DEPARTMENT OF DEFENSE PRIVACY PROGRAM

DoD 5400.11-R

DEPARTMENT OF DEFENSE

PRIVACY PROGRAM

May 14, 2007

OFFICE OF THE DIRECTOR, ADMINISTRATION

AND MANAGEMENT

DoD 5400.11-R, May 14, 2007

FOREWORD

This Regulation is reissued under the authority of DoD Directive 5400.11, ¡°DoD Privacy

Program,¡± May 8, 2007 (Reference (a)). It provides guidance on section 552a of title 5 United

States Code (U.S.C.), the Privacy Act of 1974, as amended, (Reference (b)), and prescribes uniform

procedures for implementation of the DoD Privacy Program.

DoD 5400.11-R, ¡°Department of Defense Privacy Program,¡± August 13, 1983, is hereby canceled.

This Regulation applies to the Office of the Secretary of Defense, the Military Departments, the

Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Inspector General of the

Department of Defense, the Defense Agencies, the DoD Field Activities, and all other

organizational entities within the Department of Defense (hereafter referred to as the ¡°DoD

Components¡±).

The provisions of this Regulation shall be applicable by contract or other legally binding action to

U.S. Government contractors whenever a DoD contract requires the performance of any activities

associated with maintaining a system of records, including the collection, use, and dissemination of

records on behalf of the contracting DoD Component. When maintaining a system of records or a

portion of a system of records, contractors and their employees shall be considered employees of

the contracting DoD Component for purposes of the criminal penalties of the Act.

This Regulation does not apply to:

?

Requests for information made under the Freedom of Information Act (DoD Directive

5400.7) (Reference (c)). They are processed in accordance with DoD 5400.7-R (Reference

(d)).

?

Requests for information from systems of records controlled by the Office of Personnel

Management (OPM), although maintained by a DoD Component. These are processed in

accordance with policies established by OPM (Reference (e)).

?

Requests for personal information from the General Accountability Office. These are

processed in accordance with DoD Directive 7650.1 (Reference (f)).

?

Requests for personal information from Congress. These are processed in accordance with

DoD Directive 5400.4 (Reference (g)), except for the specific provisions in Chapter 4 of

this Regulation.

2

DoD 5400.11-R, May 14, 2007

This Regulation is effective immediately and its use is mandatory for all DoD Components. The

Heads of the DoD Components may issue supplementary instructions only when necessary to

provide for unique requirements within their Components. Such instructions may not conflict with

the provisions of this Regulation.

Send recommended changes to this Regulation to the following address:

Director, Defense Privacy Office

1901 South Bell Street, Room 920

Arlington, VA 22202-4512

The DoD Components may obtain copies of this Regulation through their own publication

channels. Approved for public release; distribution unlimited. Copies are available via the World

Wide Web at . Authorized registered users may obtain copies of

the publication from the Defense Technical Information Center, 8725 John J. Kingman Road, Fort

Belvoir, VA 22060-6218. Other Federal Agencies and the public may obtain copies from the U.S

Department of Commerce, National Technical Information Service, 5285 Port Royal Road,

Springfield, VA 22161.

3

DoD 5400.11-R, May 14, 2007

TABLE OF CONTENTS

Page

2

FOREWORD

TABLE OF CONTENTS

4

REFERENCES

7

DEFINITIONS

8

CHAPTER 1 ¨C SYSTEMS OF RECORDS

C1.1. GENERAL

C1.2. STANDARDS OF ACCURACY

C1.3. GOVERNMENT CONTRACTORS

C1.4. SAFEGUARDING PERSONAL INFORMATION

C1.5. NOTIFICATION WHEN INFORMATION IS LOST, STOLEN OR

COMPROMISED

11

11

13

13

15

16

CHAPTER 2 ¨C COLLECTING PERSONAL INFORMATION

C2.1. GENERAL CONSIDERATIONS

C2.2. FORMS

18

18

20

CHAPTER 3 - ACCESS BY INDIVIDUALS

C3.1. INDIVIDUAL ACCESS TO PERSONAL INFORMATION

C3.2. DENIAL OF INDIVIDUAL ACCESS

C3.3. AMENDMENT OF RECORDS

C3.4. REPRODUCTION FEES

22

22

27

29

35

CHAPTER 4 ¨C DISCLOSURE OF PERSONAL INFORMATION TO OTHER

AGENCIES AND THIRD PARTIES

C4.1. CONDITIONS OF DISCLOSURE

C4.2. NON-CONSENSUAL CONDITIONS OF DISCLOSURES

C4.3. DISCLOSURES TO COMMERCIAL ENTERPRISES

C4.4. DISCLOSURES TO THE PUBLIC FROM MEDICAL RECORDS

C4.5. DISCLOSURE ACCOUNTING

37

37

38

46

47

47

CHAPTER 5 ¨C EXEMPTIONS

C5.1. USE AND ESTABLISHMENT OF EXEMPTIONS

C5.2. ACCESS EXEMPTON

C5.3. GENERAL EXEMPTIONS

C5.4. SPECIFIC EXEMPTIONS

49

49

51

51

52

4

TABLE OF CONTENTS

DoD 5400.11-R, May 14, 2007

CHAPTER 6 ¨C PUBLICATION REQUIREMENTS

C6.1. FEDERAL REGISTER PUBLICATION

C6.2. EXEMPTION RULES

C6.3. SYSTEM NOTICES

C6.4. NEW AND ALTERED RECORD SYSTEMS

C6.5. AMENDMENT AND DELETION OF SYSTEM NOTICES

54

54

56

56

62

66

CHAPTER 7 ¨C TRAINING REQUIREMENTS

C7.1. STATUTORY TRAINING REQUIREMENTS

C7.2. OMB TRAINING GUIDELINES

C7.3. DoD TRAINING PROGRAMS

C7.4. TRAINING METHODOLOGY AND PROCEDURES

C7.5. FUNDING FOR TRAINING

67

67

67

67

68

68

CHAPTER 8 ¨C REPORTS

C8.1. REQUIREMENT FOR REPORTS

C8.2. SUSPENSE FOR SUBMISSION OF REPORTS

C8.3. REPORTS CONTROL SYMBOL

69

69

69

69

CHAPTER 9 ¨C INSPECTIONS

C9.1. PRIVACY ACT INSPECTIONS

C9.2. INSPECTION REPORTING

70

70

70

CHAPTER 10 ¨C PRIVACY ACT VIOLATIONS

C10.1. ADMINISTRATIVE REMEMDIES

C10.2. CIVIL ACTIONS

C10.3. CIVIL REMEDIES

C10.4. CRIMINAL PENALTIES

C10.5. LITIGATION STATUS SHEET

C10.6. LOST, STOLEN, OR COMPROMISED INFORMATION

71

71

71

71

71

71

72

CHAPTER 11 ¨C COMPUTER MATCHING PROGRAM PROCEDURES

C11.1. GENERAL

C11.2. COMPUTER MATCHING PUBLICATION AND

REVIEW REQUIREMENTS

C11.3. COMPUTER MATCHING AGREEMENTS (CMA)

74

74

75

APPENDICES

AP1. SAFEGUARDING PERSONALLY IDENTIFIABLE INFORMATION

AP2. SAMPLE NOTIFICATION LETTER

AP3. DoD BLANKET ROUTINE USES

AP4. PROVISIONS OF THE PRIVACY ACT FROM WHICH A

GENERAL OR A SPECIFIC EXEMPTION MAY BE CLAIMED

AP5. SAMPLE OF NEW OR ALTERED SYSTEM OF RECORDS

NOTICE IN FEDERAL REGISTER FORMAT

AP6. FORMAT FOR NEW OR ALTERED SYSTEM REPORT

5

76

79

82

83

86

89

98

TABLE OF CONTENTS

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download