This part is reissued to consolidate into a single document (32 CFR part 310) Department of Defense (DoD) policies and procedures for implementing the Privacy Act of 1974, as amended (5 U.S.C. 552a) by authorizing the development, publication and maintenance of the DoD Privacy Program set forth by DoD Directive 5400.11 ^[1] and 5400.11-R, both entitled: “DoD Privacy Program.”

(a) Applies to the Office of the Secretary of Defense (OSD), the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense (IG, DoD), the Defense Agencies, the DoD Field Activities, and all other organizational entities in the Department of Defense (hereinafter referred to collectively as “the DoD Components”). This part is mandatory for use by all DoD Components. Heads of DoD Components may issue supplementary instructions only when necessary to provide for unique requirements within heir Components. Such instructions will not conflict with the provisions of this part.

Individual. A living person who is a citizen of the United States or an alien lawfully admitted for permanent residence. The parent of a minor or the legal guardian of any individual also may act on behalf of an individual. Members of the United States Armed Forces are individuals. Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not individuals.

a. The privacy of an individual is a personal and fundamental right that shall be respected and protected.

(g) Disclosure of records pertaining to personnel of the National Security Agency, the Defense Intelligence Agency, the National Reconnaissance Office, and the National Geospatial-Intelligence Agency shall be prohibited to the extent authorized by Public Law 86-36 (1959) and 10 U.S.C. 424. Disclosure of records pertaining to personnel of overseas, sensitive, or routinely deployable units shall be prohibited to the extent authorized by 10 U.S.C. 130b. Disclosure of medical records is prohibited except as authorized by DoD 6025.18-R. ^[2]

(j) DoD Field Activities shall receive Privacy Program support from the Director, Washington Headquarters Services.

(a) * * *

(4) Serve as the Chair to the Defense Privacy Board and Defense Data Integrity Board (§ 310.9).

(5) Supervise and oversee the activities of the Defense Privacy Office (§ 310.9).

(b) The Director, Washington Headquarters Services, under the DA&M, OSD, shall provide Privacy Program support for DoD Field Activities.

(c) The General Counsel of the Department of Defense (GC, DoD) shall:

(3) Serve as a member of the Defense Privacy Board, the Defense Data Integrity Board, the Defense Privacy Board Legal Committee (§ 310.9).

(d) The Secretaries of the Military Departments and the Heads of the Other DoD Components, except as noted in Sec. 310.5(j), shall:

(5) Submit reports, consistent with the requirements of DoD 5400.11-R, as mandated by 5 U.S.C. 552a and OMB Circular A-130, and as otherwise directed by the Defense Privacy Office.

(a) * * *

(1) Membership. The Board shall consist of the DA&M, OSD, who shall serve as the Chair; the Director of the Defense Privacy Office, DA&M, who shall serve as the Executive Secretary and as a member; The representatives designated by the Secretaries of the Military Departments; and the following officials or their designees: The Deputy Under Secretary of Defense for Program Start Printed Page 70491Integration (DUSD (PI)); the Assistant Secretary of Defense for Health Affairs; the Assistant Secretary of Defense for Networks and Information Integration (ASD(NII))/Chief Information Officer (CIO); the Director, Executive Services and Communications Directorate, Washington Headquarters Services (WHS); the GC, DoD; and the Director for Information Technology Management Directorate (ITMD), WHS. The designees also may be the principal point of contact for the DoD Component for privacy matters.

(b) * * *

(1) Membership. The Board shall consist of the DA&M, OSD, who shall serve as the Chair; the Director of the Defense Privacy Office, DA&M, who shall serve as the Executive Secretary; and the following officials or their designees: The representatives designated by the Secretaries of the Military Departments; the DUSD (PI); the ASD (NII)/CIO; the GC, DoD; the Inspector General, DoD; the ITMD, WHS; and the Director, Defense Manpower Data Center. The designees also may be the principal points of contact for the DoD Component for privacy matters.

(c) * * *

(1) The Committee shall consist of the Director, Defense Privacy Office, DA&M, who shall serve as the Chair and the Executive Secretary; the GC, DoD, or designee; and civilian and/or military counsel from each of the DoD Components. The General Counsels (GCs) and The Judge Advocates General of the Military Departments shall determine who shall provide representation for their respective Department to the Committee. This does not preclude representation from each office. The GCs of the other DoD Components shall provide legal representation to the Committee. Other DoD civilian or military counsel may be appointed by the Executive Secretary, after coordination with the DoD Component concerned, to serve on the Committee on those occasions when specialized knowledge or expertise shall be required.

(d) The Defense Privacy Office.

(2) * * *

(vi) Review proposed DoD Component privacy rulemaking, to include submission of the rule to the Office of the Federal Register for publication and providing OMB and the Congress reports, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.

(x) Compile and submit the “Biennial Matching Activity Report” to the OMB as required by OMB Circular A-130 and DoD 5400.11-R, and such other reports as required.