32 C.F.R. § 310.30 Individual access to personal information.
Title 32 - National Defense
(a) Individual access. (1) The access provisions of this part are intended for use by individuals about whom records are maintained in systems of records. Release of personal information to individuals under this part is not considered public release of information. (2) Make available to the individual to whom the record pertains all of the personal information that can be released consistent with DoD responsibilities. (b) Individual requests for access. Individuals shall address requests for access to personal information in a system of records to the system manager or to the office designated in the DoD Component rules or the system notice. (c) Verification of identity. (1) Before granting access to personal data, an individual may be required to provide reasonable verification of his or her identity. (2) Identity verification procedures shall not: (i) Be so complicated as to discourage unnecessarily individuals from seeking access to information about themselves; or (ii) Be required of an individual seeking access to records which normally would be available under the “DoD Freedom of Information Act Program” (32 CFR part 286). (3) Normally, when individuals seek personal access to records pertaining to themselves, identification is made from documents that normally are readily available, such as employee and military identification cards, driver's license, other licenses, permits or passes used for routine identification purposes. (4) When access is requested by mail, identity verification may consist of the individual providing certain minimum identifying data, such as full name, date and place of birth, or such other personal information necessary to locate the record sought. If the information sought is of a sensitive nature, additional identifying data may be required. If notarization of requests is required, procedures shall be established for an alternate method of verification for individuals who do not have access to notary services, such as military members overseas. (5) If an individual wishes to be accompanied by a third party when seeking access to his or her records or to have the records released directly to a third party, the individual may be required to furnish a signed access authorization granting the third party access. (6) An individual shall not be refused access to his or her record solely because he or she refuses to divulge his or her SSN unless the SSN is the only method by which retrieval can be made. (See §310.20(b)). (7) The individual is not required to explain or justify his or her need for access to any record under this part. (8) Only a denial authority may deny access and the denial must be in writing and contain the information required by paragraph (b) of §310.31. (d) Granting individual access to records. (1) Grant the individual access to the original record or an exact copy of the original record without any changes or deletions, except when changes or deletions have been made in accordance with paragraph (e) of this section. For the purpose of granting access, a record that has been amended under §310.31(b) is considered to be the original. See pargraph (e) of this section for the policy regarding the use of summaries and extracts. (2) Provide exact copies of the record when furnishing the individual copies of records under this part. (3) Explain in terms understood by the requestor any record or portion of a record that is not clear. (e) Illegible, incomplete, or partially exempt records. (1) Do not deny an individual access to a record or a copy of a record solely because the physical condition or format of the record does not make it readily available (for example, deteriorated state or on magnetic tape). Either prepare an extract or recopy the document exactly. (2) If a portion of the record contains information that is exempt from access, an extract or summary containing all of the information in the record that is releasable shall be prepared. (3) When the physical condition of the record or its state makes it necessary to prepare an extract for release, ensure that the extract can be understood by the requester. (4) Explain to the requester all deletions or changes to the records. (f) Access to medical records. (1) Disclose medical records to the individual to whom they pertain, even if a minor, unless a judgment is made that access to such records could have an adverse effect on the mental or physical health of the individual. Normally, this determination shall be made in consultation with a medical doctor. (2) If it is determined that the release of the medical information may be harmful to the mental or physical health of the individual: (i) Send the record to a physician named by the individual; and (ii) In the transmittal letter to the physician explain why access by the individual without proper professional supervision could be harmful (unless it is obvious from the record). (3) Do not require the physician to request the records for the individual. (4) If the individual refuses or fails to designate a physician, the record shall not be provided. Such refusal of access is not considered a denial for Privacy Act reporting purposes. (See paragraph (a) of §310.31). (5) Access to a minor's medical records may be granted to his or her parents or legal guardians. However, observe the following procedures: (i) In the United States, the laws of the particular state in which the records are located may afford special protection to certain types of medical records (for example, records dealing with treatment for drug or alcohol abuse and certain psychiatric records). Even if the records are maintained by a military medical facilities these statutes may apply. (ii) For the purposes of parental access to the medical records and medical determinations regarding minors at overseas installation the age of majority is 18 years except when: (A) A minor at the time he or she sought or consented to the treatment was between 15 and 17 years of age; (B) The treatment was sought in a program which was authorized by regulation or statute to offer confidentiality of treatment records as a part of the program; (C) The minor specifically requested or indicated that he or she wished the treatment record to be handled with confidence and not released to a parent or guardian; and (D) The parent or guardian seeking access does not have the written authorization of the minor or a valid court order granting access. (iii) If all four of the above conditions are met, the parent or guardian shall be denied access to the medical records of the minor. Do not use these procedures to deny the minor access to his or her own records under this part or any other statutes. (6) All members of the Military Services and all married persons are not considered minors regardless of age, and the parents of these individuals do not have access to their medical records without written consent of the individual. (g) Access to information compiled in anticipation of civil action. (1) An individual is not entitled under this part to gain access to information compiled in reasonable anticipation of a civil action or proceeding. (2) The term “civil proceeding” is intended to include quasi-judicial and pretrial judicial proceedings that are the necessary preliminary steps to formal litigation. (3) Attorney work products prepared in conjunction with quasi-judicial pretrial, and trial proceedings, to include those prepared to advise DoD Component officials of the possible legal consequences of a given course of action, are protected. (h) Access to investigatory records. (1) Requests by individuals for access to investigatory records pertaining to themselves and compiled for law enforcement purposes are processed under this part of the DoD Freedom of Information Program (32 CFR part 286) depending on which part gives them the greatest degree of access. (2) Process requests by individuals for access to investigatory record pertaining to themselves compiled for law enforcement purposes and in the custody of law enforcement activities that have been incorporated into systems of records exempted from the access provisions of this part in accordance with section B of chapter 5 under reference (f). Do not deny an individual access to the record solely because it is in the exempt system, but give him or her automatically the same access he or she would receive under the Freedom of Information Act (5 U.S.C. 552). (See also paragraph (h) of this section.) (3) Process requests by individuals for access to investigatory records pertaining to themselves that are in records systems exempted from access provisions under paragraph (a) of §310.52, subpart F, under this part, or the DoD Freedom of Information Act Program (32 CFR part 286) depending upon which regulation gives the greatest degree of access (see also paragraph (j) of this section). (4) Refer individual requests for access to investigatory records exempted from access under a general exemption temporarily in the hands of a noninvestigatory element for adjudicative or personnel actions to the originating investigating agency. Inform the requester in writing of these referrals. (i) Nonagency records. (1) Certain documents under the physical control of DoD personnel and used to assist them in performing official functions, are not considered “agency records” within the meaning of this Regulation. Uncirculated personal notes and records that are not disseminated or circulated to any person or organization (for example, personal telephone lists or memory aids) that are retained or discarded at the author's discretion and over which the Component exercises no direct control, are not considered agency records. However, if personnel are officially directed or encouraged, either in writing or orally, to maintain such records, they may become “agency records,” and may be subject to this part. (2) The personal uncirculated handwritten notes of unit leaders, office supervisors, or military supervisory personnel concerning subordinates are not systems of records within the meaning of this part. Such notes are an extension of the individual's memory. These notes, however, must be maintained and discarded at the discretion of the individual supervisor and not circulated to others. Any established requirement to maintain such notes (such as, written or oral directives, regulations, or command policy) make these notes “agency records” and they then must be made a part of a system of records. If the notes are circulated, they must be made a part of a system of records. Any action that gives personal notes the appearance of official agency records is prohibited, unless the notes have been incorporated into a system of records. (j) Relationship between the Privacy Act and the Freedom of Information Act. (1) Process requests for individual access as follows: (i) Requests by individuals for access to records pertaining to themselves made under the Freedom of Information Act (5 U.S.C. 552) or the DoD Freedom of Information Act Program (32 CFR part 286) or DoD Component instuctions implementing the DoD Freedom of Information Act Program are processed under the provisions of that reference. (ii) Requests by individuals for access to records pertaining to themselves made under the Privacy Act of 1971 (5 U.S.C. 552a), this part, or the DoD Component instructions implementing this part are processed under this part. (iii) Requests by individuals for access to records about themselves that cite both Acts or the implementing regulations and instructions for both Acts are processed under this part except: (A) When the access provisions of the DoD Freedom of Information Act Program (32 CFR part 286) provide a greater degree of access; or (B) When access to the information sought is controlled by another federal statute. (C) If the former applies, follow the provisions of 32 CFR part 286; and if the later applies, follow the access procedures established under the controlling statute. (iv) Requests by individuals for access to information about themselves in systems of records that do not cite either Act or the implementing regulations or instructions for either Act are processed under the procedures established by this part. However, there is no requirement to cite the specific provisions of this part or the Privacy Act (5 U.S.C. 552a) when responding to such requests. Do not count these requests as Privacy Act request for reporting purposes (see subpart I). (2) Do not deny individuals access to personal information concerning themselves that would otherwise be releasable to them under either Act solely because they fail to cite either Act or cite the wrong Act, regulation, or instruction. (3) Explain to the requester which Act or procedures have been used when granting or denying access under either Act (see also paragraph (j)(1)(iv) of this section). (k) Time limits. Normally acknowledge requests for access within 10 working days after receipt and provide access within 30 working days. (l) Privacy case file. Establish a Privacy Act case file when required (see paragraph (p) of §310.32 of this subpart). [51 FR 2364, Jan. 16, 1986. Redesignated at 56 FR 55631, Oct. 29, 1991, as amended at 56 FR 57800, Nov. 14, 1991]
Title 32: National Defense
PART 310—DoD PRIVACY PROGRAM
Subpart D—Access by Individuals
§ 310.30 Individual access to personal information.
