Office of the Secretary Privacy Program, 2819-2823 [E7-800]
Download as PDF
<![CDATA[
Federal Register / Vol. 72, No. 14 / Tuesday, January 23, 2007 / Proposed Rules
Small Business Regulatory Enforcement
Fairness Act of 1996
This rule is not a ‘‘major rule’’ as
defined by the Small Business
Regulatory Enforcement Fairness Act of
1996, 5 U.S.C. 804(2). This proposed
rule will not result in an annual effect
on the economy of $100 million or
more, a major increase in costs or prices,
or have significant adverse effects on
competition, employment, investment,
productivity, innovation, or on the
ability of United States-based
companies to compete with foreignbased companies in domestic and
export markets.
Paperwork Reduction Act of 1995
The rule does not contain collection
of information requirements. Therefore,
clearance by the Office of Management
and Budget under the Paperwork
Reduction Act, 44 U.S.C. 3501 et seq.,
is not required.
List of Subjects in 28 CFR Part 20
(ii) The screening of employees or
applicants for employment hired by
criminal justice agencies; and
(iii) The issuance of identification
documents to current and retired law
enforcement officers pursuant to Public
Law 108–277.
*
*
*
*
*
3. Section § 20.33 is amended by
revising paragraphs (a) introductory text
and (a)(1) to read as follows:
§ 20.33 Dissemination of criminal history
record information.
(a) Criminal history record
information contained in the III System
and the FIRS may be made available:
(1) To criminal justice agencies for
criminal justice purposes;
*
*
*
*
*
Dated: January 2, 2007.
Alberto R. Gonzales,
Attorney General.
[FR Doc. E7–150 Filed 1–22–07; 8:45 am]
BILLING CODE 4410–02–P
Classified information, Crime,
Intergovernmental relations,
Investigations, Law enforcement,
Privacy.
Accordingly, part 20 of title 28 of the
Code of Federal Regulations is proposed
to be amended as follows:
DEPARTMENT OF DEFENSE
Office of the Secretary
[DoD–2006–OS–0033; 0790–AI10]
32 CFR Part 311
PART 20—CRIMINAL JUSTICE
INFORMATION SYSTEMS
Office of the Secretary Privacy
Program
1. The authority citation for part 20
continues to read as follows:
AGENCY:
ACTION:
Authority: 28 U.S.C. 534; Pub. L. 92–544,
86 Stat. 1115; 42 U.S.C. 3711, et seq.; Pub.
L. 99–169, 99 Stat. 1002, 1008–1011, as
amended by Pub. L. 99–569, 100 Stat. 3190,
3196; Pub. L. 101–410, 104 Stat. 890, as
amended by Pub. L. 104–134, 110 Stat. 1321.
2. Section 20.3 is amended by revising
paragraph (b) to read as follows:
jlentini on PROD1PC65 with PROPOSAL
§ 20.3
Definitions.
As used in these regulations:
*
*
*
*
*
(b) Administration of criminal justice
means the performance of any of the
following activities: Detection,
apprehension, detention, pretrial
release, post-trial release, prosecution,
adjudication, correctional supervision,
or rehabilitation of accused persons or
criminal offenders. The term ‘‘criminal
justice purpose’’ in 20 CFR 20.33(a)(1)
includes activities defined as the
‘‘administration of criminal justice.’’
The administration of criminal justice
also includes
(i) Criminal identification activities
and the collection, storage, and
dissemination of criminal history record
information;
VerDate Aug<31>2005
16:24 Jan 22, 2007
Jkt 211001
Department of Defense.
Proposed rule.
SUMMARY: This rule proposed updates
and implements policies and
procedures for the Privacy Act Program
in the Office of the Secretary of Defense
and organizations provided
administrative support by the
Washington Headquarters Services.
DATES: Comments must be received by
March 26, 2007.
ADDRESSES: You may submit comments,
identified by docket number and or RIN
number and title, by any of the
following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Mail: Federal Docket Management
System Office, 1160 Defense Pentagon,
Washington, DC 20301–1160.
Instructions: All submissions received
must include the agency name and
docket number or Regulatory
Information Number (RIN) for this
Federal Register document. The general
policy for comments and other
submissions from members of the public
is to make these submissions available
for public viewing on the Internet at
PO 00000
Frm 00025
Fmt 4702
Sfmt 4702
2819
https://regulations.gov as they are
received without change, including any
personal identifiers or contact
information.
FOR FURTHER INFORMATION CONTACT:
Ms.
J. Irvin, 703–696–4940.
SUPPLEMENTARY INFORMATION:
Executive Order 12866, ‘‘Regulatory
Planning and Review’’
It has been determined that 32 CFR
part 311 is not a significant regulatory
action. The rule does not:
(1) Have an annual effect on the
economy of $100 million or more or
adversely affect in a material way the
economy; a section of the economy;
productivity; competition; jobs; the
environment; public health or safety; or
State, local, or tribal governments or
communities;
(2) Create a serious inconsistency or
otherwise interfere with an action taken
or planned by another Agency;
(3) Materially alter the budgetary
impact of entitlements, grants, user fees,
or loan programs, or the rights and
obligations of recipients thereof; or
(4) Raise novel legal or policy issues
arising out of legal mandates, the
President’s priorities, or the principles
set forth in this Executive Order.
Unfunded Mandates Reform Act (Sec.
202, Pub. L. 104–4)
It has been certified that this rule does
not contain a Federal mandate that may
result in the expenditure by State, local
and tribal governments, in aggregate, or
by the private sector, of $100 million or
more in any one year.
Public Law 96–354, ‘‘Regulatory
Flexibility Act’’ (5 U.S.C. 601)
It has been certified that this rule is
not subject to the Regulatory Flexibility
Act (5 U.S.C. 601) because it would not,
if promulgated, have a significant
economic impact on a substantial
number of small entities. Certification is
required.
Public Law 96–511, ‘‘Paperwork
Reduction Act’’ (44 U.S.C. Chapter 35)
It has been certified that this rule does
impose reporting or recordkeeping
requirements under the Paperwork
Reduction Act of 1995. The reporting
and recordkeeping requirements have
been submitted to OMB for review.
Executive Order 13132, ‘‘Federalism’’
It has been certified that this rule does
not have federalism implications, as set
forth in Executive Order 13132. This
rule does not have substantial direct
effects on:
(1) The States;
E:\FR\FM\23JAP1.SGM
23JAP1
2820
Federal Register / Vol. 72, No. 14 / Tuesday, January 23, 2007 / Proposed Rules
(2) The relationship between the
National Government and the States; or
(3) The distribution of power and
responsibilities among the various
levels of Government.
List of Subjects in 32 CFR Part 311
Privacy.
Accordingly, 32 CFR part 311 is
proposed to be revised to read as
follows:
PART 311—OFFICE OF THE
SECRETARY OF DEFENSE PRIVACY
PROGRAM
Sec.
311.1
311.2
311.3
311.4
311.5
311.6
311.7
Purpose.
Applicability.
Definitions.
Policy.
Responsibilities.
Procedures.
Information requirements.
Authority: Pub. L. 93–579, 88 Stat. 1986 (5
U.S.C. 552a).
§ 311.1
Purpose.
This part updates and implement the
policies and procedures outlined in 5
U.S.C. 552a, Office of Management and
Budget (OMB) Circular No. A–130, DoD
Directive 5400.11,1 and DoD 5400.11–
R.2 This part provides guidance and
procedures for implementing the
Privacy Program in the Office of the
Secretary of Defense (OSD) and
organizations receiving administrative
support from the Washington
Headquarters Services (WHS), according
to DoD Directive 5110.4.3
§ 311.2
Applicability.
This part:
(a) Applies to the OSD, the Chairman
of the Joint Chiefs of Staff, and other
activities receiving administrative
support from the WHS (hereafter
referred to collectively as the ‘‘OSD
Components’’).
(b) Covers systems of records
maintained by the OSD Components
and governs the maintenance, access,
change, and release of information
contained in those systems of records,
from which information about an
individual is retrieved by a personal
identifier.
§ 311.3
Definitions.
jlentini on PROD1PC65 with PROPOSAL
Access. Any individual’s review of a
record or a copy of a record or parts of
a system of records.
Disclosure. The transfer of any
personal information from a system of
1 Copies may be obtained at https://www.dtic.mil/
whs/directives/.
2 Copies may be obtained at https://www.dtic.mil/
whs/directives/.
3 Copies may be obtained at https://www.dtic.mil/
whs/directives/.
VerDate Aug<31>2005
16:24 Jan 22, 2007
Jkt 211001
records by any means of oral, written,
electronic, mechanical, or other
communication, to any person, private
entity, or Government Agency, other
than the subject of the record, the
subject’s designated agent, or the
subject’s guardian.
Individual. A living citizen of the
United States or an alien lawfully
admitted to the United States for
permanent residence. The legal
guardian of an individual has the same
rights as the individual and may act on
his or her behalf.
Individual access. Access to personal
information pertaining to the
individual, by the individual, his or her
designated agent, or legal guardian.
Maintain. For the purpose of this part,
includes maintenance, collection, use,
or dissemination.
Matching program. A program that
matches the personal records in
computerized databases of two or more
Federal Agencies using a computer.
Personal information. Information
about an individual that is intimate or
private, as distinguished from
information related solely to the
individual’s official functions or public
life.
Records. Any item, collection, or
grouping of information, whatever the
storage media (e.g., paper or electronic),
about an individual that is maintained
by an OSD Component, including, but
not limited to, his or her education,
financial transactions, medical history,
criminal or employment history, and
that contains his or her name, or the
identifying number, symbol, or other
identifying particular assigned to the
individual, such as a finger or voice
print or photograph.
System manager. An OSD Component
official who is responsible for the
operation and management of a system
of records.
System of records. A group of records
under the control of an OSD Component
from which personal information is
retrieved by the individual’s name or by
some identifying number, symbol, or
other identifying particular assigned to
an individual.
§ 311.4
Policy.
(a) According to DoD 5400.11–R,4 it is
DoD policy to safeguard personal
information contained in any system of
records maintained by any DoD
Component and to permit any
individual to know what existing
records pertain to him or her.
(b) Each office maintaining records
and information about individuals shall
4 Copies may be obtained at https://www.dtic.mil/
whs/directives/.
PO 00000
Frm 00026
Fmt 4702
Sfmt 4702
ensure that this data is protected from
unauthorized disclosure. These offices
shall permit individuals to have access
to and have a copy made of all or any
portion of records about them, except as
provided in Chapters 3 and 5 of DoD
5400.11–R. The individuals will also
have an opportunity to request that such
records be amended as provided by 5
U.S.C. 552a and Chapter 3 of DoD
5400.11–R. Individuals requesting
access to their records shall receive
concurrent consideration under 5 U.S.C.
552 and 552a, if appropriate.
(c) The Heads of the OSD Components
shall maintain any necessary record of
a personal nature that is individually
identifiable in a manner that complies
with the law and DoD policy. Any
information collected must be as
accurate, relevant, timely, and complete
as is reasonable to ensure fairness to the
individual. Adequate safeguards must
be provided to prevent misuse or
unauthorized release of such
information.
§ 311.5
Responsibilities.
(a) The Director, WHS, shall:
(1) Direct and administer the DoD
Privacy Program for the OSD
Components.
(2) Establish standards and
procedures to ensure implementation of
and compliance with 5 U.S.C. 552a,
OMB Circular No. A–130, DoD Directive
5400.11 and DoD 5400.11–R.
(3) Ensure the Records and
Declassification Division, Executive
Services Directorate (ESD), WHS,
implements all aspects of 5 U.S.C. 552a,
except that portion about receiving and
acting on public requests for personal
records. As such, the Records and
Declassification Division shall:
(i) Exercise oversight and
administrative control of the Privacy
Act Program for the OSD Components.
(ii) Provide guidance and training to
the OSD Components as required by 5
U.S.C. 552a and OMB Circular A–130.
Periodic training will be provided to
public affairs officers and others who
may be expected to deal with the news
media or the public.
(iii) Collect and consolidate data from
the OSD Components and submit
reports to the Defense Privacy Office
(DPO), as required by 5 U.S.C. 522a;
OMB Circular A–130, DoD Directive
5400.11, DoD 5400.1–R, and the DPO.
(iv) Coordinate and consolidate
information for reporting all record
systems, as well as changes to approved
systems, to the OMB, the Congress, and
the Federal Register, as required by 5
U.S.C. 552a, OMB Circular A–130, and
DoD 5400.1–R.
E:\FR\FM\23JAP1.SGM
23JAP1
jlentini on PROD1PC65 with PROPOSAL
Federal Register / Vol. 72, No. 14 / Tuesday, January 23, 2007 / Proposed Rules
(v) Serve as the appellate authority for
OSD Components when a requester
appeals a denial for access to records
under 5 U.S.C. 552a.
(vi) Serve as the appellate authority
for OSD Components when a requester
appeals a denial for amendment of a
record or initiates legal action to correct
a record.
(vii) Evaluate and decide, in
coordination with the DPO, appeals
resulting from denials of access or
amendments to records by the OSD
Components.
(4) Ensure the Freedom of Information
Division, ESD, WHS, complies with all
aspects of 5 U.S.C. 552a including that
portion about receiving and acting on
public requests for personal records. As
such, the Freedom of Information
Division shall:
(i) Forward requests for information
or access to records to the appropriate
OSD Component having primary
responsibility for any pertinent system
of records under 5 U.S.C. 552a or to the
OSD Components under 5 U.S.C. 552.
(ii) Maintain deadlines to ensure
responses are made within the time
limits prescribed in 5 U.S.C. 552, DoD
Instruction 5400.10 5 and this part.
(iii) Collect fees charged and assessed
for reproducing requested materials.
(iv) Refer all matters about
amendments of records and general and
specific exemptions under 5 U.S.C. 552a
to the proper OSD Components.
(5) Coordinate with the DoD General
Counsel, or the WHS General Counsel
when appropriate, on OSD Components’
denials of appeals for amending records,
and review actions to confirm denial of
access to records, as appropriate.
(b) The DoD General Council shall
provide advice and assistance to the:
(1) Chief, Records and
Declassification Division, in the
discharge of appellate and review
responsibilities.
(2) Chief, Freedom of Information
Division, on all access matters.
(3) OSD Component on legal matters
pertaining to 5 U.S.C. 552a.
(c) The Heads of the OSD Components
shall:
(1) Designate an individual as the
point of contact for Privacy Act matters;
advise the Chief, Records and
Declassification Division, and the Chief,
Freedom of Information Division, of the
names of officials so designated.
(2) Report any new record system, or
changes to an existing system, to the
Chief, Records and Declassification
Division, at least 90 days before the
intended use of the system.
5 Copies
may be obtained at https://www.dtic.mil/
whs/directives/.
VerDate Aug<31>2005
16:24 Jan 22, 2007
Jkt 211001
(3) Review all contracts pertaining to
the maintenance of records systems, by
or on behalf of the OSD Component, to
ensure within his or her authority that
language is included that provides such
systems shall be maintained consistent
with 5 U.S.C. 552a.
(4) Revise procurement guidance to
ensure contracts providing for the
maintenance of a records system, by or
on behalf of the OSD Component,
includes language that such system
shall be maintained in accordance with
5 U.S.C. 552a.
(5) Ensure computer and
telecommunications equipment or
service procurements comply with 5
U.S.C. 552.
(6) Coordinate with the Chief,
Information Officer, for the OSD
Component to ensure a risk analysis is
conducted in compliance with DoD
5400.11–R.
(7) Coordinate with the OSD Chief,
Information Officer, to ensure a Privacy
Impact Assessment is conducted in
compliance with DoD CIO
memorandum dated October 28, 2005 6
and DoD’s implementing guidance.
(8) Ensure all DoD issuances prepared
by the OSD Component that require
forms or other methods to collect
information about individuals are in
compliance with 5 U.S.C. 552a.
(9) Establish internal administrative
procedures to comply with the
procedures listed in this part and DoD
5400.11–R.
(10) Coordinate with legal counsel on
all proposed denials of access to
records.
(11) Provide justification to the
Freedom of Information Division when
access to a record is denied in whole or
in part.
(12) Provide the record of an initial
denial or access to a record that is
appealed to the Freedom of Information
Division at the time of initial denial.
(13) Maintain an accurate accounting
of the actions resulting in a denial for
access to a record or for the correction
of a record. This accounting should be
maintained so it can be readily certified
as the complete record of proceedings if
litigation occurs in accordance with
DoD 5400.11–R.
(14) Ensure all personnel who either
have access to a system of records, or
who are engaged in developing or
overseeing the procedures for handling
records in a system, are aware of their
responsibilities for protecting personal
information according to 5 U.S.C. 552a
and DoD 5400.11–R.
6 Copies may be obtained from https://
www.dod.mil/privacy/
DoD_PIA_Guidance_Oct_28_2005.pdf.
PO 00000
Frm 00027
Fmt 4702
Sfmt 4702
2821
(15) Forward all requests for access to
records received directly from an
individual to the Freedom of
Information Division for appropriate
suspense control and recording.
(16) Provide the Freedom of
Information Division with a copy of the
requested record when the request is
granted.
(d) The requester shall:
(1) Submit a request for access to
records pertaining to oneself in writing
or in person to the OSD Component’s
custodian of the records. If the requester
is not satisfied with the response, he or
she may file another request in writing
as provided in paragraph 311.1(b)(2).
The requester must provide personal
identification to verify identity
according to Chapter 3 of DoD 5400.11–
R and provide a signed notarized
statement or a sworn declaration in the
format specified by DoD 5400.7–R.7
(2) Describe the record sought and
provide sufficient information to enable
the material to be located (e.g.,
identification of system of records,
approximate date it was initiated,
originating organization, and type of
document).
(3) Comply with the procedures
provided in DoD 5400.11–R for
inspecting and/or obtaining copies of
requested records.
(4) Submit a written request to amend
a record to the office designated in the
system of records notice.
§ 311.6
Procedures.
(a) Publication of notice in the
Federal Register. (1) A notice shall be
published in the Federal Register of any
record system meeting the definition of
a system of records in DoD 5400.11–R.
(2) OSD Components shall provide
the Chief, Records and Declassification
Division, with 90 days advance notice of
any anticipated new or revised system
of records. This information shall be
submitted to the OMB and Congress at
least 60 days before use and published
in the Federal Register at least 30 days
before being put into use according to
the procedures in DoD 5400.11–R. This
provides the public with an opportunity
to submit written data, views, or
arguments to the OSD Components for
consideration before a system of records
is established or modified.
(b) Access to systems of records
information. (1) As provided by 5 U.S.C.
552a, records shall be disclosed only to
the individual they pertain to and under
whose individual name or identifier
they are filed, unless exempted by the
provisions in DoD 5400.11–R. If an
7 Copies may be obtained at https://www.dtic.mil/
whs/directives/.
E:\FR\FM\23JAP1.SGM
23JAP1
jlentini on PROD1PC65 with PROPOSAL
2822
Federal Register / Vol. 72, No. 14 / Tuesday, January 23, 2007 / Proposed Rules
individual is accompanied by a third
party, the individual shall be required to
furnish a signed access authorization
which grants the third party access
according to Chapter 3 of DoD 5400.11–
R.
(2) Individuals may request access to
their records, in person or by mail, in
accordance with the following
procedures:
(i) In person. Submit a request for an
appointment in writing to WHS, ESD,
Freedom of Information Division, 1155
Defense Pentagon, Washington, DC
20301–1155. The individual shall
provide personal identification to the
Freedom of Information Division to
verify the individual’s identity
according to Chapter 3 of DoD 5400.11–
R and provide a signed notarized
statement or a sworn declaration in the
format specified by DoD 5400.7–R.
(ii) By mail. Address requests to WHS,
ESD, Freedom of Information Division,
1155 Defense Pentagon, Washington, DC
20301–1155. To verify the identity of
the individual, the request shall include
either a signed notarized statement or a
sworn declaration in the format
specified by DoD 5400.7–R.
(3) There is no requirement that an
individual be given access to records
that are not in a group of records that
meet the definition of a system of
records in 5 U.S.C. 552a.
(4) Granting access to a record
containing personal information shall
not be conditional upon any
requirement that the individual state a
reason or otherwise justify the need to
gain access.
(5) No verification of identity shall be
required of an individual seeking access
to records that are otherwise available to
the public.
(6) Individuals shall not be denied
access to a record in a system of records
about themselves because those records
are exempted from disclosure under 5
U.S.C. 552. Individuals may only be
denied access to a record in a system of
records about themselves when those
records are exempted from the access
provisions of Chapter 5 of DoD 5400.11–
R.
(7) Individuals shall not be denied
access to their records for refusing to
disclose their Social Security Number
(SSN), unless disclosure of the SSN is
required by statute, by regulation
adopted before January 1, 1975, or if the
record’s filing identifier and only means
of retrieval is by SSN.
(c) Access to records or information
compiled for law enforcement purposes.
(1) Requests are processed under DoD
Directive 5400.11 and 5 U.S.C. 552 to
give requesters a greater degree of access
to records on themselves.
VerDate Aug<31>2005
16:24 Jan 22, 2007
Jkt 211001
(2) Records in the custody of law
enforcement activities that have been
incorporated into a system of records or
exempted from the access conditions of
DoD Directive 5400.11 will be processed
in accordance with 5 U.S.C. 552.
Individuals shall not be denied access to
records solely because they are in the
exempt system. They will have the same
access that they would receive under 5
U.S.C. 552. (Also see section A.10.,
Chapter 3, DoD 5400.11–R)
(3) Records exempted from access
conditions will be processed in
accordance with DoD Directive 5400.11
or 5 U.S.C. 552, depending upon which
regulation gives the greater degree of
access. (See also section A.10.1.,
Chapter 3, DoD 5400.11–R)
(4) Records exempted from access
under Section B, Chapter 5 of DoD
5400.11–R, that are temporarily in the
custody of a non-law enforcement
element for adjudicative or personnel
actions, shall be referred to the
originating agency.
(d) Access to illegible, incomplete, or
partially exempt records. (1) An
individual shall not be denied access to
a record or a copy of a record solely
because the physical condition or
format of the record does not make it
readily available (e.g., deteriorated state
or on magnetic tape). The document
will be prepared as an extract, or it will
be recopied exactly as is.
(2) If a portion of the record contains
information that is exempt from access,
an extract or summary containing all
releasable information in the record
shall be prepared.
(3) When the physical condition of
the record makes it necessary to prepare
an extract for release, the extract shall
be prepared so that the requester will
understand it.
(4) The requester shall be informed of
all deletions or changes to records.
(e) Access to medical records. (1)
Medical records shall be disclosed to
the individual and may be transmitted
to a medical doctor named by the
individual concerned.
(2) The individual may be charged
reproduction fees for copies or records
according to DoD 5400.11–R.
(f) Amending and disputing personal
information in systems of records. (1)
The Head of an OSD Component, or a
designated official, shall allow
individuals to request amendment to
their records to the extent that such
records are not accurate, relevant,
timely, or complete. Requests should be
as brief and as simple as possible and
should contain adequate identifying
information to locate the record, a
description of the items to be amended,
and the reason for the change. A request
PO 00000
Frm 00028
Fmt 4702
Sfmt 4702
shall not be rejected nor required to be
resubmitted unless additional
information is essential to process the
request. Requesters shall be required to
provide verification of their identity as
stated in paragraph (b)(2) of this section
to ensure they are seeking to amend
records about themselves.
(2) The appropriate system of records
system manager shall mail a written
acknowledgment of an individual’s
request to amend a record within 10
workdays after receipt. Such
acknowledgment shall identify the
request and may, if necessary, request
any additional information needed to
make a determination. No
acknowledgment is necessary if the
request can be reviewed and processed,
and the individual can be notified of
compliance or denial, within the 10-day
period. Whenever practical, the decision
shall be made within 30 working days.
For requests presented in person,
written acknowledgment may be
provided at the time the request is
presented.
(3) Amending personal information.
The Head of an OSD Component, or
designated official, shall promptly take
one of the following actions on requests
to amend records:
(i) If they agree with any portion or all
of an individual’s request, amend the
records in accordance with existing
statutes, regulations, or internal
administrative procedures, and inform
the requester of the action taken. The
OSD Component shall also notify all
previous holders of the record that the
amendment has been made and shall
explain the substance of the correction,
except for disclosures of the records to
officers or DoD employees, or made as
required by the Freedom of Information
Act, the OSD shall also notify all to
whom the record was disclosed that the
amendment has been made and shall
explain the substance of the correction.
(ii) Notify the requester of the
disapproval to amend a record and the
reason for the disapproval. Notify the
requester of the procedure to submit an
appeal as described in paragraph (f)(5)
of this section. if he or she disagrees
with all or any portion of a request.
(iii) Refer requests to the appropriate
Federal Agency. Advise the requester of
this referral if the request for an
amendment pertains to a record
controlled and maintained by another
Agency.
(4) Disputing personal information.
The Head of an OSD Component or
designated official shall:
(i) Determine whether the requester
has adequately supported his or her
claim that the record is inaccurate,
irrelevant, untimely, or incomplete.
E:\FR\FM\23JAP1.SGM
23JAP1
jlentini on PROD1PC65 with PROPOSAL
Federal Register / Vol. 72, No. 14 / Tuesday, January 23, 2007 / Proposed Rules
(ii) Limit the review of a record to
those items of information that clearly
bear on any determination to amend the
records and ensure that those elements
are reviewed before a determination is
made.
(5) If an individual disagrees with the
initial OSD Component determination,
he or she may file an appeal. The
request should be sent to the Chief,
Records and Declassification Division,
WHS, 1155 Defense Pentagon,
Washington, DC 20301–1155.
(6) If, after review, the Records and
Declassification Division determines the
system of records should not be
amended as requested, the Records and
Declassification Division shall provide a
copy of any statement of disagreement
to the extent that disclosure accounting
is maintained in accordance with
Chapter 4 or DoD 5400.11–R. The
Records and Declassification Division
shall advise the individual:
(i) Of the reason and authority for the
denial.
(ii) Of his or her right to file a
statement of the reason for disagreeing
with the Records and Declassification
Division decision.
(iii) Of the procedures for filing a
statement of disagreements.
(iv) That the statement filed shall be
made available to anyone the record is
disclosed to, together with a brief
statement summarizing reasons for
refusing to amend the records.
(7) If the Records and Declassification
Division determines that the record
should be amended in accordance with
the individual’s request, the OSD
Component shall amend the record, and
advise the individual of the amendment,
in accordance with Chapter 4 of DoD
5400.11–R.
(8) All appeals should be processed
within 30 workdays after receipt. If the
Records and Declassification Division
determines that a fair and equitable
review cannot be made within that time,
the individual shall be informed in
writing of the reasons for the delay and
of the approximate date the review is
expected to be completed.
(g) Disclosure of disputed
information. (1) If the Records and
Declassification Division determines the
record should not be amended and the
individual has filed a statement of
disagreement under paragraph (f)(7) of
this section, the OSD Component shall
annotate the disputed record so it is
apparent under record disclosure that a
statement has been filed. Where
feasible, the notation itself shall be
integral to the record. Where disclosure
accounting has been made, the OSD
Component shall advise previous
recipients that the record has been
VerDate Aug<31>2005
16:24 Jan 22, 2007
Jkt 211001
disputed and shall provide a copy of the
individual’s statement of disagreement
in accordance with Chapter 4 of DoD
5400.11–R.
(i) This statement shall be maintained
to permit ready retrieval whenever the
disputed portion of the record is
disclosed.
(ii) When information that is the
subject of a statement of disagreement is
subsequently disclosed, the OSD
Component’s designated official shall
note which information is disputed and
provide a copy of the individual’s
statement.
(2) The OSD Component shall include
a brief summary of its reasons for not
making a correction when disclosing
disputed information. Such statements
shall normally be limited to the reasons
given to the individual for not amending
the record.
(3) Copies of the OSD Component’s
summary will be treated as part of the
individual’s record; however, it will not
be subject to the amendment procedure
outlined in paragraph (c)(3) of this
section.
(h) Penalties. (1) Civil action. An
individual may file a civil suit against
the OSD Component or its employees if
the individual feels certain provisions
or the Privacy Act have been violated as
stated in 5 U.S.C. 552a.
(2) Criminal action. (i) Criminal
penalties may be imposed against an
OSD officer or employee for offenses
listed in Section (i) of 5 U.S.C. 552a, as
follows:
(A) Willful unauthorized disclosure of
protected information in the records.
(B) Failure to publish a notice of the
existence of a record system in the
Federal Register.
(C) Requesting or gaining access to the
individual’s record under false
pretenses.
(ii) An OSD officer or employee may
be fined up to $5,000 for a violation as
outlined in paragraph (h)(2)(i) of this
section.
(i) Litigation status sheet. Whenever a
complaint citing 5 U.S.C. 552a is filed
in a U.S. District Court against the
Department of Defense, an OSD
Component, or any OSD employee, the
responsible system manager shall
promptly notify the DPO. The litigation
status sheet in DoD 5400.11–R provides
a standard format for this notification.
(The initial litigation status sheet shall,
as a minimum, provide the information
required by items 1, through 6. of DoD
5400.11–R) A revised litigation status
sheet shall be provided at each stage of
the litigation. When a court renders a
formal opinion or judgment, copies of
the judgment or opinion shall be
provided to the DPO with the litigation
PO 00000
Frm 00029
Fmt 4702
Sfmt 4702
2823
status sheet reporting that judgment or
opinion.
(j) Computer matching programs.
Chapter 11, paragraph B of DoD
5400.11–R, prescribes that all requests
for participation in a matching program
(either as a matching agency or a source
agency) be submitted to the DPO for
review and compliance. The OSD
Components shall submit these requests
through the Records and
Declassification Division.
§ 311.7
Information requirements.
The DPO shall establish requirements
and deadlines for DoD privacy reports.
These reports shall be licensed in
accordance with DoD Directive 8910.1.8
Dated: January 16, 2007.
L.M. Bynum,
Alternate OSD Federal Register Liaison
Officer, DoD.
[FR Doc. E7–800 Filed 1–22–07; 8:45 am]
BILLING CODE 5001–06–P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 52
[EPA–R05–OAR–2005–OH–0005; FRL–
8272–9]
Approval and Promulgation of
Implementation Plans; Ohio Particulate
Matter
Environmental Protection
Agency (EPA).
ACTION: Proposed rule.
AGENCY:
SUMMARY: EPA is re-proposing approval
of Ohio rules concerning equivalent
visible emission limits (EVELs). Ohio’s
rules provide criteria for establishment
of EVELs, and the rules provide that
EVELs established according to these
criteria take effect without formal
review by EPA. EPA proposed to
approve these rules on December 2,
2002, at 67 FR 71515. However, that
proposal did not clearly solicit comment
on the timing by which actions on
EVELs by the State take effect. EPA is
proposing that previous State
modifications to EVELs would become
effective at the federal level
immediately upon the effective date of
any final EPA action approving these
Ohio rules. Similarly, any future action
by the State to establish, modify, or
rescind EVELs in accordance with the
criteria given in these Ohio rules would
become effective at the federal level
immediately upon the effective date of
the State action.
8 Copies may be obtained at https://www.dtic.mil/
whs/directives/
E:\FR\FM\23JAP1.SGM
23JAP1
]]>Agencies
[Federal Register Volume 72, Number 14 (Tuesday, January 23, 2007)]
[Proposed Rules]
[Pages 2819-2823]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-800]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[DoD-2006-OS-0033; 0790-AI10]
32 CFR Part 311
Office of the Secretary Privacy Program
AGENCY: Department of Defense.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This rule proposed updates and implements policies and
procedures for the Privacy Act Program in the Office of the Secretary
of Defense and organizations provided administrative support by the
Washington Headquarters Services.
DATES: Comments must be received by March 26, 2007.
ADDRESSES: You may submit comments, identified by docket number and or
RIN number and title, by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Federal Docket Management System Office, 1160
Defense Pentagon, Washington, DC 20301-1160.
Instructions: All submissions received must include the agency name
and docket number or Regulatory Information Number (RIN) for this
Federal Register document. The general policy for comments and other
submissions from members of the public is to make these submissions
available for public viewing on the Internet at https://regulations.gov
as they are received without change, including any personal identifiers
or contact information.
FOR FURTHER INFORMATION CONTACT: Ms. J. Irvin, 703-696-4940.
SUPPLEMENTARY INFORMATION:
Executive Order 12866, ``Regulatory Planning and Review''
It has been determined that 32 CFR part 311 is not a significant
regulatory action. The rule does not:
(1) Have an annual effect on the economy of $100 million or more or
adversely affect in a material way the economy; a section of the
economy; productivity; competition; jobs; the environment; public
health or safety; or State, local, or tribal governments or
communities;
(2) Create a serious inconsistency or otherwise interfere with an
action taken or planned by another Agency;
(3) Materially alter the budgetary impact of entitlements, grants,
user fees, or loan programs, or the rights and obligations of
recipients thereof; or
(4) Raise novel legal or policy issues arising out of legal
mandates, the President's priorities, or the principles set forth in
this Executive Order.
Unfunded Mandates Reform Act (Sec. 202, Pub. L. 104-4)
It has been certified that this rule does not contain a Federal
mandate that may result in the expenditure by State, local and tribal
governments, in aggregate, or by the private sector, of $100 million or
more in any one year.
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)
It has been certified that this rule is not subject to the
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if
promulgated, have a significant economic impact on a substantial number
of small entities. Certification is required.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
It has been certified that this rule does impose reporting or
recordkeeping requirements under the Paperwork Reduction Act of 1995.
The reporting and recordkeeping requirements have been submitted to OMB
for review.
Executive Order 13132, ``Federalism''
It has been certified that this rule does not have federalism
implications, as set forth in Executive Order 13132. This rule does not
have substantial direct effects on:
(1) The States;
[[Page 2820]]
(2) The relationship between the National Government and the
States; or
(3) The distribution of power and responsibilities among the
various levels of Government.
List of Subjects in 32 CFR Part 311
Privacy.
Accordingly, 32 CFR part 311 is proposed to be revised to read as
follows:
PART 311--OFFICE OF THE SECRETARY OF DEFENSE PRIVACY PROGRAM
Sec.
311.1 Purpose.
311.2 Applicability.
311.3 Definitions.
311.4 Policy.
311.5 Responsibilities.
311.6 Procedures.
311.7 Information requirements.
Authority: Pub. L. 93-579, 88 Stat. 1986 (5 U.S.C. 552a).
Sec. 311.1 Purpose.
This part updates and implement the policies and procedures
outlined in 5 U.S.C. 552a, Office of Management and Budget (OMB)
Circular No. A-130, DoD Directive 5400.11,\1\ and DoD 5400.11-R.\2\
This part provides guidance and procedures for implementing the Privacy
Program in the Office of the Secretary of Defense (OSD) and
organizations receiving administrative support from the Washington
Headquarters Services (WHS), according to DoD Directive 5110.4.\3\
---------------------------------------------------------------------------
\1\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
\2\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
\3\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
---------------------------------------------------------------------------
Sec. 311.2 Applicability.
This part:
(a) Applies to the OSD, the Chairman of the Joint Chiefs of Staff,
and other activities receiving administrative support from the WHS
(hereafter referred to collectively as the ``OSD Components'').
(b) Covers systems of records maintained by the OSD Components and
governs the maintenance, access, change, and release of information
contained in those systems of records, from which information about an
individual is retrieved by a personal identifier.
Sec. 311.3 Definitions.
Access. Any individual's review of a record or a copy of a record
or parts of a system of records.
Disclosure. The transfer of any personal information from a system
of records by any means of oral, written, electronic, mechanical, or
other communication, to any person, private entity, or Government
Agency, other than the subject of the record, the subject's designated
agent, or the subject's guardian.
Individual. A living citizen of the United States or an alien
lawfully admitted to the United States for permanent residence. The
legal guardian of an individual has the same rights as the individual
and may act on his or her behalf.
Individual access. Access to personal information pertaining to the
individual, by the individual, his or her designated agent, or legal
guardian.
Maintain. For the purpose of this part, includes maintenance,
collection, use, or dissemination.
Matching program. A program that matches the personal records in
computerized databases of two or more Federal Agencies using a
computer.
Personal information. Information about an individual that is
intimate or private, as distinguished from information related solely
to the individual's official functions or public life.
Records. Any item, collection, or grouping of information, whatever
the storage media (e.g., paper or electronic), about an individual that
is maintained by an OSD Component, including, but not limited to, his
or her education, financial transactions, medical history, criminal or
employment history, and that contains his or her name, or the
identifying number, symbol, or other identifying particular assigned to
the individual, such as a finger or voice print or photograph.
System manager. An OSD Component official who is responsible for
the operation and management of a system of records.
System of records. A group of records under the control of an OSD
Component from which personal information is retrieved by the
individual's name or by some identifying number, symbol, or other
identifying particular assigned to an individual.
Sec. 311.4 Policy.
(a) According to DoD 5400.11-R,\4\ it is DoD policy to safeguard
personal information contained in any system of records maintained by
any DoD Component and to permit any individual to know what existing
records pertain to him or her.
---------------------------------------------------------------------------
\4\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
---------------------------------------------------------------------------
(b) Each office maintaining records and information about
individuals shall ensure that this data is protected from unauthorized
disclosure. These offices shall permit individuals to have access to
and have a copy made of all or any portion of records about them,
except as provided in Chapters 3 and 5 of DoD 5400.11-R. The
individuals will also have an opportunity to request that such records
be amended as provided by 5 U.S.C. 552a and Chapter 3 of DoD 5400.11-R.
Individuals requesting access to their records shall receive concurrent
consideration under 5 U.S.C. 552 and 552a, if appropriate.
(c) The Heads of the OSD Components shall maintain any necessary
record of a personal nature that is individually identifiable in a
manner that complies with the law and DoD policy. Any information
collected must be as accurate, relevant, timely, and complete as is
reasonable to ensure fairness to the individual. Adequate safeguards
must be provided to prevent misuse or unauthorized release of such
information.
Sec. 311.5 Responsibilities.
(a) The Director, WHS, shall:
(1) Direct and administer the DoD Privacy Program for the OSD
Components.
(2) Establish standards and procedures to ensure implementation of
and compliance with 5 U.S.C. 552a, OMB Circular No. A-130, DoD
Directive 5400.11 and DoD 5400.11-R.
(3) Ensure the Records and Declassification Division, Executive
Services Directorate (ESD), WHS, implements all aspects of 5 U.S.C.
552a, except that portion about receiving and acting on public requests
for personal records. As such, the Records and Declassification
Division shall:
(i) Exercise oversight and administrative control of the Privacy
Act Program for the OSD Components.
(ii) Provide guidance and training to the OSD Components as
required by 5 U.S.C. 552a and OMB Circular A-130. Periodic training
will be provided to public affairs officers and others who may be
expected to deal with the news media or the public.
(iii) Collect and consolidate data from the OSD Components and
submit reports to the Defense Privacy Office (DPO), as required by 5
U.S.C. 522a; OMB Circular A-130, DoD Directive 5400.11, DoD 5400.1-R,
and the DPO.
(iv) Coordinate and consolidate information for reporting all
record systems, as well as changes to approved systems, to the OMB, the
Congress, and the Federal Register, as required by 5 U.S.C. 552a, OMB
Circular A-130, and DoD 5400.1-R.
[[Page 2821]]
(v) Serve as the appellate authority for OSD Components when a
requester appeals a denial for access to records under 5 U.S.C. 552a.
(vi) Serve as the appellate authority for OSD Components when a
requester appeals a denial for amendment of a record or initiates legal
action to correct a record.
(vii) Evaluate and decide, in coordination with the DPO, appeals
resulting from denials of access or amendments to records by the OSD
Components.
(4) Ensure the Freedom of Information Division, ESD, WHS, complies
with all aspects of 5 U.S.C. 552a including that portion about
receiving and acting on public requests for personal records. As such,
the Freedom of Information Division shall:
(i) Forward requests for information or access to records to the
appropriate OSD Component having primary responsibility for any
pertinent system of records under 5 U.S.C. 552a or to the OSD
Components under 5 U.S.C. 552.
(ii) Maintain deadlines to ensure responses are made within the
time limits prescribed in 5 U.S.C. 552, DoD Instruction 5400.10 \5\ and
this part.
---------------------------------------------------------------------------
\5\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
---------------------------------------------------------------------------
(iii) Collect fees charged and assessed for reproducing requested
materials.
(iv) Refer all matters about amendments of records and general and
specific exemptions under 5 U.S.C. 552a to the proper OSD Components.
(5) Coordinate with the DoD General Counsel, or the WHS General
Counsel when appropriate, on OSD Components' denials of appeals for
amending records, and review actions to confirm denial of access to
records, as appropriate.
(b) The DoD General Council shall provide advice and assistance to
the:
(1) Chief, Records and Declassification Division, in the discharge
of appellate and review responsibilities.
(2) Chief, Freedom of Information Division, on all access matters.
(3) OSD Component on legal matters pertaining to 5 U.S.C. 552a.
(c) The Heads of the OSD Components shall:
(1) Designate an individual as the point of contact for Privacy Act
matters; advise the Chief, Records and Declassification Division, and
the Chief, Freedom of Information Division, of the names of officials
so designated.
(2) Report any new record system, or changes to an existing system,
to the Chief, Records and Declassification Division, at least 90 days
before the intended use of the system.
(3) Review all contracts pertaining to the maintenance of records
systems, by or on behalf of the OSD Component, to ensure within his or
her authority that language is included that provides such systems
shall be maintained consistent with 5 U.S.C. 552a.
(4) Revise procurement guidance to ensure contracts providing for
the maintenance of a records system, by or on behalf of the OSD
Component, includes language that such system shall be maintained in
accordance with 5 U.S.C. 552a.
(5) Ensure computer and telecommunications equipment or service
procurements comply with 5 U.S.C. 552.
(6) Coordinate with the Chief, Information Officer, for the OSD
Component to ensure a risk analysis is conducted in compliance with DoD
5400.11-R.
(7) Coordinate with the OSD Chief, Information Officer, to ensure a
Privacy Impact Assessment is conducted in compliance with DoD CIO
memorandum dated October 28, 2005 \6\ and DoD's implementing guidance.
---------------------------------------------------------------------------
\6\ Copies may be obtained from https://www.dod.mil/privacy/DoD_
PIA_Guidance_Oct_28_2005.pdf.
---------------------------------------------------------------------------
(8) Ensure all DoD issuances prepared by the OSD Component that
require forms or other methods to collect information about individuals
are in compliance with 5 U.S.C. 552a.
(9) Establish internal administrative procedures to comply with the
procedures listed in this part and DoD 5400.11-R.
(10) Coordinate with legal counsel on all proposed denials of
access to records.
(11) Provide justification to the Freedom of Information Division
when access to a record is denied in whole or in part.
(12) Provide the record of an initial denial or access to a record
that is appealed to the Freedom of Information Division at the time of
initial denial.
(13) Maintain an accurate accounting of the actions resulting in a
denial for access to a record or for the correction of a record. This
accounting should be maintained so it can be readily certified as the
complete record of proceedings if litigation occurs in accordance with
DoD 5400.11-R.
(14) Ensure all personnel who either have access to a system of
records, or who are engaged in developing or overseeing the procedures
for handling records in a system, are aware of their responsibilities
for protecting personal information according to 5 U.S.C. 552a and DoD
5400.11-R.
(15) Forward all requests for access to records received directly
from an individual to the Freedom of Information Division for
appropriate suspense control and recording.
(16) Provide the Freedom of Information Division with a copy of the
requested record when the request is granted.
(d) The requester shall:
(1) Submit a request for access to records pertaining to oneself in
writing or in person to the OSD Component's custodian of the records.
If the requester is not satisfied with the response, he or she may file
another request in writing as provided in paragraph 311.1(b)(2). The
requester must provide personal identification to verify identity
according to Chapter 3 of DoD 5400.11-R and provide a signed notarized
statement or a sworn declaration in the format specified by DoD 5400.7-
R.\7\
---------------------------------------------------------------------------
\7\ Copies may be obtained at https://www.dtic.mil/whs/
directives/.
---------------------------------------------------------------------------
(2) Describe the record sought and provide sufficient information
to enable the material to be located (e.g., identification of system of
records, approximate date it was initiated, originating organization,
and type of document).
(3) Comply with the procedures provided in DoD 5400.11-R for
inspecting and/or obtaining copies of requested records.
(4) Submit a written request to amend a record to the office
designated in the system of records notice.
Sec. 311.6 Procedures.
(a) Publication of notice in the Federal Register. (1) A notice
shall be published in the Federal Register of any record system meeting
the definition of a system of records in DoD 5400.11-R.
(2) OSD Components shall provide the Chief, Records and
Declassification Division, with 90 days advance notice of any
anticipated new or revised system of records. This information shall be
submitted to the OMB and Congress at least 60 days before use and
published in the Federal Register at least 30 days before being put
into use according to the procedures in DoD 5400.11-R. This provides
the public with an opportunity to submit written data, views, or
arguments to the OSD Components for consideration before a system of
records is established or modified.
(b) Access to systems of records information. (1) As provided by 5
U.S.C. 552a, records shall be disclosed only to the individual they
pertain to and under whose individual name or identifier they are
filed, unless exempted by the provisions in DoD 5400.11-R. If an
[[Page 2822]]
individual is accompanied by a third party, the individual shall be
required to furnish a signed access authorization which grants the
third party access according to Chapter 3 of DoD 5400.11-R.
(2) Individuals may request access to their records, in person or
by mail, in accordance with the following procedures:
(i) In person. Submit a request for an appointment in writing to
WHS, ESD, Freedom of Information Division, 1155 Defense Pentagon,
Washington, DC 20301-1155. The individual shall provide personal
identification to the Freedom of Information Division to verify the
individual's identity according to Chapter 3 of DoD 5400.11-R and
provide a signed notarized statement or a sworn declaration in the
format specified by DoD 5400.7-R.
(ii) By mail. Address requests to WHS, ESD, Freedom of Information
Division, 1155 Defense Pentagon, Washington, DC 20301-1155. To verify
the identity of the individual, the request shall include either a
signed notarized statement or a sworn declaration in the format
specified by DoD 5400.7-R.
(3) There is no requirement that an individual be given access to
records that are not in a group of records that meet the definition of
a system of records in 5 U.S.C. 552a.
(4) Granting access to a record containing personal information
shall not be conditional upon any requirement that the individual state
a reason or otherwise justify the need to gain access.
(5) No verification of identity shall be required of an individual
seeking access to records that are otherwise available to the public.
(6) Individuals shall not be denied access to a record in a system
of records about themselves because those records are exempted from
disclosure under 5 U.S.C. 552. Individuals may only be denied access to
a record in a system of records about themselves when those records are
exempted from the access provisions of Chapter 5 of DoD 5400.11-R.
(7) Individuals shall not be denied access to their records for
refusing to disclose their Social Security Number (SSN), unless
disclosure of the SSN is required by statute, by regulation adopted
before January 1, 1975, or if the record's filing identifier and only
means of retrieval is by SSN.
(c) Access to records or information compiled for law enforcement
purposes. (1) Requests are processed under DoD Directive 5400.11 and 5
U.S.C. 552 to give requesters a greater degree of access to records on
themselves.
(2) Records in the custody of law enforcement activities that have
been incorporated into a system of records or exempted from the access
conditions of DoD Directive 5400.11 will be processed in accordance
with 5 U.S.C. 552. Individuals shall not be denied access to records
solely because they are in the exempt system. They will have the same
access that they would receive under 5 U.S.C. 552. (Also see section
A.10., Chapter 3, DoD 5400.11-R)
(3) Records exempted from access conditions will be processed in
accordance with DoD Directive 5400.11 or 5 U.S.C. 552, depending upon
which regulation gives the greater degree of access. (See also section
A.10.1., Chapter 3, DoD 5400.11-R)
(4) Records exempted from access under Section B, Chapter 5 of DoD
5400.11-R, that are temporarily in the custody of a non-law enforcement
element for adjudicative or personnel actions, shall be referred to the
originating agency.
(d) Access to illegible, incomplete, or partially exempt records.
(1) An individual shall not be denied access to a record or a copy of a
record solely because the physical condition or format of the record
does not make it readily available (e.g., deteriorated state or on
magnetic tape). The document will be prepared as an extract, or it will
be recopied exactly as is.
(2) If a portion of the record contains information that is exempt
from access, an extract or summary containing all releasable
information in the record shall be prepared.
(3) When the physical condition of the record makes it necessary to
prepare an extract for release, the extract shall be prepared so that
the requester will understand it.
(4) The requester shall be informed of all deletions or changes to
records.
(e) Access to medical records. (1) Medical records shall be
disclosed to the individual and may be transmitted to a medical doctor
named by the individual concerned.
(2) The individual may be charged reproduction fees for copies or
records according to DoD 5400.11-R.
(f) Amending and disputing personal information in systems of
records. (1) The Head of an OSD Component, or a designated official,
shall allow individuals to request amendment to their records to the
extent that such records are not accurate, relevant, timely, or
complete. Requests should be as brief and as simple as possible and
should contain adequate identifying information to locate the record, a
description of the items to be amended, and the reason for the change.
A request shall not be rejected nor required to be resubmitted unless
additional information is essential to process the request. Requesters
shall be required to provide verification of their identity as stated
in paragraph (b)(2) of this section to ensure they are seeking to amend
records about themselves.
(2) The appropriate system of records system manager shall mail a
written acknowledgment of an individual's request to amend a record
within 10 workdays after receipt. Such acknowledgment shall identify
the request and may, if necessary, request any additional information
needed to make a determination. No acknowledgment is necessary if the
request can be reviewed and processed, and the individual can be
notified of compliance or denial, within the 10-day period. Whenever
practical, the decision shall be made within 30 working days. For
requests presented in person, written acknowledgment may be provided at
the time the request is presented.
(3) Amending personal information. The Head of an OSD Component, or
designated official, shall promptly take one of the following actions
on requests to amend records:
(i) If they agree with any portion or all of an individual's
request, amend the records in accordance with existing statutes,
regulations, or internal administrative procedures, and inform the
requester of the action taken. The OSD Component shall also notify all
previous holders of the record that the amendment has been made and
shall explain the substance of the correction, except for disclosures
of the records to officers or DoD employees, or made as required by the
Freedom of Information Act, the OSD shall also notify all to whom the
record was disclosed that the amendment has been made and shall explain
the substance of the correction.
(ii) Notify the requester of the disapproval to amend a record and
the reason for the disapproval. Notify the requester of the procedure
to submit an appeal as described in paragraph (f)(5) of this section.
if he or she disagrees with all or any portion of a request.
(iii) Refer requests to the appropriate Federal Agency. Advise the
requester of this referral if the request for an amendment pertains to
a record controlled and maintained by another Agency.
(4) Disputing personal information. The Head of an OSD Component or
designated official shall:
(i) Determine whether the requester has adequately supported his or
her claim that the record is inaccurate, irrelevant, untimely, or
incomplete.
[[Page 2823]]
(ii) Limit the review of a record to those items of information
that clearly bear on any determination to amend the records and ensure
that those elements are reviewed before a determination is made.
(5) If an individual disagrees with the initial OSD Component
determination, he or she may file an appeal. The request should be sent
to the Chief, Records and Declassification Division, WHS, 1155 Defense
Pentagon, Washington, DC 20301-1155.
(6) If, after review, the Records and Declassification Division
determines the system of records should not be amended as requested,
the Records and Declassification Division shall provide a copy of any
statement of disagreement to the extent that disclosure accounting is
maintained in accordance with Chapter 4 or DoD 5400.11-R. The Records
and Declassification Division shall advise the individual:
(i) Of the reason and authority for the denial.
(ii) Of his or her right to file a statement of the reason for
disagreeing with the Records and Declassification Division decision.
(iii) Of the procedures for filing a statement of disagreements.
(iv) That the statement filed shall be made available to anyone the
record is disclosed to, together with a brief statement summarizing
reasons for refusing to amend the records.
(7) If the Records and Declassification Division determines that
the record should be amended in accordance with the individual's
request, the OSD Component shall amend the record, and advise the
individual of the amendment, in accordance with Chapter 4 of DoD
5400.11-R.
(8) All appeals should be processed within 30 workdays after
receipt. If the Records and Declassification Division determines that a
fair and equitable review cannot be made within that time, the
individual shall be informed in writing of the reasons for the delay
and of the approximate date the review is expected to be completed.
(g) Disclosure of disputed information. (1) If the Records and
Declassification Division determines the record should not be amended
and the individual has filed a statement of disagreement under
paragraph (f)(7) of this section, the OSD Component shall annotate the
disputed record so it is apparent under record disclosure that a
statement has been filed. Where feasible, the notation itself shall be
integral to the record. Where disclosure accounting has been made, the
OSD Component shall advise previous recipients that the record has been
disputed and shall provide a copy of the individual's statement of
disagreement in accordance with Chapter 4 of DoD 5400.11-R.
(i) This statement shall be maintained to permit ready retrieval
whenever the disputed portion of the record is disclosed.
(ii) When information that is the subject of a statement of
disagreement is subsequently disclosed, the OSD Component's designated
official shall note which information is disputed and provide a copy of
the individual's statement.
(2) The OSD Component shall include a brief summary of its reasons
for not making a correction when disclosing disputed information. Such
statements shall normally be limited to the reasons given to the
individual for not amending the record.
(3) Copies of the OSD Component's summary will be treated as part
of the individual's record; however, it will not be subject to the
amendment procedure outlined in paragraph (c)(3) of this section.
(h) Penalties. (1) Civil action. An individual may file a civil
suit against the OSD Component or its employees if the individual feels
certain provisions or the Privacy Act have been violated as stated in 5
U.S.C. 552a.
(2) Criminal action. (i) Criminal penalties may be imposed against
an OSD officer or employee for offenses listed in Section (i) of 5
U.S.C. 552a, as follows:
(A) Willful unauthorized disclosure of protected information in the
records.
(B) Failure to publish a notice of the existence of a record system
in the Federal Register.
(C) Requesting or gaining access to the individual's record under
false pretenses.
(ii) An OSD officer or employee may be fined up to $5,000 for a
violation as outlined in paragraph (h)(2)(i) of this section.
(i) Litigation status sheet. Whenever a complaint citing 5 U.S.C.
552a is filed in a U.S. District Court against the Department of
Defense, an OSD Component, or any OSD employee, the responsible system
manager shall promptly notify the DPO. The litigation status sheet in
DoD 5400.11-R provides a standard format for this notification. (The
initial litigation status sheet shall, as a minimum, provide the
information required by items 1, through 6. of DoD 5400.11-R) A revised
litigation status sheet shall be provided at each stage of the
litigation. When a court renders a formal opinion or judgment, copies
of the judgment or opinion shall be provided to the DPO with the
litigation status sheet reporting that judgment or opinion.
(j) Computer matching programs. Chapter 11, paragraph B of DoD
5400.11-R, prescribes that all requests for participation in a matching
program (either as a matching agency or a source agency) be submitted
to the DPO for review and compliance. The OSD Components shall submit
these requests through the Records and Declassification Division.
Sec. 311.7 Information requirements.
The DPO shall establish requirements and deadlines for DoD privacy
reports. These reports shall be licensed in accordance with DoD
Directive 8910.1.\8\
---------------------------------------------------------------------------
\8\ Copies may be obtained at https://www.dtic.mil/whs/
directives/
Dated: January 16, 2007.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, DoD.
[FR Doc. E7-800 Filed 1-22-07; 8:45 am]
BILLING CODE 5001-06-P
