the records. The following sanctions should be emphasized to personnel: (1) There are criminal penalties for knowingly and willfully disclosing a record about an individual without the written consent or the written request of that individual, or unless disclosure is for one of the reasons listed in § 286a.10. (2) The DoD Component may be subject to civil suit for failure to comply with the Privacy Act. (f) Safeguarding personal information in records systems. (1) Each DoD Component shall establish administrative and physical safeguards to protect each system of records from unauthorized or unintentional access, disclosure, modification or destruction. These safeguards shall apply to systems of records, in whatever medium in which personal information is processed or stored. Such safeguards shall be tailored to the requirements of each system of records. (2) Access to personal information shall be restricted to those persons whose official duties require access and the individual concerned and in accordance with § 286a.8. (3) Each DoD Component shall ensure that all persons whose official duties require access to or processing and maintenance of personal information are trained in the proper safeguarding and use of such information. (4) Personal records and documents shall be stored so as to reasonably preclude unauthorized disclosure. (5) Disposal of records containing personal information which are no longer required will be accomplished in such a manner that will prevent the contents from being disclosed (e.g. tearing or shredding the record into pieces or burial or in the case of magnetic tapes by degaussing). § 286a.12 Instructions for preparation of record system notices. (a) General instructions. (1) For each system of records submit information in the sequence as shown in paragraph (b) of this section. Show in this sequence even though an entry may not be required for all items. (2) Use keywords shown below (i.e., sysname, record-category, etc.) Explanations of keywords are shown in parentheses, but do not use. (3) Do not use paragraph or subparagraph numbers or letters. (4) Do not underline any part of the text. (5) Do not use hyphenation at the end of a line or subdivide a word at the end of a line. (6) Do not reference information from other parts within the system of records being described. (7) Use all standard typewriter characters except for the following which will be used as indicated: (i) Use "+" to precede each major group keyword (e.g., plus sysname, etc.). (ii) Use "*" to precede each major subgroup keyword (e.g. * safeguards, etc.). The "" used in original Privacy Act submission. instructions is no longer valid. (iii) Use "$" to precede the text following each major group or subgroup headings. Do not use subparagraphs. (iv) Use "%" to precede each line entry when names, addresses, etc., require a column or list format. Multiple addresses or listings within a single column are not permitted. In instances where more than one address or list is required, enter all addresses or lists in paragraph form, from left to right across the page. (v) Do not use 66 "=" character. It is reserved for other purposes. (8) All information will be typed flush with the left margin, using the characters indicated in paragraph (a) (7) of this section to distinguish between major groupings of information and paragraphs. (9) Refer to paragraph (c) of this section for systems which may qualify for emption. (10) Number the pages separately for each draft system notice. (11) New and revised system notices shall be prepared in accordance with the initial Privacy Act submission instructions as modified by this section. All notices are to be submitted in full (i.e. no partial system notices shall be accepted). (b) Sequence of submissions and instructions-(1) Manual or Automated. Indicate whether the system is manual or automated. An automated system would include records processed, maintained, or both, in a machine readable medium, such as EAM Cards, computer tapes, or disks, word processing tapes and cards, etc. A manual system would include records processed, maintained, or both, in a human readable medium such as paper records in file folders, visible or vertical file cards, microfiche, roll microfilm, photographs, etc. A mechanized file which requires substantial hu man intervention for processing or maintenance is considered to be manual. rather than automated. (2) System name (sysname). Whenever applicable, identify the system by number and title prescribed in your files or records disposition manual. Use locally originated titles for files which are not described specifically and adequately in the manual or which are otherwise unique to the reporting office. If more than one system is covered by a file description, identify each system. If several files (separately described in your manual) are a part of a single system identify the system only (see, below, for identification of separate files which form a system). Provide system and file title in unclassified form. Do not use abbreviations, nicknames, or acronyms unless spelled out the first time used. Place acronyms in parentheses immediately following the title. (3) Security. Specify the Defense or other security classification for the system of records if classified pursuant to the provisions of DOD 5200.1-P (32 CFR, 159), and implementing directives. Do not cite as a classification "Internal Working Paper, Eyes Only," or similar marking used for internal control or other handling purposes. If unclassified, including FOR OFFICIAL USE ONLY, state unclassified. (4) Location. If the system is maintained in a single location, provide the exact name of the office, organization, and correspondence or routing symbol. On the other hand, if it is geographically or organizationally decentralized, specify each type of organization or element that maintains a segment of the system. For example, if the system was comprised of clinical records, then medical centers and hospitals, and the National Personnel Records Center would be listed as locations. Where automated data systems encompass a central computer facility, with input/output terminals at several geographical locations, list by category each location under this heading. In all instances where multiple locations are referred to by type of organization, state that official mailing addresses are in the Department of Defense Directory in the appendix to the Component's systems notice. However, in all cases, give the official mailing address if the office maintaining the system is not listed in the Federal Register. If the address is classified, so state. Be sure to list each type of organization might be in the system of records. Categories of individuals, therefore, should be stated in easily understood, non-technical terms and include all categories of individuals on whom records are maintained. Avoid using broad general descriptions, such as "all military personnel," unless the system applies to all military personnel. For example, the Joint Uniform Military Pay System (JUMPS) applies to all military personnel on active duty, while a system of absentee case files would apply only to deserters and escaped prisoners. All categories of individuals included in the system must be listed, regardless of the frequency of inclusion or the number of records involved. (All future changes to the system, which broaden or increase the categories of individuals covered, will require preparation and publication of a revised public notice in the FEDERAL REGISTER.) (6) Record category. (Categories of records in the system). Briefly describe in non-technical terms all types of records in the system. For example, under JUMPS, the types of records will include, but not be limited to, individual military pay records and substantiating documents, such as certificates for deductions and retained military pay orders and records of travel payments; financial record data folders; miscellaneous military vouchers; laundry and dry cleaning statement; copies of morning or strength reports or other rosters; and personal financial records. For automated systems, do not list source documents unless they are retained and filed by name, SSN, or other individual identifier. Instead, list the categories of information stored in the system. Be sure to include all types records in the system, regardless of their frequency or volume of accumulation, since future additions of new types of records will require preparation and publication of revised public notices in the FEDERAL REGISTER. (7) Authority. (Authority for maintenance of the system). Cite the specific provision of a Federal statute or Executive Order of the President, including the title thereof, which authorizes, or provides a legal basis for, maintenance of the system. Do not cite regulations. In this connection, authority for a system may be derived from a statute or Executive Order which: (i) Explicitly authorizes or directs the component to maintain a system of reccords. (ii) Authorizes or directs the component to perform a function, the discharge of which requires maintenance of the system of records. NOTE: Check with the appropriate judge advocate or legal officer for assistance in determining the statutory or regulatory basis for the system. (8) Routine-uses. (Routine uses of records maintained in the system, including categories of users and the purposes of such uses.) (i) Essentially, this requirement calls for the following information in nontechnical terms: (a) The purpose(s) for which information in the system is collected. (b) Each category of user. (c) The specific use (s) made of the information by each user. (ii) Each category of user and each use must be reported. Any proposed new use or category of user, or change in an existing use, which has the effect of expanding the availability of the information in the system, will require publication of a revised notice in the FEDERAL REGISTER. Any such proposed change in a routine use must also be described in an advanced notice in the FEDERAL REGISTER to permit 30 days for public comment before it is implemented. As defined by 5 U.S.C. 552a, the term "routine use" means with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected. (iii) "Uses" can be distinguished from "purposes" in that "purposes" describe the objectives for collecting or maintaining information. "Uses" are the specific ways or processes in which the information is employed, including the persons or organizations to whom the record may be disclosed. For example, the purposes for collecting information may be to evaluate an application for a veteran's benefit and to issue checks. Uses may include verification of certain information 58-112-76- -43 with the appropriate Military Service and release of check data to the Treasury Department. List under routine uses if contractors are engaged to perform a service, such as key punch, optical scan, or telecommunications in connection with the operation of an automated data system. List also Federal agencies to which personal-type information is disclosed, including automated system interfaces, and the purposes for which the disclosures are made. (iv) Each proponent of a system (i.e., that office or organization proposing, directing, or otherwise responsible for the system) must prescribe the "routine" uses of the records. Routine use does not merely encompass the common and ordinary uses to which records are put, but also includes all of the proper and necessary uses regardless of frequency. For example, individual income tax returns are routinely used by the Internal Revenue Service to audit the amount of tax due and for assistance on collection of such tax by civil proceedings. They are used less often, however, for referral to the Department of Justice for possible criminal prosecution of fraud or tax evasion. Therefore, the "routine" use of such records will include referrals to the Department of Justice. In addition, description of "routine use" shall include the fact that any individual records in a system of records may be transferred to any component of the Department of Defense. It shall be expected normally that "routine use" will include disclosure to law enforcement or investigatory authorities for investigation and possible criminal prosecution, civil court action, or regulatory order. (9) Policy-practice. (Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system). Describe how records in the system are managed during their life-cycle. When feasible, extract pertinent information from your files or records disposition manual. (i) Storage. In describing records storage, specify the medium in which they are maintained, such as paper records in file folders, visible or vertical file cards, computer magnetic tapes, or disks, computer paper printouts, aperture cards, microfiche, roll microfilm, photographs, video-tape, etc. (ii) Retrievability. Specify how information is accessed and retrieved, such as by name, social security account number (SSAN), military service number or 663 other identification number, classification or personal characteristics, such as fingerprint classification, voice print identifier, etc. Indicate further whether conventional or computerized indices are required to retrieve individual records from the system. (iii) Safeguards. Describe what measures are taken to prevent unauthorized disclosure of the records and state the categories of individuals authorized access to the records. Specify system safeguards, such as safes, vaults, locked cabinets or rooms, guards, personnel screening, visitor registers, computer "failsafe" systems software, etc. NOTE: Do not describe security safeguards in such detail as to increase the risk of unauthorized access to the records. (iv) Retention. (retention and disposal). State rules on how long the records are to be maintained; if and when they are moved to Federal Records Centers or the National Archives or other designated depository; and if, when, and how they are destroyed or otherwise disposed of. Changes in this item will not normally require immediate publication of a revised public notice unless they reflect an expansion in the availability of or access to the system of records. (10) Systems manager (Sysmanager). (Title and duty address of the agency officials responsible for the system). In all cases, enter the title of the official who is responsible for policies and procedures governing the system, i.e., DCS Personnel, Hq., USA and USAF; Chief of Naval Personnel; etc. If the title of the official is unknown (such as for locally evolved systems), specify the commander or office head as the responsible oficial. In addition, for geographically or organizationally decentralized systems, where individuals may deal directly with agency officials at each location to exercise their rights under the Privacy Act of 1974, give the position or duty title of each category of official responsible for the system or a segment thereof. For example, in the case of clinical records, the entries would be: The Surgeon General, USA or USAF, or Chief, Bureau of Medicine and Surgery (USN), commanders of medical centers and hospitals, and the Director, National Personnel Records Center, 111 Winnebago St., St. Louis MO 63118. Do not include the duty address if already listed in organizational directories mentioned in paragraph (b) (4) of this section. (11) Notification. (Procedure whereby individuals can be notified at their request if the system contains records pertaining to them). (i) Indicate whether or not requests from individuals should be addressed to the above SYSMANAGER, as in subparagraph (10) of this paragraph. If requests are to be addressed to any other officials, list them by duty or position titles. (ii) Specify what information will be required from the requesting individual to determine whether or not the system contains a record about him such as full name, military status, SSN or service number, resident or nonresident, etc. (iii) List by specific name, or categories, those offices which the requestor may visit to obtain information on whether or not the system contains records pertaining to him. (iv) For personal visits, specify what data the requestor must present as proof of identity, such as a combination of full name, date and place of birth, parents' names, driver's license, medicare card, etc. Do not require verification of identity for records which are disclosable under the Freedom of Information Act. (12) Access. (Procedures whereby an individual can be notified at his request how he can gain access to any record pertaining to himself contained in the system of records). Include the title or category of officials who can provide assistance, if those officials are other than the SYSMANAGER. If the mailing addresses are listed in the organizational directory, state that official mailing addresses are in the Department of Defense Directory in the appendix to the Component's systems notice. Specific locations and telephone numbers of offices may be indicated for unique or centralized systems. (13) Contest. (Rules for access and contesting contents of records). To comply with this requirement, merely, state: "The agency's rules for access to records and for contesting contents and appealing initial determinations by the individual concerned may be obtained from the Sysmanager." (14) Source. (Categories of sources of records in the system). List by type each source of information in the system, e.g., previous employers, financial institutions, educational institutions, trade associations, automated system interfaces, etc. Specific individuals or institutions need not be identified by name. Also, do not list as a source individuals who pro vided information on themselves. Again, be sure to include all types, since collection of information from types of sources other than those listed will require publication of a revised public notice in the Federal Register-before any information is collected from those sources. (c) Systems qualified and proposed for promotion (1) Generally, the following records may be exempted from the provisions of paragraph (b) (11), (12), (13), and (14) of this section (subsection (e) (4) (G), (H) and (I) of the Privacy Act of 1974; records maintained by the Central Intelligence Agency; records compiled to ensure protection of the President or other officials, classified records, records required by statute to be maintained and used solely as statistical records; investigatory records compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information, but only to the extent as outlined in subsection (k) (5) of the Privacy Act of 1974; certain testing and examination material; and certain material used to evaluate potential for promotion in the Armed Services. All items in paragraph (b) of this section will be completed for systems proposed for exemption, except for paragraph (b) (11), (12), (13) and (14) of this section. (2) Cite the system name and specific provisions of the Privacy Act of 1974, from which the system is to be exempted and the reasons therefore. Consult with the legal staff for detailed guidance for systems which may be eligible for exemption. Proponents of systems dealing with the above types of records should contact the Departmental Records Management staff (HQ DAAG-AMR; HQ USAF/DAD; Chief of Naval Operations (OP-09B1); or appropriate comparable Defense component records management staff for additional guidelines, if necessary, for preparing exemption notices for publication in the FEDERAL REGISTER. NOTE: No system of records is exempted from the public notice requirements of the Privacy Act of 1974.) Failure to publish such a notice constitutes a criminal violation. § 286a.13 Effective date and implementation. (a) This part is effective September 27, 1975. (b) DoD Components shall issue regulations to carry out the policies set forth (a) Implements the Privacy Act of 1974 (Public Law No. 93-579, 5 U.S.C. 552a), and supplements the OMB Guidelines, Circular A-108, July 1, 1975, and DoD Directive 5400.11, (32 CFR Part 286a) which require the Offices of the Secretary of Defense and those organizations assigned to OSD for administrative support to: (1) Assure that personal information about individuals collected in OSD Components is limited to that which is legally authorized and necessary, and is maintained in a manner which assures its confidentiality; (2) Establish policies and procedures for effective administration of the Privacy Act program; (3) Establish procedures for reviewing a denial for access to records or for the correction of a record. |