Office of the Secretary of Defense and Joint Staff Privacy Program, 56113-56117 [E9-26183]

Download as PDF Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations srobinson on DSKHWCL6B1PROD with RULES deemed NOL to $8,000. Therefore, X has an $8,000 excess net operating loss (excess deemed NOL) to allocate to its shareholders. Under paragraph (d)(2)(ii)(C) of this section, none of the $8,000 excess deemed NOL is allocated to C because C’s section 1366(d) losses and deductions immediately prior to the section 108(b)(2)(A) reduction ($2,000) do not exceed C’s share of the excluded COD income for 2008 ($3,000). However, each of A’s and B’s respective section 1366(d) losses and deductions immediately prior to the section 108(b)(2)(A) reduction exceed each of A’s and B’s respective shares of the excluded COD income for 2009. A’s excess amount is $2,000 ($5,000¥$3,000) and B’s excess amount is $7,000 ($13,000¥$6,000). Therefore, the total of all shareholders’ excess amounts is $9,000. Under paragraph (d)(2) of this section, X will allocate $1,777.78 of the $8,000 excess deemed NOL to A ($8,000 × $2,000/$9,000) and $6,222.22 of the $8,000 excess deemed NOL to B ($8,000 × $7,000/$9,000). However, because A transferred all of her shares of stock in X in a transaction not described in section 1041(a), A’s $1,777.78 of section 1366(d) losses and deductions are permanently disallowed under paragraph (d)(2)(iii) of this section. Accordingly, at the beginning of 2010, B has $6,222.22 of section 1366(d)(2) carryovers and C has no section 1366(d)(2) carryovers. Example 7. The facts are the same as in Example 6, except that X, with the consent of A and C, makes a terminating election under section 1377(a)(2) upon A’s sale of her stock in X to C. Therefore, the COD income (had it not been excluded) would have been allocated $6,000 to A, $6,000 to B, and $0 to C. Under paragraph (d)(2)(ii)(C) of this section, none of the $8,000 excess deemed NOL is allocated to A because A’s section 1366(d) losses and deductions immediately prior to the section 108(b)(2)(A) reduction ($5,000) do not exceed A’s share of the excluded COD income for 2009 ($6,000). However, each of B’s and C’s respective section 1366(d) losses and deductions immediately prior to the section 108(b)(2)(A) reduction exceed each of B’s and C’s respective shares of the excluded COD income for 2009. B’s excess amount is $7,000 ($13,000¥$6,000), C’s excess amount is $2,000 ($2,000¥$0). Therefore, the total of all shareholders’ excess amounts is $9,000. Under paragraph (d)(2) of this section, X will allocate $6,222.22 of the $8,000 excess deemed NOL to B ($8,000 × $7,000/$9,000) and $1,777.78 of the $8,000 excess deemed NOL to C. Accordingly, at the beginning of 2010, B has $6,222.22 of section 1366(d)(2) carryovers and C has $1,777.78 of section 1366(d)(2) carryovers. (f) Effective/applicability date—(1) Paragraphs (a), (b), (c), and Examples 1, 2, 3, and 4 of paragraph (e) of this section apply to discharges of indebtedness occurring on or after May 10, 2004. (2) Paragraph (d) and Examples 5, 6, and 7 of paragraph (e) of this section apply to discharges of indebtedness occurring on or after October 30, 2009. VerDate Nov<24>2008 16:17 Oct 29, 2009 Jkt 220001 PART 602—OMB CONTROL NUMBERS UNDER THE PAPERWORK REDUCTION ACT Par. 3. The authority citation for part 602 continues to read as follows: ■ Authority: 26 U.S.C. 7805. Par. 4. In § 602.101, paragraph (b) is amended by adding the following entry in numerical order to the table to read as follows: ■ § 602.101 * OMB Control numbers. * * (b) * * * * * CFR part or section where identified and described Current OMB control No. * * * 1.108–7 ................................. * * * 1545–2155 * * Approved: October 21, 2009. Linda E. Stiff, Deputy Commissioner for Services and Enforcement. Michael Mundaca, Acting Assistant Secretary of the Treasury (Tax Policy). [FR Doc. E9–26152 Filed 10–29–09; 8:45 am] 56113 comments received on the corresponding DoD administrative instruction: A reordering of some sections was accomplished to facilitate readability. A new section ‘‘OSD/JS Privacy Office Processes’’ was added to define the role of the OSD/JS Privacy Office in the program. Executive Order 12866, ‘‘Regulatory Planning and Review’’ It has been certified that 32 CFR part 311 does not: (1) Have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy; a section of the economy; productivity; competition; jobs; the environment; public health or safety; or State, local, or tribunal governments or communities; (2) Create a serious inconsistency or otherwise interfere with an action taken or planned by another Agency; (3) Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs, or the rights and obligations of recipients thereof; or (4) Raise novel legal or policy issues arising out of legal mandates, the President’s priorities, or the principles set forth in this Executive Order 12866, as amended by Executive Order 13422. BILLING CODE 4830–01–P Sec. 202, Pub. L. 104–4, ‘‘Unfunded Mandates Reform Act’’ DEPARTMENT OF DEFENSE 32 CFR Part 311 It has been certified that 32 CFR part 311 does not contain a Federal mandate that may result in the expenditure by State, local and tribunal governments, in aggregate, or by the private sector, of $100 million or more in any one year. Office of the Secretary of Defense and Joint Staff Privacy Program Public Law 96–354, ‘‘Regulatory Flexibility Act’’ (5 U.S.C. 601) Office of the Secretary [DoD–2006–OS–0033; RIN 0790–AI26] Department of Defense. ACTION: Final rule. AGENCY: SUMMARY: This rule revises 32 CFR part 311 to update Office of the Secretary of Defense (OSD) and Joint Staff (JS) policy, assigns responsibilities, and prescribes procedures for the effective administration of the Privacy Act (PA) Program in OSD and JS. This rule supplements and implements 32 CFR part 310, the DoD Privacy Program. DATES: Effective Date: This rule is effective November 30, 2009. FOR FURTHER INFORMATION CONTACT: Cindy Allard, 703–588–6830. SUPPLEMENTARY INFORMATION: A proposed rule published in the Federal Register on January 23, 2007 (72 FR 2819–2823). No comments were received. The following has been included in the final rule based on internal PO 00000 Frm 00027 Fmt 4700 Sfmt 4700 It has been certified that 32 CFR part 311 is not subject to the Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if promulgated, have a significant economic impact on a substantial number of small entities. The rule implements the procedures for the effective administration of the Privacy Act Program in OSD and the JS. Public Law 96–511, ‘‘Paperwork Reduction Act’’ (44 U.S.C. Chapter 35) It has been certified that 32 CFR part 311 does not impose reporting or recordkeeping requirements under the Paperwork Reduction Act of 1995. Executive Order 13132, ‘‘Federalism’’ It has been certified that 32 CFR part 311 does not have federalism implications, as set forth in Executive Order 13132. This rule does not have substantial direct effects on: (1) The States; E:\FR\FM\30OCR1.SGM 30OCR1 56114 Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations (2) The relationship between the National Government and the States; or (3) The distribution of power and responsibilities among the various levels of Government. List of Subjects in 32 CFR Part 311 Privacy Act. Accordingly, 32 CFR part 311 is revised to read as follows: ■ PART 311—OFFICE OF THE SECRETARY OF DEFENSE AND JOINT STAFF PRIVACY PROGRAM Sec. 311.1 311.2 311.3 311.4 311.5 311.6 311.7 Purpose. Applicability. Definitions. Policy. Responsibilities. Procedures. OSD/JS Privacy Office Processes. Authority: 5 U.S.C. 552a. § 311.1. Purpose. This part revises 32 CFR part 311 to update Office of the Secretary of Defense (OSD) and Joint Staff (JS) policy, assigns responsibilities, and prescribes procedures for the effective administration of the Privacy Program in OSD and the JS. This part supplements and implements part 32 CFR part 310, the DoD Privacy Program. § 311.2. Applicability. This part: (a) Applies to OSD, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, and all other activities serviced by Washington Headquarters Services (WHS) that receive privacy program support from OSD/JS Privacy Office, Executive Services Directorate (ESD), WHS (hereafter referred to collectively as the ‘‘WHS-Serviced Components).’’ (b) Covers systems of records maintained by the WHS-Serviced Components and governs the maintenance, access, change, and release information contained in those systems of records, from which information about an individual is retrieved by a personal identifier. srobinson on DSKHWCL6B1PROD with RULES § 311.3. Definitions. (a) Access. The review of a record or a copy of a record or parts thereof in a system of records by any individual. (b) Computer matching program. A program that matches the personal records in computerized databases of two or more Federal agencies. (c) Disclosure. The transfer of any personal information from a system of records by any means of communication (such as oral, written, electronic, mechanical, or actual review) to any VerDate Nov<24>2008 16:17 Oct 29, 2009 Jkt 220001 person, private entity, or Government Agency, other than the subject of the record, the subject’s designated agent or the subject’s legal guardian. (d) Individual. A living person who is a citizen of the United States or an alien lawfully admitted for permanent residence. The parent of a minor or the legal guardian of any individual also may act on behalf of an individual. Members of the United States Armed Forces are ‘‘individuals.’’ Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not ‘‘individuals’’ when acting in an entrepreneurial capacity with the Department of Defense but are ‘‘individuals’’ otherwise (e.g., security clearances, entitlement to DoD privileges or benefits, etc.). (e) Individual access. Access to information pertaining to the individual by the individual or his or her designated agent or legal guardian. (f) Maintain. To maintain, collect, use, or disseminate records contained in a system of records. (g) Personal information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a social security number; age; military rank; civilian grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc. Such information also is known as personally identifiable information (i.e., information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, including any other personal information which is linked or linkable to a specified individual). (h) Record. Any item, collection, or grouping of information, whatever the storage media (e.g., paper, electronic, etc.), about an individual that is maintained by a WHS-Serviced Component, including, but not limited to, his or her education, financial transactions, medical history, criminal or employment history, and that contains his or her name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph. (i) System manager. A WHS-Serviced Component official who has overall responsibility for a system of records. The system manager may serve at any level in OSD. Systems managers are indicated in the published systems of records notices. If more than one official PO 00000 Frm 00028 Fmt 4700 Sfmt 4700 is indicated as a system manager, initial responsibility resides with the manager at the appropriate level (i.e., for local records, at the local activity). (j) System of records. A group of records under the control of a WHSServiced Component from which personal information about an individual is retrieved by the name of the individual or by some other identifying number, symbol, or other identifying particular assigned, that is unique to the individual. § 311.4. Policy. It is DoD policy, in accordance with 32 CFR part 310, that: (a) Personal information contained in any system of records maintained by any DoD organization shall be safeguarded. To the extent authorized by section 552a of title 5, United States Code, commonly known and hereafter referred to as the ‘‘Privacy Act’’ and Appendix I of Office of Management and Budget Circular No. A–130 (available at http:// www.whitehouse.gov/omb/assets/omb/ circulars/a130/a130trans4.pdf), an individual shall be permitted to know what existing records pertain to him or her consistent with 32 CFR part 310. (b) Each office maintaining records and information about individuals shall ensure that this data is protected from unauthorized collection, use, dissemination and/or disclosure of personal information. These offices shall permit individuals to have access to and have a copy made of all or any portion of records about them, except as provided in 32 CFR 310.17 and 310.18. The individuals will also have an opportunity to request that such records be amended as provided by 32 CFR 310.19 . Individuals requesting access to their records shall receive concurrent consideration under section 552 of title 5, United States Code (commonly known and hereafter referred to as the ‘‘Freedom of Information Act’’). (c) Necessary records of a personal nature that are individually identifiable will be maintained in a manner that complies with the law and DoD policy. Any information collected by WHSServiced Components must be as accurate, relevant, timely, and complete as is reasonable to ensure fairness to the individual. Adequate safeguards must be provided to prevent misuse or unauthorized release of such information, consistent with the Privacy Act. § 311.5. Responsibilities. (a) The Director, WHS, under the authority, direction, and control of the E:\FR\FM\30OCR1.SGM 30OCR1 srobinson on DSKHWCL6B1PROD with RULES Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations Director, Administration and Management, shall: (1) Direct and administer the OSD/JS Privacy Program for the WHS-Serviced Components. (2) Ensure implementation of and compliance with standard and procedures established in 32 CFR part 310. (3) Coordinate with the WHS General Counsel on all WHS-Serviced Components denials of appeals for amending records and review actions to confirm denial of access to records. (4) Provide advice and assistance to the WHS-Serviced Components on matters pertaining to the Privacy Act. (5) Direct the OSD/JS Privacy Office to implement all aspects of 32 CFR part 310 as directed in § 311.7 of this part. (b) The Heads of the WHS-Serviced Components shall: (1) Designate an individual in writing as the point of contact for Privacy Act matters and advise the Chief, OSD/JS Privacy Office, of names of officials so designated. (2) Designate an official in writing to deny initial requests for access to an individual’s records or changes to records and advise the Chief, OSD/JS Privacy Office of names of officials so designated. (3) Provide opportunities for appointed personnel to attend periodic Privacy Act training. (4) Report any new record system, or changes to an existing system, to the Chief, OSD/JS Privacy Office at least 90 days before the intended use of the system. (5) Formally review each system of records notice on a biennial basis and update as necessary. (6) In accordance with 32 CFR 310.12, include appropriate Federal Acquisition Regulation clause (48 CFR 24.104) in all contracts that provide for contractor personnel to access WHS-Serviced Component records systems covered by the Privacy Act. (7) Review all implementing guidance prepared by the WHS-Serviced Components as well as all forms or other methods used to collect information about individuals to ensure compliance with 32 CFR part 310. (8) Establish administrative processes in WHS-Serviced Component organizations to comply with the procedures listed in this part and 32 CFR part 310. (9) Coordinate with WHS General Counsel on all proposed denials of access to records. (10) Provide justification to the OSD/ JS Privacy Office when access to a record is denied in whole or in part. (11) Provide the record to the OSD/JS Privacy Office when the initial denial of VerDate Nov<24>2008 16:17 Oct 29, 2009 Jkt 220001 a request for access to such record has been appealed by the requester or at the time of initial denial if an appeal seems likely. (12) Maintain an accurate administrative record documenting the actions resulting in a denial for access to a record or for the correction of a record. The administrative record should be maintained so it can be relied upon and submitted as a complete record of proceedings if litigation occurs in accordance with 32 CFR part 310. (13) Ensure all personnel are aware of the requirement to take appropriate Privacy Act training as required by 32 CFR part 310 and the Privacy Act. (14) Forward all requests for access to records received directly from an individual to the OSD/JS Freedom of Information Act Requester Service Center for processing under 32 CFR part 310 and 32 CFR part 286. (15) Maintain a record of each disclosure of information (other than routine use) from a system of records as required by 32 CFR part 310. § 311.6. Procedures. (a) Publication of Notice in the Federal Register. (1) A notice shall be published in the Federal Register of any record system meeting the definition of a system of records in 32 CFR 310.4. (2) The Heads of the WHS-Serviced Component shall submit notices for new or revised systems of records to the Chief, OSD/JS Privacy Office, for review at least 90 days prior to desired implementation. (3) The Chief, OSD/JS Privacy Office shall forward completed notices to the Defense Privacy Office (DPO) for review in accordance with 32 CFR 310.30. Publication in the Federal Register starts a 30-day comment window which provides the public with an opportunity to submit written data, views, or arguments to the DPO for consideration before a system of record is established or modified. (b) Access to Systems of Records Information. (1) As provided in the Privacy Act, records shall be disclosed only to the individual they pertain to and under whose individual name or identifier they are filed, unless exempted by the provisions in 32 CFR 310.31. If an individual is accompanied by a third party, the individual shall be required to furnish a signed access authorization granting the third party access according to 32 CFR 310.17. (2) Individuals seeking access to records that pertain to themselves, and that are filed by name or other personal identifier, may submit the request in person or by mail, in accordance with these procedures: PO 00000 Frm 00029 Fmt 4700 Sfmt 4700 56115 (i) Any individual making a request for access to records in person shall provide personal identification to the appropriate system owner, as identified in the system of records notice published in the Federal Register, to verify the individual’s identity according to 32 CFR 310.17. (ii) Any individual making a request for access to records by mail shall address such request to the OSD/JS FOIA Requester Service Center, Office of Freedom of Information, 1155 Pentagon, Washington, DC 20301–1155. To verify his or her identity, the requester shall include either a signed notarized statement or an unsworn declaration in the format specified by 32 CFR part 286. (iii) All requests for records shall describe the record sought and provide sufficient information to enable the material to be located (e.g., identification of system of records, approximate date it was initiated, originating organization, and type of document). (iv) All requesters shall comply with the procedures in 32 CFR part 310 for inspecting and/or obtaining copies of requested records. (v) If the requester is not satisfied with the response, he or she may file a written appeal as provided in paragraph (f)(8) of this section. The requester must provide proof of identity by showing a driver’s license or similar credentials. (3) There is no requirement that an individual be given access to records that are not in a group of records that meet the definition of a system of records in the Privacy Act. (For an explanation of the relationship between the Privacy Act and the Freedom of Information Act, and for guidelines to ensure requesters are given the maximum amount of information authorized by both Acts, see 32 CFR part 310.17 (4) Granting access to a record containing personal information shall not be conditioned upon any requirement that the individual state a reason or otherwise justify the need to gain access. (5) No verification of identity shall be required of an individual seeking access to records that are otherwise available to the public. (6) Individuals shall not be denied access to a record in a system of records about themselves because those records are exempted from disclosure under 32 CFR part 286. Individuals may only be denied access to a record in a system of records about themselves when those records are exempted from the access provisions of 32 CFR 310.26. E:\FR\FM\30OCR1.SGM 30OCR1 srobinson on DSKHWCL6B1PROD with RULES 56116 Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations (7) Individuals shall not be denied access to their records for refusing to disclose their Social Security Number (SSN), unless disclosure of the SSN is required by statute, by regulation adopted before January 1, 1975, or if the record’s filing identifier and only means of retrieval is by SSN (Privacy Act, note). (c) Access to Records or Information Compiled for Law Enforcement Purposes. (1) Requests are processed under 32 CFR part 310 and 32 CFR part 286 to give requesters a greater degree of access to records on themselves. (2) Records (including those in the custody of law enforcement activities) that have been incorporated into a system of records exempted from the access conditions of 32 CFR part 310, will be processed in accordance with 32 CFR 286.12. Individuals shall not be denied access to records solely because they are in the exempt system. They will have the same access that they would receive under 32 CFR part 286. (See also 32 CFR 310.17.) (3) Records systems exempted from access conditions will be processed under 32 CFR 310.26 or 32 CFR 286.12, depending upon which regulation gives the greater degree of access. (See also 32 CFR 310.17.) (4) Records systems exempted from access under 32 CFR 310.27 that are temporarily in the hands of a non-law enforcement element for adjudicative or personnel actions, shall be referred to the originating agency. The requester will be informed in writing of this referral. (d) Access to Illegible, Incomplete, or Partially Exempt Records. (1) An individual shall not be denied access to a record or a copy of a record solely because the physical condition or format of the record does not make it readily available (e.g., deteriorated state or on magnetic tape). The document will be prepared as an extract, or it will be exactly recopied. (2) If a portion of the record contains information that is exempt from access, an extract or summary containing all of the information in the record that is releasable shall be prepared. (3) When the physical condition of the record makes it necessary to prepare an extract for release, the extract shall be prepared so that the requester will understand it. (4) The requester shall be informed of all deletions or changes to records. (e) Access to Medical Records. (1) Medical records shall be disclosed to the individual and may be transmitted to a medical doctor named by the individual concerned. VerDate Nov<24>2008 16:17 Oct 29, 2009 Jkt 220001 (2) The individual may be charged reproduction fees for copies or records as outlined in 32 CFR 310.20. (f) Amending and Disputing Personal Information in Systems of Records. (1) The Head of a WHS-Serviced Component, or designated official, shall allow individuals to request amendment to their records to the extent that such records are not accurate, relevant, timely, or complete. (2) Requests shall be submitted in person or by mail to the office designated in the system of records notice. They should contain, as a minimum, identifying information to locate the record, a description of the items to be amended, and the reason for the change. Requesters shall be required to provide verification of their identity as stated in paragraphs (b)(2)(i) and (b)(2)(ii) of this section to ensure that they are seeking to amend records about themselves and not, inadvertently or intentionally, the records of others. (3) Requests shall not be rejected nor required to be resubmitted unless additional information is essential to process the request. (4) The appropriate system manager shall mail a written acknowledgment to an individual’s request to amend a record within 10 workdays after receipt. Such acknowledgment shall identify the request and may, if necessary, request any additional information needed to make a determination. No acknowledgment is necessary if the request can be reviewed and processed and if the individual can be notified of compliance or denial within the 10-day period. Whenever practical, the decision shall be made within 30 working days. For requests presented in person, written acknowledgment may be provided at the time the request is presented. (5) The Head of a WHS-Serviced Component, or designated official, shall promptly take one of three actions on requests to amend the records: (i) If the WHS-Serviced Component official agrees with any portion or all of an individual’s request, he or she will proceed to amend the records in accordance with existing statutes, regulations, or administrative procedures and inform the requester of the action taken in accordance with 32 CFR 310.19. The WHS-Serviced Component official shall also notify all previous holders of the record that the amendment has been made and shall explain the substance of the correction. (ii) If the WHS-Serviced Component official disagrees with all or any portion of a request, the individual shall be informed promptly of the refusal to amend a record, the reason for the PO 00000 Frm 00030 Fmt 4700 Sfmt 4700 refusal, and the procedure to submit an appeal as described in paragraph (f)(8) of this section. (iii) If the request for an amendment pertains to a record controlled and maintained by another Federal agency, the request shall be referred to the appropriate agency and the requester advised of this. (6) When personal information has been disputed by the requestor, the Head of a WHS-Serviced Component, or designated official, shall: (i) Determine whether the requester has adequately supported his or her claim that the record is inaccurate, irrelevant, untimely, or incomplete. (ii) Limit the review of a record to those items of information that clearly bear on any determination to amend the record, and shall ensure that all those elements are present before a determination is made. (7) If the Head of a WHS-Serviced Component, or designated official, after an initial review of a request to amend a record, disagrees with all or any portion of the request to amend a record, he or she shall: (i) Advise the individual of the denial and the reason for it. (ii) Inform the individual that he or she may appeal the denial. (iii) Describe the procedures for appealing the denial, including the name and address of the official to whom the appeal should be directed. The procedures should be as brief and simple as possible. (iv) Furnish a copy of the justification of any denial to amend a record to the OSD/JS Privacy Office. (8) If an individual disagrees with the initial WHS-Serviced Component determination, he or she may file an appeal. If the record is created and maintained by a WHS-Serviced Component, the appeal should be sent to the Chief, OSD/JS Privacy Office, WHS, 1155 Defense Pentagon, Washington, DC 20301–1155. (9) If, after review, the Chief, OSD/JS Privacy Office, determines the system of records should not be amended as requested, the Chief, OSD/JS Privacy Office, shall provide a copy of any statement of disagreement to the extent that disclosure accounting is maintained in accordance with 32 CFR 310.25 and shall advise the individual: (i) Of the reason and authority for the denial. (ii) Of his or her right to file a statement of the reason for disagreeing with the OSD/JS Privacy Office’s decision. (iii) Of the procedures for filing a statement of disagreement. E:\FR\FM\30OCR1.SGM 30OCR1 srobinson on DSKHWCL6B1PROD with RULES Federal Register / Vol. 74, No. 209 / Friday, October 30, 2009 / Rules and Regulations (iv) That the statement filed shall be made available to anyone the record is disclosed to, together with a brief statement by the WHS-Serviced Component summarizing its reasons for refusing to amend the records. (10) If the Chief, OSD/JS Privacy Office, determines that the record should be amended in accordance with the individual’s request, the WHSServiced Component shall amend the record, advise the individual, and inform previous recipients where a disclosure accounting has been maintained in accordance with 32 CFR 310.25. (11) All appeals should be processed within 30 workdays after receipt by the proper office. If the Chief, OSD/JS Privacy Office, determines that a fair and equitable review cannot be made within that time, the individual shall be informed in writing of the reasons for the delay and of the approximate date the review is expected to be completed. (g) Disclosure of Disputed Information. (1) If the OSD/JS Privacy Office determines the record should not be amended and the individual has filed a statement of disagreement under paragraph (f)(8) of this section, the WHS-Serviced Component shall annotate the disputed record so it is apparent to any person to whom the record is disclosed that a statement has been filed. Where feasible, the notation itself shall be integral to the record. Where disclosure accounting has been made, the WHS-Serviced Component shall advise previous recipients that the record has been disputed and shall provide a copy of the individual’s statement of disagreement in accordance with 32 CFR 310.21. (i) This statement shall be maintained to permit ready retrieval whenever the disputed portion of the record is disclosed. (ii) When information that is the subject of a statement of disagreement is subsequently disclosed, the WHSServiced Component designated official shall note which information is disputed and provide a copy of the individual’s statement. (2) The WHS-Serviced Component shall include a brief summary of its reasons for not making a correction when disclosing disputed information. Such statement shall normally be limited to the reasons given to the individual for not amending the record. (3) Copies of the WHS-Serviced Component summary will be treated as part of the individual’s record; however, it will not be subject to the amendment procedure outlined in paragraph (f) of this section. VerDate Nov<24>2008 16:17 Oct 29, 2009 Jkt 220001 (h) Penalties. (1) Civil Action. An individual may file a civil suit against the WHS-Serviced Component or its employees if the individual feels certain provisions of the Privacy Act have been violated. (2) Criminal Action. (i) Criminal penalties may be imposed against an officer or employee of a WHS-Serviced Component for these offenses listed in the Privacy Act: (A) Willful unauthorized disclosure of protected information in the records; (B) Failure to publish a notice of the existence of a record system in the Federal Register; and (C) Requesting or gaining access to the individual’s record under false pretenses. (ii) An officer or employee of a WHSServiced Component may be fined up to $5,000 for a violation as outlined in paragraphs (h)(2)(i)(A) through (h)(2)(i)(C) of this section. (i) Litigation Status Sheet. Whenever a complaint citing the Privacy Act is filed in a U.S. District Court against the Department of Defense, a WHS-Serviced Component, or any employee of a WHSServiced Component, the responsible system manager shall promptly notify the OSD/JS Privacy Office, which shall notify the DPO. The litigation status sheet in Appendix H of 32 CFR part 310 provides a standard format for this notification. (The initial litigation status sheet shall, as a minimum, provide the information required by items 1 through 6). A revised litigation status sheet shall be provided at each stage of the litigation. When a court renders a formal opinion or judgment, copies of the judgment or opinion shall be provided to the OSD/JS Privacy Office with the litigation status sheet reporting that judgment or opinion. (j) Computer Matching Programs. 32 CFR 310.52 prescribes that all requests for participation in a matching program (either as a matching agency or a source agency) be submitted to the DPO for review and compliance. The WHSServiced Components shall submit a courtesy copy to the OSD/JS Privacy Office at the time of transmittal to the DPO. § 311.7. OSD/JS Privacy Office Processes. The OSD/JS Privacy Office shall: (a) Exercise oversight and administrative control of the OSD/JS Privacy Program for the WHS-Serviced Components. (b) Provide guidance and training to the WHS-Serviced Components as required by 32 CFR 310.37. (c) Collect and consolidate data from the WHS-Serviced Components and submit reports to the DPO, as required PO 00000 Frm 00031 Fmt 4700 Sfmt 4700 56117 by 32 CFR 310.40 or otherwise requested by the DPO. (d) Coordinate and consolidate information for reporting all record systems, as well as changes to approved systems, to the DPO for final processing to the Office of Management and Budget, the Congress, and the Federal Register, as required by 32 CFR part 310. (e) In coordination with DPO, serve as the appellate authority for the WHSServiced Components when a requester appeals a denial for access as well as when a requester appeals a denial for amendment or initiates legal action to correct a record. (f) Refer all matters about amendments of records and general and specific exemptions under 32 CFR 310.19, 310.28 and 310.29 to the proper WHS-Serviced Components. Dated: October 26, 2009. Patricia L. Toppings, OSD Federal Register Liaison Officer, Department of Defense. [FR Doc. E9–26183 Filed 10–29–09; 8:45 am] BILLING CODE 5001–06–P ENVIRONMENTAL PROTECTION AGENCY 40 CFR Part 52 [EPA–R03–OAR–2009–0034; FRL–8975–2] Approval and Promulgation of Air Quality Implementation Plans; Maryland; Clean Air Interstate Rule AGENCY: Environmental Protection Agency (EPA). ACTION: Final rule. SUMMARY: EPA is approving State Implementation Plan (SIP) revisions submitted by the State of Maryland, with the exception of its 2009 nitrogen oxides (NOX) ozone season and NOX annual allocations, its 2009 set-aside allocations and the Compliance Supplement Pool (CSP) allocations. The revisions establish budget trading programs for nitrogen oxides (NOX) annual, NOX ozone season, and sulfur dioxides (SO2) annual emissions to address the requirements of EPA’s Clean Air Interstate Rule (CAIR). Maryland will meet its CAIR requirements by participating in the EPA-administered regional cap-and-trade program for NOX annual, NOX ozone season, and SO2 annual emissions. EPA is determining that the SIP revisions fully implement the CAIR requirements for Maryland. Although the DC Circuit found CAIR to be flawed, the rule was remanded without vacatur and thus remains in E:\FR\FM\30OCR1.SGM 30OCR1

Agencies

[Federal Register Volume 74, Number 209 (Friday, October 30, 2009)]
[Rules and Regulations]
[Pages 56113-56117]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-26183]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[DoD-2006-OS-0033; RIN 0790-AI26]

32 CFR Part 311


Office of the Secretary of Defense and Joint Staff Privacy 
Program

AGENCY: Department of Defense.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This rule revises 32 CFR part 311 to update Office of the 
Secretary of Defense (OSD) and Joint Staff (JS) policy, assigns 
responsibilities, and prescribes procedures for the effective 
administration of the Privacy Act (PA) Program in OSD and JS. This rule 
supplements and implements 32 CFR part 310, the DoD Privacy Program.

DATES: Effective Date: This rule is effective November 30, 2009.

FOR FURTHER INFORMATION CONTACT: Cindy Allard, 703-588-6830.

SUPPLEMENTARY INFORMATION: A proposed rule published in the Federal 
Register on January 23, 2007 (72 FR 2819-2823). No comments were 
received.
    The following has been included in the final rule based on internal 
comments received on the corresponding DoD administrative instruction: 
A reordering of some sections was accomplished to facilitate 
readability. A new section ``OSD/JS Privacy Office Processes'' was 
added to define the role of the OSD/JS Privacy Office in the program.

Executive Order 12866, ``Regulatory Planning and Review''

    It has been certified that 32 CFR part 311 does not:
    (1) Have an annual effect on the economy of $100 million or more or 
adversely affect in a material way the economy; a section of the 
economy; productivity; competition; jobs; the environment; public 
health or safety; or State, local, or tribunal governments or 
communities;
    (2) Create a serious inconsistency or otherwise interfere with an 
action taken or planned by another Agency;
    (3) Materially alter the budgetary impact of entitlements, grants, 
user fees, or loan programs, or the rights and obligations of 
recipients thereof; or
    (4) Raise novel legal or policy issues arising out of legal 
mandates, the President's priorities, or the principles set forth in 
this Executive Order 12866, as amended by Executive Order 13422.

Sec. 202, Pub. L. 104-4, ``Unfunded Mandates Reform Act''

    It has been certified that 32 CFR part 311 does not contain a 
Federal mandate that may result in the expenditure by State, local and 
tribunal governments, in aggregate, or by the private sector, of $100 
million or more in any one year.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)

    It has been certified that 32 CFR part 311 is not subject to the 
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if 
promulgated, have a significant economic impact on a substantial number 
of small entities. The rule implements the procedures for the effective 
administration of the Privacy Act Program in OSD and the JS.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been certified that 32 CFR part 311 does not impose 
reporting or recordkeeping requirements under the Paperwork Reduction 
Act of 1995.

Executive Order 13132, ``Federalism''

    It has been certified that 32 CFR part 311 does not have federalism 
implications, as set forth in Executive Order 13132. This rule does not 
have substantial direct effects on:
    (1) The States;

[[Page 56114]]

    (2) The relationship between the National Government and the 
States; or
    (3) The distribution of power and responsibilities among the 
various levels of Government.

List of Subjects in 32 CFR Part 311

    Privacy Act.

0
Accordingly, 32 CFR part 311 is revised to read as follows:

PART 311--OFFICE OF THE SECRETARY OF DEFENSE AND JOINT STAFF 
PRIVACY PROGRAM

Sec.
311.1 Purpose.
311.2 Applicability.
311.3 Definitions.
311.4 Policy.
311.5 Responsibilities.
311.6 Procedures.
311.7 OSD/JS Privacy Office Processes.

    Authority: 5 U.S.C. 552a.


Sec.  311.1.  Purpose.

    This part revises 32 CFR part 311 to update Office of the Secretary 
of Defense (OSD) and Joint Staff (JS) policy, assigns responsibilities, 
and prescribes procedures for the effective administration of the 
Privacy Program in OSD and the JS. This part supplements and implements 
part 32 CFR part 310, the DoD Privacy Program.


Sec.  311.2.  Applicability.

    This part:
    (a) Applies to OSD, the Office of the Chairman of the Joint Chiefs 
of Staff and the Joint Staff, and all other activities serviced by 
Washington Headquarters Services (WHS) that receive privacy program 
support from OSD/JS Privacy Office, Executive Services Directorate 
(ESD), WHS (hereafter referred to collectively as the ``WHS-Serviced 
Components).''
    (b) Covers systems of records maintained by the WHS-Serviced 
Components and governs the maintenance, access, change, and release 
information contained in those systems of records, from which 
information about an individual is retrieved by a personal identifier.


Sec.  311.3.  Definitions.

    (a) Access. The review of a record or a copy of a record or parts 
thereof in a system of records by any individual.
    (b) Computer matching program. A program that matches the personal 
records in computerized databases of two or more Federal agencies.
    (c) Disclosure. The transfer of any personal information from a 
system of records by any means of communication (such as oral, written, 
electronic, mechanical, or actual review) to any person, private 
entity, or Government Agency, other than the subject of the record, the 
subject's designated agent or the subject's legal guardian.
    (d) Individual. A living person who is a citizen of the United 
States or an alien lawfully admitted for permanent residence. The 
parent of a minor or the legal guardian of any individual also may act 
on behalf of an individual. Members of the United States Armed Forces 
are ``individuals.'' Corporations, partnerships, sole proprietorships, 
professional groups, businesses, whether incorporated or 
unincorporated, and other commercial entities are not ``individuals'' 
when acting in an entrepreneurial capacity with the Department of 
Defense but are ``individuals'' otherwise (e.g., security clearances, 
entitlement to DoD privileges or benefits, etc.).
    (e) Individual access. Access to information pertaining to the 
individual by the individual or his or her designated agent or legal 
guardian.
    (f) Maintain. To maintain, collect, use, or disseminate records 
contained in a system of records.
    (g) Personal information. Information about an individual that 
identifies, links, relates, or is unique to, or describes him or her, 
e.g., a social security number; age; military rank; civilian grade; 
marital status; race; salary; home/office phone numbers; other 
demographic, biometric, personnel, medical, and financial information, 
etc. Such information also is known as personally identifiable 
information (i.e., information which can be used to distinguish or 
trace an individual's identity, such as their name, social security 
number, date and place of birth, mother's maiden name, biometric 
records, including any other personal information which is linked or 
linkable to a specified individual).
    (h) Record. Any item, collection, or grouping of information, 
whatever the storage media (e.g., paper, electronic, etc.), about an 
individual that is maintained by a WHS-Serviced Component, including, 
but not limited to, his or her education, financial transactions, 
medical history, criminal or employment history, and that contains his 
or her name, or the identifying number, symbol, or other identifying 
particular assigned to the individual, such as a finger or voice print 
or a photograph.
    (i) System manager. A WHS-Serviced Component official who has 
overall responsibility for a system of records. The system manager may 
serve at any level in OSD. Systems managers are indicated in the 
published systems of records notices. If more than one official is 
indicated as a system manager, initial responsibility resides with the 
manager at the appropriate level (i.e., for local records, at the local 
activity).
    (j) System of records. A group of records under the control of a 
WHS-Serviced Component from which personal information about an 
individual is retrieved by the name of the individual or by some other 
identifying number, symbol, or other identifying particular assigned, 
that is unique to the individual.


Sec.  311.4.  Policy.

    It is DoD policy, in accordance with 32 CFR part 310, that:
    (a) Personal information contained in any system of records 
maintained by any DoD organization shall be safeguarded. To the extent 
authorized by section 552a of title 5, United States Code, commonly 
known and hereafter referred to as the ``Privacy Act'' and Appendix I 
of Office of Management and Budget Circular No. A-130 (available at 
http://www.whitehouse.gov/omb/assets/omb/circulars/a130/a130trans4.pdf), an individual shall be permitted to know what existing 
records pertain to him or her consistent with 32 CFR part 310.
    (b) Each office maintaining records and information about 
individuals shall ensure that this data is protected from unauthorized 
collection, use, dissemination and/or disclosure of personal 
information. These offices shall permit individuals to have access to 
and have a copy made of all or any portion of records about them, 
except as provided in 32 CFR 310.17 and 310.18. The individuals will 
also have an opportunity to request that such records be amended as 
provided by 32 CFR 310.19 . Individuals requesting access to their 
records shall receive concurrent consideration under section 552 of 
title 5, United States Code (commonly known and hereafter referred to 
as the ``Freedom of Information Act'').
    (c) Necessary records of a personal nature that are individually 
identifiable will be maintained in a manner that complies with the law 
and DoD policy. Any information collected by WHS-Serviced Components 
must be as accurate, relevant, timely, and complete as is reasonable to 
ensure fairness to the individual. Adequate safeguards must be provided 
to prevent misuse or unauthorized release of such information, 
consistent with the Privacy Act.


Sec.  311.5.  Responsibilities.

    (a) The Director, WHS, under the authority, direction, and control 
of the

[[Page 56115]]

Director, Administration and Management, shall:
    (1) Direct and administer the OSD/JS Privacy Program for the WHS-
Serviced Components.
    (2) Ensure implementation of and compliance with standard and 
procedures established in 32 CFR part 310.
    (3) Coordinate with the WHS General Counsel on all WHS-Serviced 
Components denials of appeals for amending records and review actions 
to confirm denial of access to records.
    (4) Provide advice and assistance to the WHS-Serviced Components on 
matters pertaining to the Privacy Act.
    (5) Direct the OSD/JS Privacy Office to implement all aspects of 32 
CFR part 310 as directed in Sec.  311.7 of this part.
    (b) The Heads of the WHS-Serviced Components shall:
    (1) Designate an individual in writing as the point of contact for 
Privacy Act matters and advise the Chief, OSD/JS Privacy Office, of 
names of officials so designated.
    (2) Designate an official in writing to deny initial requests for 
access to an individual's records or changes to records and advise the 
Chief, OSD/JS Privacy Office of names of officials so designated.
    (3) Provide opportunities for appointed personnel to attend 
periodic Privacy Act training.
    (4) Report any new record system, or changes to an existing system, 
to the Chief, OSD/JS Privacy Office at least 90 days before the 
intended use of the system.
    (5) Formally review each system of records notice on a biennial 
basis and update as necessary.
    (6) In accordance with 32 CFR 310.12, include appropriate Federal 
Acquisition Regulation clause (48 CFR 24.104) in all contracts that 
provide for contractor personnel to access WHS-Serviced Component 
records systems covered by the Privacy Act.
    (7) Review all implementing guidance prepared by the WHS-Serviced 
Components as well as all forms or other methods used to collect 
information about individuals to ensure compliance with 32 CFR part 
310.
    (8) Establish administrative processes in WHS-Serviced Component 
organizations to comply with the procedures listed in this part and 32 
CFR part 310.
    (9) Coordinate with WHS General Counsel on all proposed denials of 
access to records.
    (10) Provide justification to the OSD/JS Privacy Office when access 
to a record is denied in whole or in part.
    (11) Provide the record to the OSD/JS Privacy Office when the 
initial denial of a request for access to such record has been appealed 
by the requester or at the time of initial denial if an appeal seems 
likely.
    (12) Maintain an accurate administrative record documenting the 
actions resulting in a denial for access to a record or for the 
correction of a record. The administrative record should be maintained 
so it can be relied upon and submitted as a complete record of 
proceedings if litigation occurs in accordance with 32 CFR part 310.
    (13) Ensure all personnel are aware of the requirement to take 
appropriate Privacy Act training as required by 32 CFR part 310 and the 
Privacy Act.
    (14) Forward all requests for access to records received directly 
from an individual to the OSD/JS Freedom of Information Act Requester 
Service Center for processing under 32 CFR part 310 and 32 CFR part 
286.
    (15) Maintain a record of each disclosure of information (other 
than routine use) from a system of records as required by 32 CFR part 
310.


Sec.  311.6.  Procedures.

    (a) Publication of Notice in the Federal Register. (1) A notice 
shall be published in the Federal Register of any record system meeting 
the definition of a system of records in 32 CFR 310.4.
    (2) The Heads of the WHS-Serviced Component shall submit notices 
for new or revised systems of records to the Chief, OSD/JS Privacy 
Office, for review at least 90 days prior to desired implementation.
    (3) The Chief, OSD/JS Privacy Office shall forward completed 
notices to the Defense Privacy Office (DPO) for review in accordance 
with 32 CFR 310.30. Publication in the Federal Register starts a 30-day 
comment window which provides the public with an opportunity to submit 
written data, views, or arguments to the DPO for consideration before a 
system of record is established or modified.
    (b) Access to Systems of Records Information. (1) As provided in 
the Privacy Act, records shall be disclosed only to the individual they 
pertain to and under whose individual name or identifier they are 
filed, unless exempted by the provisions in 32 CFR 310.31. If an 
individual is accompanied by a third party, the individual shall be 
required to furnish a signed access authorization granting the third 
party access according to 32 CFR 310.17.
    (2) Individuals seeking access to records that pertain to 
themselves, and that are filed by name or other personal identifier, 
may submit the request in person or by mail, in accordance with these 
procedures:
    (i) Any individual making a request for access to records in person 
shall provide personal identification to the appropriate system owner, 
as identified in the system of records notice published in the Federal 
Register, to verify the individual's identity according to 32 CFR 
310.17.
    (ii) Any individual making a request for access to records by mail 
shall address such request to the OSD/JS FOIA Requester Service Center, 
Office of Freedom of Information, 1155 Pentagon, Washington, DC 20301-
1155. To verify his or her identity, the requester shall include either 
a signed notarized statement or an unsworn declaration in the format 
specified by 32 CFR part 286.
    (iii) All requests for records shall describe the record sought and 
provide sufficient information to enable the material to be located 
(e.g., identification of system of records, approximate date it was 
initiated, originating organization, and type of document).
    (iv) All requesters shall comply with the procedures in 32 CFR part 
310 for inspecting and/or obtaining copies of requested records.
    (v) If the requester is not satisfied with the response, he or she 
may file a written appeal as provided in paragraph (f)(8) of this 
section. The requester must provide proof of identity by showing a 
driver's license or similar credentials.
    (3) There is no requirement that an individual be given access to 
records that are not in a group of records that meet the definition of 
a system of records in the Privacy Act. (For an explanation of the 
relationship between the Privacy Act and the Freedom of Information 
Act, and for guidelines to ensure requesters are given the maximum 
amount of information authorized by both Acts, see 32 CFR part 310.17
    (4) Granting access to a record containing personal information 
shall not be conditioned upon any requirement that the individual state 
a reason or otherwise justify the need to gain access.
    (5) No verification of identity shall be required of an individual 
seeking access to records that are otherwise available to the public.
    (6) Individuals shall not be denied access to a record in a system 
of records about themselves because those records are exempted from 
disclosure under 32 CFR part 286. Individuals may only be denied access 
to a record in a system of records about themselves when those records 
are exempted from the access provisions of 32 CFR 310.26.

[[Page 56116]]

    (7) Individuals shall not be denied access to their records for 
refusing to disclose their Social Security Number (SSN), unless 
disclosure of the SSN is required by statute, by regulation adopted 
before January 1, 1975, or if the record's filing identifier and only 
means of retrieval is by SSN (Privacy Act, note).
    (c) Access to Records or Information Compiled for Law Enforcement 
Purposes.
    (1) Requests are processed under 32 CFR part 310 and 32 CFR part 
286 to give requesters a greater degree of access to records on 
themselves.
    (2) Records (including those in the custody of law enforcement 
activities) that have been incorporated into a system of records 
exempted from the access conditions of 32 CFR part 310, will be 
processed in accordance with 32 CFR 286.12. Individuals shall not be 
denied access to records solely because they are in the exempt system. 
They will have the same access that they would receive under 32 CFR 
part 286. (See also 32 CFR 310.17.)
    (3) Records systems exempted from access conditions will be 
processed under 32 CFR 310.26 or 32 CFR 286.12, depending upon which 
regulation gives the greater degree of access. (See also 32 CFR 
310.17.)
    (4) Records systems exempted from access under 32 CFR 310.27 that 
are temporarily in the hands of a non-law enforcement element for 
adjudicative or personnel actions, shall be referred to the originating 
agency. The requester will be informed in writing of this referral.
    (d) Access to Illegible, Incomplete, or Partially Exempt Records. 
(1) An individual shall not be denied access to a record or a copy of a 
record solely because the physical condition or format of the record 
does not make it readily available (e.g., deteriorated state or on 
magnetic tape). The document will be prepared as an extract, or it will 
be exactly recopied.
    (2) If a portion of the record contains information that is exempt 
from access, an extract or summary containing all of the information in 
the record that is releasable shall be prepared.
    (3) When the physical condition of the record makes it necessary to 
prepare an extract for release, the extract shall be prepared so that 
the requester will understand it.
    (4) The requester shall be informed of all deletions or changes to 
records.
    (e) Access to Medical Records. (1) Medical records shall be 
disclosed to the individual and may be transmitted to a medical doctor 
named by the individual concerned.
    (2) The individual may be charged reproduction fees for copies or 
records as outlined in 32 CFR 310.20.
    (f) Amending and Disputing Personal Information in Systems of 
Records.
    (1) The Head of a WHS-Serviced Component, or designated official, 
shall allow individuals to request amendment to their records to the 
extent that such records are not accurate, relevant, timely, or 
complete.
    (2) Requests shall be submitted in person or by mail to the office 
designated in the system of records notice. They should contain, as a 
minimum, identifying information to locate the record, a description of 
the items to be amended, and the reason for the change. Requesters 
shall be required to provide verification of their identity as stated 
in paragraphs (b)(2)(i) and (b)(2)(ii) of this section to ensure that 
they are seeking to amend records about themselves and not, 
inadvertently or intentionally, the records of others.
    (3) Requests shall not be rejected nor required to be resubmitted 
unless additional information is essential to process the request.
    (4) The appropriate system manager shall mail a written 
acknowledgment to an individual's request to amend a record within 10 
workdays after receipt. Such acknowledgment shall identify the request 
and may, if necessary, request any additional information needed to 
make a determination. No acknowledgment is necessary if the request can 
be reviewed and processed and if the individual can be notified of 
compliance or denial within the 10-day period. Whenever practical, the 
decision shall be made within 30 working days. For requests presented 
in person, written acknowledgment may be provided at the time the 
request is presented.
    (5) The Head of a WHS-Serviced Component, or designated official, 
shall promptly take one of three actions on requests to amend the 
records:
    (i) If the WHS-Serviced Component official agrees with any portion 
or all of an individual's request, he or she will proceed to amend the 
records in accordance with existing statutes, regulations, or 
administrative procedures and inform the requester of the action taken 
in accordance with 32 CFR 310.19. The WHS-Serviced Component official 
shall also notify all previous holders of the record that the amendment 
has been made and shall explain the substance of the correction.
    (ii) If the WHS-Serviced Component official disagrees with all or 
any portion of a request, the individual shall be informed promptly of 
the refusal to amend a record, the reason for the refusal, and the 
procedure to submit an appeal as described in paragraph (f)(8) of this 
section.
    (iii) If the request for an amendment pertains to a record 
controlled and maintained by another Federal agency, the request shall 
be referred to the appropriate agency and the requester advised of 
this.
    (6) When personal information has been disputed by the requestor, 
the Head of a WHS-Serviced Component, or designated official, shall:
    (i) Determine whether the requester has adequately supported his or 
her claim that the record is inaccurate, irrelevant, untimely, or 
incomplete.
    (ii) Limit the review of a record to those items of information 
that clearly bear on any determination to amend the record, and shall 
ensure that all those elements are present before a determination is 
made.
    (7) If the Head of a WHS-Serviced Component, or designated 
official, after an initial review of a request to amend a record, 
disagrees with all or any portion of the request to amend a record, he 
or she shall:
    (i) Advise the individual of the denial and the reason for it.
    (ii) Inform the individual that he or she may appeal the denial.
    (iii) Describe the procedures for appealing the denial, including 
the name and address of the official to whom the appeal should be 
directed. The procedures should be as brief and simple as possible.
    (iv) Furnish a copy of the justification of any denial to amend a 
record to the OSD/JS Privacy Office.
    (8) If an individual disagrees with the initial WHS-Serviced 
Component determination, he or she may file an appeal. If the record is 
created and maintained by a WHS-Serviced Component, the appeal should 
be sent to the Chief, OSD/JS Privacy Office, WHS, 1155 Defense 
Pentagon, Washington, DC 20301-1155.
    (9) If, after review, the Chief, OSD/JS Privacy Office, determines 
the system of records should not be amended as requested, the Chief, 
OSD/JS Privacy Office, shall provide a copy of any statement of 
disagreement to the extent that disclosure accounting is maintained in 
accordance with 32 CFR 310.25 and shall advise the individual:
    (i) Of the reason and authority for the denial.
    (ii) Of his or her right to file a statement of the reason for 
disagreeing with the OSD/JS Privacy Office's decision.
    (iii) Of the procedures for filing a statement of disagreement.

[[Page 56117]]

    (iv) That the statement filed shall be made available to anyone the 
record is disclosed to, together with a brief statement by the WHS-
Serviced Component summarizing its reasons for refusing to amend the 
records.
    (10) If the Chief, OSD/JS Privacy Office, determines that the 
record should be amended in accordance with the individual's request, 
the WHS-Serviced Component shall amend the record, advise the 
individual, and inform previous recipients where a disclosure 
accounting has been maintained in accordance with 32 CFR 310.25.
    (11) All appeals should be processed within 30 workdays after 
receipt by the proper office. If the Chief, OSD/JS Privacy Office, 
determines that a fair and equitable review cannot be made within that 
time, the individual shall be informed in writing of the reasons for 
the delay and of the approximate date the review is expected to be 
completed.
    (g) Disclosure of Disputed Information. (1) If the OSD/JS Privacy 
Office determines the record should not be amended and the individual 
has filed a statement of disagreement under paragraph (f)(8) of this 
section, the WHS-Serviced Component shall annotate the disputed record 
so it is apparent to any person to whom the record is disclosed that a 
statement has been filed. Where feasible, the notation itself shall be 
integral to the record. Where disclosure accounting has been made, the 
WHS-Serviced Component shall advise previous recipients that the record 
has been disputed and shall provide a copy of the individual's 
statement of disagreement in accordance with 32 CFR 310.21.
    (i) This statement shall be maintained to permit ready retrieval 
whenever the disputed portion of the record is disclosed.
    (ii) When information that is the subject of a statement of 
disagreement is subsequently disclosed, the WHS-Serviced Component 
designated official shall note which information is disputed and 
provide a copy of the individual's statement.
    (2) The WHS-Serviced Component shall include a brief summary of its 
reasons for not making a correction when disclosing disputed 
information. Such statement shall normally be limited to the reasons 
given to the individual for not amending the record.
    (3) Copies of the WHS-Serviced Component summary will be treated as 
part of the individual's record; however, it will not be subject to the 
amendment procedure outlined in paragraph (f) of this section.
    (h) Penalties. (1) Civil Action. An individual may file a civil 
suit against the WHS-Serviced Component or its employees if the 
individual feels certain provisions of the Privacy Act have been 
violated.
    (2) Criminal Action. (i) Criminal penalties may be imposed against 
an officer or employee of a WHS-Serviced Component for these offenses 
listed in the Privacy Act:
    (A) Willful unauthorized disclosure of protected information in the 
records;
    (B) Failure to publish a notice of the existence of a record system 
in the Federal Register; and
    (C) Requesting or gaining access to the individual's record under 
false pretenses.
    (ii) An officer or employee of a WHS-Serviced Component may be 
fined up to $5,000 for a violation as outlined in paragraphs 
(h)(2)(i)(A) through (h)(2)(i)(C) of this section.
    (i) Litigation Status Sheet. Whenever a complaint citing the 
Privacy Act is filed in a U.S. District Court against the Department of 
Defense, a WHS-Serviced Component, or any employee of a WHS-Serviced 
Component, the responsible system manager shall promptly notify the 
OSD/JS Privacy Office, which shall notify the DPO. The litigation 
status sheet in Appendix H of 32 CFR part 310 provides a standard 
format for this notification. (The initial litigation status sheet 
shall, as a minimum, provide the information required by items 1 
through 6). A revised litigation status sheet shall be provided at each 
stage of the litigation. When a court renders a formal opinion or 
judgment, copies of the judgment or opinion shall be provided to the 
OSD/JS Privacy Office with the litigation status sheet reporting that 
judgment or opinion.
    (j) Computer Matching Programs. 32 CFR 310.52 prescribes that all 
requests for participation in a matching program (either as a matching 
agency or a source agency) be submitted to the DPO for review and 
compliance. The WHS-Serviced Components shall submit a courtesy copy to 
the OSD/JS Privacy Office at the time of transmittal to the DPO.


Sec.  311.7.  OSD/JS Privacy Office Processes.

    The OSD/JS Privacy Office shall:
    (a) Exercise oversight and administrative control of the OSD/JS 
Privacy Program for the WHS-Serviced Components.
    (b) Provide guidance and training to the WHS-Serviced Components as 
required by 32 CFR 310.37.
    (c) Collect and consolidate data from the WHS-Serviced Components 
and submit reports to the DPO, as required by 32 CFR 310.40 or 
otherwise requested by the DPO.
    (d) Coordinate and consolidate information for reporting all record 
systems, as well as changes to approved systems, to the DPO for final 
processing to the Office of Management and Budget, the Congress, and 
the Federal Register, as required by 32 CFR part 310.
    (e) In coordination with DPO, serve as the appellate authority for 
the WHS-Serviced Components when a requester appeals a denial for 
access as well as when a requester appeals a denial for amendment or 
initiates legal action to correct a record.
    (f) Refer all matters about amendments of records and general and 
specific exemptions under 32 CFR 310.19, 310.28 and 310.29 to the 
proper WHS-Serviced Components.

    Dated: October 26, 2009.
Patricia L. Toppings,
OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. E9-26183 Filed 10-29-09; 8:45 am]
BILLING CODE 5001-06-P