Privacy Act of 1974; System of Records, 742-746 [E7-7]

Agencies

• DEPARTMENT OF DEFENSE
• Department of the Army
• Army Department

[Federal Register Volume 72, Number 4 (Monday, January 8, 2007)]
[Notices]
[Pages 742-746]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-7]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Department of the Army

[USA-006-0042]


Privacy Act of 1974; System of Records

AGENCY: Department of the Army, DoD.

ACTION: Notice to alter a system of records.

-----------------------------------------------------------------------

SUMMARY: The Department of the Army proposes to alter a system of 
records notice in its inventory of records systems subject to the 
Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES: This proposed action will be effective without further notice on 
February 7, 2007 unless comments are received which result in a 
contrary determination.

ADDRESSES: Send comments to Department of the Army, Freedom of 
Information/Privacy Division, U.S. Army Records Management and 
Declassification Agency, ATTN: AHRC-PDD-FPZ, 7701 Telegraph Road, Casey 
Building, Suite 144, Alexandria, VA 22325-3905.

FOR FURTHER INFORMATION CONTACT: Mr. Robert Dickerson at (703) 428-
6513.

SUPPLEMENTARY INFORMATION: The notice was published on October 25, 2005 
at 70 FR 61607. There were numerous comments, but many were virtually 
identical in format and content. We agree, in part, with some of the 
comments, and where so, we have made changes to the system notice.
    The commenter's observe that the system violates victims' (and 
offender's) privacy rights. We disagree. The inclusion of personal 
information in the SADMS does not violate law or contravene public 
policy. The personal identifying information (PII) that will be 
incorporated into the Sexual Assault Data Management System (SADMS) 
already exists in other Army information systems that are identified in 
the system notice. SADMS simply consolidates data for the purposes set 
forth in the notice.
    The commenter's remark that use of PII would deter victims from 
reporting sexual assaults. We disagree. The Army Sexual Assault 
Prevention and Response (SAPR) Program is designed to foster the 
confidence of Soldiers and increase their likelihood of reporting. It 
is widely recognized that sexual assault is the most underreported 
crime in the United States. SADMS, as a consolidation of data reported 
and captured in other Army information systems, will enable Army SAPR 
Program officials to assess the effectiveness of the Army's response 
and prevention program and to make necessary and appropriate changes to 
policy and procedure to correct any identified weaknesses or failings 
in the program. Incident to analyzing the data in the system, great 
care is taken, both technically and procedurally, to ensure that the 
privacy and confidentiality of victim data is preserved and protected. 
Fewer than ten individuals in or supporting the Headquarters Department 
of the Army (HQDA) SAPR Program Office will be authorized direct system 
access to PII contained in the SADMS, but only on an as needed basis 
for purposes of discharging their SAPR Program management 
responsibilities. Additionally, the Assistant Deputy Chief of Staff, G-
1 (Personnel) must explicitly approve such access prior to personnel 
being granted system privileges (or permissions), to access PII within 
the SADMS. No other Department of the Army personnel will be authorized 
direct access to PII in SADMS. Victims can be assured that their PII is 
not disseminated throughout the Army, but is only disclosed in 
accordance with authorized program management purposes.
    The commenter's observe that personally identifying information 
should not be included in the system. We disagree. As indicated above, 
SADMS is a consolidation of sexual assault incident and response data 
previously reported and captured in other Army information systems. It 
is designed to provide Army SAPR program leaders a holistic view of 
these incidents, to measure the effectiveness of the Army's SAPR 
Program, to support the management of the program as recommended by the 
Acting Secretary of the Army's Task Force Report on Sexual Assault 
Policies published in May 2004, and to respond to queries by Congress 
and/or Senior Army Leaders. To ensure it fulfills these purposes, it is 
critically important that data contained in the system be accurate. 
Analysis of sexual assault incident and response data across all the 
SADMS feeder systems identified in the systems notice demonstrates that 
the most effective way to accurately synthesize these separate 
information systems is to correlate data by common data fields--the 
personal identifying information. Inclusion of this information is the 
most efficient means of assuring that accurate information is received 
and correlated from these feeder systems.
    The commenter's question the rationale for developing a separate 
data management system in addition to the Defense Incident-Based 
Reporting System (DIBRS). The Army elected to develop and implement the 
SADMS because the Defense Incident Based Reporting System (DIBRS) did 
not provide the information necessary to manage and measure the 
effectiveness of the different components of the Army's SAPR Program. 
DIBRS, while containing incident, investigative and offender 
accountability information, does not address support services being 
made available to and/or received by victims. The Acting Secretary of 
the Army's Task Force Report on Sexual Assault Policies found that the 
Army lacked a centralized system to document all relevant data 
regarding sexual assault cases, including care provided to the victim. 
The Task Force recognized that critical information is not available at 
a single location, information that could provide greater understanding 
about how well the Army's sexual assault prevention and response 
policies and procedures are working. At the time when the report was 
issued, all available Army data on sexual assaults, victims, and 
alleged perpetrators resided in different systems across several Army 
organizations. This decentralization made it difficult to follow 
victims, alleged perpetrators, and cases between services, components, 
and organizations. SADMS is designed to specifically address this 
shortcoming and to provide Army SAPR Program leaders the capability to 
manage and measure the effectiveness of the Army's SAPR Program.
    The commenters point out that it is unclear who will have access to 
the SADMS. As indicated above, the SADMS will only operate in support 
of HQDA (Army G-1) Sexual Assault Prevention and Response (SAPR) 
Program requirements. As discussed above, fewer than ten individuals in 
or supporting the HQDA SAPR Program Office will be authorized direct 
system access to personal identifying

[[Page 743]]

information (PII) contained in the SADMS and only then for authorized 
SADMS purposes. Moreover, as stated above, no PII in SADMS will be 
disclosed in response to internal Army requests for information unless 
specifically approved for release first by the functional system 
owner(s) of the data and then by either the Assistant Deputy Chief of 
Staff, G-1 or the Deputy Assistant Secretary of the Army for Human 
Resources, either of whom must personally determine that the 
requester's need to know is at least equal to, if not greater than, the 
potential impact of divulging the PII and that disclosure is otherwise 
consistent with law and regulation. Limiting SADMS access and 
disclosure authority will ensure that information management processes 
are firmly established across this small population of users. And 
finally, but most importantly, commanders or others will not have 
access to PII contained within SADMS. SADMS information will not be 
used to inform or influence command or legal process decisions with 
respect to either victims or offenders. Other than as described above, 
SADMS data is neither accessible by nor releasable to the general 
public except to the extent mandated by law, e.g., the Freedom of 
Information Act. As indicated above, great care is being taken, both 
technically and procedurally, to ensure that the privacy and 
confidentiality of the PII is preserved and protected.
    The commenters remark that persons accused of sexual assault may be 
exempt from being included in SADMS based upon rank or security 
clearance. We disagree. The term ``exemptions'' refers to statutory 
exemptions that an agency may claim for its record systems. As stated 
in the notice and exemption rule for the SADMS, an exemption has been 
claimed but only to the extent that the SADMS record is obtained from 
an Army information system for which an exemption has been previously 
claimed. In effect, SADMS will claim the same exemptions as claimed for 
the original system, but only if the purpose underlying the exemption 
for the original record still pertains to the record which is now 
contained in SADMS. Moreover, sexual assault incident reporting is not 
predicated on or affected by rank or security clearance. No one in the 
Army is exempt from inclusion in the SADMS if their information is 
captured and reported by one of the Army information systems identified 
in the SADMS systems notice. All reported incidents will be captured 
and where the investigative process determines an allegation to be 
founded, offender information will be maintained within the SADMS. Upon 
completion of actions by an offender's chain of command, information on 
disposition of all judicial or nonjudicial and administrative actions 
adjudged and/or ordered will be maintained within the SADMS as well.
    The commenters observe that the system will infringe upon due 
process rights of victims and alleged offenders. We disagree. PII on 
alleged offenders will be added to the system after an allegation is 
determined to be ``founded'' as reflected in the final report of 
investigation by the lead investigating agency. Final disposition of 
these charges, once completed, will also be maintained within SADMS 
records. As discussed above, no PII contained within SADMS will be 
disclosed in response to any request for information unless 
specifically approved for release first by SAPR program office and then 
by either the Assistant Deputy Chief of Staff, G-1 or the Deputy 
Assistant Secretary of the Army for Human Resources or otherwise 
required by law. As with the source systems, PII will remain protected 
under the Privacy Act. Administrative, physical and technical 
safeguards have been established to prevent unauthorized access to the 
information maintained in SADMS. Limitations on the number of personnel 
with direct system access to PII in SADMS support efforts to minimize/
eliminate unauthorized disclosure of this information. As discussed 
above, fewer than ten individuals in the Army will have direct system 
access to the personal identifying information in the system. This 
direct access to PII will be restricted to those individuals at the 
Army headquarters level who have an official need for this information 
in order to discharge their Army SAPR Program management 
responsibilities. If, and when, a decision is made to extend SADMS 
access beyond the Army SAPR Program Office, other Army users of the 
SADMS will not have access to personal identifying information 
contained within the system. Their access will be limited to 
aggregated, non-personal identifying information. Moreover, as stated 
above, commanders or others will not have access to PII contained in 
SADMS. SADMS information will not be used to inform or influence 
command or legal process decisions with respect to either victims or 
offenders. Additionally, ongoing education efforts will continually 
sensitize personnel authorized to view PII within SADMS that the 
privacy and confidentiality of the data must be preserved and 
protected, thereby ensuring that the data is only used as authorized.
    The commenters remark that the system is inconsistent with DoD 
confidentiality policy. We disagree. Sexual assault victims have two 
options for reporting incidents in accordance with the DoD 
Confidentiality policy: ``Unrestricted'' or ``Restricted'' reporting. 
``Unrestricted'' reporting allows a victim who is sexually assaulted 
and desires medical treatment, counseling, and an official 
investigation of his/her allegation to use current reporting channels. 
``Restricted'' reporting means a victim can, on a confidential basis, 
disclose the details of his/her assault to the Sexual Assault Response 
Coordinator, victim advocate, chaplain or a healthcare provider and 
receive medical treatment and counseling, without triggering the 
official investigative process. Where victims choose restricted 
reporting, no PII will be contained within SADMS, nor will any 
combination of other potentially identifying information be maintained 
that could reasonably lead to the discovery of a victim's identity. 
SADMS supports the DoD confidentiality policy and its intent of 
fostering the confidence of victims to report incidents of sexual 
assault.
    The commenters observe that SADMS will include detailed medical 
treatment information. We disagree. There will be no information 
provided to or maintained in SADMS concerning the substance or nature 
of medical care provided. Medical information is provided to the SADMS 
only when victims are Army servicemembers and elect unrestricted 
reporting. As indicated in the system notice, the data provided is 
limited to start and end dates of medical treatment resulting from 
sexual assault and the aggregate number of episodes of care received.
    In view of the foregoing discussion, we have made changes to the 
system notice in an effort to eliminate any potential ambiguity or lack 
of clarity that now exists. The changes do not substantively change the 
design of SADMS design or its present reliance on the use of personal 
identifying information to accurately correlate the data it will 
receive from the functional, Army data sources identified.
    Among the more significant changes are:
    We have simplified the description of the individuals covered by 
the system to make clear that the individual must be a uniformed member 
of the Army, as either a victim or an alleged perpetrator of a sexual 
assault, in order for his or

[[Page 744]]

her name, and data related to the sexual assault, to be included in the 
system of records.
    We have expanded the safeguards to explain in greater detail the 
protections afforded the system and to identify who will have access to 
the system.
    We have deleted the ``Blanket Routine Uses'' from the notice, 
finding that, in general, their inclusion is inconsistent with the 
objectives sought by the Army for this system.
    The Department of the Army systems of records notices subject to 
the Privacy Act of 1974, (5 U.S.C. 552a), as amended, have been 
published in the Federal Register and are available from the address 
above.
    The proposed system report, as required by 5 U.S.C. 552a(r) of the 
Privacy Act of 1974, as amended, was submitted on December 28, 2006, to 
the House Committee on Government Reform, the Senate Committee on 
Homeland Security and Governmental Affairs, and the Office of 
Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to 
OMB Circular No. A-130, `Federal Agency Responsibilities for 
Maintaining Records About Individuals,' dated February 8, 1996 
(February 20, 1996, 61 FR 6427).

    December 29, 2006.
L.M. Bynum,
Alternate Federal Register Liaison Officer, Department of Defense.
A0600-20 DCS, G-1

System name:
    Sexual Assault Data Management System (SADMS) Files (October 25, 
2005, 70 FR 61607).

Changes:
* * * * *

System location:
    Delete entry and replace with: ``Headquarters, Department of the 
Army. Official mailing addresses are published as an appendix to the 
Army's compilation of systems of records notices.''

Categories of individuals covered by the system:
    Delete entry and replace with: ``Any uniformed member of the Army 
who has been identified as the victim of a sexual assault. Any person 
who has been identified as the victim of a sexual assault allegedly 
committed by a uniformed member of the Army. Any person who has been 
identified as the perpetrator of an alleged sexual assault against a 
uniformed member of the Army. Any uniformed member of the Army who has 
been identified as the perpetrator of an alleged sexual assault.''

Categories of records in the system:
    Delete entry and replace with: ``Name; Social Security Number; date 
of birth; rank; demographic information; investigative or related 
information pertaining to a sexual assault incident; initial and final 
treatment dates and aggregate count of intermediate medical treatment 
contacts with the victim (only for those victims that are uniformed 
members of the Army and elect unrestricted reporting); information from 
records/reports relating to victim support extended by installation 
and/or unit advocates; and actions taken by commanders against 
offenders. Where a victim elects confidential or ``restricted'' 
reporting pursuant to the DoD confidentiality policy that went into 
effect June 14, 2005, neither personal identifying information 
concerning the victim nor investigative information or action taken 
against the alleged offender will be maintained in the system.''

Authority for maintenance of the system:
    Add the following to the entry: ``DoD Directive 6495.01, Sexual 
Assault Prevention and Response (SAPR) Program''

Purpose(s):
    Delete entry and replace with: ``To provide a centralized 
repository of relevant data regarding the entire lifecycle of sexual 
assault cases, involving victims and/or alleged offenders who are 
members of the Army (either the victim and/or alleged offender(s) must 
be a uniformed member of the Army) and to provide aggregate statistical 
data and management reports to enable Army SAPR Program leaders to 
assess the effectiveness of both response and prevention and to make 
necessary and appropriate changes to policy and procedures to correct 
any identified weaknesses or failings in the system.''

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    Change the last sentence of the entry to read ``The DoD `Blanket 
Routine Uses' set forth at the beginning of the Army's compilation of 
systems of records do not apply to this system.''
* * * * *

Safeguards:
    Delete entry and replace with: ``Appropriate administrative, 
technical and physical safeguards have been established to ensure that 
records in the Sexual Assault Data Management System are protected from 
unauthorized alteration or disclosure and that privacy and 
confidentiality is preserved and protected. All records are maintained 
in areas accessible only to authorized personnel who have an official 
need for access in order to perform their assigned responsibilities and 
duties. Automated records are further protected by assignment of user 
identification and passwords, which are changed at random times, to 
protect the system from unauthorized access. The system employs a 
Secure Socket Layer (SSL) certificate and encryption process to provide 
further protection from unauthorized access.
    Direct system access to personal identifying information (PII) is 
restricted to only those individuals in or supporting the Headquarters 
Department of the Army (HQDA) Sexual Assault Prevention and Response 
(SAPR) Program Office as needed to discharge their SAPR Program 
management responsibilities. Personnel with direct system access to 
personal identifying data within SADMS will receive detailed and 
continuous training on proper handling and safeguarding of this 
information. Likewise, no PII contained in SADMS will be disclosed in 
response to any internal request for information unless specifically 
approved for release first by the functional system owner(s) of the 
data and then by either the Assistant Deputy Chief of Staff, G-1 or the 
Deputy Assistant Secretary of the Army for Human Resources, either of 
whom must personally determine that the requester's need to know is at 
least equal to, if not greater than, the potential impact of divulging 
the PII, and that disclosure is otherwise consistent with law and 
regulation. Limiting SADMS access and disclosure authority will ensure 
that information management processes are firmly established across 
this small population of users. SADMS information will not be used to 
inform or influence command or legal process decisions with respect to 
either victims or offenders. Unauthorized disclosure of personal 
identifying information will not be tolerated and personnel responsible 
for this disclosure may be subject to criminal prosecution under 
federal law or the Uniform Code of Military Justice. During non-duty 
hours, military police or contract guard patrols ensure protection 
against unauthorized access. Except as required by law, such as the 
Privacy Act, PII within the system is not accessible by members of the 
general public.''
* * * * *



[[Page 745]]

Record Source Categories:
    Delete entry and replace with: ``Records in this system are derived 
from data originally maintained in the following official Army systems: 
Army Criminal Investigation Intelligence System (ACI2); Central 
Operations Police Suite (COPS); Sexual Assault Response Program 
Tracking Application (SARPTA); Defense Case Record Management System 
(DCRMS) (Army module); and Army Court Martial Information System 
(ACMIS).''
* * * * *
A0600-20 DCS, G-1

System name:
    Sexual Assault Data Management System (SADMS) Files.

System location:
    Headquarters, Department of the Army. Official mailing addresses 
are published as an appendix to the Army's compilation of systems of 
records notices.

Categories of individuals covered by the system:
    Any uniformed member of the Army who has been identified as the 
victim of a sexual assault. Any person who has been identified as the 
victim of a sexual assault allegedly committed by a uniformed member of 
the Army. Any person who has been identified as the perpetrator of an 
alleged sexual assault against a uniformed member of the Army. Any 
uniformed member of the Army who has been identified as the perpetrator 
of an alleged sexual assault.

Categories of records in the system:
    Name; Social Security Number; date of birth; rank; demographic 
information; investigative or related information pertaining to a 
sexual assault incident; initial and final treatment dates and 
aggregate count of intermediate medical treatment contacts with the 
victim (only for those victims that are uniformed members of the Army 
and elect unrestricted reporting); information from records/reports 
relating to victim support extended by installation and/or unit 
advocates; and actions taken by commanders against offenders. Where a 
victim elects confidential or ``restricted'' reporting pursuant to the 
DoD confidentiality policy that went into effect June 14, 2005, neither 
personal identifying information concerning the victim nor 
investigative information or action taken against the alleged offender 
will be maintained in the system.

Authority for maintenance of the system:
    Public Law 108-375, Section 577; 10 U.S.C. 3013, Secretary of the 
Army; DoD Directive 1030.1, Victim and Witness Assistance; DoD 
Directive 6495.01, Sexual Assault Prevention and Response (SAPR) 
Program; AR 27-10 Military Justice; AR 40-66 Medical Record 
Administration and Health Care Documentation; AR 195-2 Criminal 
Investigation Activities; AR 608-18, Family Advocacy Program; AR 600-
20, Army Command Policy; and EO 9397(SSN).

Purpose(s):
    To provide a centralized repository of relevant data regarding the 
entire lifecycle of sexual assault cases, involving victims and/or 
alleged offenders who are members of the Army (either the victim and/or 
alleged offender(s) must be a uniformed member of the Army) and to 
provide aggregate statistical data and management reports to enable 
Army SAPR Program leaders to assess the effectiveness of both response 
and prevention and to make necessary and appropriate changes to policy 
and procedures to correct any identified weaknesses or failings in the 
system.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the DoD as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows: To Congress and other 
agencies, as appropriate, to further the goals of Public Law 108-375. 
The DoD ``Blanket Routine Uses'' set forth at the beginning of the 
Army's compilation of systems of records do not apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Electronic storage media.

Retrievability:
    Name and Social Security Number (SSN).

Safeguards:
    Appropriate administrative, technical and physical safeguards have 
been established to ensure that records in the Sexual Assault Data 
Management System are protected from unauthorized alteration or 
disclosure and that privacy and confidentiality is preserved and 
protected. All records are maintained in areas accessible only to 
authorized personnel who have an official need for access in order to 
perform their assigned responsibilities and duties. Automated records 
are further protected by assignment of user identification and 
passwords, which are changed at random times, to protect the system 
from unauthorized access. The system employs a Secure Socket Layer 
(SSL) certificate and encryption process to provide further protection 
from unauthorized access. Direct system access to personal identifying 
information (PII) is restricted to only those individuals in or 
supporting the Headquarters Department of the Army (HQDA) Sexual 
Assault Prevention and Response (SAPR) Program Office as needed to 
discharge their SAPR Program management responsibilities. Personnel 
with direct system access to personal identifying data within SADMS 
will receive detailed and continuous training on proper handling and 
safeguarding of this information. Likewise, no PII contained in SADMS 
will be disclosed in response to any internal request for information 
unless specifically approved for release first by the functional system 
owner(s) of the data and then by either the Assistant Deputy Chief of 
Staff, G-1 or the Deputy Assistant Secretary of the Army for Human 
Resources, either of whom must personally determine that the 
requester's need to know is at least equal to, if not greater than, the 
potential impact of divulging the PII, and that disclosure is otherwise 
consistent with law and regulation. Limiting SADMS access and 
disclosure authority will ensure that information management processes 
are firmly established across this small population of users. SADMS 
information will not be used to inform or influence command or legal 
process decisions with respect to either victims or offenders. 
Unauthorized disclosure of personal identifying information will not be 
tolerated and personnel responsible for this disclosure may be subject 
to criminal prosecution under federal law or the Uniform Code of 
Military Justice. During non-duty hours, military police or contract 
guard patrols ensure protection against unauthorized access. Except as 
required by law, such as the Privacy Act, PII within the system is not 
accessible by members of the general public.

Retention and disposal:
    Disposition pending (until the National Archives and Records 
Administration has approved retention and disposition of these records, 
treat as permanent).

System manager(s) and address:
    Chief, Human Factors Division, Deputy Chief of Staff, Army G-1, 
ATTN:

[[Page 746]]

DAPE-HRH, 300 Army Pentagon, Washington, DC 20310-0300.

Notification procedure:
    Individuals seeking to determine whether information about 
themselves is contained in this system should address written inquiries 
to Deputy Chief of Staff, Army G-1, ATTN: DAPE-HRH, 300 Army Pentagon, 
Washington, DC 20310-0300.
    Individual should provide his/her full name, current address, 
telephone number, and other personal identifying data that would assist 
in locating the records. The inquiry must be signed.

Records access procedure:
    Individuals seeking access to information about themselves 
contained in this system should address written inquiries to the Deputy 
Chief of Staff, Army G-1, ATTN: DAPE-HRH, 300 Army Pentagon, 
Washington, DC 20310-0300.
    Individual should provide his/her full name, current address, 
telephone number, and other personal identifying data that would assist 
in locating the records. The inquiry must be signed.

Contesting records procedures:
    The Army's rules for accessing records, and for contesting contents 
and appealing initial agency determinations are contained in Army 
Regulation 340-21; 32 CFR part 505; or may be obtained from the system 
manager.

Record source categories:
    Records in this system are derived from data originally maintained 
in the following official Army systems: Army Criminal Investigation 
Intelligence System (ACI2); Central Operations Police Suite (COPS); 
Sexual Assault Response Program Tracking Application (SARPTA); Defense 
Case Record Management System (DCRMS) (Army module); and Army Court 
Martial Information System (ACMIS).

Exemptions claimed for the system:
    This system of records is a compilation of information from other 
Department of Army systems of records. To the extent that copies of 
exempt records from those other systems of records are entered into 
SADMS, the Army G-1 hereby claims the same exemptions for the records 
from those other systems that are entered into this system, as claimed 
for the original primary system of which they are a part.
    An exemption rule for this system has been promulgated in 
accordance with requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) 
and (e) and published in 32 CFR part 505. For additional information 
contact the system manager.

[FR Doc. E7-7 Filed 1-5-07; 8:45 am]
BILLING CODE 5001-06-P