Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 32 - National Defense |
Subtitle A - Department of Defense |
Chapter VI - Department of the Navy |
SubChapter A - United States Navy Regulations and Official Records |
Part 701 - Availability of Department of the Navy Records and Publication of Department of the Navy Documents Affecting the Public |
Subpart F - DON Privacy Program |
§ 701.101 - Privacy program terms and definitions.
-
§ 701.101 Privacy program terms and definitions.
(a) Access. Review or copying a record or parts thereof contained in a system of records by any individual.
(b) Agency. For the purposes of disclosing records subject to the PA between or among DOD components, DOD is considered a single agency. For all other purposes, DON is considered an agency within the meaning of PA.
(c) Disclosure. The transfer of any personal information from a system of records by any means of communication (such as oral, written, electronic, mechanical, or actual review), to any person, private entity, or Government agency, other than the subject of the record, the subject's designated agent or the subject's legal guardian.
(d) Federal personnel. Officers and employees of the U.S. Government, members of the uniformed services (including members of the reserve), individuals or survivors thereof, entitled to receive immediate or deferred retirement benefits under any retirement program of the U.S. Government (including survivor benefits).
(e) Individual. A living citizen of the U.S. or an alien lawfully admitted to the U.S. for permanent residence. The custodial parent of a minor or the legal guardian of any individual also may act on behalf of an individual. Members of the United States Armed Forces are “individuals.” Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not “individuals.”
(f) Individual access. Access to information pertaining to the individual by the individual or his/her designated agent or legal guardian.
(g) Information in identifiable form (IIF). Information in an Information Technology (IT) system or online collection that directly identifies an individual (e.g., name, address, social security number or other identifying code, telephone number, e-mail address, etc.) or by an agency intends to identify specific individuals in conjunction with other data elements (i.e., indirect identification that may include a combination of gender, race, birth date, geographic indicator, and other descriptors).
(h) Information system. A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information.
(i) Maintain. Includes maintain, collect, use, or disseminate.
(j) Member of the public. Any individual or party acting in a private capacity.
(k) Minor. Under this subpart, a minor is an individual under 18 years of age, who is not a member of the U.S. Navy or Marine Corps, or married.
(l) Official use. Within the context of this subpart, this term is used when DON officials and employees have a demonstrated need for the use of any record or the information contained therein in the performance of their official duties.
(m) Personal information. Information about an individual that identifies, relates, or is unique to, or describes him or her (e.g., Social Security Number (SSN), age, military rank, civilian grade, marital status, race, salary, home/office phone numbers, etc.).
(n) Privacy Act (PA) request. A request from an individual for notification as to the existence of, access to, or amendment of records pertaining to that individual. These records must be maintained in a system of records.
(o) Privacy Impact Assessment (PIA). An ongoing assessment to evaluate adequate practices in balancing privacy concerns with the security needs of an organization. The process is designed to guide owners and developers of information systems in assessing privacy through the early stages of development. The process consists of privacy training, gathering data from a project on privacy issues, identifying and resolving the privacy risks, and approval by a designated privacy representative.
(p) Protected personal information (PPI). Any information or characteristics that may be used to distinguish or trace an individual's identity, such as their name, SSN, or biometric records.
(q) Record. Any item, collection, or grouping of information, whatever the storage media (e.g., paper, electronic, etc), about an individual that is maintained by a DON activity including, but not limited to, the individual's education, financial transactions, and medical, criminal, or employment history, and that contains the individual's name or other identifying particulars assigned to the individual, such as a finger or voice print or a photograph.
(r) Review authority. An official charged with the responsibility to rule on administrative appeals of initial denials of requests for notification, access, or amendment of records. SECNAV has delegated review authority to the Assistant Secretary of the Navy (Manpower & Reserve Affairs) (ASN(M&RA)), General Counsel of the DON (GC), and the Judge Advocate General of the Navy (JAG). Additionally, the Office of Personnel Management (OPM) is the review authority for civilian official personnel folders or records contained in any other OPM record.
(s) “Routine use” disclosure. A disclosure of a record made outside DOD for a purpose that is compatible with the purpose for which the record was collected and maintained by DOD. The “routine use” must have been included in the notice for the system of records published in the Federal Register.
(t) Statistical record. A record maintained only for statistical research, or reporting purposes, and not used in whole or in part in making any determination about a specific individual.
(u) System manager. An official who has overall responsibility for a system of records. He/she may serve at any level in DON. Systems managers are indicated in the published record systems notices. If more than one official is indicated as a system manager, initial responsibility resides with the manager at the appropriate level (i.e., for local records, at the local activity).
(v) System of records. A group of records under the control of a DON activity from which information is retrieved by the individual's name or by some identifying number, symbol, or other identifying particular assigned to the individual. System notices for all PA systems of records must be published in the Federal Register and are also available for viewing or downloading from the Navy's Privacy Act Online Web site at http://www.privacy.navy.mil.
(w) Web site. A collection of information organized into a number of Web documents related to a common subject or set of subjects, including the “home page” and the linked subordinate information.
(x) Working day. All days excluding Saturday, Sunday, and legal holidays.