DEPARTMENT OF DEFENSE PRIVACY PROGRAM

DoD 5400.11-R

DEPARTMENT OF DEFENSE PRIVACY PROGRAM

May 14, 2007 OFFICE OF THE DIRECTOR, ADMINISTRATION

AND MANAGEMENT

DoD 5400.11-R, May 14, 2007

FOREWORD

This Regulation is reissued under the authority of DoD Directive 5400.11, "DoD Privacy Program," May 8, 2007 (Reference (a)). It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, (Reference (b)), and prescribes uniform procedures for implementation of the DoD Privacy Program.

DoD 5400.11-R, "Department of Defense Privacy Program," August 13, 1983, is hereby canceled.

This Regulation applies to the Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (hereafter referred to as the "DoD Components").

The provisions of this Regulation shall be applicable by contract or other legally binding action to U.S. Government contractors whenever a DoD contract requires the performance of any activities associated with maintaining a system of records, including the collection, use, and dissemination of records on behalf of the contracting DoD Component. When maintaining a system of records or a portion of a system of records, contractors and their employees shall be considered employees of the contracting DoD Component for purposes of the criminal penalties of the Act.

This Regulation does not apply to:

? Requests for information made under the Freedom of Information Act (DoD Directive 5400.7) (Reference (c)). They are processed in accordance with DoD 5400.7-R (Reference (d)).

? Requests for information from systems of records controlled by the Office of Personnel Management (OPM), although maintained by a DoD Component. These are processed in accordance with policies established by OPM (Reference (e)).

? Requests for personal information from the General Accountability Office. These are processed in accordance with DoD Directive 7650.1 (Reference (f)).

? Requests for personal information from Congress. These are processed in accordance with DoD Directive 5400.4 (Reference (g)), except for the specific provisions in Chapter 4 of this Regulation.

2

DoD 5400.11-R, May 14, 2007 This Regulation is effective immediately and its use is mandatory for all DoD Components. The Heads of the DoD Components may issue supplementary instructions only when necessary to provide for unique requirements within their Components. Such instructions may not conflict with the provisions of this Regulation. Send recommended changes to this Regulation to the following address:

Director, Defense Privacy Office 1901 South Bell Street, Room 920 Arlington, VA 22202-4512 The DoD Components may obtain copies of this Regulation through their own publication channels. Approved for public release; distribution unlimited. Copies are available via the World Wide Web at . Authorized registered users may obtain copies of the publication from the Defense Technical Information Center, 8725 John J. Kingman Road, Fort Belvoir, VA 22060-6218. Other Federal Agencies and the public may obtain copies from the U.S Department of Commerce, National Technical Information Service, 5285 Port Royal Road, Springfield, VA 22161.

3

TABLE OF CONTENTS

DoD 5400.11-R, May 14, 2007

Page

FOREWORD

2

TABLE OF CONTENTS

4

REFERENCES

7

DEFINITIONS

8

CHAPTER 1 ? SYSTEMS OF RECORDS

11

C1.1. GENERAL

11

C1.2. STANDARDS OF ACCURACY

13

C1.3. GOVERNMENT CONTRACTORS

13

C1.4. SAFEGUARDING PERSONAL INFORMATION

15

C1.5. NOTIFICATION WHEN INFORMATION IS LOST, STOLEN OR

16

COMPROMISED

CHAPTER 2 ? COLLECTING PERSONAL INFORMATION

18

C2.1. GENERAL CONSIDERATIONS

18

C2.2. FORMS

20

CHAPTER 3 - ACCESS BY INDIVIDUALS

22

C3.1. INDIVIDUAL ACCESS TO PERSONAL INFORMATION

22

C3.2. DENIAL OF INDIVIDUAL ACCESS

27

C3.3. AMENDMENT OF RECORDS

29

C3.4. REPRODUCTION FEES

35

CHAPTER 4 ? DISCLOSURE OF PERSONAL INFORMATION TO OTHER

37

AGENCIES AND THIRD PARTIES

C4.1. CONDITIONS OF DISCLOSURE

37

C4.2. NON-CONSENSUAL CONDITIONS OF DISCLOSURES

38

C4.3. DISCLOSURES TO COMMERCIAL ENTERPRISES

46

C4.4. DISCLOSURES TO THE PUBLIC FROM MEDICAL RECORDS

47

C4.5. DISCLOSURE ACCOUNTING

47

CHAPTER 5 ? EXEMPTIONS

49

C5.1. USE AND ESTABLISHMENT OF EXEMPTIONS

49

C5.2. ACCESS EXEMPTON

51

C5.3. GENERAL EXEMPTIONS

51

C5.4. SPECIFIC EXEMPTIONS

52

4

TABLE OF CONTENTS

DoD 5400.11-R, May 14, 2007

CHAPTER 6 ? PUBLICATION REQUIREMENTS

54

C6.1. FEDERAL REGISTER PUBLICATION

54

C6.2. EXEMPTION RULES

56

C6.3. SYSTEM NOTICES

56

C6.4. NEW AND ALTERED RECORD SYSTEMS

62

C6.5. AMENDMENT AND DELETION OF SYSTEM NOTICES

66

CHAPTER 7 ? TRAINING REQUIREMENTS

67

C7.1. STATUTORY TRAINING REQUIREMENTS

67

C7.2. OMB TRAINING GUIDELINES

67

C7.3. DoD TRAINING PROGRAMS

67

C7.4. TRAINING METHODOLOGY AND PROCEDURES

68

C7.5. FUNDING FOR TRAINING

68

CHAPTER 8 ? REPORTS

69

C8.1. REQUIREMENT FOR REPORTS

69

C8.2. SUSPENSE FOR SUBMISSION OF REPORTS

69

C8.3. REPORTS CONTROL SYMBOL

69

CHAPTER 9 ? INSPECTIONS

70

C9.1. PRIVACY ACT INSPECTIONS

70

C9.2. INSPECTION REPORTING

70

CHAPTER 10 ? PRIVACY ACT VIOLATIONS

71

C10.1. ADMINISTRATIVE REMEMDIES

71

C10.2. CIVIL ACTIONS

71

C10.3. CIVIL REMEDIES

71

C10.4. CRIMINAL PENALTIES

71

C10.5. LITIGATION STATUS SHEET

71

C10.6. LOST, STOLEN, OR COMPROMISED INFORMATION

72

CHAPTER 11 ? COMPUTER MATCHING PROGRAM PROCEDURES

74

C11.1. GENERAL

74

C11.2. COMPUTER MATCHING PUBLICATION AND

75

REVIEW REQUIREMENTS

C11.3. COMPUTER MATCHING AGREEMENTS (CMA)

76

APPENDICES

AP1. SAFEGUARDING PERSONALLY IDENTIFIABLE INFORMATION

79

AP2. SAMPLE NOTIFICATION LETTER

82

AP3. DoD BLANKET ROUTINE USES

83

AP4. PROVISIONS OF THE PRIVACY ACT FROM WHICH A

86

GENERAL OR A SPECIFIC EXEMPTION MAY BE CLAIMED

AP5. SAMPLE OF NEW OR ALTERED SYSTEM OF RECORDS

89

NOTICE IN FEDERAL REGISTER FORMAT

AP6. FORMAT FOR NEW OR ALTERED SYSTEM REPORT

98

5

TABLE OF CONTENTS

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download