§ 318.5 - Designations and responsibilities.  


Latest version.
  • § 318.5 Designations and responsibilities.

    (a) The Director, DTRA shall:

    (1) Provide adequate funding and personnel to establish and support an effective Privacy Program.

    (2) Appoint a senior official to serve as the Agency Privacy Act Officer.

    (3) Serve as the Agency Appellate Authority.

    (b) The Privacy Act Officer shall:

    (1) Implement the Agency's Privacy Program in accordance with the specific requirements set forth in this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (2) Establish procedures, as well as rules of conduct, necessary to implement this part so as to ensure compliance with the requirements of 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (3) Ensure that the DTRA Privacy Program periodically shall be reviewed by the DTRA Inspectors General or other officials, who shall have specialized knowledge of the DoD Privacy Program.

    (4) Serve as the Agency Initial Denial Authority.

    (c) The Privacy Act Program Manager shall:

    (1) Manage activities in support of the DTRA Program oversight in accordance with part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (2) Provide operational support, guidance and assistance to Systems Managers for responding to requests for access/amendment of records.

    (3) Direct the day-by-day activities of the DTRA Privacy Program.

    (4) Provide guidance and assistance to DTRA elements in their implementation and execution of the DTRA Privacy Program.

    (5) Prepare and submit proposed new, altered, and amended systems of records, to include submission of required notices for publication in the Federal Register consistent with this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (6) Prepare and submit proposed DTRA privacy rulemaking, to include documentation for submission of the proposed rule to the Office of the Federal Register for publication. Additionally, provide required documentation for reporting to the OMB and Congress, consistent with this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (7) Provide advice and support to DTRA elements to ensure that:

    (i) All information requirements developed to collect and/or maintain personal data conform to DoD Privacy Act Program standards;

    (ii) Appropriate procedures and safeguards shall be developed, implemented, and maintained to protect personal information when it is stored in either a manual and/or automated system of records or transferred by electronic or non-electronic means; and

    (iii) Specific procedures and safeguards shall be developed and implemented when personal data is collected and maintained for research purposes.

    (8) Conduct reviews, and prepare and submit reports consistent with the requirements in this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310, or as otherwise directed by the Defense Privacy Office.

    (9) Conduct training for all assigned and employed DTRA personnel and for those individuals having primary responsibility for DTRA Privacy Act Record Systems consistent with requirements of this part, 5 U.S.C. 552a, OMB Circular A-130, and 32 CFR part 310.

    (10) Serve as the principal points of contact for coordination of privacy and related matters.

    (d) The Directorate Heads and Office Chiefs shall:

    (1) Recognize and support the DTRA Privacy Act Program.

    (2) Appoint an individual to serve as Privacy Act Point of Contact within their purview.

    (3) Initiate prompt, constructive management actions on agreed-upon actions identified in agency Privacy Act reports.

    (e) The Chief, Information Systems shall:

    (1) Ensure that all personnel who have access to information from an automated system of records during processing or who are engaged in developing procedures for processing such information are aware of the provisions of this Instruction.

    (2) Promptly notify automated system managers and the Privacy Act Officer whenever they are changes to Agency Information Technology that may require the submission of an amended system notice for any system of records.

    (3) Establish rules of conduct for Agency personnel involved in the design, development, operation, or maintenance of any automated system of records and train them in these rules of conduct.

    (f) Agency System Managers shall exercise the Rules of Conduct as specified in 32 CFR part 310.

    (g) Agency personnel shall exercise the Rules of Conduct as specified in 32 CFR part 310.