AGENCY:

Department of the Army, DoD.

ACTION:

Notice to alter a system of records.

SUMMARY:

The Department of the Army proposes to alter a system of records notice in its inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES:

This proposed action will be effective without further notice on February 7, 2007 unless comments are received which result in a contrary determination.

ADDRESSES:

Send comments to Department of the Army, Freedom of Information/Privacy Division, U.S. Army Records Management and Declassification Agency, ATTN: AHRC-PDD-FPZ, 7701 Telegraph Road, Casey Building, Suite 144, Alexandria, VA 22325-3905.

FOR FURTHER INFORMATION CONTACT:

Mr. Robert Dickerson at (703) 428-6513.

SUPPLEMENTARY INFORMATION:

The notice was published on October 25, 2005 at 70 FR 61607. There were numerous comments, but many were virtually identical in format and content. We agree, in part, with some of the comments, and where so, we have made changes to the system notice.

The commenter's observe that the system violates victims' (and offender's) privacy rights. We disagree. The inclusion of personal information in the SADMS does not violate law or contravene public policy. The personal identifying information (PII) that will be incorporated into the Sexual Assault Data Management System (SADMS) already exists in other Army information systems that are identified in the system notice. SADMS simply consolidates data for the purposes set forth in the notice.

The commenter's remark that use of PII would deter victims from reporting sexual assaults. We disagree. The Army Sexual Assault Prevention and Response (SAPR) Program is designed to foster the confidence of Soldiers and increase their likelihood of reporting. It is widely recognized that sexual assault is the most underreported crime in the United States. SADMS, as a consolidation of data reported and captured in other Army information systems, will enable Army SAPR Program officials to assess the effectiveness of the Army's response and prevention program and to make necessary and appropriate changes to policy and procedure to correct any identified weaknesses or failings in the program. Incident to analyzing the data in the system, great care is taken, both technically and procedurally, to ensure that the privacy and confidentiality of victim data is preserved and protected. Fewer than ten individuals in or supporting the Headquarters Department of the Army (HQDA) SAPR Program Office will be authorized direct system access to PII contained in the SADMS, but only on an as needed basis for purposes of discharging their SAPR Program management responsibilities. Additionally, the Assistant Deputy Chief of Staff, G-1 (Personnel) must explicitly approve such access prior to personnel being granted system privileges (or permissions), to access PII within the SADMS. No other Department of the Army personnel will be authorized direct access to PII in SADMS. Victims can be assured that their PII is not disseminated throughout the Army, but is only disclosed in accordance with authorized program management purposes.

The commenter's observe that personally identifying information should not be included in the system. We disagree. As indicated above, SADMS is a consolidation of sexual assault incident and response data previously reported and captured in other Army information systems. It is designed to provide Army SAPR program leaders a holistic view of these incidents, to measure the effectiveness of the Army's SAPR Program, to support the management of the program as recommended by the Acting Secretary of the Army's Task Force Report on Sexual Assault Policies published in May 2004, and to respond to queries by Congress and/or Senior Army Leaders. To ensure it fulfills these purposes, it is critically important that data contained in the system be accurate. Analysis of sexual assault incident and response data across all the SADMS feeder systems identified in the systems notice demonstrates that the most effective way to accurately synthesize these separate information systems is to correlate data by common data fields—the personal identifying information. Inclusion of this information is the most efficient means of assuring that accurate information is received and correlated from these feeder systems.

The commenter's question the rationale for developing a separate data management system in addition to the Defense Incident-Based Reporting System (DIBRS). The Army elected to develop and implement the SADMS because the Defense Incident Based Reporting System (DIBRS) did not provide the information necessary to manage and measure the effectiveness of the different components of the Army's SAPR Program. DIBRS, while containing incident, investigative and offender accountability information, does not address support services being made available to and/or received by victims. The Acting Secretary of the Army's Task Force Report on Sexual Assault Policies found that the Army lacked a centralized system to document all relevant data regarding sexual assault cases, including care provided to the victim. The Task Force recognized that critical information is not available at a single location, information that could provide greater understanding about how well the Army's sexual assault prevention and response policies and procedures are working. At the time when the report was issued, all available Army data on sexual assaults, victims, and alleged perpetrators resided in different systems across several Army organizations. This decentralization made it difficult to follow victims, alleged perpetrators, and cases between services, components, and organizations. SADMS is designed to specifically address this shortcoming and to provide Army SAPR Program leaders the capability to manage and measure the effectiveness of the Army's SAPR Program.

The commenters point out that it is unclear who will have access to the SADMS. As indicated above, the SADMS will only operate in support of HQDA (Army G-1) Sexual Assault Prevention and Response (SAPR) Program requirements. As discussed above, fewer than ten individuals in or supporting the HQDA SAPR Program Office will be authorized direct system access to personal identifying Start Printed Page 743information (PII) contained in the SADMS and only then for authorized SADMS purposes. Moreover, as stated above, no PII in SADMS will be disclosed in response to internal Army requests for information unless specifically approved for release first by the functional system owner(s) of the data and then by either the Assistant Deputy Chief of Staff, G-1 or the Deputy Assistant Secretary of the Army for Human Resources, either of whom must personally determine that the requester's need to know is at least equal to, if not greater than, the potential impact of divulging the PII and that disclosure is otherwise consistent with law and regulation. Limiting SADMS access and disclosure authority will ensure that information management processes are firmly established across this small population of users. And finally, but most importantly, commanders or others will not have access to PII contained within SADMS. SADMS information will not be used to inform or influence command or legal process decisions with respect to either victims or offenders. Other than as described above, SADMS data is neither accessible by nor releasable to the general public except to the extent mandated by law, e.g., the Freedom of Information Act. As indicated above, great care is being taken, both technically and procedurally, to ensure that the privacy and confidentiality of the PII is preserved and protected.

The commenters remark that persons accused of sexual assault may be exempt from being included in SADMS based upon rank or security clearance. We disagree. The term “exemptions” refers to statutory exemptions that an agency may claim for its record systems. As stated in the notice and exemption rule for the SADMS, an exemption has been claimed but only to the extent that the SADMS record is obtained from an Army information system for which an exemption has been previously claimed. In effect, SADMS will claim the same exemptions as claimed for the original system, but only if the purpose underlying the exemption for the original record still pertains to the record which is now contained in SADMS. Moreover, sexual assault incident reporting is not predicated on or affected by rank or security clearance. No one in the Army is exempt from inclusion in the SADMS if their information is captured and reported by one of the Army information systems identified in the SADMS systems notice. All reported incidents will be captured and where the investigative process determines an allegation to be founded, offender information will be maintained within the SADMS. Upon completion of actions by an offender's chain of command, information on disposition of all judicial or nonjudicial and administrative actions adjudged and/or ordered will be maintained within the SADMS as well.

The commenters observe that the system will infringe upon due process rights of victims and alleged offenders. We disagree. PII on alleged offenders will be added to the system after an allegation is determined to be “founded” as reflected in the final report of investigation by the lead investigating agency. Final disposition of these charges, once completed, will also be maintained within SADMS records. As discussed above, no PII contained within SADMS will be disclosed in response to any request for information unless specifically approved for release first by SAPR program office and then by either the Assistant Deputy Chief of Staff, G-1 or the Deputy Assistant Secretary of the Army for Human Resources or otherwise required by law. As with the source systems, PII will remain protected under the Privacy Act. Administrative, physical and technical safeguards have been established to prevent unauthorized access to the information maintained in SADMS. Limitations on the number of personnel with direct system access to PII in SADMS support efforts to minimize/eliminate unauthorized disclosure of this information. As discussed above, fewer than ten individuals in the Army will have direct system access to the personal identifying information in the system. This direct access to PII will be restricted to those individuals at the Army headquarters level who have an official need for this information in order to discharge their Army SAPR Program management responsibilities. If, and when, a decision is made to extend SADMS access beyond the Army SAPR Program Office, other Army users of the SADMS will not have access to personal identifying information contained within the system. Their access will be limited to aggregated, non-personal identifying information. Moreover, as stated above, commanders or others will not have access to PII contained in SADMS. SADMS information will not be used to inform or influence command or legal process decisions with respect to either victims or offenders. Additionally, ongoing education efforts will continually sensitize personnel authorized to view PII within SADMS that the privacy and confidentiality of the data must be preserved and protected, thereby ensuring that the data is only used as authorized.

The commenters remark that the system is inconsistent with DoD confidentiality policy. We disagree. Sexual assault victims have two options for reporting incidents in accordance with the DoD Confidentiality policy: “Unrestricted” or “Restricted” reporting. “Unrestricted” reporting allows a victim who is sexually assaulted and desires medical treatment, counseling, and an official investigation of his/her allegation to use current reporting channels. “Restricted” reporting means a victim can, on a confidential basis, disclose the details of his/her assault to the Sexual Assault Response Coordinator, victim advocate, chaplain or a healthcare provider and receive medical treatment and counseling, without triggering the official investigative process. Where victims choose restricted reporting, no PII will be contained within SADMS, nor will any combination of other potentially identifying information be maintained that could reasonably lead to the discovery of a victim's identity. SADMS supports the DoD confidentiality policy and its intent of fostering the confidence of victims to report incidents of sexual assault.

The commenters observe that SADMS will include detailed medical treatment information. We disagree. There will be no information provided to or maintained in SADMS concerning the substance or nature of medical care provided. Medical information is provided to the SADMS only when victims are Army servicemembers and elect unrestricted reporting. As indicated in the system notice, the data provided is limited to start and end dates of medical treatment resulting from sexual assault and the aggregate number of episodes of care received.

In view of the foregoing discussion, we have made changes to the system notice in an effort to eliminate any potential ambiguity or lack of clarity that now exists. The changes do not substantively change the design of SADMS design or its present reliance on the use of personal identifying information to accurately correlate the data it will receive from the functional, Army data sources identified.

Among the more significant changes are:

We have simplified the description of the individuals covered by the system to make clear that the individual must be a uniformed member of the Army, as either a victim or an alleged perpetrator of a sexual assault, in order for his or Start Printed Page 744her name, and data related to the sexual assault, to be included in the system of records.

We have expanded the safeguards to explain in greater detail the protections afforded the system and to identify who will have access to the system.

We have deleted the “Blanket Routine Uses” from the notice, finding that, in general, their inclusion is inconsistent with the objectives sought by the Army for this system.

The Department of the Army systems of records notices subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.

The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on December 28, 2006, to the House Committee on Government Reform, the Senate Committee on Homeland Security and Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, ‘Federal Agency Responsibilities for Maintaining Records About Individuals,’ dated February 8, 1996 (February 20, 1996, 61 FR 6427).

A0600-20 DCS, G-1

System name:

Sexual Assault Data Management System (SADMS) Files (October 25, 2005, 70 FR 61607).

Changes:

System location:

Delete entry and replace with: “Headquarters, Department of the Army. Official mailing addresses are published as an appendix to the Army's compilation of systems of records notices.”

Categories of individuals covered by the system:

Delete entry and replace with: “Any uniformed member of the Army who has been identified as the victim of a sexual assault. Any person who has been identified as the victim of a sexual assault allegedly committed by a uniformed member of the Army. Any person who has been identified as the perpetrator of an alleged sexual assault against a uniformed member of the Army. Any uniformed member of the Army who has been identified as the perpetrator of an alleged sexual assault.”

Categories of records in the system:

Delete entry and replace with: “Name; Social Security Number; date of birth; rank; demographic information; investigative or related information pertaining to a sexual assault incident; initial and final treatment dates and aggregate count of intermediate medical treatment contacts with the victim (only for those victims that are uniformed members of the Army and elect unrestricted reporting); information from records/reports relating to victim support extended by installation and/or unit advocates; and actions taken by commanders against offenders. Where a victim elects confidential or “restricted” reporting pursuant to the DoD confidentiality policy that went into effect June 14, 2005, neither personal identifying information concerning the victim nor investigative information or action taken against the alleged offender will be maintained in the system.”

Authority for maintenance of the system:

Add the following to the entry: “DoD Directive 6495.01, Sexual Assault Prevention and Response (SAPR) Program”

Purpose(s):

Delete entry and replace with: “To provide a centralized repository of relevant data regarding the entire lifecycle of sexual assault cases, involving victims and/or alleged offenders who are members of the Army (either the victim and/or alleged offender(s) must be a uniformed member of the Army) and to provide aggregate statistical data and management reports to enable Army SAPR Program leaders to assess the effectiveness of both response and prevention and to make necessary and appropriate changes to policy and procedures to correct any identified weaknesses or failings in the system.”

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Change the last sentence of the entry to read “The DoD ‘Blanket Routine Uses’ set forth at the beginning of the Army's compilation of systems of records do not apply to this system.”

Safeguards:

Delete entry and replace with: “Appropriate administrative, technical and physical safeguards have been established to ensure that records in the Sexual Assault Data Management System are protected from unauthorized alteration or disclosure and that privacy and confidentiality is preserved and protected. All records are maintained in areas accessible only to authorized personnel who have an official need for access in order to perform their assigned responsibilities and duties. Automated records are further protected by assignment of user identification and passwords, which are changed at random times, to protect the system from unauthorized access. The system employs a Secure Socket Layer (SSL) certificate and encryption process to provide further protection from unauthorized access.

Direct system access to personal identifying information (PII) is restricted to only those individuals in or supporting the Headquarters Department of the Army (HQDA) Sexual Assault Prevention and Response (SAPR) Program Office as needed to discharge their SAPR Program management responsibilities. Personnel with direct system access to personal identifying data within SADMS will receive detailed and continuous training on proper handling and safeguarding of this information. Likewise, no PII contained in SADMS will be disclosed in response to any internal request for information unless specifically approved for release first by the functional system owner(s) of the data and then by either the Assistant Deputy Chief of Staff, G-1 or the Deputy Assistant Secretary of the Army for Human Resources, either of whom must personally determine that the requester's need to know is at least equal to, if not greater than, the potential impact of divulging the PII, and that disclosure is otherwise consistent with law and regulation. Limiting SADMS access and disclosure authority will ensure that information management processes are firmly established across this small population of users. SADMS information will not be used to inform or influence command or legal process decisions with respect to either victims or offenders. Unauthorized disclosure of personal identifying information will not be tolerated and personnel responsible for this disclosure may be subject to criminal prosecution under federal law or the Uniform Code of Military Justice. During non-duty hours, military police or contract guard patrols ensure protection against unauthorized access. Except as required by law, such as the Privacy Act, PII within the system is not accessible by members of the general public.”

Start Printed Page 745Record Source Categories:

Delete entry and replace with: “Records in this system are derived from data originally maintained in the following official Army systems: Army Criminal Investigation Intelligence System (ACI2); Central Operations Police Suite (COPS); Sexual Assault Response Program Tracking Application (SARPTA); Defense Case Record Management System (DCRMS) (Army module); and Army Court Martial Information System (ACMIS).”

A0600-20 DCS, G-1

System name:

Sexual Assault Data Management System (SADMS) Files.

System location:

Headquarters, Department of the Army. Official mailing addresses are published as an appendix to the Army's compilation of systems of records notices.

Categories of individuals covered by the system:

Any uniformed member of the Army who has been identified as the victim of a sexual assault. Any person who has been identified as the victim of a sexual assault allegedly committed by a uniformed member of the Army. Any person who has been identified as the perpetrator of an alleged sexual assault against a uniformed member of the Army. Any uniformed member of the Army who has been identified as the perpetrator of an alleged sexual assault.

Categories of records in the system:

Name; Social Security Number; date of birth; rank; demographic information; investigative or related information pertaining to a sexual assault incident; initial and final treatment dates and aggregate count of intermediate medical treatment contacts with the victim (only for those victims that are uniformed members of the Army and elect unrestricted reporting); information from records/reports relating to victim support extended by installation and/or unit advocates; and actions taken by commanders against offenders. Where a victim elects confidential or “restricted” reporting pursuant to the DoD confidentiality policy that went into effect June 14, 2005, neither personal identifying information concerning the victim nor investigative information or action taken against the alleged offender will be maintained in the system.

Authority for maintenance of the system:

Public Law 108-375, Section 577; 10 U.S.C. 3013, Secretary of the Army; DoD Directive 1030.1, Victim and Witness Assistance; DoD Directive 6495.01, Sexual Assault Prevention and Response (SAPR) Program; AR 27-10 Military Justice; AR 40-66 Medical Record Administration and Health Care Documentation; AR 195-2 Criminal Investigation Activities; AR 608-18, Family Advocacy Program; AR 600-20, Army Command Policy; and EO 9397(SSN).

Purpose(s):

To provide a centralized repository of relevant data regarding the entire lifecycle of sexual assault cases, involving victims and/or alleged offenders who are members of the Army (either the victim and/or alleged offender(s) must be a uniformed member of the Army) and to provide aggregate statistical data and management reports to enable Army SAPR Program leaders to assess the effectiveness of both response and prevention and to make necessary and appropriate changes to policy and procedures to correct any identified weaknesses or failings in the system.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: To Congress and other agencies, as appropriate, to further the goals of Public Law 108-375. The DoD “Blanket Routine Uses” set forth at the beginning of the Army's compilation of systems of records do not apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Electronic storage media.

Retrievability:

Name and Social Security Number (SSN).

Safeguards:

Appropriate administrative, technical and physical safeguards have been established to ensure that records in the Sexual Assault Data Management System are protected from unauthorized alteration or disclosure and that privacy and confidentiality is preserved and protected. All records are maintained in areas accessible only to authorized personnel who have an official need for access in order to perform their assigned responsibilities and duties. Automated records are further protected by assignment of user identification and passwords, which are changed at random times, to protect the system from unauthorized access. The system employs a Secure Socket Layer (SSL) certificate and encryption process to provide further protection from unauthorized access. Direct system access to personal identifying information (PII) is restricted to only those individuals in or supporting the Headquarters Department of the Army (HQDA) Sexual Assault Prevention and Response (SAPR) Program Office as needed to discharge their SAPR Program management responsibilities. Personnel with direct system access to personal identifying data within SADMS will receive detailed and continuous training on proper handling and safeguarding of this information. Likewise, no PII contained in SADMS will be disclosed in response to any internal request for information unless specifically approved for release first by the functional system owner(s) of the data and then by either the Assistant Deputy Chief of Staff, G-1 or the Deputy Assistant Secretary of the Army for Human Resources, either of whom must personally determine that the requester's need to know is at least equal to, if not greater than, the potential impact of divulging the PII, and that disclosure is otherwise consistent with law and regulation. Limiting SADMS access and disclosure authority will ensure that information management processes are firmly established across this small population of users. SADMS information will not be used to inform or influence command or legal process decisions with respect to either victims or offenders. Unauthorized disclosure of personal identifying information will not be tolerated and personnel responsible for this disclosure may be subject to criminal prosecution under federal law or the Uniform Code of Military Justice. During non-duty hours, military police or contract guard patrols ensure protection against unauthorized access. Except as required by law, such as the Privacy Act, PII within the system is not accessible by members of the general public.

Retention and disposal:

Disposition pending (until the National Archives and Records Administration has approved retention and disposition of these records, treat as permanent).

System manager(s) and address:

Chief, Human Factors Division, Deputy Chief of Staff, Army G-1, ATTN: Start Printed Page 746DAPE-HRH, 300 Army Pentagon, Washington, DC 20310-0300.

Notification procedure:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to Deputy Chief of Staff, Army G-1, ATTN: DAPE-HRH, 300 Army Pentagon, Washington, DC 20310-0300.

Individual should provide his/her full name, current address, telephone number, and other personal identifying data that would assist in locating the records. The inquiry must be signed.

Records access procedure:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the Deputy Chief of Staff, Army G-1, ATTN: DAPE-HRH, 300 Army Pentagon, Washington, DC 20310-0300.

Individual should provide his/her full name, current address, telephone number, and other personal identifying data that would assist in locating the records. The inquiry must be signed.

Contesting records procedures:

The Army's rules for accessing records, and for contesting contents and appealing initial agency determinations are contained in Army Regulation 340-21; 32 CFR part 505; or may be obtained from the system manager.

Record source categories:

Records in this system are derived from data originally maintained in the following official Army systems: Army Criminal Investigation Intelligence System (ACI2); Central Operations Police Suite (COPS); Sexual Assault Response Program Tracking Application (SARPTA); Defense Case Record Management System (DCRMS) (Army module); and Army Court Martial Information System (ACMIS).

Exemptions claimed for the system:

This system of records is a compilation of information from other Department of Army systems of records. To the extent that copies of exempt records from those other systems of records are entered into SADMS, the Army G-1 hereby claims the same exemptions for the records from those other systems that are entered into this system, as claimed for the original primary system of which they are a part.

An exemption rule for this system has been promulgated in accordance with requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) and (e) and published in 32 CFR part 505. For additional information contact the system manager.