32 C.F.R. § 505.1 General information.
Title 32 - National Defense
(a) Purpose. This regulation sets forth policies and procedures that govern personal information kept by the Department of the Army in systems of records. (b) References—(1) Required publications. (i) AR 195–2, Criminal Investigation Activities. (Cited in §505.2(j)) (ii) AR 340–17, Release of Information and Records from Army Files. (Cited in §§505.2(h) and 505.4(d)) (iii) AR 430–21–8, The Army Privacy Program; System Notices and Exemption Rules for Civilian Personnel Functions. (Cited in §505.2(i)) (iv) AR 380–380, Automated System Security. (Cited in §505.4(d) and (f)) (2) Related publications. (A related publication is merely a source of additional information. The user does not have to read it to understand this regulation.) (i) DOD Directive 5400.11, DOD Privacy Program. (ii) DOD Regulation 5400.11–R, DOD Privacy Program. (iii) Treasury Fiscal Requirements Manual. This publication can be obtained from The Treasury Department, 15th and Pennsylvania Ave., NW, Washington, DC 20220 (c) Explanation of abbreviations and terms. Abbreviations and special terms used in this regulation are explained in the glossary. (d) Responsibilities. (1) The Director of Information Systems for Command, Control, Communications, and Computers (DISC4) is responsible for issuing policy and guidance for the Army Privacy Program in consultation with the Army General Counsel. (2) The Commander, U.S. Army Information Systems Command is responsible for developing policy for and executing the Privacy Act Program under the policy and guidance of the DISC4. (3) Heads of Joint Service agencies or commands for which the Army is the Executive Agent, or otherwise has responsibility for providing fiscal, logistical, or administrative support, will adhere to the policies and procedures in this regulation. (4) Commander, Army and Air Force Exchange Service (AAFES), is responsible for the supervision and execution of the privacy program within that command pursuant to this regulation. (e) Policy. Army Policy concerning the privacy rights of individuals and the Army's responsibilities for compliance with operational requirements established by the Privacy Act are as follows: (1) Protect, as required by the Privacy Act of 1974 (5 U.S.C. 552a), as amended, the privacy of individuals from unwarranted intrusion. Individuals covered by this protection are living citizens of the United States and aliens lawfully admitted for permanent residence. (2) Collect only the personal information about an individual that is legally authorized and necessary to support Army operations. Disclose this information only as authorized by the Privacy Act and this regulation. (3) Keep only personal information that is timely, accurate, complete, and relevant to the purpose for which it was collected. (4) Safeguard personal information to prevent unauthorized use, access, disclosure, alteration, or destruction. (5) Let individuals know what records the Army keeps on them and let them review or get copies of these records, subject to exemptions authorized by law and approved by the Secretary of the Army. (See §505.5.) (6) Permit individuals to amend records about themselves contained in Army systems of records, which they can prove are factually in error, not up-to-date, not complete, or not relevant. (7) Allow individuals to ask for an administrative review or decisions that deny them access to or the right to amend their records. (8) Maintain only information about an individual that is relevant and necessary for Army purposes required to be accomplished by statute or Executive Order. (9) Act on all requests promptly, accurately, and fairly. (f) Authority. The Privacy Act of 1974 (5 U.S.C. 552a), as amended, is the statutory basis for the Army Privacy Program. With in the Department of Defense, the Act is implemented by DOD Directive 5400.11 and DOD 5400.11–R. The Act Assigns— (1) Overall Government-wide responsibilities for implementation to the Office of Management and Budget. (2) Specific responsibilities to the Office of Personnel Management and the General Services Administration. (g) Access and Amendment Refusal Authority (AARA). Each Access and Amendment Refusal Authority (AARA) is responsible for action on requests for access to, or amendment of, records referred to them under this part. The officials listed below are the only AARA for records in their authority. Authority may be delegated to an officer or subordinate commander. All delegations must be in writing. If an AARA's delegate denies access or amendment, the delegate must clearly state that he or she is acting on behalf of the AARA and identify the AARA by name and position in the written response to the requester. Denial of access or amendment by an AARA's delegate must have appropriate legal review. Delegations will not be made below the colonel (06) or GS/GM-15 level. Such delegations must not slow Privacy actions. AARAs will send the names, offices, telephone numbers of heir delegates to the Director of Information Systems for Command, Control, Communications and Computers, Headquarters, Department of the Army, ATTN: SAIS-IDP, Washington, DC 20310–0107; and the Department of the Army Privacy Review Board, Crystal Square 1, Suite 201, 1725 Jefferson Davis Highway, Arlington, VA 22202. (1) The Administrative Assistant to the Secretary of the Army (AASA) for records of the Secretariat and its serviced activities, to include the personnel records maintained by the General Officer Management Office, personnel records pertaining to Senior Executive Service personnel serviced by the Office of the Secretary of the Army (OSA), and Equal Employment Opportunity (EEO) records from offices serviced by the OSA. The AASA will also serve as AARA for those records requiring the personal attention of the Secretary of the Army. (2) The Inspector General (TIG) for TIG investigative records. (3) The president or executive secretary of boards, councils, and similar bodies established by the Department of the Army to consider personnel matters, including the Army Board of Correction of Military Appeals, for records under their purview. (4) The Deputy Chief of Staff for Personnel (DCSPER) for records of active and former non-appropriated fund employees (except those in the Army and Air Force Exchange Service), alcohol and drug abuse treatment records, behavioral science records, recruiting, Armed Services Vocational Aptitude Battery (ASVAB), equal opportunity, Junior Reserve Officers' Training Corps (ROTC), Senior ROTC Instructor, military academy cadet, selection, promotion, and reduction boards; special review boards; professional staff informational records; and entrance processing records (when records pertain to those not entering active duty). (5) The Deputy Chief of Staff for Operations and Plans (DCSOPS) for military police records and reports and prisoner confinement and correctional records. (6) Chief of Engineers (COE) for records pertaining to civil work (including litigation), military construction, engineer procurement, other engineering matters not under the purview of another AARA, ecology, and contractor qualifications. (7) The Surgeon General (TSG) for medical records, except properly part of the Official Personnel Folder (OPM/GOVT–1 system of records). (8) Chief of Chaplains (CCH) for ecclesiastical records. (9) The Judge Advocate General (TJAG) for legal records under TJAG responsibility. (10) Chief, National Guard Bureau (NGB) for personnel records of the Army National Guard. (11) Chief, Army Reserve (CAR) for personnel records of Army retired, separated and reserve military personnel members. (12) Commander, United States Army Material Command (USAMC) for records of Army contractor personnel of the Army Material Command. (13) Commander, United States Army Criminal Investigation Command (USACIDC) for criminal investigation reports and military police reports included therein. (14) Commander, United States Total Army Personnel Command (PERSCOM) for personnel and personnel related records of Army members on active duty and current Federal appropriated fund civilian employees. (Requests from former civilian employees to amend a record in any OPM system of records such as the Official Personnel Folder should be sent to the Office of Personnel Management, Assistant Director for Workforce Information, Compliance and Investigations Group, 1900 E Street, NW., Washington, DC 20415-0001. (15) Commander, U.S. Army Community and Family Support Center (USACFSC) for records relating to morale, welfare and recreation activities; community life programs; family action programs, retired activities, club management, Army emergency relief, consumer protection, retiree survival benefits, and records dealing with Department of the Army relationships and social security veteran's affairs, United Service Organizations, U.S. Soldiers' and Airmen's home and American Red Cross. (16) Commander, U.S. Army Intelligence and Security Command (INSCOM) for intelligence, investigative and security records; foreign scientific and technological information; intelligence training, mapping and geodesy information; ground surveillance records; intelligence threat assessments; and missile intelligence data relating to tactical land warfare systems. (17) Commander, Army and Air Force Exchange Service (AAFES) for records pertaining to employees, patrons, and other matters which are the responsibility of the Exchange Service. (18) Commander, Military Traffic Management Command (MTMC) for transportation records. (19) Director of Army Safety for safety records. (20) Commander, U.S. Army Information Systems Command (USAISC) for records which do not fall within the functional area of another AARA. (h) Department of the Army Privacy Review Board. The Department of the Army Privacy Review Board acts on behalf of the Secretary of the Army in deciding appeals from refusal of the appropriate AARAs to amend records. Board membership is comprised of the AASA, the Commander, USAISC, Pentagon, and TJAG, or their representatives. The AARA may serve as a nonvoting member when the Board considers matters in the AARA's area of functional specialization. The Commander, USAISC, Pentagon, chairs the Board and provides the recording secretary. (i) Privacy Official. (1) Heads of Army Staff agencies and commanders of major Army commands and subordinate commands and activities will designate a privacy official who will serve as a staff adviser on privacy matters. This function will not be assigned below battalion level. (2) The privacy official will ensure that (i) requests are processed promptly and responsively, (ii) records subject to the Privacy Act in his/her command/agency are described properly by a published system notice, (iii) privacy statements are included on forms and questionnaires that seek personnel information from an individual, and (iv) procedures are in place to meet reporting requirements. [50 FR 42164, Oct. 18, 1985, as amended at 58 FR 51012, Sept. 30, 1993]
Title 32: National Defense
PART 505—THE ARMY PRIVACY PROGRAM
§ 505.1 General information.
