Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 32 - National Defense |
Subtitle A - Department of Defense |
Chapter I - Office of the Secretary of Defense |
SubChapter O - Privacy Program |
Part 311 - Office of the Secretary of Defense and Joint Staff Privacy Program |
§ 311.5 - Responsibilities.
-
§ 311.5 Responsibilities.
(a) The Director, WHS, under the authority, direction, and control of the Director, Administration and Management, shall:
(1) Direct and administer the OSD/JS Privacy Program for the WHS-Serviced Components.
(2) Ensure implementation of and compliance with standard and procedures established in 32 CFR part 310.
(3) Coordinate with the WHS General Counsel on all WHS-Serviced Components denials of appeals for amending records and review actions to confirm denial of access to records.
(4) Provide advice and assistance to the WHS-Serviced Components on matters pertaining to the Privacy Act.
(5) Direct the OSD/JS Privacy Office to implement all aspects of 32 CFR part 310 as directed in § 311.7 of this part.
(b) The Heads of the WHS-Serviced Components shall:
(1) Designate an individual in writing as the point of contact for Privacy Act matters and advise the Chief, OSD/JS Privacy Office, of names of officials so designated.
(2) Designate an official in writing to deny initial requests for access to an individual's records or changes to records and advise the Chief, OSD/JS Privacy Office of names of officials so designated.
(3) Provide opportunities for appointed personnel to attend periodic Privacy Act training.
(4) Report any new record system, or changes to an existing system, to the Chief, OSD/JS Privacy Office at least 90 days before the intended use of the system.
(5) Formally review each system of records notice on a biennial basis and update as necessary.
(6) In accordance with 32 CFR 310.12, include appropriate Federal Acquisition Regulation clause (48 CFR 24.104) in all contracts that provide for contractor personnel to access WHS-Serviced Component records systems covered by the Privacy Act.
(7) Review all implementing guidance prepared by the WHS-Serviced Components as well as all forms or other methods used to collect information about individuals to ensure compliance with 32 CFR part 310.
(8) Establish administrative processes in WHS-Serviced Component organizations to comply with the procedures listed in this part and 32 CFR part 310.
(9) Coordinate with WHS General Counsel on all proposed denials of access to records.
(10) Provide justification to the OSD/JS Privacy Office when access to a record is denied in whole or in part.
(11) Provide the record to the OSD/JS Privacy Office when the initial denial of a request for access to such record has been appealed by the requester or at the time of initial denial if an appeal seems likely.
(12) Maintain an accurate administrative record documenting the actions resulting in a denial for access to a record or for the correction of a record. The administrative record should be maintained so it can be relied upon and submitted as a complete record of proceedings if litigation occurs in accordance with 32 CFR part 310.
(13) Ensure all personnel are aware of the requirement to take appropriate Privacy Act training as required by 32 CFR part 310 and the Privacy Act.
(14) Forward all requests for access to records received directly from an individual to the OSD/JS Freedom of Information Act Requester Service Center for processing under 32 CFR part 310 and 32 CFR part 286.
(15) Maintain a record of each disclosure of information (other than routine use) from a system of records as required by 32 CFR part 310.