32 C.F.R. § 310.62 System notices.
Title 32 - National Defense
(a) Contents of the system notices. (1) The following data captions are included in each system notice: (i) System identification (see paragraph (b) of this section). (ii) System name (see paragraph (c) of this section). (iii) System location (see paragraph (d) of this section). (iv) Categories of individuals covered by the system (see paragraph (e) of this section). (v) Categories of records in the system (see paragraph (f) of this section). (vi) Authority for maintenance of the system (see paragraph (g) of this section). (vii) Purpose(s) (see paragraph (h) of this section). (viii) Routine uses of records maintained in the system, including categories of users, uses, and purposes of such uses (see paragraph (i) of this section). (ix) Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system (see paragraph (j) of this section). (x) Systems manager(s) and address (see paragraph (k) of this section). (xi) Notification procedure (see paragraph (l) of this section). (xii) Record access procedures (see paragraph (m) of this section). (xiii) Contesting records procedures (see paragraph (n) of this section.) (xiv) Record source categories (see paragraph (o) of this section). (xv) Systems exempted from certain provision of the Act (see paragraph (p) of this section). (2) The captions listed in paragraph (a)(1) of this section have been mandated by the Office of Federal Register and must be used exactly as presented. (3) A sample system notice is shown in appendix E. (b) System identification. The system identifier must appear on all system notices and is limited to 21 positions, including Component code, file number and symbols, punctuation, and spacing. (c) System name. (1) The name of the system should reasonably identify the general purpose of the system and, if possible, the general categories of individuals involved. (2) Use acronyms only parenthetically following the title or any portion thereof, such as, “Joint Uniform Military Pay System (JUMPS).” Do not use acronyms that are not commonly known unless they are preceded by an explanation. (3) The system name may not exceed 55 character positions including punctuation and spacing. (d) System location. (1) For systems maintained in a single location provide the exact office name, organizational identity, and address or routing symbol. (2) For geographically or organizationally decentralized systems, specify each level of organization or element that maintains a segment of the system. (3) For automated data systems with a central computer facility and input/output terminals at several geographically separated locations, list each location by category. (4) When multiple locations are identified by type of organization, the system location may indicate that official mailing addresses are contained in an address directory published as an appendix to the Component system notices in the (5) If no address directory is used or the addresses in the directory are incomplete, the address of each location where a segment of the record system is maintained must appear under the “System Location” caption. (6) Classified addresses are not listed, but the fact that they are classified is indicated. (7) Use the standard U.S. Postal Service two letter state abbreviation symbols and zip codes for all domestic addresses. (e) Categories of individuals covered by the system. (1) Set forth the specific categories of individuals to whom records in the system pertain in clear, easily understood, nontechnical terms. (2) Avoid the use of broad over-general descriptions, such as “all Army personnel” or “all military personnel” unless this actually reflects the category of individuals involved. (f) Categories of records in the system. (1) Describe in clear, nontechnical terms the types of records maintained in the system. (2) Only documents actually retained in the system of records shall be described, not source documents that are used only to collect data and then destroyed. (g) Authority for maintenance of the system. (1) Cite the specific provision of the federal statute or Executive Order that authorizes the maintenance of the system. (2) Include with citations for statutes the popular names, when appropriate (for example, Title 51, U.S. Code, section 2103, “Tea-Tasters Licensing Act”), and for Executive Orders, the official title (for example, Executive Order No. 9397, “Numbering System for Federal Accounts Relating to Individual Persons”). (3) Cite the statute or Executive Order establishing the Component for administrative housekeeping records. (4) If the Component is chartered by a DoD Directive, cite that Directive as well as the Secretary of Defense authority to issue the Directive. For example, “Pursuant to the authority contained in the National Security Act of 1947, as amended (10 U.S.C. 133d), the Secretary of Defense has issued DoD Directive 5105.21, the charter of the Defense Intelligence Agency (DIA) as a separate Agency of the Department of Defense under his control. Therein, the Director, DIA, is charged with the responsibility of maintaining all necessary and appropriate records.” (h) Purpose or purposes. (1) List the specific purposes for maintaining the system of records by the Component. (2) Include the uses made of the information within the Component and the Department of Defense (so-called “internal routine uses”). (i) Routine uses. (1) The blanket routine uses (appendix C) that appear at the beginning of each Component compilation apply to all systems notices unless the individual system notice specifically states that one or more of them do not apply to the system. List the blanket routine uses at the beginning of the Component listing of system notices (see paragraph (e)(5) of §310.41 of subpart E). (2) For all other routine uses, when practical, list the specific activity to which the record may be released, to include any routine automated system interface (for example, “to the Department of Justice, Civil Rights Compliance Division,” “to the Veterans Administration, Office of Disability Benefits,” or “to state and local health agencies”). (3) For each routine user identified, include a statement as to the purpose or purposes for which the record is to be released to that activity (see §310.41(e) of subpart E). The routine uses should be compatible with the purpose for which the record was collected or obtained (see §310.3(p), subpart A). (4) Do not use general statements, such as, “to other federal agencies as required” or “to any other appropriate federal agency.” (j) Policies and practices for storing, retiring, accessing, retaining, and disposing of records. This caption is subdivided into four parts: (1) Storage. Indicate the medium in which the records are maintained. (For example, a system may be “automated”, maintained on magnetic tapes or disks, “manual”, maintained in paper files, or “hybrid”, maintained in a combination of paper and automated form.) Storage does not refer to the container or facility in which the records are kept. (2) Retrievability. Specify how the records are retrieved (for example, name and SSN, name, SSN) and indicate whether a manual or computerized index is required to retrieve individual records. (3) Safeguards. List the categories of Component personnel having immediate access and those responsible for safeguarding the records from unauthorized access. Generally identify the system safeguards (such as storage in safes, vaults, locked cabinets or rooms, use of guards, visitor registers, personnel screening, or computer “fail-safe” systems software). Do not describe safeguards in such detail so as to compromise system security. (4) Retention and disposal. Indicate how long the record is retained. When appropriate, also state the length of time the records are maintained by the Component, when they are transferred to a Federal Records Center, length of retention at the Record Center and when they are transferred to the National Archivist or are destroyed. A reference to a Component regulation without further detailed information is insufficient. (k) System manager(s) and address. (1) List the title and address of the official responsible for the management of the system. (2) If the title of the specific official is unknown, such as for a local system, specify the local commander or office head as the systems manager. (3) For geographically separated or organizationally decentralized activities for which individuals may deal directly with officials at each location in exercising their rights, list the position or duty title of each category of officials responsible for the system or a segment thereof. (4) Do not include business or duty addresses if they are listed in the Component address directory. (l) Notification procedures. (1) If the record system has been exempted from subsection (e)(4)(G) of the Privacy Act (5 U.S.C. 552a) (see §310.50)(d), so indicate. (2) For all nonexempt systems, describe how an individual may determine if there are records pertaining to him or her in the system. The procedural rules may be cited, but include a brief procedural description of the needed data. Provide sufficient information in the notice to allow an individual to exercise his or her rights without referral to the formal rules. (3) As a minimum, the caption shall include: (i) The official title (normally the system manager) and official address to which the request is to be directed; (ii) The specific information required to determine if there is a record of the individual in the system. (iii) Identification of the offices through which the individual may obtain access; and (iv) A description of any proof of identity required (see §310.30(c)(1)). (4) When appropriate, the individual may be referred to a Component official who shall provide this data to him or her. (m) Record access procedures. (1) If the record system has been exempted from subsection (e)(4)(H) of the Privacy Act (5 U.S.C. 552a) (see §310.50(d)), so indicate. (2) For all nonexempt records systems, describe the procedures under which individuals may obtain access to the records pertaining to them in the system. (3) When appropriate, the individual may be referred to the system manager or Component official to obtain access procedures. (4) Do not repeat the addresses listed in the Component address directory but refer the individual to that directory. (n) Contesting record procedures. (1) If the record system has been exempted from subsection (e)(4)(H) of the Privacy Act (5 U.S.C. 552a) (see §310.50(d)), so indicate. (2) For all nonexempt systems of records, state briefly how an individual may contest the content of a record pertaining to him or her in the system. (3) The detailed procedures for contesting record accuracy, refusal of access or amendment, or initial review and appeal need not be included if they are readily available elsewhere and can be referred to by the public. (For example, “The Defense Mapping Agency rules for contesting contents and for appealing initial determinations are contained in DMA Instruction 5400.11 (32 CFR part 295c).”) (4) The individual may also be referred to the system manager to determine these procedures. (o) Record source categories. (1) If the record system has been exempted from subsection (e)(4)(I) of the Privacy Act (5 U.S.C. 552a) (see §310.50(d), subpart F), so indicate. (2) For all nonexempt systems of records, list the sources of the information in the system. (3) Specific individuals or institutions need not be identified by name, particularly if these sources have been granted confidentiality (see §310.52(b), subpart F). (p) System exempted from certain provisions of the Act. (1) If no exemption has been claimed for the system, indicate “None.” (2) If there is an exemption claimed indicate specifically under which subsection of the Privacy Act (5 U.S.C. 552a) it is claimed. (3) Cite the regulation and CFR section containing the exemption rule for the system. (For example, “Parts of this record system may be exempt under Title 5 U.S. Code, 552a(k)(2) and (5), as applicable. See exemption rules contained in Army Regulation 340–21 (32 CFR part 505).”) (q) Maintaining the master DoD system notice registry. (1) The Defense Privacy Office, ODASD(A) maintains a master registry of all DoD record systems notices. (2) Coordinate with the Defense Privacy Office, ODASD(A) to ensure that all new systems are added to the master registry and all amendments and alterations are incorporated into the master registry. [51 FR 2364, Jan. 16, 1986. Redesignated at 56 FR 55631, Oct. 29, 1991, as amended at 56 FR 57800, Nov. 14, 1991]
Title 32: National Defense
PART 310—DoD PRIVACY PROGRAM
Subpart G—Publication Requirements
§ 310.62 System notices.
