§ 806b.26 Disposing of records. You may use the following methods to dispose of records protected by the Privacy Act according to records retention schedules: (a) Destroy by any method that prevents compromise, such as tearing, burning, or shredding, so long as the personal data is not recognizable and beyond reconstruction. (b) Degauss or overwrite magnetic tapes or other magnetic medium. (c) Dispose of paper products through the Defense Reutilization and Marketing Office (DRMO) or through activities who manage a base-wide recycling program. The recycling sales contract must contain a clause requiring the contractor to safeguard privacy material until its destruction and to pulp, macerate, shred, or otherwise completely destroy the records. Originators must safeguard Privacy Act material until it is transferred to the recycling contractor. A federal employee or, if authorized, contractor employee must witness the destruction. This transfer does not require a disclosure accounting. a Subpart H-Privacy Act §806b.27 Requesting an exemption. §806b.28 Exemption types. (a) A general exemption frees a system from most parts of the Privacy Act. (b) A specific exemption frees a system from only a few parts of the Privacy Act. §806b.29 Authorizing exemptions. Only SAF/AA can exempt systems of records from any part of the Privacy Act. Denial authorities can withhold records using these exemptions only if SAF/AA previously approved and published an exemption for the system in the FEDERAL REGISTER. Appendix C of this part lists the systems of records that have approved exemptions. § 806b.30 Approved exemptions. Approved exemptions exist under 5 U.S.C. 552a for: (a) Certain systems of records used by activities whose principal function is criminal law enforcement (subsection (j)(2)). (b) Classified information in any system of records (subsection (k)(1)). (c) Law enforcement records (other than those covered by subsection (j)(2)). The Air Force must allow an individual access to any record that is used to deny rights, privileges or benefits to which he or she would otherwise be entitled by federal law or for which he or she would otherwise be eligible as a result of the maintenance of the information (unless doing so would reveal a confidential source) (subsection (k)(2)). (d) Statistical records required by law. Data is for statistical use only and may not be used to decide individuals' rights, benefits, or entitlements (subsection (k)(4)). (e) Data to determine suitability, eligibility, or qualifications for federal service or contracts, or access to classified information if access would reveal a confidential source (subsection (k)(5)). (f) Qualification tests for appointment or promotion in the federal service if access to this information would compromise the objectivity of the tests (subsection (k)(6)). (g) Information which the Armed Forces uses to evaluate potential for promotion if access to this information would reveal а confidential source (subsection (k)(7)). § 806b.31 Subpart I-Disclosing Records to §806b.31 Disclosure considerations. Before releasing personal information to third parties, consider the consequences, check accuracy, and make sure that no law or directive bans disclosure. You can release personal information to third parties when the subject agrees orally or in writing. Air Force members consent to releasing their home telephone number and address when they sign and check the 'Do Consent' block on the AF Form 624, 'Base/Unit Locator and PSC Directory' (see AFI 37-1294, 'Base and Unit Personnel Locators and Postal Directories'). (a) Before including personal information such as home addresses, home phones, and similar information on social rosters or directories, ask for written consent statements. Otherwise, do not include the information. (b) You must get written consent before releasing any of these items of information: (1) Marital status. (2) Number and sex of dependents. (3) Gross salary of military personnel (see §806b.32 for releasable pay information). (4) Civilian educational degrees and major areas of study. (5) School and year of graduation. (6) Home of record. (7) Home address and phone. (8) Age and date of birth. (9) Present or future assignments for overseas or for routinely deployable or sensitive units. (10) Office and unit address and duty phone for overseas or for routinely deployable or sensitive units. §806b.32 Disclosing information for which consent is not required. You don't need consent before releasing any of these items: (a) Information releasable under the FOIA. (b) Information for use within the Department of Defense by officials or employees with a need to know. 4 See footnote 1 to section 806b.11, of this part. § 806b.33 Disclosing other information. Use these guidelines to decide whether to release information: (a) Would the subject have a reasonable expectation of privacy in the information requested? (b) Would disclosing the information benefit the general public? The Air Force considers information as meeting the public interest standard if it reveals anything regarding the operations or activities of the agency, or performance of its statutory duties. (c) Balance the public interest against the individual's probable loss of privacy. Do not consider the requester's purpose, circumstances, or proposed use. §806b.34 Agencies or individuals to whom the Air Force may release privacy information. The Air Force may release information without consent to these individuals or agencies: (a) Agencies outside the Department of Defense for a Routine Use published in the FEDERAL REGISTER. The purpose of the disclosure must be compatible with the purpose in the Routine Use. When initially collecting the information from the subject, the Routine Uses block in the Privacy Act Statement must name the agencies and reason. (b) The Bureau of the Census to plan or carry out a census or survey under 13 U.S.C. 8. (c) A recipient for statistical research or reporting. The recipient must give advanced written assurance that the information is for statistical purposes only. NOTE: No one may use any part of the record to decide on individuals' rights, benefits, or entitlements. You must release records in a format that makes it impossible to identify the real subjects. (d) The Archivist of the United States and the National Archives and Records Administration (NARA) to evaluate records for permanent retention. Records stored in Federal Records Centers remain under Air Force control. (e) A federal, state, or local agency (other than the Department of Defense) for civil or criminal law enforcement. The head of the agency or a designee must send a written request to the system manager specifying the record or part needed and the law enforcement purpose. The system manager may also disclose a record to a law enforcement agency if the agency suspects a criminal violation. This disclosure is a Routine Use for all Air Force systems of records and is published in the FEDERAL REGISTER. (f) An individual or agency that needs the information for compelling health or safety reasons. The affected individual need not be the record subject. (g) The Congress, a congressional committee, or a subcommittee, for matters within their jurisdictions. (h) A congressional office acting for the record subject. A published, blanket Routine Use permits this disclosure. If the material for release is sensitive, get a release statement. (i) The Comptroller General or an authorized representative of the General Accounting Office on business. (j) A court order of a court of competent jurisdiction, signed by a judge. (k) A consumer credit agency according to the Debt Collections Act when a published system notice lists this disclosure as a Routine Use. (1) A contractor operating a system of records under an Air Force contract. Records maintained by the contractor for the management of contractor employees are not subject to the Privacy Act. §806b.35 Disclosing the medical records of minors. Air Force personnel may disclose the medical records of minors to their parents or legal guardians. The laws of each state define the age of majority. (a) The Air Force must obey state laws protecting medical records of drug or alcohol abuse treatment, abortion, and birth control. If you manage medical records, learn the local laws and coordinate proposed local policies with the servicing SJA. (b) Outside the United States (overseas), the age of majority is 18. Unless parents or guardians have a court order granting access or the minor's written consent, they will not have access to minor's medical records overseas when the minor sought or consented to treatment between the ages of 15 and 17 in a program where regulation or statute provides confidentiality of records and he or she asked for confidentiality. 8806b.36 Disclosure accountings. System managers must keep an accurate record of all disclosures made from any system of records except disclosures to DoD personnel for official use or disclosures under the FOLA. System managers may use AF Form 771, 'Accounting of Disclosures'. (a) System managers may file the accounting record any way they want as long as they give it to the subject on request, send corrected or disputed information to previous record recipients, explain any disclosures, and provide an audit trail for reviews. Include in each accounting: (1) Release date. (2) Description of information. (3) Reason for release. (4) Name and address of recipient. (b) Some exempt systems let you withhold the accounting record from the subject. (c) You may withhold information about disclosure accountings for law enforcement purposes at the law enforcement agency's request. $806b.37 Computer matching. Computer matching programs electronically compare records from two or more automated systems which may include the Department of Defense, another federal agency, or a state or other local government. A system manager proposing a match that could result in an adverse action against a federal employee must meet these requirements of the Privacy Act: (a) Prepare a written agreement between participants. (1) Secure approval of the Defense Data Integrity Board. (2) Publish a matching notice in the FEDERAL REGISTER before matching begins. (3) Ensure full investigation and due process. (4) Act on the information, as necessary. (b) The Privacy Act applies to matching programs that use records from: (1) Federal personnel or payroll systems. (2) Federal benefit programs where matching: (i) Determines federal benefit eligibility, (ii) Checks on compliance with benefit program requirements, (iii) Recovers improper payments or delinquent debts from current or former beneficiaries. (c) Matches used for statistics, pilot programs, law enforcement, tax administration, routine administration, background checks and foreign counterintelligence, and internal matching that won't cause any adverse action are exempt from Privacy Act matching requirements. (d) Any activity that expects to participate in a matching program must contact SAF/AAIA immediately. System managers must prepare a notice for publication in the FEDERAL REGISTER with a Routine Use that allows disclosing the information for use in a matching program. Send the proposed system notice to SAF/AAIA. Allow 180 days for processing requests for a new matching program. (e) Record subjects must receive prior notice of a match. The best way to do this is to include notice in the Privacy Act Statement on forms used in applying for benefits. Coordinate computer matching statements on forms with SAF/AAIA through the MAJCOM Privacy Act Officer. Subpart J-Training § 806b.38 Who needs training. The Privacy Act requires training for all persons involved in the design, development, operation and maintenance of any system of records. Some persons may need more specialized training. They include information managers, supervisors, and individuals working with medical, financial, security, and personnel records. § 806b.39 Training tools. Helpful aids include: (a) AFH 37-1465, 'Privacy Act Training', a self-paced course. (b) 'The Privacy Act of 1974,' a 32minute film developed by the Defense Privacy Office. Consult your local audiovisual library. (c) 'A Manager's Overview, What You Need to Know About the Privacy Act'. Contact SAF/AAIA for copies. NOTE: Formal school training groups that develop or modify blocks of instruction must send the material to SAF/AAIA for coordination. Subpart K-Privacy Act Reporting §806b.40 Privacy Act Report (RCS: DD-DA&M(A)1379). By March 1, of each year, MAJCOM and FOA Privacy Act officers must send SAF/AAIA a report covering the previous calendar year. The report includes: (a) Total number of requests granted in whole. (b) Total number of requests granted in part. (c) Total number of requests denied and the Privacy Act exemptions used. (d) Total number of requests for which no record was found. (e) Total number of amendment requests granted in whole. 5 See footnote 1 to section 806b.11, of this part. (f) Total number of amendment requests granted in part. (g) Total number of amendment requests wholly denied. (h) Specific recommendations for changes to the Act or the Privacy Act Program. APPENDIX A TO PART 806b-GLOSSARY OF REFERENCES, ABBREVIATIONS, ACRONYMS, AND TERMS Section A-References a. Privacy Act of 1974, as amended, Pub. L. 93-579, 88 Stat 1896 (5 U.S.C. 552a). b. 10 U.S.C 8013, 'Secretary of the Air Force: Powers and Duties.' c. Executive Order 9397, 'Numbering System for Federal Accounts Relating to Individual Persons.' d. 32 CFR part 806b, ‘Air Force Privacy Act Program.' e. DoD Directive 5400.111, 'Department of Defense Privacy Program.' f. DoD 5400.11-R2, 'Department of Defense Privacy Program.' g. AFI 33-2023, "The Air Force Computer Security Program' (formerly AFR 205-16). h. AFPD 37-14, 'Air Force Information Management.' i. AFI 37-1315, 'Air Force Freedom of Information Act Program' (formerly AFR 4-33). j. AFI 37-1296, 'Base and Unit Personnel Locators and Postal Directories' (formerly AFR 11-24). k. AFMAN 37-1397, 'Disposition of Records' (formerly AFR 4-20, volume 2). 1. AFDIR 37-1448, 'Air Force Privacy Act Systems of Records Notices.' m. AFH 37-1469, 'Privacy Act Training.' 1 Copies may be obtained at cost from the National Technical Information Service, 5285 Port Royal Road, Springfield, VA 22161. 2 See footnote 1 to section B, appendix A to part 806b. 3 See footnote 1 to section B, appendix A to part 806b. 4 See footnote 1 to section B, appendix A to part 806b. 5 See footnote 1 to section B, appendix A to part 806b. See footnote 1 to section B, appendix A to part 806b. 7See footnote 1 to section B, appendix A to part 806b. See footnote 1 to section B, appendix A to part 806b. See footnote 1 to section B, appendix A to part 806b. Air Force Security Police j. ASCII American Standard Code for Information Interchange k. BAQ-Basic Allowance for Quarters 1. CFR Code of Federal Regulations m. DCS - Deputy Chief of Staff n. DoD - Department of Defense 0. DR&MO Defense Reutilization and Marketing Office p. EAD - Entered on Active Duty q. FOA- Field Operating Agency r. FOIA - Freedom of Information Act s. FOUO -For Official Use Only t. IG - Inspector General u. IMC - Interim Message Change v. LE - Logistics and Engineering w. MAJCOM - Major Command x. MIRS - Management Information and Research System y. MP - Military Personnel z. MPC - Military Personnel Center aa. NARA - National Archives and Records Administration |