO (FOI Act); and receiving payment for copying or research charges. The requester should pay by check or money order, payable to "Treasurer of the United States." All collections will be delivered daily to the component's servicing Finance and Accounting Officer. If daily delivery is impracticable, delivery may be made on a weekly basis. With each delivery of funds, the Finance and Accounting Officer will prepare a DD Form 1131 (Cash Collection Voucher), showing the name of the remitter, purpose of the remittance, account or fund to be credited, and the amount. Collections of scheduled fees and charges will be deposited in accordance with paragraph entitled "collections", § 291.9. (e) A proposed initial denial of a request for records based on the FOI Act must first be reviewed by the FOI Coun cil. The original request and supporting documents to justify withholding of the records are to be forwarded by the HQ PAO to the Council. The Council's recommendations and all procedures are documented and forwarded to the Deputy Director (Operations and Administration) for his decision. The requester must be notified within the time limits set forth in paragraph (f) of this section, and advised of his right to appeal a denial of his request to the Director, DNA. The DNA, PAO will advise OASD (PA) of any denial action taken if circumstances suggest the potential for public controversy or litigation. (f) The time limitations for responding to legitimate requests for records imposed by the amendments to the FOI Act are: (1) Initial determination and response are made normally within 10 working days after the request is received by a representative. Time does not start, however, until full assurance is received that the requester is willing to reimburse DNA for any costs incurred for search or duplication. (2) If additional time is needed, the requester must be notified within the above 10 day period and be advised of the anticipated date of response which may not exceed 10 additional working days. (3) If a request for a record is denied and the requester appeals the decision to the Director, final determination on the appeal shall normally be made within 20 working days of receipt of the appeal. Additional time needed in an appeal action cannot exceed 10 working days, but only if additional time was not used in responding to the initial request. (4) The representative will notify the requester within 10 working days if the request has to be forwarded to another agency for action. (g) The initial denial of all or part of a request for a record under the FOI Act will be in writing to the requester and include all information as to the procedure undergone to arrive at that decision; directives, statutes, public law or other regulations authorizing prohibition of release of the record; a statement as to the requester's right to appeal the decision to the Director, DNA; the name and title of the Director, DNA; and if appropriate, advise the requester of his optional right to seek declassification review of a classified record more than 10 years old. |