(5) Other technical data records. Charges for any additional services not specifically provided in paragraph (d) of this section, consistent with Volume 11A of DoD 7000.14–R (NOTAL) shall be made by DON activities at the following rates:
Minimum charge for office copy up to six images)—$3.50
Each additional image—$ .10
Each typewritten page—$3.50
Certification and validation with seal, each—$5.20
Hand-drawn plots and sketches, each hour or fraction Thereof—$12.00
§ 701.55 Processing FOIA fee remittances.
top
(a) Payments for FOIA charges, less fees assessed for technical data or by a Working Capital Fund or a Non-Appropriated Fund (NAF) activity, shall be made payable to the U.S. Treasurer and deposited in Receipt Account Number 172419.1203.
(b) Payments for fees assessed for technical data shall be made payable to the DON activity that incurred the costs and will be deposited directly into the accounting line item from which the costs were incurred.
(c) Payments for fees assessed by Working Capital Fund or Non-Appropriated Fund (NAF) activities shall be made payable to the DON activity and deposited directly into their account.
Subpart D—FOIA Exemptions
top
§ 701.56 Background.
top
The FOIA is a disclosure statute whose goal is an informed citizenry. Accordingly, records are considered to be releasable, unless they contain information that qualifies for withholding under one or more of the nine FOIA exemptions. The exemptions are identified as 5 U.S.C. 552 (b)(1) through (b)(9).
§ 701.57 Ground rules.
top
(a) Identity of requester. In applying exemptions, the identity of the requester and the purpose for which the record is sought are irrelevant with the exception that an exemption may not be invoked where the particular interest to be protected is the requester's interest. However, if the subject of the record is the requester for the record and the record is contained in a Privacy Act system of records, it may only be denied to the requester if withholding is both authorized in systems notice and by a FOIA exemption.
(b) Reasonably segregable. Even though a document may contain information which qualifies for withholding under one or more FOIA exemptions, FOIA requires that all “reasonably segregable” information be provided to the requester, unless the segregated information would have no meaning. In other words, redaction is not required when it would reduce the balance of the text to unintelligible gibberish.
(c) Discretionary release. A discretionary release of a record to one requester shall prevent the withholding of the same record under a FOIA exemption if the record is subsequently requested by someone else. However, a FOIA exemption may be invoked to withhold information that is similar or related that has been the subject of a discretionary release.
(d) Initial Denial Authority (IDA) actions. The decision to withhold information in whole or in part based on one or more of the FOIA exemptions requires the signature of an IDA. See listing of IDAs in §701.4.
§ 701.58 In-depth analysis of FOIA exemptions.
top
An in-depth analysis of the FOIA exemptions is addressed in the DOJ's annual publication, “Freedom of Information Act Guide & Privacy Act Overview.” A copy is available on the DOJ's FOIA website (see Navy FOIA website at http://www.ogc.secnav.hq.navy.mil/foia/index.php for easy access).
§ 701.59 A brief explanation of the meaning and scope of the nine FOIA exemptions.
top
(a) 5 U.S.C. 552 (b)(1): Those properly and currently classified in the interest of national defense or foreign policy, as specifically authorized under the criteria established by Executive Order and implemented by regulations.
(1) Although material is not classified at the time of the FOIA request, a classification review may be undertaken to determine whether the information should be classified based on the Executive Order on classification (i.e., Executive Order 12958) and/or a security classification guide. The procedures for reclassification are addressed in the Executive Order.
(2) If the information qualifies as exemption (b)(1) information, there is no discretion regarding its release. In addition, this exemption shall be invoked when the following situations are apparent:
(i) Glomar response: The fact of the existence or nonexistence of a record would itself reveal classified information. In this situation, DON activities shall neither confirm nor deny the existence or nonexistence of the record being requested. A “refusal to confirm or deny” response must be used consistently, not only when a record exists, but also when a record does not exist. Otherwise, the pattern of using a “no record” response when a record does not exist, and a “refusal to confirm or deny” when a record does exist will itself disclose national security information.
(ii) Compilation: Compilations of items of information that are individually unclassified may be classified if the compiled information reveals additional association or relationship that meets the standard for classification under an existing executive order for classification and is not otherwise revealed in the individual items of information.
(b) 5 U.S.C. 552 (b)(2): Those related solely to the internal personnel rules and practices of the DON and its activities. This exemption is entirely discretionary and has two profiles, high (b)(2) and low (b)(2):
(1) High (b)(2) are records containing or constituting statutes, rules, regulations, orders, manuals, directives, instructions, and security classification guides, the release of which would allow circumvention of these records thereby substantially hindering the effective performance of a significant function of the DON. For example:
(i) Those operating rules, guidelines, and manuals for DON investigators, inspectors, auditors, or examiners that must remain privileged in order for the DON activity fulfill a legal requirement;
(ii) Personnel and other administrative matters, such as examination questions and answers used in training courses or in the determination of the qualifications of candidates for employment, entrance on duty, advancement, or promotion;
(iii) Computer software, the release of which would allow circumvention of a statute or DON rules, regulations, orders, manuals, directives, or instructions. In this situation, the use of the software must be closely examined to ensure a circumvention possibility exists.
(2) Discussion of low (b)(2) is provided for information only, as DON activities may not invoke the low (b)(2). Low (b)(2) records are those matters which are trivial and housekeeping in nature for which there is no legitimate public interest or benefit to be gained by release, and it would constitute an administrative burden to process the request in order to disclose the records. Examples include rules of personnel's use of parking facilities or regulation of lunch hours, statements of policy as to sick leave, and administrative data such as file numbers, mail routing stamps, initials, data processing notations, brief references to previous communications, and other like administrative markings.
(c) 5 U.S.C. 552 (b)(3): Those concerning matters that a statute specifically exempts from disclosure by terms that permit no discretion on the issue, or in accordance with criteria established by that statute for withholding or referring to particular types of matters to be withheld. A few examples of (b)(3) statutes are:
(1) 10 U.S.C. 128, Physical Protection of Special Nuclear Material, Limitation on Dissemination of Unclassified Information.
(2) 10 U.S.C. 130, Authority to Withhold From Public Disclosure Certain Technical Data.
(3) 10 U.S.C. 1102, Confidentiality of Medical Quality Assurance Records.
(4) 10 U.S.C. 2305(g), Protection of Contractor Submitted Proposals.
(5) 12 U.S.C. 3403, Confidentiality of Financial Records.
(6) 18 U.S.C. 798, Communication Intelligence.
(7) 35 U.S.C. 181–188, Patent Secrecy—any records containing information relating to inventions that are the subject of patent applications on which Patent Secrecy Orders have been issued.
(8) 35 U.S.C. 205, Confidentiality of Inventions Information.
(9) 41 U.S.C. 423, Procurement Integrity.
(10) 42 U.S.C. 2162, Restricted Data and Formerly Restricted Data.
(11) 50 U.S.C. 403 (d)(3), Protection of Intelligence Sources and Methods.
(d) 5 U.S.C. 552 (b)(4): Those containing trade secrets or commercial or financial information that a DON activity receives from a person or organization outside the Government with the understanding that the information or record will be retained on a privileged or confidential basis in accordance with the customary handling of such records. Records within the exemption must contain trade secrets, or commercial or financial records, the disclosure of which is likely to cause substantial harm to the competitive position of the source providing the information; impair the Government's ability to obtain necessary information in the future; or impair some other legitimate Government interest. Commercial or financial information submitted on a voluntary basis, absent any exercised authority prescribing criteria for submission is protected without any requirement to show competitive harm. If the information qualifies as exemption (b)(4) information, there is no discretion in its release. Examples include:
(1) Commercial or financial information received in confidence in connection with loans, bids, contracts, or proposals set forth in or incorporated by reference in a contract entered into between the DON activity and the offeror that submitted the proposal, as well as other information received in confidence or privileged, such as trade secrets, inventions, discoveries, or other proprietary data. Additionally, when the provisions of 10 U.S.C. 2305(g) and 41 U.S.C. 423 are met, certain proprietary and source selection information may be withheld under exemption (b)(3).
(2) Statistical data and commercial or financial information concerning contract performance, income, profits, losses, and expenditures, if offered and received in confidence from a contractor or potential contractor.
(3) Personal statements given in the course of inspections, investigations, or audits, when such statements are received in confidence from the individual and retained in confidence because they reveal trade secrets or commercial or financial information normally considered confidential or privileged.
(4) Financial data provided in confidence by private employers in connection with locality wage surveys that are used to fix and adjust pay schedules applicable to the prevailing wage rate of employees within the DON.
(5) Scientific and manufacturing processes or developments concerning technical or scientific data or other information submitted with an application for a research grant, or with a report while research is in progress.
(6) Technical or scientific data developed by a contractor or subcontractor exclusively at private expense, and technical or scientific data developed in part with Federal funds and in part at private expense, wherein the contractor or subcontractor has retained legitimate proprietary interests in such data in accordance with 10 U.S.C. 2320–2321 and DoD Federal Acquisition Regulation Supplement (DFARS), chapter 2 of 48 CFR, subparts 227.71 and 227.72. Technical data developed exclusively with Federal funds may be withheld under Exemption (b)(3) if it meets the criteria of 10 U.S.C. 130 and DoD Directive 5230.25 of 6 November 1984.
(7) Computer software which is copyrighted under the Copyright Act of 1976 (17 U.S.C. 106), the disclosure of which would have an adverse impact on the potential market value of a copyrighted work.
(8) Proprietary information submitted strictly on a voluntary basis, absent any exercised authority prescribing criteria for submission. Examples of exercised authorities prescribing criteria for submission are statutes, Executive Orders, regulations, invitations for bids, requests for proposals, and contracts. Submission of information under these authorities is not voluntary.
(e) 5 U.S.C. 552(b)(5): Those containing information considered privileged in litigation, primarily under the deliberative process privilege. For example: internal advice, recommendations, and subjective evaluations, as contrasted with factual matters, that are reflected in deliberative records pertaining to the decision-making process of an agency, whether within or among agencies or within or among DON activities. In order to meet the test of this exemption, the record must be both deliberative in nature, as well as part of a decision-making process. Merely being an internal record is insufficient basis for withholding under this exemption. Also potentially exempted are records pertaining to the attorney-client privilege and the attorney work-product privilege. This exemption is entirely discretionary. Examples of the deliberative process include:
(1) The nonfactual portions of staff papers, to include after-action reports, lessons learned, and situation reports containing staff evaluations, advice, opinions, or suggestions.
(2) Advice, suggestions, or evaluations prepared on behalf of the DON by individual consultants or by boards, committees, councils, groups, panels, conferences, commissions, task forces, or other similar groups that are formed for the purpose of obtaining advice and recommendations.
(3) Those non-factual portions of evaluations by DON personnel of contractors and their products.
(4) Information of a speculative, tentative, or evaluative nature or such matters as proposed plans to procure, lease or otherwise acquire and dispose of materials, real estate, facilities or functions, when such information would provide undue or unfair competitive advantage to private personal interests or would impede legitimate government functions.
(5) Trade secret or other confidential research development, or commercial information owned by the Government, where premature release is likely to affect the Government's negotiating position or other commercial interest.
(6) Those portions of official reports of inspection, reports of the Inspector Generals, audits, investigations, or surveys pertaining to safety, security, or the internal management, administration, or operation of one or more DON activities, when these records have traditionally been treated by the courts as privileged against disclosure in litigation.
(7) Planning, programming, and budgetary information that is involved in the defense planning and resource allocation process.
(8) If any such intra- or inter-agency record or reasonably segregable portion of such record hypothetically would be made available routinely through the discovery process in the course of litigation with the agency, then it should not be withheld under the FOIA. If, however, the information hypothetically would not be released at all, or would only be released in a particular case during civil discovery where a party's particularized showing of need might override a privilege, then the record may be withheld. Discovery is the formal process by which litigants obtain information from each other for use in the litigation. Consult with legal counsel to determine whether exemption 5 material would be routinely made available through the discovery process.
(9) Intra- or inter-agency memoranda or letters that are factual, or those reasonably segregable portions that are factual, are routinely made available through discovery, and shall be made available to a requester, unless the factual material is otherwise exempt from release, inextricably intertwined with the exempt information, so fragmented as to be uninformative, or so redundant of information already available to the requester as to provide no new substantive information.
(10) A direction or order from a superior to a subordinate, though contained in an internal communication, generally cannot be withheld from a requester if it constitutes policy guidance or a decision, as distinguished from a discussion of preliminary matters or a request for information or advice that would compromise the decision-making process.
(11) An internal communication concerning a decision that subsequently has been made a matter of public record must be made available to a requester when the rationale for the decision is expressly adopted or incorporated by reference in the record containing the decision.
(f) 5 U.S.C. 552(b)(6): Information in personnel and medical files, as well as similar personal information in other files, that, if disclosed to a requester, other than the person about whom the information is about, would result in a clearly unwarranted invasion of personal privacy. Release of information about an individual contained in a Privacy Act System of records that would constitute a clearly unwarranted invasion of privacy is prohibited, and could subject the releaser to civil and criminal penalties. If the information qualifies as exemption (b)(6) information, there is no discretion in its release. Examples of other files containing personal information similar to that contained in personnel and medical files include:
(1) Those compiled to evaluate or adjudicate the suitability of candidates for civilian employment or membership in the Armed Forces, and the eligibility of individuals (civilian, military, or contractor employees) for security clearances, or for access to particularly sensitive classified information.
(2) Files containing reports, records, and other material pertaining to personnel matters in which administrative action, including disciplinary action, may be taken.
(3) Home addresses, including private e-mail addresses, are normally not releasable without the consent of the individuals concerned. This includes lists of home addressees and military quarters' addressees without the occupant's name. Additionally, the names and duty addresses (postal and/or e-mail) of DON/DoD military and civilian personnel who are assigned to units that are sensitive, routinely deployable, or stationed in foreign territories can constitute a clearly unwarranted invasion of personal privacy.
(4) Privacy interest. A privacy interest may exist in personal information even though the information has been disclosed at some place and time. If personal information is not freely available from sources other than the Federal Government, a privacy interest exists in its nondisclosure. The fact that the Federal Government expended funds to prepare, index and maintain records on personal information, and the fact that a requester invokes FOIA to obtain these records indicates the information is not freely available.
(5) Names and duty addresses (postal and/or e-mail) published in telephone directories, organizational charts, rosters and similar materials for personnel assigned to units that are sensitive, routinely deployable, or stationed in foreign territories are withholdable under this exemption.
(6) This exemption shall not be used in an attempt to protect the privacy of a deceased person, but it may be used to protect the privacy of the deceased person's family if disclosure would rekindle grief, anguish, pain, embarrassment, or even disruption of peace of mind of surviving family members. In such situations, balance the surviving family members' privacy against the public's right to know to determine if disclosure is in the public interest. Additionally, the deceased's social security number should be withheld since it is used by the next of kin to receive benefits. Disclosures may be made to the immediate next of kin as defined in DoD Directive 5154.24 of 28 October 1996 (NOTAL).
(7) A clearly unwarranted invasion of the privacy of third parties identified in a personnel, medical or similar record constitutes a basis for deleting those reasonably segregable portions of that record. When withholding third party personal information from the subject of the record and the record is contained in a Privacy Act system of records, consult with legal counsel.
(8) This exemption also applies when the fact of the existence or nonexistence of a responsive record would itself reveal personally private information, and the public interest in disclosure is not sufficient to outweigh the privacy interest. In this situation, DON activities shall neither confirm nor deny the existence or nonexistence of the record being requested. This is a Glomar response, and exemption (b)(6) must be cited in the response. Additionally, in order to insure personal privacy is not violated during referrals, DON activities shall coordinate with other DON activities or Federal agencies before referring a record that is exempt under the Glomar concept.
(i) A “refusal to confirm or deny” response must be used consistently, not only when a record exists, but also when a record does not exist. Otherwise, the pattern of using a “no records” response when a record does not exist and a “refusal to confirm or deny” when a record does exist will itself disclose personally private information.
(ii) Refusal to confirm or deny should not be used when the person whose personal privacy is in jeopardy has provided the requester a waiver of his or her privacy rights; the person initiated or directly participated in an investigation that led to the creation of an agency record seeks access to that record; or the person whose personal privacy is in jeopardy is deceased, the Agency is aware of that fact, and disclosure would not invade the privacy of the deceased's family.
(g) 5 U.S.C. 552(b)(7). Records or information compiled for law enforcement purposes; i.e., civil, criminal, or military law, including the implementation of Executive Orders or regulations issued under law. This exemption may be invoked to prevent disclosure of documents not originally created for, but later gathered for law enforcement purposes. With the exception of (b)(7)(C) and (b)(7)(F), this exemption is discretionary. This exemption applies, however, only to the extent that production of such law enforcement records or information could result in the following:
(1) 5 U.S.C. 552(b)(7)(A): Could reasonably be expected to interfere with enforcement proceedings.
(2) 5 U.S.C. 552(b)(7)(B): Would deprive a person of the right to a fair trial or to an impartial adjudication.
(3) 5 U.S.C. 552(b)(7)(C): Could reasonably be expected to constitute an unwarranted invasion of personal privacy of a living person, including surviving family members of an individual identified in such a record.
(i) This exemption also applies when the fact of the existence or nonexistence of a responsive record would itself reveal personally private information, and the public interest in disclosure is not sufficient to outweigh the privacy interest. In this situation, Components shall neither confirm nor deny the existence or nonexistence of the record being requested. This is a Glomar response, and exemption (b)(7)(C) must be cited in the response. Additionally, in order to insure personal privacy is not violated during referrals, DON activities shall coordinate with other DON/DoD activities or Federal Agencies before referring a record that is exempt under the Glomar concept. A “refusal to confirm or deny” response must be used consistently, not only when a record exists, but also when a record does not exist. Otherwise, the pattern of using a “no records” response when a record does not exist and a “refusal to confirm or deny” when a record does exist will itself disclose personally private information.
(ii) Refusal to confirm or deny should not be used when the person whose personal privacy is in jeopardy has provided the requester with a waiver of his or her privacy rights; or the person whose personal privacy is in jeopardy is deceased, and the activity is aware of that fact.
(4) 5 U.S.C. 552(b)(7)(D): Could reasonably be expected to disclose the identity of a confidential source, including a source within the DON; a State, local, or foreign agency or authority; or any private institution that furnishes the information on a confidential basis; and could disclose information furnished from a confidential source and obtained by a criminal law enforcement authority in a criminal investigation or by an agency conducting a lawful national security intelligence investigation.
(5) 5 U.S.C. 552(b)(7)(E): Would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law.
(6) 5 U.S.C. 552(b)(7)(F): Could reasonably be expected to endanger the life or physical safety of any individual.
(7) Some examples of exemption 7 are: Statements of witnesses and other material developed during the course of the investigation and all materials prepared in connection with related Government litigation or adjudicative proceedings; the identity of firms or individuals being investigated for alleged irregularities involving contracting with the DoD when no indictment has been obtained nor any civil action filed against them by the United States; information obtained in confidence, expressed or implied, in the course of a criminal investigation by a criminal law enforcement agency or office within a DON activity or a lawful national security intelligence investigation conducted by an authorized agency or office within the DON; national security intelligence investigations include background security investigations and those investigations conducted for the purpose of obtaining affirmative or counterintelligence information.
(8) The right of individual litigants to investigative records currently available by law (such as, the Jencks Act, 18 U.S.C. 3500), is not diminished.
(9) Exclusions. Excluded from the exemption in paragraph (g)(8) are the following two situations applicable to the DON:
(i) Whenever a request is made that involves access to records or information compiled for law enforcement purposes, and the investigation or proceeding involves a possible violation of criminal law where there is reason to believe that the subject of the investigation or proceeding is unaware of its pendency, and the disclosure of the existence of the records could reasonably be expected to interfere with enforcement proceedings, DON activities may, during only such times as that circumstance continues, treat the records or information as not subject to the FOIA. In such situation, the response to the requester will state that no records were found.
(ii) Whenever informant records maintained by a criminal law enforcement organization within a DON activities under the informant's name or personal identifier are requested by a third party using the informant's name or personal identifier, the DON activity may treat the records as not subject to the FOIA, unless the informant's status as an informant has been officially confirmed. If it is determined that the records are not subject to 5 U.S.C. 552(b)(7), the response to the requester will state that no records were found.
(iii) DON activities considering invoking an exclusion should first consult with the DOJ's Office of Information and Privacy.
(h) 5 U.S.C. 552(b)(8): Those contained in or related to examination, operation or condition reports prepared by, on behalf of, or for the use of any agency responsible for the regulation or supervision of financial institutions.
(i) 5 U.S.C. 552(b)(9): Those containing geological and geophysical information and data (including maps) concerning wells.
Subpart E—Indexing, Public Inspection, and Federal Register Publication of Department of the Navy Directives and Other Documents Affecting the Public
top
Source: 65 FR 24635, Apr. 27, 2000, unless otherwise noted.
§ 701.61 Purpose.
top
This subpart implements 5 U.S.C. 552(a) (1) and (2) and provisions of Department of Defense Directive 5400.7 May 13, 1988 (32 CFR part 286, 55 FR 53104); Department of Defense Directive 5400.9, December 23, 1974 (32 CFR part 336, 40 FR 49111); and the Regulations of the Administrative Committee of the Federal Register (1 CFR chaps. I and II) by delineating responsibilities and prescribing requirements, policies, criteria, and procedures applicable to:
(a) Publishing the following Department of the Navy documents in the Federal Register:
(1) Certain classes of regulatory, organizational policy, substantive, and procedural documents required to be published for the guidance of the public;
(2) Certain classes of proposed regulatory documents required to be published for public comment prior to issuance; and
(3) Certain public notices required by law or regulation to be published;
(b) Making available, for public inspection and copying, certain classes of documents having precedential effect on decisions concerning members of the public;
(c) Maintaining current indexes of documents having precedential effect on decisions concerning members of the public, and publishing such indexes or making them available by other means;
(d) Receiving and considering petitions of members of the public for the issuance, revision, or cancellation of regulatory documents of some classes; and
(e) Distributing the Federal Register for official use within the Department of the Navy.
§ 701.62 Scope and applicability.
top
This subpart prescribes actions to be executed by, or at the direction of, Navy Department (as defined in §700.104c of this chapter) components and specified headquarters activities for apprising members of the public of Department of the Navy regulations, policies, substantive and procedural rules, and decisions which may affect them, and for enabling members of the public to participate in Department of the Navy rulemaking processes in matters of substantial and direct concern to the public. This subpart complements subpart A, which implements Navy-wide requirements for furnishing documents to members of the public upon request. That a document may be published or indexed and made available for public inspection and copying under this instruction does not affect the possible requirement under subpart A for producing it for examination, or furnishing a copy, in response to a request made under that subpart.
§ 701.63 Policy.
top
In accordance with the spirit and intent of 5 U.S.C. 552, the public has the right to maximum information concerning the organization and functions of the Department of the Navy. This includes information on the policies and the substantive and procedural rules used by the Department of the Navy in its dealings with the public. In accordance with Department of Defense policy described in 32 CFR part 336, 40 FR 4911, moreover, the public is encouraged to participate in Department of the Navy rulemaking when the proposed rule would substantially and directly affect the public.
§ 701.64 Publication of adopted regulatory documents for the guidance of the public.
top
(a) Classes of documents to be published. Subject to the provisions of 5 U.S.C. 552(b) which exempt specified matters from requirements for release to the public [see subpart B of this part], the classes of Department of the Navy documents required to be published on a current basis in the Federal Register are listed below.
(1) Naval organization and points of contact—description of the central and field organization of the Department of the Navy and the locations at which, the members or employees from whom, and the methods whereby, the public may obtain information, make submittals or requests, or obtain decisions;
(2) Methods and procedures for business with public—statements of the general course and methods by which Department of the Navy functions affecting members of the public are channeled and determined, including the nature and requirements of all formal and informal procedures available;
(3) Procedural rules and forms—rules of procedure for functions affecting members of the public, descriptions of forms available or the places at which forms may be obtained, and instructions as to the scope and contents of all papers, reports, or examinations required to be submitted under such rules of procedures; and
(4) Substantive rules and policies—substantive rules of general applicability adopted as authorized by law, and statements of general policy or interpretations of general applicability formulated and adopted by the Department of the Navy. Such rules are commonly contained in directives, manuals, and memorandums.
(i) “General applicability” defined. The definition prescribed in 1 CFR 1.1 pertains to the classes of documents contemplated in §701.64(b) (4).
(ii) Internal personnel rules and internal practices. In addition to other exemptions listed in 5 U.S.C. 552(b) and subpart B of this part, particular attention is directed to the exemption pertaining to internal personnel rules and internal practices.
(iii) Local regulations. It is unnecessary to publish in the Federal Register a regulation which is essentially local in scope or application, such as a directive issued by a base commander in the implementation of his responsibility and authority under subpart G of part 700 of this title for guarding the security of the installation or controlling the access and conduct of visitors or tradesmen. However, such publication may be authorized under extraordinary circumstances, as determined by the Chief of Naval Operations or the Commandant of the Marine Corps, as appropriate, with the concurrence of the Judge Advocate General.
(iv) Incorporation by reference. With the approval of the Director of the Federal Register given in the limited instances authorized in 1 CFR Part 51 and 32 CFR 336.5(c), the requirement for publication in the Federal Register may be satisfied by reference in the Federal Register to other publications containing the information which must otherwise be published in the Federal Register. In general, matters eligible for incorporation by reference are restricted to materials in the nature of published data, criteria, standards, specifications, techniques, illustrations, or other published information which are reasonably available to members of the class affected.
(b) Public inspection. When feasible, Department of the Navy and Department of Defense documents published in the Federal Register should be made available for inspection and copying, along with available indexes of such documents, in the same locations used for copying of the documents contemplated in §701.65.
§ 701.65 Availability, public inspection, and indexing of other documents affecting the public.
top
(a) Discussion. Section 552(a) of title 5, United States Code, requires the Department of the Navy to make available for public inspection and copying documents which have precedential significance on those Department of the Navy decisions which affect the public. These documents must be kept readily available for public inspection and copying at designated locations, unless they are promptly published and copies are offered for sale. Additionally, documents issued after July 4, 1967, are required to be indexed on a current basis. These indexes, or supplements thereto, must be published at least quarterly in accordance with the provisions of this paragraph. In determining whether a particular document is subject to the requirements of this paragraph, consideration should be given to the statutory purposes and legal effect of the provisions.
(1) Statutory purposes. In general, the purpose of the requirement to provide members of the public with essential information is to enable them to deal effectively and knowledgeably with Federal agencies; to apprise members of the public of the existence and contents of documents which have potential legal consequences as precedents in administrative determinations which may affect them; and to permit public examination of the basis for administrative actions which affect the public.
(2) Legal effect. If a document is required to be indexed and made available under this paragraph, it may not be used or asserted as a precedent against a member of the public unless it was indexed and made available, or unless the person against whom it is asserted had actual and timely notice of its contents.
(b) Classes of documents affected. (1) Subject to the provisions of 5 U.S.C. 552(b) which exempt specified matters from the requirements of public disclosure, the following classes of Department of the Navy documents are included in the requirements of this paragraph:
(i) Final adjudicative opinions and orders—opinions (including concurring and dissenting opinions) which are issued as part of the final disposition of adjudication proceedings (as defined in 5 U.S.C. 551) and which may have precedential effect in the disposition of other cases affecting members of the public;
(ii) Policy statements and interpretations—statements of policy and interpretations of less than general applicability (i.e., applicable only to specific cases; organizations, or persons), which are not required to be published in the Federal Register, but which may have precedential effect in the disposition of other cases affecting members of the public;
(iii) Manuals and instructions—administrative staff manuals, directives, and instructions to staff, or portions thereof, which establish Department of the Navy policy or interpretations of policy that serve as a basis for determining the rights of members of the public with regard to Department of the Navy functions. In general, manuals and instructions relating only to Internal management aspects of property or fiscal accounting, personnel administration, and most other “proprietary” functions of the department are not within the scope of this provision. This provision also does not apply to instructions for employees on methods, techniques, and tactics to be used in performing their duties; for example:
(A) Instructions or manuals issued for audit, investigation, and inspection purposes;
(B) Those which prescribe operational tactics; standards of performance; criteria for defense, prosecution, or settlement of cases; or negotiating or bargaining techniques, limitations, or positions; and
(C) Operations and maintenance manuals and technical information concerning munitions, equipment, and systems, and foreign intelligence operations.
(2) In determining whether a document has precedential effect, the primary test is whether it is intended as guidance to be followed either in decisions or evaluations by the issuing authority's subordinates, or by the issuing authority itself in the adjudication or determination of future cases involving similar facts or issues. The kinds of orders or opinions which clearly have precedential effect are those that are intended to operate both as final dispositions of the questions involved in the individual cases presented, and as rules of decision to be followed by the issuing authority or its subordinates in future cases involving similar questions. By contrast, many adjudicative orders and opinions issued within the Department of the Navy operate only as case-by-case applications of policies or interpretations established in provisions of manuals or directives and are not themselves used, cited, or relied on as rules of decision in future cases. In these instances, the underlying manual or directive provisions obviously would have precedential effect, but the orders and opinions themselves would not have. A recommendation by an official who is not authorized to adjudicate, or to issue a binding statement of policy or interpretation in a particular matter would not have precedential effect though an order, opinion, statement of policy, or interpretation issued by an authorized official pursuant to such recommendation might have that effect.
(c) Deletion of identifying details. (1) Although the exemptions from public disclosure described in 5 U.S.C. 552 and subpart B of this part are applicable to documents which are required to be indexed and made available for public inspection and copying under this paragraph, there is no general requirement that any segregable portions of partially exempt documents be so indexed and made available for public inspection and copying. As a general rule, a record may therefore be held exempt in its entirety from the requirements of this paragraph if it is determined that it contains exempt matter and that it is reasonably foreseeable that disclosure would be harmful to an interest protected by that exemption. An exception to this general rule does exist with regard to a record which would be exempt only because it contains information which, if disclosed, would result in a clearly unwarranted invasion of privacy.
(2) Where necessary to prevent a clearly unwarranted invasion of a person's privacy, identifying details should be deleted from a record which is required to be indexed and made available for public inspection and copying under this paragraph. In every such case, the justification for the deletion must be fully stated in writing in a manner which avoids creating inferences that could be injurious to the person whose privacy is involved. Usual reasons for deletion of identifying details include the protection of privacy in a person's business affairs, medical matters, or private family matters; humanitarian considerations; and avoidance of embarrassment to a person.
(d) Publication of indexes—(1) Form of indexes. Each index should be arranged topically or by descriptive words, so that members of the public may be able to locate the pertinent documents by subject, rather than by case name or by a numbering system.
(2) Time of publication. Each component having cognizance of records required under this paragraph to be indexed shall compile and maintain an index of such records on a continually current basis. Each such index was required to initially be published by July 1, 1975. An updated version of each such index, or a current supplement thereto, shall be published by an authorized method at least annually thereafter.
(3) Methods of publication. The methods authorized for publication of the indexes contemplated in this paragraph are:
(i) Publication in the Federal Register;
(ii) Commercial publication, provided that such commercial publication is readily available to members of the public, or will be made available upon request, and payment of costs (if this method is utilized, information on the cost of copies and the address from which they may be obtained shall be published in the Federal Register); or
(iii) Furnishing internally reproduced copies upon request, at cost not to exceed the direct cost of duplication in accordance with subpart D of this part, provided that it is determined by an order published in the Federal Register, that the publication of the index by methods §701.65(d) (3) (i) or (ii) would be unnecessary or impracticable. Such order shall state the cost of copies and the address from which they may be obtained. The Chief of Naval Operations (N09B30) is authorized to issue such an order in a proper case.
(4) Public inspection of indexes. In addition to publication by one of the foregoing methods, each index will be made available for public inspection and copying in accordance with §701.65(e) at the locations where Department of the Navy records are available for public inspection.
(e) Where records may be inspected. Locations and times at which Department of the Navy records, and indexes thereof, are available for public inspection and copying are shown in §701.32.
(f) Cost. Fees for copying services, if any, furnished at locations shown in §701.32 shall be determined in accordance with subpart D of this part.
(g) Records of the United States Navy-Marine Corps Court of Military Review. The United States Navy-Marine Corps Court of Military Review is deemed to be “a court of the United States” within the meaning of 5 U.S.C. 551 and is therefore excluded from the requirements of 5 U.S.C. 552. Nevertheless, unpublished decisions of the United States Navy-Marine Corps Court of Military Review, although not indexed, are available for public inspection at the location shown in §701.32(c).
§ 701.66 Publication of proposed regulations for public comment.
top
(a) Discussion. The requirements of this section are not imposed by statute, but are the implementation of policies and procedures created administratively in 32 CFR part 336. In effect, the pertinent provisions of 32 CFR part 336 establish, within the Department of Defense and its components, procedures that are analogous to the public rulemaking procedures applicable to some functions of other Federal agencies under 5 U.S.C. 553. While the administrative policy of encouraging the maximum practicable public participation in the Department of the Navy rulemaking shall be diligently followed, determinations by the Department of the Navy as to whether a proposed regulatory requirement originated by it comes within the purview of this paragraph and the corresponding provisions of 32 CFR part 336, and as to whether inviting public comment is warranted, shall be conclusive and final.
(b) Classes of documents affected. Each proposed regulation or other document of a class described in §701.64(a) (or a proposed revision of an adopted document of any of those classes) which would “originate” within the Department of the Navy a requirement of general applicability and future effect for implementing, interpreting, or prescribing law or policy, or practice and procedure requirements constituting authority for prospective actions having substantial and direct impact on the public, or a significant portion of the public, must be evaluated to determine whether inviting public comment prior to issuance is warranted. Documents that merely implement regulations previously issued by higher naval authorities or by the Department of Defense will not be deemed to “originate” requirements within the purview of this section. If a proposed document is within the purview of this section, publication to invite public comment will be warranted unless, upon evaluation, it is affirmatively determined both that a significant and legitimate interest of the Department of the Navy or the public will be served by omitting such publication for public comment, and that the document is subject to one or more of the following exceptions:
(1) It pertains to a military or foreign affairs function of the United States which has been determined under the criteria of an Executive Order or statute to require a security classification in the interests of national defense or foreign policy;
(2) It relates to naval management, naval military or civilian personnel, or public contracts (e.g. Navy Procurement Directives), including nonappropriated fund contracts;
(3) It involves interpretative rules, general statements of policy, or rules of agency organization, procedure, or practice; or
(4) It is determined with regard to the document, for good cause, that inviting the pubic comment is impracticable, unnecessary, or contrary to the public interest.
(c) Procedures—(1) Normal case. Unless the official having cognizance of a proposed regulatory document determines under the criteria of §701.66(b) that inviting public comment is not warranted, he or she shall cause it to be published in the Federal Register with an invitation for the public to submit comments in the form of written data, views, or arguments during a specified period of not less than 30 days following the date of publication. An opportunity for oral presentation normally will not be provided, but may be provided at the sole discretion of the official having cognizance of the proposed directive if he or she deems it to be in the best interest of the Department of the Navy or the public to do so. After careful consideration of all relevant matters presented within the period specified for public comment, the proposed document may be issued in final form. After issuance, the adopted document, and a preamble explaining the relationship of the adopted document to the proposed and the nature and effect of public comments, shall be published in the Federal Register for guidance of the public.
(2) Where public comment is not warranted. The official having cognizance of a proposed document within the purview of this paragraph shall, if he or she determines that inviting public comment concerning the document is not warranted under the criteria of §701.66(b), incorporate that determination, and the basis therefor, in the document when it is issued or submitted to a higher authority for issuance. After issuance, such document shall be published in the Federal Register for the guidance of the public, if required under §701.64(b).
§ 701.67 Petitions for issuance, revision, or cancellation of regulations affecting the public.
top
In accordance with the provisions of 32 CFR part 336, the Department of the Navy shall accord any interested person the right to petition in writing, for the issuance, revision, or cancellation of regulatory document that originates, or would originate, for the Department of the Navy, a policy, requirement, or procedure which is, or would be, within the purview of §701.66. The official having cognizance of the particular regulatory document involved, or having cognizance of the subject matter of a proposed document, shall give full and prompt consideration to any such petition. Such official may, at his or her absolute discretion, grant the petitioner an opportunity to appear, at his or her own expense, for the purpose of supporting the petition, if this is deemed to be compatible with orderly conduct of public business. The petitioner shall be advised in writing of the disposition, and the reasons for the disposition, of any petition within the purview of this section.
Subpart F—DON Privacy Program
top
Source: 71 FR 27536, May 11, 2006, unless otherwise noted.
§ 701.100 Purpose.
top
Subparts F and G of this part implement the Privacy Act (5 U.S.C. 552a), and the DOD Directives 5400.11 and 5400.11–R series, DOD Privacy Program (see 32 CFR part 310) and provides DON policies and procedures to ensure that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities under the provisions of the Privacy Act (PA); to balance the Government's need to maintain information with the obligation to protect individuals against unwarranted invasions of their privacy stemming from the DON's collection, maintenance, use, and disclosure of Protected Personal Information (PPI); and to require privacy management practices and procedures be employed to evaluate privacy risks in publicly accessible DON Web sites and unclassified non-national security information systems.
(a) Scope. Governs the collection, safeguarding, maintenance, use, access, amendment, and dissemination of PPI kept by DON in PA systems of records.
(b) Guidance. Provides guidance on how to respond to individuals who seek access to information in a PA system of records that is retrieved by their name and/or personal identifier.
(c) Verify identity. Establishes ways to verify the identity of individuals who request their records before the records are made available to them.
(d) Online resources. Directs the public to the Navy's PA Online Web site at http://www.privacy.navy.mil that defines the DON's PA Program, lists all Navy, Marine Corps, and Government-wide systems of records and provides guidance on how to gain access to those records.
(e) Rules of conduct. Governs the PA rules of conduct for personnel, who will be subject to either civil or criminal penalties for noncompliance with 5 U.S.C. 552a.
(f) Privacy impact assessment (PIA) requirements. Establishes requirements for conducting, reviewing, approving, and publishing PIAs.
§ 701.101 Privacy program terms and definitions.
top
(a) Access. Review or copying a record or parts thereof contained in a system of records by any individual.
(b) Agency. For the purposes of disclosing records subject to the PA between or among DOD components, DOD is considered a single agency. For all other purposes, DON is considered an agency within the meaning of PA.
(c) Disclosure. The transfer of any personal information from a system of records by any means of communication (such as oral, written, electronic, mechanical, or actual review), to any person, private entity, or Government agency, other than the subject of the record, the subject's designated agent or the subject's legal guardian.
(d) Federal personnel. Officers and employees of the U.S. Government, members of the uniformed services (including members of the reserve), individuals or survivors thereof, entitled to receive immediate or deferred retirement benefits under any retirement program of the U.S. Government (including survivor benefits).
(e) Individual. A living citizen of the U.S. or an alien lawfully admitted to the U.S. for permanent residence. The custodial parent of a minor or the legal guardian of any individual also may act on behalf of an individual. Members of the United States Armed Forces are “individuals.” Corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not “individuals.”
(f) Individual access. Access to information pertaining to the individual by the individual or his/her designated agent or legal guardian.
(g) Information in identifiable form (IIF). Information in an Information Technology (IT) system or online collection that directly identifies an individual (e.g., name, address, social security number or other identifying code, telephone number, e-mail address, etc.) or by an agency intends to identify specific individuals in conjunction with other data elements (i.e., indirect identification that may include a combination of gender, race, birth date, geographic indicator, and other descriptors).
(h) Information system. A discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information.
(i) Maintain. Includes maintain, collect, use, or disseminate.
(j) Member of the public. Any individual or party acting in a private capacity.
(k) Minor. Under this subpart, a minor is an individual under 18 years of age, who is not a member of the U.S. Navy or Marine Corps, or married.
(l) Official use. Within the context of this subpart, this term is used when DON officials and employees have a demonstrated need for the use of any record or the information contained therein in the performance of their official duties.
(m) Personal information. Information about an individual that identifies, relates, or is unique to, or describes him or her (e.g., Social Security Number (SSN), age, military rank, civilian grade, marital status, race, salary, home/office phone numbers, etc.).
(n) Privacy Act (PA) request. A request from an individual for notification as to the existence of, access to, or amendment of records pertaining to that individual. These records must be maintained in a system of records.
(o) Privacy Impact Assessment (PIA). An ongoing assessment to evaluate adequate practices in balancing privacy concerns with the security needs of an organization. The process is designed to guide owners and developers of information systems in assessing privacy through the early stages of development. The process consists of privacy training, gathering data from a project on privacy issues, identifying and resolving the privacy risks, and approval by a designated privacy representative.
(p) Protected personal information (PPI). Any information or characteristics that may be used to distinguish or trace an individual's identity, such as their name, SSN, or biometric records.
(q) Record. Any item, collection, or grouping of information, whatever the storage media (e.g., paper, electronic, etc), about an individual that is maintained by a DON activity including, but not limited to, the individual's education, financial transactions, and medical, criminal, or employment history, and that contains the individual's name or other identifying particulars assigned to the individual, such as a finger or voice print or a photograph.
(r) Review authority. An official charged with the responsibility to rule on administrative appeals of initial denials of requests for notification, access, or amendment of records. SECNAV has delegated review authority to the Assistant Secretary of the Navy (Manpower & Reserve Affairs) (ASN(M&RA)), General Counsel of the DON (GC), and the Judge Advocate General of the Navy (JAG). Additionally, the Office of Personnel Management (OPM) is the review authority for civilian official personnel folders or records contained in any other OPM record.
(s) “Routine use” disclosure. A disclosure of a record made outside DOD for a purpose that is compatible with the purpose for which the record was collected and maintained by DOD. The “routine use” must have been included in the notice for the system of records published in the Federal Register.
(t) Statistical record. A record maintained only for statistical research, or reporting purposes, and not used in whole or in part in making any determination about a specific individual.
(u) System manager. An official who has overall responsibility for a system of records. He/she may serve at any level in DON. Systems managers are indicated in the published record systems notices. If more than one official is indicated as a system manager, initial responsibility resides with the manager at the appropriate level (i.e., for local records, at the local activity).
(v) System of records. A group of records under the control of a DON activity from which information is retrieved by the individual's name or by some identifying number, symbol, or other identifying particular assigned to the individual. System notices for all PA systems of records must be published in the Federal Register and are also available for viewing or downloading from the Navy's Privacy Act Online Web site at http://www.privacy.navy.mil.
(w) Web site. A collection of information organized into a number of Web documents related to a common subject or set of subjects, including the “home page” and the linked subordinate information.
(x) Working day. All days excluding Saturday, Sunday, and legal holidays.
§ 701.102 Online resources.
top
(a) Navy PA online Web site (http://www.privacy.navy.mil). This Web site supplements this subpart and subpart G. It provides a detailed understanding of the DON's PA Program. It contains information on Navy and Marine Corps systems of records notices; Government-wide systems of records notices that can be used by DON personnel; and identifies Navy and Marine Corps exempt systems of records notices. It includes: PA policy documents; sample training materials; DOD “Blanket Routine Uses;” a checklist for conducting staff assistance visits; a copy of PA statute; guidance on how to establish, delete, alter, or amend PA systems of records notices; and provides updates on the DON's PA Program.
(b) DON Chief Information Officer (DON CIO) Web site (http://www.doncio.navy.mil). This Web site provides detailed guidance on PIAs.
(c) DOD's PA Web site (http://www.defenselink.mil/privacy). This Web site is an excellent resource that contains a listing of all DOD and its components' PA systems of records notices, DOD PA directive and regulation, OMB Circulars, Defense Privacy Decision Memoranda, etc.
(d) DON Freedom of Information Act (FOIA) Web site (http://www.foia.navy.mil). This Web site discusses the interface between PA and FOIA and provides detailed guidance on the DON's FOIA Program.
§ 701.103 Applicability.
top
(a) DON activities. Applies to all DON activities that collect, maintain, or disseminate PPI. Applies to DON activities and to contractors, vendors, and other entities that develop, procure, or use Information Technology (IT) systems under contract to DOD/DON, to collect, maintain, or disseminate IIF from or about members of the public.
(b) Combatant commands. Applies to the U.S. Joint Forces Command (USJFCOM) and U.S. Pacific Command (USPACOM), except for U.S. Forces Korea as prescribed by DOD Directive 5100.3.
(c) U.S. citizens and legally admitted aliens. Applies to living citizens of the U.S. or aliens lawfully admitted for permanent legal residence. Requests for access to information in a PA system of records made by individuals who are not U.S. citizens or permanent residents will be processed under the provisions of the FOIA.
(d) Federal contractors. Applies to Federal contractors by contract or other legally binding action, whenever a DON contract provides for the operation, maintenance, or use of records contained in a PA system of records to accomplish a DON function.
(1) When a DON activity contracts for the operation or maintenance of a system of records or a portion of a system of records by a contractor, the record system or the portion of the record system affected are considered to be maintained by the DON activity and are subject to this subpart and subpart G of this part.
(2) The contractor and its employees are considered employees of the DON activity for purposes of the sanction provisions of the PA during the performance of the contract.
(3) The Defense Acquisition Regulatory (DAR) Council, which oversees the implementation of the Federal Acquisition Regulations (FAR) within DOD, is responsible for developing the specific policies and procedures for soliciting, awarding, and administering contracts that are subject to this subpart and 5 U.S.C. 552a.
(4) Consistent with the FAR regulations, contracts for the operation of a system of records shall identify specifically the record system and the work to be performed, and shall include in the solicitation and resulting contract the terms as prescribed by the FAR (see http://www.privacy.navy.mil (Admin Tools)).
(5) DON activities must furnish PA Program guidance to their personnel who solicit and award or administer Government contracts; inform prospective contractors of their responsibilities regarding the DON PA Program; and establish an internal system of contractor performance review to ensure compliance with the DON Privacy Program.
(6) This instruction does not apply to records of a contractor that are:
(i) Established and maintained solely to assist the contractor in making internal contractor management decisions, such as records maintained by the contractor for use in managing the contract;
(ii) Maintained as internal contractor employee records, even when used in conjunction with providing goods or services to a DON activity;
(iii) Maintained as training records by an educational organization contracted by a DON activity to provide training when the records of the contract students are similar to and commingled with training records of other students, such as admission forms, transcripts, and academic counseling and similar records;
(iv) Maintained by a consumer reporting agency to which records have been disclosed under 31 U.S.C. 3711; or
(7) DON activities shall establish contract surveillance programs to ensure contractors comply with the procedures established by the DAR Council.
(8) Disclosing records to a contractor for use in performing a contract let by a DON activity is considered a disclosure within DON (i.e., based on an official need to know). The contractor is considered the agent of DON when receiving and maintaining the records for that activity.
(e) Precedence. In case of a conflict, this subpart and subpart G takes precedence over any DON directive that deals with the personal privacy and rights of individuals regarding their personal records, except for disclosure of PPI required by 5 U.S.C. 552 and implemented by Secretary of the Navy (SECNAVINST) 5720.42F.
§ 701.104 Responsibility and authority.
top
(a) Delegation. The Chief of Naval Operations (CNO) for administering and supervising the execution of 5 U.S.C. 552a, DOD Directive 5400.11 and DOD Regulation 5400.11–R. The Director, Navy Staff (DNS) will administer this program through the Head, DON PA/FOIA Policy Branch (DNS–36) who will serve as the Principal PA Program Manager for the DON.
(b) CNO (DNS–36). (1) Develops and implements DON policy on the provisions of the PA; serves as principal advisor on all DON PA matters; oversees the administration of the DON's PA program; reviews and resolves PA complaints; maintains the DON's PA Online Web site; develops a Navy-wide PA training program and serves as training oversight manager; establishes, maintains, deletes, and approves Navy and joint Navy/Marine Corps PA systems of records notices; compiles reports that address the DON's PA Program to DOD and/or the Office of Management and Budget (OMB); conducts PA reviews as defined in OMB Circular A–130; publishes exempt systems of records in the CFR; and conducts staff assistance visits/program evaluations within DON to review compliance with 5 U.S.C. 552a, this subpart and subpart G of this part.
(2) Serves as PA Coordinator for the Secretary of the Navy (SECNAV), Office of the CNO (OPNAV) and the Naval Historical Center (NHC).
(3) Represents SECNAV on the Defense Privacy Board (DPO). Per DOD Directive 5400.11, the Board has oversight responsibility for implementation of the DOD Privacy Program.
(4) Represents SECNAV on the Defense Data Integrity Board. Per DOD Directive 5400.11, the Board has oversight responsibility for reviewing and approving all computer matching agreements between the DOD and other Federal, State, or local government agencies, as well as memoranda of understanding when the match is internal to DOD, to ensure that appropriate procedural and due process requirements have been established before engaging in computer matching activities.
(5) Provides input to the DPO on OMB's Federal Information Security Management Act (FISMA) Report.
(6) Coordinates on all PIAs prior to the PIA being submitted to DON CIO for review and final approval. Makes a determination as to whether the new IT system constitutes a PA system of records. If it does, determines whether an existing system covers the collection or whether a new systems notice will have to be written and approved. As necessary, assists the DON activity in creating and getting a new PA system of records notice approved.
(7) Oversees the administration of OPNAV's PA program.
(8) Chairs the DON PA Oversight Working Group.
(c) Commandant of the Marine Corps (CMC). (1) Administers and supervises the execution of this instruction within the Marine Corps and maintains and approves Marine Corps PA systems of records notices. The Commandant has designated CMC (ARSF) as the PA manager for the U.S. Marine Corps.
(2) Oversees the administration of the Marine Corps' PA program; reviews and resolves PA complaints; develops a Marine Corps privacy education, training, and awareness program; reviews and validates PIAs for Marine Corps information systems and submits the validation to CNO (DNS–36); establishes, maintains, deletes, and approves Marine Corps PA systems of records notices; and conducts staff assistance visits/program evaluations within the Marine Corps to review compliance with 5 U.S.C. 552a, this subpart and subpart G of this part.
(3) Serves as the PA Coordinator for all Headquarters, U.S. Marine Corps components, except for Marine Corps Systems Command and the Marine Corps Combat Development Command.
(4) Provides input to CNO (DNS–36) for inclusion FISMA Report.
(5) Serves on the DON PA Oversight Working Group.
(6) Coordinates on all PIAs prior to the PIA being submitted to DON CIO for review and final approval, making a determination as to whether the new IT system constitutes a PA system of records. If it does, determines whether an existing system covers the collection or whether a new systems notice will have to be written and approved. As necessary, assists the DON activity in creating and getting a new PA system of records notice approved.
(d) DON CIO. (1) Integrates protection of PPI into the overall DON major information system life cycle management process as defined in the E-Government Act of 2002 (Pub. L. 107–347).
(2) Provides guidance for effective assessment and utilization of privacy-related technologies.
(3) Provides guidance to DON officials on the conduct of PIAs (see their Web site at http://www.doncio.navy.mil) and oversees DON PIA policy and procedures to ensure PIAs are conducted commensurate with the information system being assessed, the sensitivity of IIF in that system, and the risk of harm for unauthorized release of that information. Also, DON CIO reserves the right to request that a PIA be completed on any system that may have privacy risks.
(4) Reviews and approves all PIAs for the DON and submits the approved PIAs to DOD and OMB according to Federal and DOD guidance.
(5) Serves as the focal point in establishing and validating DON information systems privacy requirements and coordinating issues with other DOD Military Departments and Federal Agencies.
(6) Develops and coordinates privacy policy, procedures, education, training, and awareness practices regarding DON information systems.
(7) Compiles and prepares responses to either DOD or OMB regarding PIA issues.
(8) Develops and coordinates DON web privacy policy, education, training and an awareness program in accordance with DON Web privacy requirements including annual Web site privacy posting training with CNO (DNS–36).
(9) Provides guidance toward effective research and development of privacy-related technologies.
(10) Serves as the focal point in establishing and validating DON Web privacy requirements and coordinating issues with DOD, other Military Departments, and other Federal agencies.
(11) Provides guidance on the use of encryption software to protect privacy sensitive information.
(12) Implements DON IT privacy requirements and coordinates IT information system requirements that cross service boundaries with the Joint Staff.
(13) Provides recommended changes to CNO (DNS–36) on policy guidance set forth in this instruction regarding IT privacy policy and procedures that includes requirements/guidance for conducting PIAs.
(14) Provides input to CNO (DNS–36) for inclusion in the FISMA Report.
(15) Serves on the DON PA Oversight Working Group.
(e) The Chief of Information (CHINFO) and U.S. Marine Corps Director of Public Affairs (DIRPA). CHINFO and DIRPA, in accordance with DON CIO guidance on Department-wide Information Management (IM) and IT matters, are responsible for developing and administering Navy and Marine Corps Web site privacy policies and procedures respectively per SECNAVINST 5720.47B. Additionally, CHINFO and DIRPA:
(1) Maintains master World Wide Web (WWW) page to issue new service-specific Web privacy guidance. CHINFO will maintain a master WWW page to issue DON guidance and DIRPA will link to that page. All significant changes to this Web site and/or its location will be issued via Naval (ALNAV) message.
(2) Maintains overall cognizance for DON and U.S. Marine Corps Web sites and Web site content-related questions as they pertain to Web site privacy requirements.
(3) Ensures that public-facing Web sites have machine-readable privacy policies (i.e., web privacy policies are P3P-enabled or automatically readable using some other tool).
(4) Provides input to CNO (DNS–36) for inclusion in the FISMA Report.
(5) Serves on the DON PA Oversight Working Group.
(f) DON PA Oversight Working Group. The DON PA Oversight Working Group is charged with reviewing and coordinating compliance with DON PA program initiatives. CNO (DNS–36) will chair this working group, hosting meetings as deemed appropriate to discuss best PA practices, PA issues, FISMA reporting and other reporting requirements, PA training initiatives, etc. At a minimum, membership shall consist of CNO (DNS–36), DON CIO, CMC (ARSF), CMC (C4I–IA), OJAG (Code 13), OGC (PA/FOIA), CMC (JAR), CHINFO, and CMC (PA).
(g) DON activities. Each DON activity is responsible for implementing and administering a PA program under this subpart and subpart G.
(h) Navy Echelon 2 and 3 Commands and Marine Corps Major Subordinate Commands. Each Navy Echelon 2 and 3 Command and Marine Corps Major Subordinate Command will designate a PA Coordinator to:
(1) Serve as principal point of contact on PA matters.
(2) Advise CNO (DNS–36) promptly of the need to establish a new Navy PA system of records; amend or alter an existing Navy system of records; or, delete a Navy system of records that is no longer needed.
(3) Advise CMC (ARSF) promptly of the need to establish a new Marine Corps PA system of records; amend or alter an existing Marine Corps system of records; or, delete a Marine Corps system of records that is no longer needed.
(4) Ensure no official files are maintained on individuals that are retrieved by name or other personal identifier without first ensuring that a system of records notice exists that permits such collection.
(5) Ensure that PA systems of records managers are properly trained on their responsibilities for protecting PPI being collected and maintained under the DON PA Program.
(6) Provide overview training to activity/command personnel on the provisions of this subpart and subpart G.
(7) Issue an implementing instruction which designates the activity's PA Coordinator, addresses PA records disposition, addresses PA processing procedures, identifies those PA systems of records being used by their activity; and provide training/guidance to those personnel involved with collecting, maintaining, disseminating information from a PA system of records.
(8) Review internal directives, forms, practices, and procedures, including those having PA implications and where Statements (PAS) are used or PPI is solicited.
(9) Maintain liaison with records management officials (e.g., maintenance and disposal procedures and standards, forms, and reports), as appropriate.
(10) Provide guidance on handling PA requests; scope of PA exemptions; and the fees, if any, that may be collected.
(11) Conduct staff assistance visits or program evaluations within their command and lower echelon commands to ensure compliance with the PA.
(12) Work closely with their PA systems managers to ensure they are properly trained with regard to collecting, maintaining, and disseminating information in a PA system of records notice.
(13) Process PA complaints.
(14) Ensure protocols are in place to avoid instances of loss of PPI. Should a loss occur, take immediate action to apprise affected individuals of how to ensure their identity has not been compromised.
(15) Work closely with their public affairs officer and/or web master to ensure that PPI is not placed on public Web sites or in public folders.
(16) Annually conduct reviews of their PA systems of records to ensure that they are necessary, accurate, and complete.
(17) Provide CNO (DNS–36) or CMC (ARSF) respectively, with a complete listing of all PA Coordinators under their jurisdiction. Such information should include activity name, complete mailing and E-Mail addresses, office code, name of PA Coordinator, and commercial, DSN, and FAX telephone numbers.
(18) Review and validate PIAs for their information systems and submit the validation to CNO (DNS–36) for Navy information systems or to HQMC (ARSF) for Marine Corps information systems.
(i) DON employees/contractors. DON employees/contractors are responsible for safeguarding the rights of others by:
(1) Ensuring that PPI contained in a system of records, to which they have access or are using to conduct official business, is protected so that the security and confidentiality of the information is preserved.
(2) Not disclosing any information contained in a system of records by any means of communication to any person or agency, except as authorized by this instruction or the specific PA systems of records notice.
(3) Not maintaining unpublished official files that would fall under the provisions of 5 U.S.C. 552a.
(4) Safeguarding the privacy of individuals and confidentiality of PPI contained in a system of records.
(5) Properly marking all documents containing PPI data (e.g., letters, E-Mails, message traffic, etc.) as “FOR OFFICIAL USE ONLY—PRIVACY SENSITIVE—Any misuse or unauthorized disclosure can result in both civil and criminal penalties.”
(6) Not maintaining privacy-sensitive information in public folders.
(7) Reporting any unauthorized disclosure of PPI from a system of records to the applicable Privacy Point of Contact (POC) for his/her activity.
(8) Reporting the maintenance of any unauthorized system of records to the applicable Privacy POC for his/her activity.
(j) Denial authority. Within DON, the head of the activity having cognizance over an exempt PA system of record is authorized to deny access to that information under the exemptions cited in the PA systems of records notice. The denial authority may also deny requests to amend a system of records or to deny notification that a record exists. As deemed appropriate, the head of the activity may further designate initial denial authority to an individual properly trained on the provisions of the PA and this subpart and subpart G of this part.
(k) Release authority. Within DON, officials having cognizance over a non-exempt PA system of record that is requested by a first party or his/her authorized representative are authorized to release records. A release authority may also grant requests for notification and amendment of systems of records. The PA systems manager, who is properly trained on the provisions of 5 U.S.C. 552a, DOD Directive 5400.11 and DOD 5400.11–R, may be delegated this responsibility.
(l) Review authority. (1) Assistant Secretary of the Navy (Manpower & Reserve Affairs) (ASN(M&RA)) is designated to act upon requests for administrative review of initial denials of requests for amendment of records related to fitness reports and performance evaluations of military personnel.
(2) Both the JAG and GC are designated to act upon requests for administrative review of initial denials of records for notification, access, or amendment of records under their cognizance.
(3) The authority of SECNAV, as the head of an agency, to request records subject to the PA from an agency external to DOD for civil or criminal law enforcement purposes, under (b)(7) of 5 U.S.C. 552a, is delegated to CMC; the Commander, Naval Criminal Investigative Service; JAG and GC.
(m) System manager. System managers are responsible for overseeing the collection, maintenance, use, and dissemination of information from a PA system of records and ensuring that all personnel who have access to those records are aware of their responsibilities for protecting PPI that is being collected or maintained. In this capacity, they shall:
(1) Establish appropriate administrative, technical, and physical safeguards to ensure the records in every system of records are protected from unauthorized alteration, destruction, or disclosure.
(2) Protect the records from reasonably anticipated threats or hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
(3) Work closely with their coordinator to ensure that all personnel who have access to a PA system of records are properly trained on their responsibilities under the PA. Training materials may be downloaded from http://www.privacy.navy.mil.
(4) Ensure that no illegal files are maintained.
Note: Official files on individuals that are retrieved by name and/or personal identifier must be approved and published in the Federal Register.
(5) Review annually each PA system of records notice under their cognizance to determine if the records are up-to-date and/or used in matching programs and whether they are in compliance with the OMB Guidelines. Such items as organization names, titles, addresses, etc., frequently change and should be reported to CNO (DNS–36) for updating and publication in the Federal Register.
(6) Work with IT personnel to identify any new information systems being developed that contain PPI. If a PA systems notice does not exist to allow for the collection, assist in creating a new systems notice that permits collection.
(7) Complete and maintain a PIA for those systems that collect, maintain or disseminate IIF, according to DON PIA guidance found at http://www.privacy.navy.mil and http://www.doncio.navy.mil.
(8) Complete and maintain a disclosure accounting form for all disclosures made without the consent of the record subject, except those made within DOD or under FOIA. (See 701.111).
(9) Ensure that only those DOD/DON officials with a “need to know” in the official performance of their duties has access to information contained in a system of records.
(10) Ensure safeguards are in place to protect the privacy of individuals and confidentiality of PPI contained in a system of records.
(11) Ensure that records are maintained in accordance with the identified PA systems of records notice.
(12) Ensure that each newly proposed PA system of records notice is evaluated for need and relevancy and confirm that no existing PA system of records notice covers the proposed collection.
(13) Stop collecting any category or item of information about individuals that is no longer justified, and when feasible remove the information from existing records.
(14) Ensure that records are kept in accordance with retention and disposal requirements set forth in SECNAVINST 5720.47B.
(15) Take reasonable steps to ensure the accuracy, relevancy, timeliness, and completeness of a record before disclosing the record to anyone outside the Federal Government.
(16) Identify all systems of records that are maintained in whole or in part by contractor personnel, ensuring that they are properly trained and that they are routinely inspected for PA compliance.
§ 701.105 Policy.
top
DON recognizes that the privacy of an individual is a personal and fundamental right that shall be respected and protected and that PPI shall be collected, maintained, used, or disclosed to ensure that it is relevant and necessary to accomplish a lawful DON/DOD purpose required to be accomplished by statute or Executive Order (E.O.). Accordingly, it is DON policy that DON activities shall fully comply with 5 U.S.C. 552a, DOD Directive 5400.11 and DOD 5400.11–R to protect individuals from unwarranted invasions of privacy when information is collected, processed, maintained, or disseminated. To ensure compliance, DON activities shall follow the procedures listed in this section.
(a) Collection, maintenance and use. (1) Only maintain systems of records that have been approved and published in the Federal Register. (See http://www.privacy.navy.mil for a list of all DOD, Navy, Marine Corps, and component systems of records notices, as well as, links to Government-wide systems that the DON is eligible to use).
Note: CNO (DNS–36) can assist Navy activities in identifying existing systems that may meet their needs and HQMC (ARSF) can assist Marine Corps activities.
(2) Only collect, maintain, and use PPI needed to support a DON function or program as authorized by law or E.O. and disclose this information only as authorized by 5 U.S.C. 552a, this subpart and subpart G of this part. In assessing need, DON activities shall consider alternatives such as: truncating the SSN by only using the last four digits; using information that is not individually identifiable; using a sampling of certain data for certain individuals only. Additionally, they shall consider the length of time the information is needed and the cost of maintaining the information compared to the risks and adverse consequences of not maintaining the information.
(3) Only maintain PPI that is timely, accurate, complete, and relevant to the purpose for which it was collected.
(4) DON activities shall not maintain records describing how an individual exercises his/her rights guaranteed by the First Amendment (freedom of religion; freedom of political beliefs; freedom of speech; freedom of the press; the right to peaceful assemblage; and petition for redress of grievances), unless they are: expressly authorized by statute; authorized by the individual; within the scope of an authorized law enforcement activity; or are used for the maintenance of certain items of information relating to religious affiliation for members of the naval service who are chaplains.
Note: This should not be construed, however, as restricting or excluding solicitation of information that the individual is willing to have in his/her record concerning religious preference, particularly that required in emergency situations.
(b) Disposal. Dispose of records from systems of records to prevent inadvertent disclosure. To this end:
(1) Disposal methods are considered adequate if the records are rendered unrecognizable or beyond reconstruction (e.g., tearing, burning, melting, chemical decomposition, burying, pulping, pulverizing, shredding, or mutilation). Magnetic media may be cleared by completely erasing, overwriting, or degaussing the tape.
(2) DON activities may recycle PA data. Such recycling must be accomplished to ensure that PPI is not compromised. Accordingly, the transfer of large volumes of records in bulk to an authorized disposal activity is not considered a disclosure of records.
(3) When disposing of or destroying large quantities of records from a system of records, DON activities must ensure that the records are disposed of to preclude easy identification of specific records.
(c) Individual access. (1) Allow individuals to have access to and/or copies of all or portions of their records to which they are entitled. In the case of a legal guardian or custodial parent of a minor, they have the same rights as the individual he/she represents. A minor is defined as an individual under the age of 18. In the case of members of the Armed Forces under the age of 18, they are not considered to be minors for the purposes of the PA.
(2) Enter all PA first-party access requests into a tracking system and assign a case file number. (Files should comply with DON PA systems of records notice NM05211–1, PA Request Files and Tracking System at http://www.privacy.navy.mil/notices.)
(3) Allow individuals to seek amendment of their records when they can identify and provide proof that factual information contained therein is erroneous, untimely, incomplete, or irrelevant. While opinions are not subject to amendment, individuals who are denied access to amending their record may have a statement of disagreement added to the file.
(4) Allow individuals to appeal decisions that deny them access to or refusal to amend their records. If a request to amend their record is denied, allow the individual to file a written statement of disagreement.
(d) Posting and use of PA sensitive information. (1) Do not post PPI on an Internet site. Also, limit the posting and use of PA sensitive information on an Intranet Web site, letter, FAX, e-mail, etc.
(2) When posting or transmitting PPI, ensure the following legend is posted on the document: “FOR OFFICIAL USE ONLY—PRIVACY ACT SENSITIVE: Any misuse or unauthorized disclosure of this information may result in both criminal and civil penalties.”
(e) Safeguarding PPI. DON activities shall establish appropriate administrative, technical and physical safeguards to ensure that the records in every system of records are protected from unauthorized alteration or disclosure and that their confidentiality is protected. Protect the records against reasonably anticipated threats of hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom information is kept. At a minimum, DON activities shall:
(1) Tailor system safeguards to conform to the type of records in the system, the sensitivity of the PPI stored, the storage medium used, and the number of records maintained.
(2) Treat all unclassified records that contain PPI that normally would be withheld from the public under FOIA exemptions (b)(6) and (b)(7)(C) as if they were designated “For Official Use Only” and safeguard them from unauthorized disclosure.
(3) Ensure that privacy considerations are addressed in the reengineering of business processes and take proactive steps to ensure compliance with the PA and 5 U.S.C. 552a as they move from conducting routine business via paper to electronic media.
(4) Recognize the importance of protecting the privacy of its members, especially as it modernizes its collection systems. Privacy issues must be addressed when systems are being developed, and privacy protections must be integrated into the development life cycle of automated systems. This applies also to contractors, vendors, and other entities that develop, procure, or use IT systems under contract to DOD/DON, to collect, maintain, or disseminate IIF from or about members of the public (see §701.115).
(5) Ensure that adequate safeguards are implemented and enforced to prevent misuse, unauthorized disclosure, alteration, or destruction of PPI in records per 5 U.S.C. 552a, this subpart and subpart G of this part.
§ 701.106 Collecting information about individuals.
top
(a) Collecting information directly from the individual. To the greatest extent practicable, collect information for systems of records directly from the individual to whom the record pertains if the record may be used to make an adverse determination about the individual's rights, benefits, or privileges under a Federal program.
(b) Collecting information about individuals from third persons. It may not always be practical to collect all information about an individual directly. For example, when verifying information through other sources for security or employment suitability determinations; seeking other opinions, such as a supervisor's comments on past performance or other evaluations; obtaining the necessary information directly from the individual would be exceptionally difficult or would result in unreasonable costs or delays; or, the individual requests or consents to contacting another person to obtain the information.
(c) Soliciting the SSN. (1) It is unlawful for any Federal, State, or local government agency to deny an individual a right, benefit, or privilege provided by law because the individual refuses to provide his/her SSN. However, this prohibition does not apply if a Federal law requires that the SSN be provided, or the SSN is required by a law or regulation adopted before January 1, 1975, to verify the individual's identity for a system of records established and in use before that date.
(2) Before requesting an individual to provide the SSN, the individual must be advised whether providing the SSN is mandatory or voluntary; by what law or other authority the SSN is solicited; and what uses will be made of the SSN.
(3) The preceding advice relates only to the SSN. If other information about the individual is solicited for a system of records, a PAS also must be provided.
(4) The notice published in the Federal Register for each system of records containing SSNs solicited from individuals must indicate the authority for soliciting the SSNs and whether it is mandatory for the individuals to provide their SSN. E.O. 9397 requires Federal Agencies to use SSNs as numerical identifiers for individuals in most Federal records systems. However, it does not make it mandatory for individuals to provide their SSNs.
(5) When entering military service or civilian employment with the DON, individuals are asked to provide their SSNs. In many instances, this becomes the individual's numerical identifier and is used to establish personnel, financial, medical, and other official records (as authorized by E.O. 9397). The individuals must be given the notification described above. Once the individual has provided his/her SSN to establish a record, a notification is not required when the SSN is requested only for identification or to locate the records.
(6) DON activities are discouraged from collecting SSNs when another identifier would suffice. In those instances where activities wish to differentiate individuals, they may find it advantageous to only collect the last four digits of the individual's SSN, which is not considered to be privacy sensitive.
(7) If a DON activity requests an individual's SSN even though it is not required by Federal statute, or is not for a system of records in existence and operating prior to January 1, 1975, it must provide a PAS and make it clear that disclosure of the number is voluntary. Should the individual refuse to disclose his/her SSN, the activity must be prepared to identify the individual by alternate means.
(d) Contents of a PAS. (1) When an individual is requested to furnish PPI for possible inclusion in a system of records, a PAS must be provided to the individual, regardless of the method used to collect the information (e.g., forms, personal or telephonic interview, etc). If the information requested will not be included in a system of records, a PAS is not required.
(2) The PAS shall include the following:
(i) The Federal law or E.O. that authorizes collection of information (i.e., E.O. 9397 authorizes collection of SSNs);
(ii) Whether or not it is mandatory for the individual to provide the requested information. (Note: It is only mandatory when a Federal law or E.O. of the President specifically imposes a requirement to furnish the information and provides a penalty for failure to do so. If furnishing information is a condition precedent to granting a benefit or privilege voluntarily sought by the individual, then the individual may decline to provide the information and decline the benefit);
(iii) The principal purposes for collecting the information;
(iv) The routine uses that will be made of the information (e.g., to whom and why it will be disclosed outside DOD); and
(v) The possible effects on the individual if the requested information is not provided.
(3) The PAS must appear on the form used to collect the information or on a separate form that can be retained by the individual collecting the information. If the information is collected by a means other than a form completed by the individual, i.e., solicited over the telephone, the PAS should be read to the individual and if requested by the individual, a copy sent to him/her. There is no requirement that the individual sign the PAS.
(e) Format for a PAS. When forms are used to collect information about individuals for a system of records, the PAS shall appear as follows (listed in the order of preference):
(1) Immediately below the title of the form;
(2) Elsewhere on the front page of the form (clearly indicating it is the PAS);
(3) On the back of the form with a notation of its location below the title of the form; or,
(4) On a separate form which the individual may keep.
(f) Using forms issued by non-DOD activities. Forms subject to the PA issued by other Federal agencies have a PAS attached or included. DON activities shall ensure that the statement prepared by the originating agency is adequate for the purpose for which the form will be used by the DON activity. If the PAS provided is inadequate, the DON activity concerned shall prepare a new statement or a supplement to the existing statement before using the form. Forms issued by agencies not subject to the PA (state, municipal, and local agencies) do not contain a PAS. Before using a form prepared by such agencies to collect PPI subject to this subpart and subpart G, an appropriate PAS must be added.
§ 701.107 Record access.
top
The access provisions of this subpart and subpart G of this part are intended for use by individuals about whom records are maintained in systems of records. Accordingly, only individuals seeking first party access to records retrieved by their name and/or personal identifier from a system of records have access under the provisions of 5 U.S.C. 552a, this subpart and subpart G of this part, unless they provide written authorization for their representative to act on their behalf. (See §701.107(e) regarding access by custodial parents and legal guardians.)
(a) How to request records. Individuals shall address requests for access to records retrieved by their name and/or personal identifier to the PA systems manager or to the office designated in the paragraph entitled, “Record Access Procedures.”
(1) DON activities may not require an individual to state a reason or justify the need to gain access under 5 U.S.C. 552a, this subpart and subpart G of this part.
(2) However, an individual must comply with the requirements of the PA and this instruction in order to seek access to records under the provisions of 5 U.S.C. 552a, this subpart and subpart G of this part. Specifically, individuals seeking access to records about themselves that are maintained in a PA system of records must sign their request and provide specific identifying data to enable a search for the requested record. Failure to sign the request or to provide sufficient identifying data to locate the record will result in the request being returned for non-compliance with the “Record Access Procedures” cited in the PA system of records notice.
(b) Authorized access. (1) Individuals may authorize the release of all or part of their records to anyone they choose provided they submit a signed authorization to that DON activity. Such authorization must specifically state the records to which the individual may have access.
(2) Individuals may be accompanied by anyone they choose when seeking to review their records. In such instance, DON activities shall require the individual to provide a written authorization to allow the record to be discussed in front of the other person.
(c) Failure to comply. First party requesters will be granted access to their records under the provisions of the PA, unless:
(1) They did not properly identify the records being sought; did not sign their request; and/or failed to provide sufficient identifying data to locate the requested record(s);
(2) They are seeking access to information in a system of records that is exempt from disclosure in whole or in part under the provisions of 5 U.S.C. 552a;
(3) They are seeking access to information that was compiled in anticipation of a civil action or proceeding (i.e., 5 U.S.C. 552a(d)(5) applies). The term “civil action or proceeding” includes quasi-judicial and pre-trial judicial proceedings, as well as formal litigation. However, this does not prohibit access to records compiled or used for purposes other than litigation or to records frequently subject to litigation. The information must have been compiled for the primary purpose of litigation to be withheld under 5 U.S.C. 552a(d)(5); or
(4) They are seeking access to information contained in the system that is currently and properly classified (see 5 U.S.C. 552a(k)(1)).
(d) Blanket requests. Many DON activities are unable to respond to “blanket” requests from individuals for access or copies of “all records pertaining to them,” because they do not have a centralized index that would allow them to query by name and personal identifier to identify “all files.” Accordingly, it is the requester's responsibility to identify the specific PA system of records notice for which they seek information. To assist the requester in identifying such systems, DON activities shall apprise the requester that a listing of all DON PA systems of records can be downloaded from http://www.privacy.navy.mil and that they should identify the specific records they are seeking and write directly to the PA systems manager listed in the notice, following the guidance set forth under the section entitled “Record Access Procedures” of the notice.
(e) Access by custodial parents and legal guardians. The custodial parent of any minor, or the legal guardian of any individual declared by a court of competent jurisdiction to be incompetent due to physical or mental incapacity or age, may obtain access to the record of the minor or incompetent individual under the provisions of the PA, if they are acting on behalf of/in the best interest of/for the benefit of the minor or incompetent. If the systems manager determines that they are not acting on behalf of/in the best interest of/for the benefit of the minor or incompetent, access will not be granted under the PA and the request will be processed under FOIA (5 U.S.C. 552). See 701.122 regarding access to medical records.
(f) Access by a minor or incompetent. The right of access of the parent or legal guardian is in addition to that of the minor or incompetent. Although a minor or incompetent has the same right of access as any other individual under this subpart and subpart G of this part, DON activities may wish to ascertain whether or not the individual is being coerced to obtain records for the benefit of another. If so, the activity may refuse to process the request under the provisions of PA.
(g) Requests from members of Congress. Requests received from a Member of Congress on behalf of a constituent shall be processed under the provisions of the PA and this subpart and subpart G of this part if the requester is seeking access to records about the constituent contained in a non-exempt PA system of records (i.e., first party request). Otherwise, the request will be processed under the provisions of the FOIA (see 5 U.S.C. 552) since the request is received from a third party (i.e., not the record subject).
(1) The DOD “Blanket Routine Uses” enables DON activities to process requests from Members of Congress on behalf of their constituents without submitting a written authorization from the constituent granting authorization to act on their behalf.
(2) In those instances where the DON activity wishes to verify that a constituent is seeking assistance from a Member of Congress, an oral or written statement by a Congressional staff member is sufficient to confirm that the request was received from the individual to whom the record pertains.
(3) If the constituent inquiry is made on behalf of an individual other than the record subject (i.e., a third party requester), advise the Member of Congress that a written consent from the record subject is required before information may be disclosed. Do not contact the record subject to obtain consent for the disclosure to the Member of Congress, unless specifically requested by the Member of Congress.
(4) Depending on the sensitivity of the information being requested, a DON activity may choose to provide the record directly to the constituent and notify the congressional office that this has been done without providing the record to the congressional member.
(h) Release of PPI. Release of PPI to individuals under the PA and/or this subpart or subpart G is not considered to be a public release of information.
(i) Verification of identity. (1) An individual shall provide reasonable verification of identity before obtaining access to records. In the case of seeking to review a record in person, identification of the individual can be verified by documents they normally carry (e.g., identification card, driver's license, or other license, permit/pass). DON activities shall not, however, deny access to an individual who is the subject of the record solely for refusing to divulge his/her SSN, unless it is the only means of retrieving the record or verifying identity.
(2) DON activities may not insist that a requester submit a notarized signature to request records. Instead, the requester shall be offered the alternative of submitting an unsworn declaration that states “I declare under perjury or penalty under the laws of the United States of America that the foregoing is true and correct.”
(j) Telephonic requests. DON activities shall not honor telephonic requests nor unsigned E-Mail/FAX/letter requests for first party access to a PA system of records.
(k) Denials. (1) An individual may be denied access to a record pertaining to him/her only if the record was compiled in reasonable anticipation of civil action; is in a system of records that has been exempted from the access provisions of this subpart and subpart G of this part under one of the permitted exemptions; contains classified information that has been exempted from the access provision of this instruction under the blanket exemption for such material claimed for all DOD PA systems of records; is contained in a system of records for which access may be denied based on some other federal statute.
(2) Only deny the individual access to those portions of the records for which the denial of access serves some legitimate governmental purpose.
(3) Only a designated denial authority may deny access to information contained in an exempt PA system of records. The denial must be in writing and at a minimum include the name, title or position and signature of the designated denial authority; the date of the denial; the specific reason for the denial, including specific citation to the appropriate sections of the PA or other statutes, this instruction, or CFR authorizing the denial; notice to the individual of his/her right to appeal the denial through the component appeal procedure within 60 calendar days; and, the title or position and address of the PA appeals official for the DON.
(l) Illegible or incomplete records. DON activities may not deny an individual access to a record solely because the physical condition or format of the record does not make it readily available (i.e., when the record is in a deteriorated state or on magnetic tape). DON activities may either prepare an extract or recopy the document and mark it “Best Copy Available.”
(m) Personal notes. (1) Certain documents under the physical control of a DON employee and used to assist him/her in performing official functions are not considered “agency records” within the meaning of this instruction. Un-circulated personal notes and records that are not disseminated or circulated to any person or organization (e.g., personal telephone lists or memory aids) that are retained or discarded at the author's discretion and over which the DON activity does not exercise direct control, are not considered “agency records.” However, if personnel are officially directed or encouraged, either in writing or orally, to maintain such records, they may become “agency records,” and may be subject this subpart and subpart G of this part.
(2) The personal uncirculated handwritten notes of unit leaders, office supervisors, or military supervisory personnel concerning subordinates are not systems of records within the meaning of this instruction. Such notes are an extension of the individual's memory. These notes, however, must be maintained and discarded at the discretion of the individual supervisor and not circulated to others. Any established requirement to maintain such notes (such as, written or oral directives, regulations, or command policy) make these notes “agency records” and they then must be made a part of a system of records. If the notes are circulated, they must be made a part of a system of records. Any action that gives personal notes the appearance of official agency records is prohibited, unless the notes have been incorporated into a system of records.
(n) Compiled in anticipation of litigation. An individual is not entitled to access information compiled in reasonable anticipation of a civil action or proceeding. Accordingly, deny access under 5 U.S.C. 552a(d)(5) and then process under FOIA (SECNAVINST 5740.42F) to determine releasibility.
§ 701.108 Amendment of records.
top
Amendments under this subpart and subpart G of this part are limited to correcting factual or historical matters (i.e., dates and locations of service, participation in certain actions of activities, not matters of opinion (e.g., evaluations of work performance and assessments of promotion potential contained in employee evaluations, fitness reports, performance appraisals, or similar documents)) except when such matters of opinion are based solely on inaccurate facts and the accuracy of those facts has been thoroughly discredited.
(a) Individual review and correction. Individuals are encouraged to make periodic reviews of the information maintained about them in systems of records and to avail themselves of the amendment procedures established by 5 U.S.C. 552a, this subpart and subpart G of this part, and other regulations to update their records.
(b) Eligibility. An individual may request amendment of a record retrieved by his/her personal identifier from a system of records, unless the:
(1) System has been exempt from the amendment procedure under 5 U.S.C. 552a and/or
(2) Record is covered by another procedure for correction, such as by the Board for Correction of Naval Records.
(c) Amendment requests. Amendment requests shall be in writing, except for routine administrative changes, such as change of address.
(1) An amendment request must include: a description of the factual or historical information to be amended; the reason for the amendment; the type of amendment action sought (e.g., deletion, correction, or addition); and copies of available documentary evidence that support the request.
(2) The burden of proof rests with the individual. The individual must demonstrate the existence of specific evidence establishing the factual or historical inaccuracy, and in the case of matters of opinion, must specifically discredit the underlying facts. General allegations of error are inadequate.
(3) The individual may be required to provide identification to prevent the inadvertent or intentional amendment of another's record.
(d) Limits on attacking evidence previously submitted. (1) The amendment process is not intended to permit the alteration of evidence presented in the course of judicial or quasi-judicial proceedings. Any amendments or changes to these records normally are made through the specific procedures established for the amendment of such records.
(2) Nothing in the amendment process is intended or designed to permit a collateral attack upon what has already been the subject of a judicial or quasi-judicial determination. However, while the individual may not attack the accuracy of the judicial or quasi-judicial determination under this instruction, he/she may challenge the accuracy of the recording of that action.
(e) Sufficiency of a request to amend. DON activities shall consider the following factors when evaluating the sufficiency of a request to amend: the accuracy of the information itself and the relevance, timeliness, completeness, and necessity of the recorded information for accomplishing an assigned mission or purpose.
(f) Time limits. Within 10 working days of receiving an amendment request, the systems manager shall provide the individual a written acknowledgement of the request. If action on the amendment request is completed within the 10 working days and the individual is so informed, no separate acknowledgment is necessary. The acknowledgment must clearly identify the request and advise the individual when to expect notification of the completed action. Only under exceptional circumstances should more than 30 working days be required to complete the action on an amendment request.
(g) Granting an amendment request in whole or in part. A record must be accurate, relevant, timely, complete, and necessary. If the record in its present state does not meet each of the criteria, the requester's request to amend the record should be granted to the extent necessary to meet them.
(1) Notify the requester. To the extent the amendment request is granted, the systems manager shall notify the individual and make the appropriate amendment.
(2) Notify previous recipients. Notify all previous recipients of the information (as reflected in the disclosure accounting record) that the amendment has been made and provide each a copy of the amended record. Recipients who are no longer retaining the record need not be advised of the amendment. If it is known that other naval activities, DOD components, or Federal Agencies have been provided the information that now requires amendment, or if the individual requests that these agencies be notified, provide the notification of amendment even if those activities or agencies are not listed on the disclosure accounting form.
(h) Denying an amendment request. If an amendment request is denied in whole or in part, promptly notify the individual in writing and include the following information in the notification:
(1) Those sections of 5 U.S.C. 552a, this subpart or subpart G of this part upon which the denial is based;
(2) His/her right to appeal to the head of the activity for an independent review of the initial denial;
(3) The procedures for requesting an appeal, including the title and address of the official to whom the appeal should be sent; and
(4) Where the individual can receive assistance in filing the appeal.
(i) Requests for amendment of OPM records. The records in an OPM Government-wide system of records are only temporarily in the custody of DON activities. See the appropriate OPM Government-wide systems notice at http://www.defenselink.mil/privacy/govwide for guidance on how to seek an amendment of information. The custodian DON denial authority may deny a request, but all denials are subject to review by the Assistant Director for Workforce Information, Office of Merit Systems Oversight and Effectiveness, Office of Personnel Management, 1900 E Street, NW., Washington, DC 20415.
(j) Individual's statement of disagreement. (1) If the review authority refuses to amend the record as requested, the individual may submit a concise statement of disagreement listing the reasons for disagreeing with the refusal to amend.
(2) If possible, DON activities shall incorporate the statement of disagreement into the record. If that is not possible, annotate the record to reflect that the statement was filed and maintain the statement so that it can be readily obtained when the disputed information is used or disclosed.
(3) Furnish copies of the statement of disagreement to all individuals listed on the disclosure accounting form (except those no longer retaining the record), as well as to all other known holders of copies of the record.
(4) Whenever the disputed information is disclosed for any purpose, ensure that the statement of disagreement is also disclosed.
(k) Statement of reasons. (1) If the individual files a statement of disagreement, the DON activity may file a statement of reasons containing a concise summary of the activity's reasons for denying the amendment request.
(2) The statement of reasons shall contain only those reasons given to the individual by the appellate official and shall not contain any comments on the individual's statement of disagreement.
(3) At the discretion of the DON activity, the statement of reasons may be disclosed to those individuals, activities, and agencies that receive the statement of disagreement.
§ 701.109 Privacy Act (PA) appeals.
top
(a) How to file an appeal. Individuals wishing to appeal a denial of notification, access, or amendment of records shall follow these guidelines:
(1) The appeal must be received by the cognizant review authority (i.e., ASN (M&RA), OJAG, OGC, or OPM) within 60 calendar days of the date of the response.
(2) The appeal must be in writing and requesters should provide a copy of the denial letter and a statement of their reasons for seeking review.
(b) Time of receipt. The time limits for responding to an appeal commence when the appeal reaches the office of the review authority having jurisdiction over the record. Misdirected appeals should be referred expeditiously to the proper review authority and the requester notified.
(c) Review authorities. ASN (M&RA), JAG, and GC are authorized to adjudicate appeals made to SECNAV. JAG and GC are further authorized to delegate this authority to a designated Assistant JAG or Deputy Assistant JAG and the Principal Deputy General Counsel or Deputy General Counsel, respectively, under such terms and conditions as they deem appropriate.
(1) If the record is from a civilian Official Personnel Folder or is contained on any other OPM forms, send the appeal to the Assistant Director for Workforce Information, Personnel Systems and Oversight Group, Office of Personnel Management, 1900 E Street, NW., Washington, DC 20415. Records in all systems of records maintained in accordance with the OPM Government-wide systems notices are only in the temporary custody of the DON.
(2) If the record pertains to the employment of a present or former Navy or Marine Corps civilian employee, such as Navy or Marine Corps civilian personnel records or an employee's grievance or appeal file, send it to the General Counsel of the Navy, 1000 Navy Pentagon, Washington, DC 20350–1000.
(3) If the record pertains to a present or former military member's fitness reports or performance evaluations, send it to the Assistant Secretary of the Navy (Manpower and Reserve Affairs), 1000 Navy Pentagon, Washington, DC 20350–1000.
(4) All other records dealing with present or former military members should be sent to the Office of the Judge Advocate General, 1322 Patterson Avenue SE., Suite 3000, Washington Navy Yard, DC 20374–5066.
(d) Appeal procedures. (1) If the appeal is granted, the review authority shall advise the individual that his/her appeal has been granted and provide access to the record being sought.
(2) If the appeal is denied totally or in part, the appellate authority shall advise the reason(s) for denying the appeal, citing the appropriate subsections of 5 U.S.C. 552a or this subpart and subpart G of this part; the date of the appeal determination; the name, title, and signature of the appellate authority; and a statement informing the requester of his/her right to seek judicial relief in the Federal District Court.
(e) Final action, time limits and documentation. (1) The written appeal notification granting or denying access is the final naval activity action on the initial request for access.
(2) All appeals shall be processed within 30 working days of receipt, unless the appellate authority finds that an adequate review cannot be completed within that period. If additional time is needed, notify the applicant in writing, explaining the reason for the delay and when the appeal will be completed.
(f) Denial of appeal by activity's failure to act. An individual may consider his/her appeal denied if the appellate authority fails to:
(1) Take final action on the appeal within 30 working days of receipt when no extension of time notice was given; or
(2) Take final action within the period established by the notice to the appellate authority of the need for an extension of time to complete action on the appeal.
§ 701.110 Conditions of disclosure.
top
The PA identifies 12 conditions of disclosure whereby records contained in a system of records may be disclosed by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains. These instances are identified as:
(a) Official need to know. Records pertaining to an individual may be disclosed without the consent of the individual to any DOD official who has need for the record in the performance of his/her assigned duties. Rank, position, or title alone does not authorize access to PPI about others. An official need must exist before disclosure can be made. For the purposes of disclosure, DOD is considered a single agency.
Note: No disclosure accounting required.
(b) FOIA. Records must be disclosed if their release is required by FOIA. 5 U.S.C. 552 and SECNAVINST 5720.42F require that records be made available to the public unless exempted from disclosure by one of the nine FOIA exemptions found in the Act. It follows, therefore, that if a record is not exempt from disclosure, it must be released. Note: No disclosure accounting required.
(c) Routine use. Each DON PA system of records notice identifies what records may be disclosed outside DOD without consent of the individual to whom the record pertains.
Note: Disclosure accounting is required.
(1) A routine use shall be compatible with and related to the purpose for which the record was compiled; identify the persons or organizations to whom the record may be released; identify specifically the uses to which the information may be put by the receiving agency; and, have been published previously in the Federal Register.
(2) A routine use shall be established for each user of the information outside the DOD who needs the information for an official purpose.
(3) A routine use may be established, discontinued, or amended without the consent of the individuals involved. However, new or changed routine uses must be published in the Federal Register for at least 30 days before actually disclosing the records.
(4) In addition to specific routine uses, the DOD has identified certain “Blanket Routine Uses” that apply to all systems, unless the systems notice states that they do not. (See §701.112 regarding Blanket Routine Uses.)
(d) Bureau of Census. Records may be disclosed to the Bureau of Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of Title 13.
Note: Disclosure accounting is required.
(e) Statistical research and reporting. Records may be disclosed for statistical research and reporting without the consent of the individual to whom they pertain. Before such disclosures, the recipient must provide advance written assurance that the records will be used as statistical research or reporting records; only to transferred in a form that is not individually identifiable; and will not be used, in whole or in part, to make any determination about rights, benefits, or entitlements of specific individuals.
Note: Disclosure accounting is required.
(f) National Archives and Records Administration (NARA). Records may be disclosed to NARA as a record that has sufficient historical or other value to warrant its continued preservation by the U.S. Government, or for evaluation by the Archivist of the U.S. or his designee to determine whether the record has such value.
Note: Disclosure accounting is required.
(1) Records may be disclosed to NARA to carry out records management inspections required by law.
(2) Records transferred to a Federal Records Center (FRC) operated by NARA for storage are not within this category. Those records continue to be maintained and controlled by the transferring DON activity. The FRC is considered to be the agency of the DON for this purpose.
(g) Disclosures for law enforcement purposes. Records may be disclosed without the consent of the individual whom they pertain to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the U.S. for a civil or criminal law enforcement activity provided the civil or criminal law enforcement activity is authorized by law; the head of the law enforcement activity or a designee has made a written request specifying the particular records desired and the law enforcement purpose (such as criminal investigations, enforcement of a civil law, or a similar purpose) for which the record is sought; and there is no Federal statute that prohibits the disclosure of the records to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought.
(1) Disclosure to foreign law enforcement agencies is not governed by the provisions of 5 U.S.C. 552a. To enable disclosure, a specific routine use must be published in the record system notice or another governing authority must exist.
(2) If a DON activity discloses a record outside the DOD for law enforcement purposes without the individual's consent and without an adequate written request, the disclosure must be under an established routine use, such as the “Blanket Routine Use” for law enforcement.
(3) Blanket requests from law enforcement activities for all records pertaining to an individual shall not be honored. The requesting agency must specify each record or portion desired and how each relates to the authorized law enforcement activity.
(4) When a record is released to a law enforcement activity under this routine use, DON activities shall maintain a disclosure accounting. This disclosure accounting shall not be made available to the individual to whom the record pertains if the law enforcement activity requests that the disclosure not be released.
(5) The Blanket Routine Use for law enforcement records applies to all DON PA systems of records notices. Only by including this routine use can a DON activity on its own initiative report indications of violations of law found in a system of records to a law enforcement activity without the consent of the individual to whom the record pertains.
(h) Emergency disclosures. Records may be disclosed without the written consent of the individual to whom they pertain if disclosure is made under compelling circumstances affecting the health or safety of any individual. The affected individual need not be the subject of the record disclosed.
Note: Disclosure accounting is required.
(1) When such a disclosure is made, notify the individual who is the subject of the record. Notification sent to the last known address of the individual reflected in the records is sufficient.
(2) In instances where information is requested by telephone, an attempt will be made to verify the inquirer's and medical facility's identities and the caller's telephone number.
(3) The specific data to be disclosed is at the discretion of the releasing authority. Emergency medical information may be released by telephone.
(i) Disclosure to Congress. (1) Records may be disclosed without the consent of the individual to whom they pertain to either house of the Congress or to any committee, joint committee or subcommittee of Congress if the release pertains to a matter within the jurisdiction of the committee. Note: Disclosure accounting is required.
(2) See §701.107(g) regarding how to process constituent inquiry requests.
(j) Government Accountability Office (GAO). Records may be disclosed to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the GAO.
Note: Disclosure accounting is required.
(k) Court orders. Records may be disclosed without the consent of the person to whom they pertain under a court order signed by a judge of a court of competent jurisdiction. Releases may also be made under the compulsory legal process of Federal and state bodies having authority to issue such process.
Note: Disclosure accounting is required.
(1) The court order must bear the signature of a Federal, state, or local judge. Orders signed by court clerks or attorneys are not deemed to be orders of a court of competent jurisdiction. A photocopy of the order will be sufficient evidence of the court's exercise of its authority of the minimal requirements of SECNAVINST 5820.8A, “Release of Official Information for Litigation Purposes and Testimony by DON Personnel.”
(2) When a record is disclosed under this provision and the compulsory legal process becomes a matter of public record, make reasonable efforts to notify the individual to whom the record pertains. Notification sent to the last known address of the individual is sufficient. If the order has not yet become a matter of public record, seek to be advised as to when it will become public. Neither the identity nor the party to whom the disclosure was made nor the purpose of the disclosure shall be made available to the record subject unless the court order has become a matter of public record.
(l) Disclosures to consumer reporting agencies. Certain information may be disclosed to a consumer reporting agency in accordance with section 3711(f) of Title 31.
Note: Certain information (e.g., name, address, SSN, other information necessary to establish the identity of the individual; amount, status, and history of the claim; and the agency or program under which the claim arose, may be disclosed to consumer reporting agencies (i.e., credit reference companies as defined by the Federal Claims Collection Act of 1966, 31 U.S.C. 952d).
Note: Disclosure accounting is required.
§ 701.111 Disclosure accounting.
top
Disclosure accounting allows the individual to determine what agencies or persons have been provided information from the record, enable DON activities to advise prior recipients of the record of any subsequent amendments or statements of dispute concerning the record, and provide an audit trail of DON's compliance with 5 U.S.C. 552a. Since the characteristics of various records maintained within the DON vary widely, no uniform method for keeping disclosure accountings is prescribed. The primary criteria are that the selected method be one which will enable an individual to ascertain what persons or agencies have received disclosures pertaining to him/her; provide a basis for informing recipients of subsequent amendments or statements or dispute concerning the record; and, provide a means to prove, if necessary, that the activity has complied with the requirements of 5 U.S.C. 552a, this subpart and subpart G of this part.
(a) Record of disclosures made. DON activities must keep an accurate record of all disclosures made from a record (including those made with the consent of the individual) except those made to DOD personnel for use in performing their official duties and those disclosures made under FOIA. Accordingly, each DON activity with respect to each system of records under its control must keep a record of the date of the disclosure, a description of the information disclosed, the purpose of the disclosure, and the name and address of the person or agency to whom the disclosure was made. OPNAV Form 5211/9, Disclosure Accounting Form, is downloadable from http://www.privacy.navy.mil and should be used whenever possible to account for disclosures.
Note: DON activities do not have to maintain a disclosure accounting for disclosures made under (b)(1), to those officers and employees of an agency which maintains the record who have a need for the record in the performance of their duties or under (b)(2)—which is required under FOIA.
(b) Retention. Disclosure accountings must be kept for five years after the disclosure is made or for the life of the record, whichever is longer.
(c) Right of access. The record subject has the right of access to the disclosure accounting except when the disclosure was made at the request of a civil or criminal law enforcement agency or when the system of records has been exempted from the requirement to provide access to the disclosure accounting.
(d) Correction. A DON activity must inform any person or other agency about any correction or notation of dispute made by the agency in accordance with subsection (d) of 5 U.S.C. 552a of any record that has been disclosed to the person or agency if an accounting of the disclosure was made. The exception is for intra-agency “need to know” and FOIA disclosures.
(e) Accurate accounting. A DON activity that does not keep a running tabulation of every disclosure at the time it is made, must be able to reconstruct an accurate and complete accounting of disclosures to be able to respond to requests in a timely fashion.
§ 701.112 “Blanket routine uses.”
top
In the interest of simplicity, economy, and to avoid redundancy, DOD has established “DOD Blanket Routine Uses.” These “blanket routine uses” are applicable to every PA system of records notice maintained within DOD, unless specifically stated within a particular systems notice. “DOD Blanket Routine Uses” are downloadable from http://www.privacy.navy.mil (Notices) and are published at the beginning of the Department of the Navy's Federal Register compilation of record systems notices.
§ 701.113 PA exemptions.
top
(a) Exempt systems of records. 5 U.S.C. 552a authorizes SECNAV to adopt rules designating eligible systems of records as exempt from certain requirements of the Act. This authorization has been delegated to CNO (DNS–36), who will be responsible for proposing an exemption rule. Exempt systems of records are identified at http://www.privacy.navy.mil.
(b) Exemption rule. No PA exemption may be established for a system of records until the system itself has been established by publishing a notice in the Federal Register. This allows interested persons an opportunity to comment.
(c) Access. A PA exemption may not be used to deny an individual access to information that he/she can obtain under 5 U.S.C. 552.
(d) Exemption status. An exempt system of records that is filed in a non-exempt system of records retains its exempt status.
(e) Types of exemptions. There are two types of exemptions permitted by 5 U.S.C. 552a, general and specific exemptions.
(1) General exemptions allow a system of records to be exempt from all but specifically identified provisions of 5 U.S.C. 552a. They are:
(i) “(j)(1)”—this exemption is only available for use by CIA to protect access to their records.
(ii) “(j)(2)”—this exemption protects criminal law enforcement records maintained by the DON. To be eligible, the system of records must be maintained by a DON activity that performs, as one of its principal functions, the enforcement of criminal laws. For example, the Naval Criminal Investigative Service and military police activities qualify for this exemption. Criminal law enforcement includes police efforts to detect, prevent, control, or reduce crime, or to apprehend criminals and the activities of prosecution, court, correctional, probation, pardon, or parole authorities.
(A) This exemption applies to information compiled for the purpose of identifying criminal offenders and alleged criminal offenders and identifying data and notations of arrests; the nature and disposition of criminal charges; and sentencing, confinement, release, parole and probation status; information compiled for the purpose of a criminal investigation, including reports of informants and investigators, and associated with the identifiable individual; and reports identifiable to an individual, compiled at any stage of the enforcement process, from arrest, apprehension, indictment, or preferral of charges through final release from the supervision that resulted from the commission of a crime.
(B) The exemption does not apply to investigative records maintained by a DON activity having no criminal law enforcement duties as one of its principle functions; or investigative records compiled by any element concerning an individual's suitability, eligibility; or, qualification for duty, employment, or access to classified information, regardless of the principle functions of the DON activity that compiled them.
(2) Specific exemptions permit certain categories of records to be exempted from specific provisions of 5 U.S.C. 552a. They are:
(i) “(k)(1)”: Information which is properly classified under E.O. in the interest of national defense or foreign policy.
Note: All DOD systems of records that contain classified information automatically qualify for (k)(1) exemption, without establishing an exemption rule.
(ii) “(k)(2)”: Investigatory material compiled for law enforcement purposes, other than material within the scope of exemption (j)(2). If an individual is denied any right, privilege, or benefit that he would otherwise be eligible, as a result of such material, such material shall be provided to such individual, except to the extent that the disclosure would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to 27 September 1975 under an implied promise that the identity of the source would be held in confidence.
(iii) “(k)(3)”: Information maintained in connection with providing protective services to the President of the United States or other individuals pursuant to section 3056 of Title 18.
(iv) “(k)(4)”: Information required by statute to be maintained and used solely as statistical records.
(v) “(k)(5)”: Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence.
(vi) “(k)(6)”: Testing and evaluation material used solely to determine individual qualifications for appointment or promotion in the Federal service the disclosure of which would compromise the objectivity or fairness of the testing or examination process.
(vii) “(k)(7)”: Evaluation material used to determine potential for promotion in the armed services, but only to the extent that the disclosure of such material would reveal the identity of the source who furnished information to the government under an express promise that the identity of the source would be held in confidence, or, prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence.
(f) Detailed analysis of PA exemptions. A detailed analysis of each exemption can be found in the Department of Justice's (DOJ's) “Freedom of Information Act Guide & Privacy Act Overview” that appears on http://www.privacy.navy.mil.
§ 701.114 PA enforcement actions.
top
(a) Administrative remedies. Any individual who alleges that he/she has been affected adversely by a DON activity's violation of 5 U.S.C. 552a and this subpart may seek relief from SECNAV through administrative channels. It is recommended that the individual first address the issue through the PA coordinator having cognizance over the relevant records or supervisor (if a Government employee). If the complaint is not adequately addressed, the individual may contact CNO (DNS–36) or CMC (ARSF), for assistance.
(b) Civil court actions. After exhausting administrative remedies, an individual may file a civil suit in Federal court against a DON activity for the following acts:
(1) Denial of an amendment request. The activity head, or his/her designee wrongfully refuses the individual's request for review of the initial denial of an amendment or, after review, wrongfully refuses to amend the record.
(2) Denial of access. The activity wrongfully refuses to allow the individual to review the record or wrongfully denies his/her request for a copy of the record.
(3) Failure to meet recordkeeping standards. The activity fails to maintain an individual's record with the accuracy, relevance, timeliness, and completeness necessary to assure fairness in any determination about the individual's rights, benefits, or privileges and, in fact, makes an adverse determination based on the record.
(4) Failure to comply with PA. The activity fails to comply with any other provision of 5 U.S.C. 552a or any rule or regulation issued under 5 U.S.C. 552a and thereby causes the individual to be adversely affected.
(c) Civil remedies. In addition to specific remedial actions, 5 U.S.C. 552a provides for the payment of damages, court costs, and attorney fees in some cases.
(d) Criminal penalties. 5 U.S.C. 552a authorizes criminal penalties against individuals for violations of its provisions, each punishable by fines up to $5,000.
(1) Wrongful disclosure. Any member or employee of DON who, by virtue of his/her employment or position, has possession of or access to records and willfully makes a disclosure knowing that disclosure is in violation of 5 U.S.C. 552a, this subpart or subpart G.
(2) Maintaining unauthorized records. Any member or employee of DON who willfully maintains a system of records for which a notice has not been approved and published in the Federal Register.
(3) Wrongful requesting or obtaining records. Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses.
(e) Litigation notification. Whenever a complaint citing the PA is filed in a U.S. District Court against the DON or any DON employee, the responsible DON activity shall promptly apprise CNO (DNS–36)) and provide a copy of all relevant documents. CNO (DNS–36) will in turn apprise the DPO, who will apprise the DOJ. When a court renders a formal opinion or judgment, copies of the judgment and/or opinion shall be promptly provided to CNO (DNS–36). CNO (DNS–36) will apprise the DPO.
§ 701.115 Protected personal information (PPI).
top
(a) Access/disclosure. Access to and disclosure of PPI such as SSN, date of birth, home address, home telephone number, etc., must be strictly limited to individuals with an official need to know. It is inappropriate to use PPI in group/bulk orders. Activities must take action to protect PPI from being widely disseminated. In particular, PPI shall not be posted on electronic bulletin boards because the PA strictly limits PPI access to those officers and employees of the agency with an official need to know.
(b) Transmittal. In those instances where transmittal of PPI is necessary, the originator must take every step to properly mark the correspondence so that the receiver of the information is apprised of the need to properly protect the information. For example, when transmitting PPI in a paper document, FAX, or E-Mail, it may be appropriate to mark it “FOR OFFICIAL USE ONLY (FOUO)—PRIVACY SENSITIVE. Any misuse or unauthorized disclosure may result in both civil and criminal penalties.” When sending a message that contains PPI, it should be marked FOUO. It is also advisable to inform the recipient that the message should not be posted on a bulletin board. In all cases, recipients of message traffic that contain PPI, whether marked FOUO or not, must review it prior to posting it on an electronic bulletin board.
(c) Collection/maintenance. The collection and maintenance of information retrieved by an individual's name and/or personal identifier should be performed in compliance with the appropriate PA systems of record notice (see http://www.privacy. navy.mil). If you need to collect and maintain information retrieved by an individual's name and/or personal identifier, you must have an approved PA systems notice to cover that collection. If you are unsure as to whether a systems notice exists or not, contact the undersigned for assistance.
(d) Best practices. PA Coordinators should work closely with command officials to conduct training, evaluate what PPI can be removed from routine message traffic, review Web site postings, review command electronic bulletin boards, etc., to ensure appropriate processes are in place to minimize the misuse and overuse of PPI information that could be used to commit identity theft. PA Coordinators should also ensure that their PA systems of records managers have a copy of the appropriate PA systems notice and understand PA rules. DON activities shall ensure that PPI (e.g., home address, date of birth, SSN, credit card or charge card account numbers, etc.) pertaining to a Service member, civilian employee (appropriated and non-appropriated fund), military retiree, family member, or another individual affiliated with the activity (i.e., volunteer) is protected from unauthorized disclosures. To this end, DON activities shall:
(1) Notify their personnel of this policy. Address steps necessary to ensure that PPI is not compromised.
(2) Conduct and document privacy awareness training for activity personnel (e.g., military, civilian, contractor, volunteers, NAF employees, etc.) Training options include: “All Hands” awareness briefing; memo to staff; formal training; circulation of brief sheet on Best Practices, etc.
(3) Examine business practices to eliminate the unnecessary collection, transmittal and posting on internet/intranet of PPI. DON activities shall reevaluate the necessity and value of including an individual's SSN and other PPI in messages, e-mails, and correspondence in order to conduct official business. The overuse and misuse of SSNs should be discontinued to avoid the potential for identity theft. For example, there is no need to include an individual's SSN in a welcome aboard message. Such messages are routinely posted on command bulletin boards that are viewable by all. If a unique identifier is needed, truncate the SSN using only the last four digits.
(4) Mark all documents that contain PPI (e.g., letters, memos, emails, messages, documents FAXed, etc) FOUO. Consider using a header/footer that reads: “FOR OFFICIAL USE ONLY—PRIVACY SENSITIVE: ANY MISUSE OR UNAUTHORIZED DISCLOSURE MAY RESULT IN BOTH CIVIL AND CRIMINAL PENALTIES.”
(5) Train DON military members/employees who maintain PPI on their laptop computers/BlackBerrys, who telecommute, work from home, or take work home, etc., to ensure information is properly safeguarded against loss/compromise. Should a loss occur, ensure they are aware of how, what, and where to report the loss.
(6) Review existing postings on activity Web sites and public folders to ensure that the PPI is removed to prevent identity theft.
(7) Remove PPI from documents prior to posting or circulating information to individuals without an “official need to know.”
(8) Evaluate risks for potential compromise of PPI held in activity files, databases, etc., to ensure proper safeguards are in place to prevent unauthorized disclosures. Revise protocols as necessary.
(9) Ensure that PPI is not left out in the open or circulated to individuals not having an official need to know.
(10) Ensure that PA systems of records are properly safeguarded and that PPI is properly destroyed (http://www.privacy.navy.mil/noticenumber/noticeindex.asp).
(11) Organizations that are moving or being disestablished need to ensure they do not dispose of documents containing PPI in containers that may be subject to public access/compromise.
(12) DON activities shall build a Privacy Team to identify ways to preclude inadvertent releases of PPI.
(e) Unauthorized disclosure. In the event an unauthorized disclosure of PPI is made, DON activities shall:
(1) Take immediate action to prohibit further damage/disclosure.
(2) Within 10 days, the DON activity shall notify all affected individuals by letter, including the specific data involved and the circumstances surrounding the incident. If the DON activity is unable to readily identify the affected individuals, a generalized notice should be sent to the potentially affected population. As part of any notification process, individuals shall be informed to visit the Federal Trade Commission's (FTC's) Web site at http://www.consumer.gov/idtheft for guidance on protective actions the individual can take. A synopsis of the disclosure made, number of individuals affected, actions to be taken, should be e-mailed to CNO (DNS–36) with “Identity Theft Notification” in the subject line.
(3) If the DON activity is unable to comply with the notification requirements set forth in paragraph (e)(2) of this section, the activity shall immediately inform CNO (DNS–36) as to the reasons why. CNO (DNS–36) will, in turn, notify the Secretary of Defense.
(4) DON activities shall identify ways to preclude future incidents.
§ 701.116 PA systems of records notices overview.
top
(a) Scope. A “system of records notice” consists of “records” that are routinely retrieved by the name, or some other personal identifier, of an individual and under the control of the DON.
(b) Retrieval practices. How a record is retrieved determines whether or not it qualifies to be a system of records. For example, records must be retrieved by a personal identifier (name, SSN, date of birth, etc.) to qualify as a system of records. Accordingly, a record that contains information about an individual but IS NOT RETRIEVED by a personal identifier does not qualify as a system of records under the provisions of the PA. (Note: The “ability to retrieve” is not sufficient to warrant the establishment of a PA system of records. The requirement is retrieval by a name or personal identifier.) Should a business practice change, DON activities shall immediately contact CNO (DNS–36) to discuss the pending change, so that the systems notice can be changed or deleted as appropriate.
(c) Recordkeeping standards. A record maintained in a system of records subject to this instruction must meet the following criteria:
(1) Be accurate. All information in the record must be factually correct.
(2) Be relevant. All information contained in the record must be related to the individual who is the record subject and must be related to a lawful purpose or mission of the DON activity maintaining the record.
(3) Be timely. All information in the record must be reviewed periodically to ensure that it has not changed due to time or later events.
(4) Be complete. It must be able to stand alone in accomplishing the purpose for which it is maintained.
(5) Be necessary. All information in the record must be needed to accomplish a mission or purpose established by Federal Law or E.0. of the President.
(d) Approval. CNO (DNS–36) is the approval authority for Navy PA systems of records actions. CMC (ARSF) is the approval authority for Marine Corps PA systems of records actions. Activities wishing to create, alter, amend, or delete systems should contact CNO (DNS–36) or CMC (ARSF), respectively. Those officials will assist in electronically preparing and coordinating the documents for DOD/Congressional approval, as electronic processing is both time and cost efficient.
(e) Publication in the Federal Register. Per DOD 5400.11–R, the DPO has responsibility for submitting all rulemaking and changes to PA system of records notices for publication in the Federal Register and CFR.
§ 701.117 Changes to PA systems of records.
top
CNO (DNS–36) is the approval authority for Navy/DON PA systems of records actions. CMC (ARSF) is the approval authority for Marine Corps PA systems of records actions. DON activities wishing to create, alter, amend, or delete systems should contact CNO (DNS–36) or CMC (ARSF), who will assist in electronically preparing the documents for coordination and DOD/Congressional approval.
(a) Creating a new system of records. (1) A new system of records is one for which no existing system notice has been published in the Federal Register. DON activities wishing to establish a new PA system of records notice shall contact CNO (DNS–36) (regarding Navy system of records) or CMC (ARSF) (regarding Marine Corps system of records.) These officials will assist in the preparation and approval of the notice. Once approval is obtained from DOD, the systems notice will be published in the Federal Register for comment by the public. In the case of an exempt system of records, it will also be published at 32 CFR part 701. A listing of all DON PA systems of records notices is available at http://www.privacy.navy.mil.
(2) A DON activity may not begin collecting or maintaining PPI about individuals that is retrieved by their name and/or personal identifier until a PA system of records notice has been approved and published in the Federal Register. Failure to comply with this mandate could result in both criminal and civil penalties.
(3) In those cases where a system of records has been cancelled or deleted and it is later determined that it should be reinstated or reused, a new system notice must be prepared.
(4) DON activities wishing to create a new PA system of records must conduct a risk analysis of the proposed system to consider the sensitivity and use of the records; present and projected threats and vulnerabilities; and projected cost effectiveness of safeguards. (See §701.118 regarding PIAs.)
(b) Altering a system of records notice. A systems manager shall contact CNO (DNS–36)/CMC (ARSF) to alter a PA system of records notice when there has been:
(1) A significant increase or change in the number or types of individuals about who records are maintained. For example, a decision to expand a system of records that originally covered personnel assigned to only one activity to cover personnel at several installations would constitute an altered system. An increase or decrease in the number of individuals covered due to normal growth or decrease is not an alteration.
(2) A change that expands the types or categories of information maintained.
(3) A change that alters the purpose for which the information is used. In order to be an alteration, the change must be one that is not reasonably inferred from any of the existing purposes.
(4) A change that adds a new routine use.
(5) A change to equipment configuration (either hardware or software) that creates substantially greater use of records in the system. For example, placing interactive computer terminals at regional offices when the system was formerly used only at the headquarters would be an alteration.
(6) A change in the manner in which records are organized or in the method by which records are retrieved.
(7) A combining of record systems due to reorganization.
(c) Amending a system of records notice. DON activities should apprise CNO (DNS–36) or CMC (ARSF) respectively when a minor change has been made to a system of records.
(d) Deleting a system of records notice. When a system of records is discontinued, incorporated into another system, or determined to be no longer subject to this instruction, a deletion notice must be published in the Federal Register. The deletion notice shall include the system identification number, system name, and the reason for deleting it. If a system is deleted through incorporation into or merger with another system, identify the successor system in the deletion notice. Systems managers who determine that a systems notice is no longer needed should contact CNO (DNS–36)/CMC (ARSF) who will prepare the deletion notice and submit it electronically to DOD for publication in the Federal Register.
(e) Numbering a system of records notice. Systems of records notices are identified with an “N” for a Navy system; “M” for a Marine Corps system; or an “NM” to identify a DON-wide system, followed by the subject matter Standard Subject Identification Code (SSIC).
(f) Detailed information. Detailed information on how to write, amend, alter, or delete a PA system of records notice is contained at http://www.privacy.navy.mil.
§ 701.118 Privacy, IT, and PIAs.
top
(a) Development. Privacy must be considered when requirements are being analyzed and decisions are being made about data usage and storage design. This applies to all of the development methodologies and system life cycles used in the DON.
(b) E-Government Act of 2002. The E-Government Act of 2002 (Pub. L. 107–347) directs agencies to conduct reviews of how privacy issues are considered when purchasing or creating new IT systems or when initiating new electronic collections of IIF. See DOD Memo of 28 Oct 05, subject “DOD PIA Guidance” regarding DOD PIA Guidance.
(c) Purpose. To ensure IIF is only acquired and maintained when necessary and the supporting IT that is being developed and used protects and preserves the privacy of the American public and to provide a means to assure compliance with applicable laws and regulations governing employee privacy. A PIA should be prepared before developing or procuring a general support system or major application that collects, maintains, or disseminates IIF from or about DON civilian or military personnel.
(d) Scope. The PIA incorporates privacy into the development life cycle so that all system development initiatives can appropriately consider privacy issues from the earliest stages of design. During the early stages of the development of a system, both the system owner and system developer shall work together to identify, evaluate, and resolve any privacy risks. Accordingly,
(1) System owners must address what data is to be used, how the data is to be used, and who will use the data.
(2) System developers must address whether the implementation of the owner's requirements presents any threats to privacy.
(e) Requirements. Before developing, modifying or establishing an automated system of records that collects, maintains, and/or disseminates IIF, DON activities shall conduct a PIA to effectively address privacy factors. Guidance is provided at http://www.doncio.navy.mil.
(f) Coverage. E-Government Act of 2002 (Pub. L. 107–347) mandates the preparation of a PIA either before developing or procuring IT systems that collect, maintain, or disseminate IIF from or about members of the public or initiating a new electronic collection of IIF for 10 or more persons of the public. (Note: The public DOES NOT include DON civilian or military personnel, but DOES cover family members of such personnel, retirees and their family members, and DON contractors.) A PIA should be prepared before developing, modifying, or procuring IT systems that collect, maintain, or disseminate IIF from or about members of the public or initiating a new electronic collection of IIF for 10 or more members of the public. A PIA shall also be prepared before developing, modifying or procuring a general support system or major application that collects, maintains, or disseminates IIF from or about DON civilian and military personnel.
(g) PIA not required. (1) Legacy systems do not require completion of a PIA. However, DON CIO may request a PIA if the automation or upgrading of these systems puts the data at risk.
(2) Current operational systems do not require completion of a PIA. However, if privacy is a concern for a system the DON CIO can request that a PIA be completed. If a potential problem is identified concerning a currently operational system, the DON will use all reasonable efforts to remedy the problem.
§ 701.119 Privacy and the web.
top
DON activities shall consult SECNAVINST 5720.47B for guidance on what may be posted on a Navy Web site.
§ 701.120 Processing requests that cite or imply PA, Freedom of Information (FOIA), or PA/FOIA.
top
Individuals do not always know what Act(s) to cite when requesting information. Nonetheless, it is DON policy to ensure that they receive the maximum access to information they are requesting. Accordingly, processing guidance is as follows:
(a) Cite/imply PA. (1) Individuals who cite to the PA and/or seek access to records about themselves that are contained in a PA system of records that is retrieved by their name and personal identifier, will have their request processed under the provisions of the PA.
(2) If there is no “Exemption Claimed for this System,” then the record will be released to the requester unless: it contains classified information ((k)(1) applies); was compiled in anticipation of litigation ((d)(5) applies); or contains information about another person. Although there is no “privacy” exemption under the PA, delete any information about other persons and explain in the response letter that “information not about you” was deleted from the response. There is no PA exemption to claim and no appeal rights to be given.
(b) Cite/imply FOIA. (1) Individuals who cite/imply FOIA when seeking access to records about themselves will have their request processed under PA, if the records they seek are contained in a PA system of records that is retrieved by their name and personal identifier. However, if the system of records notice contains an exemption rule, the release of information will be adjudicated using both PA and FOIA, ensuring that the individual receives the maximum amount of information allowable under the Acts.
(2) Individuals who cite/imply FOIA and seek access to records about themselves that are not contained in a PA system of records that is retrieved by their name and personal identifier will have their request processed under FOIA.
(3) Individuals who cite to the FOIA, but do not seek access to records about themselves, will have their request processed under FOIA.
(c) Cite to PA and FOIA. Individuals who cite to both PA and FOIA and seek access to records contained in a PA system of record retrieved by their name and personal identifier, will have their request as follows:
(1) If the system of records does not cite to an exemption rule, does not contain classified information, or was not compiled in anticipation of litigation, the entire file is considered releasable under the PA. However, if the file contains information about another person, that information shall be withheld and the requester apprised that information about another individual has been deleted, since the information is not about them. Since no PA exemption exists for protecting privacy, no exemption rule can be cited and appeal rights do not have to be given.
(2) If the system of records does cite to a PA exemption rule, claim the exemption and process the request under the provisions of the FOIA, ensuring the requester receives the maximum release of information allowed under the Acts.
(d) Processing time limits. DON activities shall normally acknowledge receipt of PA requests within 10 working days and respond within 30 working days.
§ 701.121 Processing “routine use” disclosures.
top
(a) “Routine use” disclosure. Individuals or organizations may seek a “routine use” disclosure of information from a DON PA system of records if the system provides for such a disclosure.
(1) The request must be in writing and state that it is being made under a “routine use” established by a specific PA system of records notice. For example: “Under the “routine use” provisions of PA systems notice N05880–1, Security Incident System, that allows release of information to individuals involved in base incidents, their insurance companies, and/or attorneys for the purpose of adjudicating a claim, I am seeking access to a copy of my vehicle accident report to submit a claim to my insurance company. Information needed to locate this record is as follows * * *.”
(2) The individual is provided information needed to adjudicate the claim. A release authority may sign the response letter since a release of responsive information is being disclosed under a “routine use,” there is no “denial” of information (i.e., PA/FOIA exemptions do not apply), and no appeal rights cited.
(3) DON activities shall retain a copy of the request and maintain a disclosure accounting of the information released. (See §701.111.)
(b) Failure to cite to a “routine use.” Individuals or organizations that seek access to information contained in a DON PA system of records under PA/FOIA, but who have access under a “routine use” cited in the systems notice, shall be apprised of the “routine use” access and offered the opportunity to resubmit a “routine use” request, rather than having information denied under PA/FOIA. DON activities shall not make a “routine use” disclosure without having a “routine use” request.
(c) Frequent “routine use” requests. DON activities (e.g., security and military police offices) that routinely receive requests for information for which a “routine use” has been established should offer a “routine use” request form. This will eliminate the unnecessary burden of processing requests under PA/FOIA when the limited information being sought is available under a “routine use.”
§ 701.122 Medical records.
top
(a) Health Information Portability and Accountability Act (HIPAA). (1) DOD Directive 6025.18 establishes policies and assigns responsibilities for implementation of the standards for privacy of individually identifiable health information established by HIPAA.
(2) DOD Directive 6025.18–R prescribes the uses and disclosures of protected health information.
(3) Detailed guidance on HIPAA compliance is available from the Bureau of Medicine and Surgery's Web site at http://navymedicine.med.navy.mil and from DOD at http://www.tricare.osd.mil/hipaa/.
(4) In addition to responsibilities to comply with this subpart and subpart G of this part, DOD Directive 6025.18 and DOD 6025.18–R must also be complied with to the extent applicable. Although nothing in this subpart and subpart G violates DOD Directive 6025.18, compliance with this subpart and subpart G in connection with protected health information does not necessarily satisfy all requirements of DOD 6025.18–R.
(b) Disclosure. DON activities shall disclose medical records to the individual to whom they pertain, even if a minor, unless a judgment is made that access to such records could have an adverse effect on the mental or physical health of the individual. Normally, this determination shall be made in consultation with a medical practitioner.
(1) Deny the individual access to his/her medical and psychological records if that access could have an adverse affect on the mental or physical health of the individual. This determination normally should be made in consultation with a medical practitioner. If it is medically indicated that access could have an adverse mental or physical effect on the individual, provide the record to a medical practitioner named by the individual, along with an explanation of why access without medical supervision could be harmful to the individual. In any case, do not require the named medical practitioner to request the record for the individual.
(2) If, however, the individual refuses or fails to designate a medical practitioner, access will be refused. The refusal is not considered a denial for reporting purposes under the PA.
(c) Access to a minor's medical records. DON activities may grant access to a minor's medical records to his/her custodial parents or legal guardians, observing the following procedures:
(1) In the United States, the laws of the State where the records are located may afford special protection to certain medical records (e.g., drug and alcohol abuse treatment and psychiatric records.) Even if the records are maintained by a military medical facility, these statutes may apply.
(2) For installations located outside the United States, the custodial parent or legal guardian of a minor shall be denied access if all of the following conditions are met: the minor at the time of the treatment or consultation was 15, 16, or 17 years old; the treatment or consultation was within a program authorized by law or regulation to provide confidentiality to the minor; the minor indicated a desire that the treatment or consultation record be handled in confidence and not disclosed to a parent or guardian; and the custodial parent or legal guardian does not have the written authorization of the minor or a valid court order granting access.
(3) All members of the military services and all married persons are not considered minors regardless of age, and the parents of these individuals do not have access to their medical records without the written consent of the individual to whom the record pertains.
§ 701.123 PA fees.
top
The PA fee schedule is only applicable to first party requesters who are seeking access to records about themselves that are contained in a PA system of record. DON activities receiving requests under PA, FOIA, or PA/FOIA shall only charge fees that are applicable under the Act(s) in which the request is being processed.
(a) PA costs. PA fees shall include only the direct cost of reproducing the requested record. There are no fees for search, review, or any administrative costs associated with the processing of the PA request. The cost for reproduction of documents/microfiche will be at the same rate as that charged under the FOIA schedule (see SECNAVINST 5720.42F).
(b) Fee waiver. A requester is entitled to the first 100 pages of duplication for free.
(1) DON activities shall waive fees automatically if the direct cost for reproduction of the remaining pages is less than the minimum fee waiver threshold addressed under FOIA fees (see SECNAVINST 5720.42F).
(2) However, DON activities should not waive fees when it is determined that a requester is seeking an extension or duplication of a previous request for which he/she was already granted a waiver.
(3) Decisions to waive or reduce fees that exceed the minimum fee waiver threshold are made on a case-to-case basis.
(c) PA fee deposits. Checks or money orders shall be made payable to the Treasurer of the United States. DON activities will forward any remittances to the Treasury Department pursuant to the Miscellaneous Receipts Act.
§ 701.124 PA self assessments/inspections.
top
(a) Self assessments. DON activities are encouraged to conduct annual self-assessments of their PA program. This serves to identify strengths and weaknesses and to determine training needs of personnel who work with privacy records/information. A PA self-assessment evaluation form is provided at http://www.privacy.navy.mil (Administrative Tools) for use in measuring compliance with the PA.
(b) Inspections. During internal inspections, DON inspectors shall be alert for compliance with this instruction and for managerial, administrative, and operational problems associated with the implementation of the DON's PA program.
(1) DON inspectors shall document their findings in official reports furnished to the responsible DON officials. These reports, when appropriate, shall reflect overall assets of the activity's PA program inspected, or portion thereof, identify deficiencies, irregularities, and significant problems. Also document remedial actions taken to correct problems identified.
(2) Inspection reports and follow-up reports shall be maintained in accordance with established records disposition standards (see SECNAVINST 5210.8D). These reports shall be made available to PA program officials and to CNO (DNS–36)/CMC (ARSF) respectively.
(c) Retention of reports. Retain staff visit reports and follow-up reports per established records disposition standards contained in SECNAVINST 5210.8D. Retain self-assessment reports until the next self-assessment is completed. Make these reports available, upon request, to CNO (DNS–36) or CMC (ARSF).
§ 701.125 Computer matching program.
top
The DPO has responsibility for coordinating the approval of DOD's participation in Computer Matching agreements with other Federal, state, and local agencies.
(a) Purpose. To establish or verify initial or continuing eligibility for Federal benefit programs; verify compliance with the requirements, either statutory or regulatory, of such programs; or recoup payments or delinquent debts under such Federal benefit programs.
(b) Record comparison. The record comparison must be a computerized one between two Federal Agencies or one Federal Agency and a state agency. Manual comparisons are not covered.
(c) Types of programs not covered. (1) State programs and programs using records about subjects who are not “individuals” as defined in §701.101(e) are not covered.
(2) Statistical matches whose purpose is solely to produce aggregate data stripped of personal identifiers.
(3) Statistical matches whose purpose is in support of any research or statistical project.
(4) Law enforcement investigative matches whose purpose is to gather evidence against a named person or persons in an existing investigation.
(5) Tax administration matches.
(6) Routine administrative matches using Federal personnel records.
(7) Internal matches using only records from DOD systems of records.
(8) Background investigation and foreign counterintelligence matches done in the course of performing a background check for security clearances of Federal personnel or Federal contractor personnel or foreign counterintelligence.
(d) Categories of individuals covered. Applicants for Federal benefit programs (i.e., individuals initially applying for benefits); program beneficiaries (i.e., individuals currently receiving or formerly receiving benefits); and providers of services to support such programs (i.e., those deriving income from them such as health care providers).
(e) Features of a computer matching program. A computer matching program entails not only the actual computerized comparison, but also preparing and executing a written agreement between the participants, securing approval of the Defense Data Integrity Board, publishing a matching notice in the Federal Register before the match begins, ensuring that investigation and due process are completed, and taking ultimate action, if any.
(f) Approval/denial of agreements. The Executive Secretary, Defense Data Integrity Board, receives and processes for review all requests for computer matching agreements involving DOD activities. Members of the Defense Data Integrity Board are provided with a copy of the proposed computer matching agreement that details the costs associated with the match, length of agreement, and the number of computer matches expected, for their approval/disapproval.
(g) Questions. CNO (DNS–36) represents the DON on the Defense Data Integrity Board. Questions from DON personnel should be directed to CNO (DNS–36).
Subpart G—Privacy Act Exemptions
top
Source: 71 FR 27536, May 11, 2006, unless otherwise noted.
§ 701.126 Purpose.
top
Subparts F and G of this part contain rules promulgated by the Secretary of the Navy, pursuant to 5 U.S.C. 552a (j) and (k), and subpart F, §701.113, to exempt certain systems of DON records from specified provisions of 5 U.S.C. 552a.
§ 701.127 Exemption for classified records.
top
All systems of records maintained by the DON shall be exempt from the requirements of the access provision of the Privacy Act (5 U.S.C. 552a(d)) under the (k)(1) exemption, to the extent that the system contains information properly classified under E.O. 12,958 and that is required by that E.O. to be kept secret in the interest of national defense or foreign policy. This exemption is applicable to parts of all systems of records including those not otherwise specifically designated for exemptions herein that contain isolated items of properly classified information.
§ 701.128 Exemptions for specific Navy record systems.
top
(a) System identifier and name:
(1) N01070–9, White House Support Program.
(2) Exemption: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(iii) Records maintained in connection with providing protective services to the President and other individuals under 18 U.S.C. 3506, may be exempt pursuant to 5 U.S.C. 552a(k)(3).
(iv) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(v) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4) (G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1), (k)(2), (k)(3), and (k)(5).
(4) Reasons: Exempted portions of this system contain information that has been properly classified under E.O. 12,958, and which is required to be kept secret in the interest of national defense or foreign policy. Exempted portions of this system may also contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for access to classified information, and which was obtained by providing an express or implied promise to the source that his or her identity would not be revealed to the subject of the record. Exempted portions of this system may also contain information collected and maintained in connection with providing protective services to the President and other individuals protected pursuant to 18 U.S.C. 3056. Exempted portions of this system may also contain investigative records compiled for law enforcement purposes, the disclosure of which could reveal the identity of sources who provide information under an express or implied promise of confidentiality, compromise investigative techniques and procedures, jeopardize the life or physical safety of law-enforcement personnel, or otherwise interfere with enforcement proceedings or adjudications.
(b) System identifier and name:
(1) N01131–1, Officer Selection and Appointment System.
(2) Exemption: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service may be exempt pursuant to 5 U.S.C. 552a(k)(6), if the disclosure would compromise the objectivity or fairness of the test or examination process.
(iv) Evaluation material used to determine potential for promotion in the Military Services may be exempt pursuant to 5 U.S.C. 552a(k)(7), but only to the extent that the disclosure of such material would reveal the identity of a confidential source.
(v) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4)(G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1), (k)(5), (k)(6), and (k)(7).
(4) Reasons: Granting individuals access to portions of this system of records could result in the disclosure of classified material, or the identification of sources who provided information to the government under an express or implied promise of confidentiality. Material will be screened to permit access to unclassified material and to information that does not disclose the identity of a confidential source.
(c) System identifier and name:
(1) N01133–2, Recruiting Enlisted Selection System.
(2) Exemption: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service may be exempt pursuant to 5 U.S.C. 552a(k)(6), if the disclosure would compromise the objectivity or fairness of the test or examination process.
(iv) Evaluation material used to determine potential for promotion in the Military Services may be exempt pursuant to 5 U.S.C. 552a(k)(7), but only to the extent that the disclosure of such material would reveal the identity of a confidential source.
(v) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4)(G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1), (k)(5), (k)(6), and (k)(7).
(4) Reasons: Granting individuals access to portions of this system of records could result in the disclosure of classified material, or the identification of sources who provided information to the government under an express or implied promise of confidentiality. Material will be screened to permit access to unclassified material and to information that does not disclose the identity of a confidential source.
(d) System identifier and name:
(1) N01640–1, Individual Correctional Records.
(2) Exemption: (i) Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principle function any activity pertaining to the enforcement of criminal laws.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (c)(4), (d), (e)(2), (e)(3), (e)(4)(G) through (I), (e)(5), (e)(8), (f), and (g).
(3) Authority: 5 U.S.C. 552a(j)(2).
(4) Reason: (i) Granting individuals access to portions of these records pertaining to or consisting of, but not limited to, disciplinary reports, criminal investigations, and related statements of witnesses, and such other related matter in conjunction with the enforcement of criminal laws, could interfere with the orderly investigations, with the orderly administration of justice, and possibly enable suspects to avoid detection or apprehension. Disclosure of this information could result in the concealment, destruction, or fabrication of evidence, and jeopardize the safety and well-being of informants, witnesses and their families, and law enforcement personnel and their families. Disclosure of this information could also reveal and render ineffectual investigative techniques, sources, and methods used by these components and could result in the invasion of the privacy of individuals only incidentally related to an investigation. The exemption of the individual's right of access to portions of these records, and the reasons therefore, necessitate the exemption of this system of records from the requirement of the other cited provisions.
(ii) [Reserved]
(e) System identifier and name:
(1) N01754–3, Navy Child Development Services Program.
(2) Exemption: (i) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3) and (d).
(3) Authority: 5 U.S.C. 552a(k)(2).
(4) Reasons: (i) Exemption is needed in order to encourage persons having knowledge of abusive or neglectful acts toward children to report such information, and to protect such sources from embarrassment or recrimination, as well as to protect their right to privacy. It is essential that the identities of all individuals who furnish information under an express promise of confidentiality be protected. Additionally, granting individuals access to information relating to criminal and civil law enforcement, as well as the release of certain disclosure accountings, could interfere with ongoing investigations and the orderly administration of justice, in that it could result in the concealment, alteration, destruction, or fabrication of information; could hamper the identification of offenders and the disposition of charges; and could jeopardize the safety and well being of parents and their children.
(ii) [Reserved]
(f) System identifier and name:
(1) N03834–1, Special Intelligence Personnel Access File.
(2) Exemption: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4) (G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1) and (k)(5).
(4) Reasons: (i) Exempted portions of this system contain information that has been properly classified under E.O. 12356, and that is required to be kept secret in the interest of national defense or foreign policy.
(ii) Exempted portions of this system also contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for access to classified information and was obtained by providing an express or implied assurance to the source that his or her identity would not be revealed to the subject of the record.
(g) System identifier and name:
(1) N04060–1, Navy and Marine Corps Exchange Sales and Security Files.
(2) Exemption: (i) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(4)(G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(2).
(4) Reasons: Granting individuals access to information collected and maintained by these activities relating to the enforcement of criminal laws could interfere with orderly investigations, with orderly administration of justice, and possibly enable suspects to avoid detection or apprehension. Disclosure of this information could result in the concealment, destruction, or fabrication of evidence, and could also reveal and render ineffectual investigative techniques, sources, and methods used by these activities.
(h) [Reserved]
(i) System identifier and name:
(1) N05041–1, Inspector General (IG) Records.
(2) Exemption: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(iii) Portions of this system of records may be exempt from the provisions of 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f).
(3) Authority: 5 U.S.C. 552a(k)(1) and (k)(2).
(4) Reasons: (i) From subsection (c)(3) because the release of the disclosure accounting would permit individuals to obtain valuable information concerning the nature of the investigation and would present a serious impediment to the orderly conduct of any investigative activities. Such accounting could result in the release of properly classified information which would compromise the national defense or disrupt foreign policy.
(ii) From subsections (d) and (f) because access to the records would inform individuals of the existence and nature of the investigation; provide information that might result in the concealment, destruction, or fabrication of evidence; possibly jeopardize the safety and well-being of informants, witnesses and their families; likely reveal and render ineffectual investigatory techniques and methods and sources of information; and possibly result in the invasion of the personal privacy of third parties. Access could result in the release of properly classified information which could compromise the national defense or disrupt foreign policy. Amendment of the records would interfere with the ongoing investigation and impose an impossible administrative burden by requiring investigations to be continually reinvestigated.
(iii) From subsection (e)(1) because in the course of the investigation it is not always possible, at least in the early stages of the inquiry, to determine relevance and or necessity as such determinations may only occur after the information has been evaluated. Information may be obtained concerning the actual or potential violation of laws or regulations other than those relating to the ongoing investigation. Such information should be retained as it can aid in establishing patterns of improper activity and can provide valuable leads in the conduct of other investigations.
(iv) From subsection (e)(4)(G) and (H) because this system of records is exempt from individual access pursuant to subsections (k)(1) and (k)(2) of the Privacy Act of 1974.
(v) From subsection (e)(4)(I) because it is necessary to protect the confidentiality of sources and to protect the privacy and physical safety of witnesses. Although the system is exempt from this requirement, the DON has published a notice in broad, generic terms in the belief that this is all that subsection (e)(4)(I) of the Act requires.
(j) System identifier and name:
(1) N05300–3, Faculty Professional Files.
(2) Exemptions: (i) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(4)(G) and (H), and (f).
(3) Authority: 5 U.S.C. 552a(k)(5).
(4) Reasons: Exempted portions of this system contain information considered relevant and necessary to make a release determination as to qualifications, eligibility, or suitability for Federal employment, and was obtained by providing an express or implied promise to the source that his or her identity would not be revealed to the subject of the record.
(k) System identifier and name:
(1) N05354–1, Equal Opportunity Information Management System.
(2) Exemptions: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(4)(G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1) and (k)(5).
(4) Reasons: Granting access to information in this system of records could result in the disclosure of classified material, or reveal the identity of a source who furnished information to the Government under an express or implied promise of confidentiality. Material will be screened to permit access to unclassified material and to information that will not disclose the identity of a confidential source.
(l) System identifier and name:
(1) N05520–1, Personnel Security Eligibility Information System.
(2) Exemptions: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(iii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iv) Evaluation material used to determine potential for promotion in the Military Services may be exempt pursuant to 5 U.S.C. 552a(k)(7), but only to the extent that the disclosure of such material would reveal the identity of a confidential source.
(v) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(4)(G) and (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(1), (k)(2), (k)(5), and (k)(7).
(4) Reasons: Granting individuals access to information collected and maintained in this system of records could interfere with orderly investigations; result in the disclosure of classified material; jeopardize the safety of informants, witnesses, and their families; disclose investigative techniques; and result in the invasion of privacy of individuals only incidentally related to an investigation. Material will be screened to permit access to unclassified information that will not disclose the identity of sources who provide the information to the Government under an express or implied promise of confidentiality.
(m) System identifier and name:
(1) N05520–4, NCIS Investigative Files System.
(2) Exemptions: (i) Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principal function any activity pertaining to the enforcement of criminal laws.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (c)(4), (d), (e)(2), (e)(3), (e)(4)(G) through (I), (e)(5), (e)(8), (f), and (g).
(3) Authority: 5 U.S.C. 552a(j)(2).
(4) Reasons: (i) Granting individuals access to information collected and maintained by this activity relating to the enforcement of criminal laws could interfere with the orderly investigations, with the orderly administration of justice, and possibly enable suspects to avoid detection or apprehension. Disclosure of this information could result in the concealment, destruction, or fabrication of evidence, and jeopardize the safety and well-being of informants, witnesses and their families, and law enforcement personnel and their families. Disclosure of this information could also reveal and render ineffectual investigative techniques, sources, and methods used by these components and could result in the invasion of the privacy of individuals only incidentally related to an investigation. The exemption of the individual's right of access to portions of these records, and the reasons therefore, necessitate the exemption of this system of records from the requirement of the other cited provisions.
(ii) [Reserved]
(5) Exemptions: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Records maintained in connection with providing protective services to the President and other individuals under 18 U.S.C. 3506, may be exempt pursuant to 5 U.S.C. 552a(k)(3).
(iii) Records maintained solely for statistical research or program evaluation purposes and which are not used to make decisions on the rights, benefits, or entitlement of an individual except for census records which may be disclosed under 13 U.S.C. 8, may be exempt pursuant to 5 U.S.C. 552a(k)(4).
(iv) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(v) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service may be exempt pursuant to 5 U.S.C. 552a(k)(6), if the disclosure would compromise the objectivity or fairness of the test or examination process.
(vi) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4)(G) through (I), and (f).
(6) Authority: 5 U.S.C. 552a(k)(1), (k)(3), (k)(4), (k)(5) and (k)(6).
(7) Reasons: (i) The release of disclosure accountings would permit the subject of an investigation to obtain valuable information concerning the nature of that investigation, and the information contained, or the identity of witnesses or informants, would therefore present a serious impediment to law enforcement. In addition, disclosure of the accounting would amount to notice to the individual of the existence of a record.
(ii) Access to the records contained in this system would inform the subject of the existence of material compiled for law enforcement purposes, the premature release of which could prevent the successful completion of investigation, and lead to the improper influencing of witnesses, the destruction of records, or the fabrication of testimony. Exempt portions of this system also contain information that has been properly classified under E.O. 12,958, and that is required to be kept secret in the interest of national defense or foreign policy.
(iii) Exempt portions of this system also contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for Federal civilian employment, military service, Federal contracts, or access to classified information, and was obtained by providing an express or implied assurance to the source that his or her identity would not be revealed to the subject of the record.
(iv) The notice of this system of records published in the Federal Register sets forth the basic statutory or related authority for maintenance of the system.
(v) The categories of sources of records in this system have been published in the Federal Register in broad generic terms. The identity of specific sources, however, must be withheld in order to protect the confidentiality of the source, of criminal and other law enforcement information. This exemption is further necessary to protect the privacy and physical safety of witnesses and informants.
(vi) This system of records is exempted from procedures for notice to an individual as to the existence of records pertaining to him/her dealing with an actual or potential civil or regulatory investigation, because such notice to an individual would be detrimental to the successful conduct and/or completion of an investigation, pending or future. Mere notice of the fact of an investigation could inform the subject or others that their activities are under, or may become the subject of, an investigation. This could enable the subjects to avoid detection, to influence witnesses improperly, to destroy records, or to fabricate testimony.
(vii) Exempt portions of this system containing screening board reports.
(viii) Screening board reports set forth the results of oral examination of applicants for a position as a special agent with the Naval Investigation Service Command. Disclosure of these records would reveal the areas pursued in the course of the examination and thus adversely affect the result of the selection process. Equally important, the records contain the candid views of the members composing the board. Release of the records could affect the willingness of the members to provide candid opinions and thus diminish the effectiveness of a program which is essential to maintaining the high standards of the Special Agent Corps., i.e., those records constituting examination material used solely to determine individual qualifications for appointment in the Federal Service.
(n) System identifier and name:
(1) N05520–5, Personnel Security Program Management Records System.
(2) Exemptions: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Portions of this system of records are exempt from the following subsections of 5 U.S.C. 552a: (d)(1–5).
(3) Authority: 5 U.S.C. 552a(k)(1) and (k)(5).
(4) Reasons: (i) Granting individuals access to information collected and maintained in this system of records could result in the disclosure of classified material; and jeopardize the safety of informants, and their families. Further, the integrity of the system must be ensured so that complete and accurate records of all adjudications are maintained. Amendment could cause alteration of the record of adjudication.
(ii) [Reserved]
(o) System identifier and name:
(1) N05580–1, Security Incident System.
(2) Exemption: (i) Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principal function any activity pertaining to the enforcement of criminal laws.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (c)(4), (d), (e)(2), and (e)(4)(G) through (I), (e)(5), (e)(8), (f) and (g).
(3) Authority: 5 U.S.C. 552a(j)(2).
(4) Reasons: (i) Granting individuals access to information collected and maintained by this component relating to the enforcement of criminal laws could interfere with orderly administration of justice, and possibly enable suspects to avoid detection or apprehension. Disclosure of this information could result in concealment, destruction, or fabrication of evidence, and jeopardize the safety and well being of informants, witnesses and their families, and of law enforcement personnel and their families. Disclosure of this information could also reveal and render ineffectual investigative techniques, sources, and methods used by this component, and could result in the invasion of privacy of individuals only incidentally related to an investigation. The exemption of the individual's right of access to his or her records, and the reason therefore, necessitate the exemption of this system of records from the requirements of other cited provisions.
(ii) [Reserved]
(p) [Reserved]
(q) System identifier and name:
(1) N05800–1, Legal Office Litigation/Correspondence Files.
Exemptions: (i) Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(ii) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(iii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iv) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service may be exempt pursuant to 5 U.S.C. 552a(k)(6), if the disclosure would compromise the objectivity or fairness of the test or examination process.
(v) Evaluation material used to determine potential for promotion in the Military Services may be exempt pursuant to 5 U.S.C. 552a(k)(7), but only to the extent that the disclosure of such material would reveal the identity of a confidential source.
(vi) Portions of this system of records are exempt from the following subsections of the Privacy Act: (d), (e)(1), and (f)(2), (3), and (4).
(3) Authority: 5 U.S.C. 552a(k)(1), (k)(2), (k)(5), (k)(6), and (k)(7).
(4) Reasons: (i) Subsection (d) because granting individuals access to information relating to the preparation and conduct of litigation would impair the development and implementation of legal strategy. Accordingly, such records are exempt under the attorney-client privilege. Disclosure might also compromise on-going investigations and reveal confidential informants. Additionally, granting access to the record subject would seriously impair the Navy's ability to negotiate settlements or pursue other civil remedies. Amendment is inappropriate because the litigation files contain official records including transcripts, court orders, investigatory materials, evidentiary materials such as exhibits, decisional memorandum and other case-related papers. Administrative due process could not be achieved by the “ex parte” correction of such materials.
(ii) Subsection (e)(1) because it is not possible in all instances to determine relevancy or necessity of specific information in the early stages of case development. What appeared relevant and necessary when collected, ultimately may be deemed unnecessary upon assessment in the context of devising legal strategy. Information collected during civil litigation investigations which is not used during subject case is often retained to provide leads in other cases or to establish patterns of activity.
(iii) Subsections (f)(2), (3), and (4) because this record system is exempt from the individual access provisions of subsection (d).
(r) System identifier and name:
(1) N01000–5, Naval Clemency and Parole Board Files.
(2) Exemption: (i) Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principal function any activity pertaining to the enforcement of criminal laws.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(4), (d), (e)(4)(G), and (f).
(3) Authority: 5 U.S.C. 552a(j)(2).
(4) Reasons: (i) Granting individuals access to records maintained by this Board could interfere with internal processes by which Board personnel are able to formulate decisions and policies with regard to clemency and parole in cases involving naval prisoners and other persons under the jurisdiction of the Board. Material will be screened to permit access to all material except such records or documents as reflecting items of opinion, conclusion, or recommendation expressed by individual board members or by the board as a whole.
(ii) The exemption of the individual's right to access to portions of these records, and the reasons therefore, necessitate the partial exemption of this system of records from the requirements of the other cited provisions.
(s) System identifier and name:
(1) N01752–1, Family Advocacy Program System.
(2) Exemptions: (i) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(ii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3) and (d).
(3) Authority: 5 U.S.C. 552a(k)(2) and (k)(5).
(4) Reasons: (i) Exemption is needed in order to encourage persons having knowledge of abusive or neglectful acts toward children to report such information, and to protect such sources from embarrassment or recriminations, as well as to protect their right to privacy. It is essential that the identities of all individuals who furnish information under an express promise of confidentiality be protected. Additionally, granting individuals access to information relating to criminal and civil law enforcement, as well as the release of certain disclosure accounting, could interfere with ongoing investigations and the orderly administration of justice, in that it could result in the concealment, alteration, destruction, or fabrication of information; could hamper the identification of offenders or alleged offenders and the disposition of charges; and could jeopardize the safety and well being of parents and their children.
(ii) Exempted portions of this system also contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for Federal employment and Federal contracts, and that was obtained by providing an express or implied promise to the source that his or her identity would not be revealed to the subject of the record.
(t) System identifier and name:
(1) N12930–1, Human Resources Group Personnel Records.
(2) Exemptions: (i) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(ii) Testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service may be exempt pursuant to 5 U.S.C. 552a(k)(6), if the disclosure would compromise the objectivity or fairness of the test or examination process.
(iii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (d), (e)(4)(G) and (H), and (f).
(3) Authority: 5 U.S.C. 552a(k)(5) and (k)(6).
(4) Reasons: (i) Exempted portions of this system contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for Federal employment, and was obtained by providing express or implied promise to the source that his or her identity would not be revealed to the subject of the record.
(ii) Exempted portions of this system also contain test or examination material used solely to determine individual qualifications for appointment or promotion in the Federal Service, the disclosure of which would comprise the objectivity or fairness of the testing or examination process.
(u) System identifier and name:
(1) N05813–4, Trial/Government Counsel Files.
(2) Exemption. Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principle function any activity pertaining to the enforcement of criminal laws. Portions of this system of records that may be exempt pursuant to subsection 5 U.S.C. 552a(j)(2) are (c)(3), (c)(4), (d), (e)(1), (e)(2), (e)(3), (e)(5), (e)(4)(G), (H), and (I), (e)(8), (f), and (g).
(3) Exemption. Information specifically authorized to be classified under E.O. 12,958, as implemented by DOD 5200.1–R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).
(4) Exemption. Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source. Portions of this system of records that may be exempt pursuant to subsections 5 U.S.C. 552a(k)(1) and (k)(2) are (c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).
(4) Authority: 5 U.S.C. 552a(j)(2), (k)(1), and (k)(2).
(5) Reasons: (i) From subsection (c)(3) because release of accounting of disclosure could place the subject of an investigation on notice that he/she is under investigation and provide him/her with significant information concerning the nature of the investigation, resulting in a serious impediment to law enforcement investigations.
(ii) From subsections (c)(4), (d), (e)(4)(G), and (e)(4)(H) because granting individuals access to information collected and maintained for purposes relating to the enforcement of laws could interfere with proper investigations and orderly administration of justice. Granting individuals access to information relating to the preparation and conduct of criminal prosecution would impair the development and implementation of legal strategy. Amendment is inappropriate because the trial/Government counsel files contain official records including transcripts, court orders, and investigatory materials such as exhibits, decisional memorandum and other case-related papers. Disclosure of this information could result in the concealment, alteration or destruction of evidence, the identification of offenders or alleged offenders, nature and disposition of charges; and jeopardize the safety and well-being of informants, witnesses and their families, and law enforcement personnel and their families. Disclosure of this information could also reveal and render ineffective investigation techniques, sources, and methods used by law enforcement personnel, and could result in the invasion of privacy of individuals only incidentally related to an investigation.
(iii) From subsection (e)(1) because it is not always possible in all instances to determine relevancy or necessity of specific information in the early stages of case development. Information collected during criminal investigations and prosecutions and not used during the subject case is often retained to provide leads in other cases.
(iv) From subsection (e)(2) because in criminal or other law enforcement investigations, the requirement that information be collected to the greatest extent practicable from the subject individual would alert the subject as to the nature or existence of an investigation, presenting a serious impediment to law enforcement investigations.
(v) From subsection (e)(3) because compliance would constitute a serious impediment to law enforcement in that it could compromise the existence of a confidential investigation or reveal the identity of witnesses or confidential informants.
(vi) From subsection (e)(4)(I) because the identity of specific sources must be withheld in order to protect the confidentiality of the sources of criminal and other law enforcement information. This exemption is further necessary to protect the privacy and physical safety of witnesses and informants.
(vii) From subsection (e)(5) because in the collection of information for law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely, and complete. With the passage of time, seemingly irrelevant or untimely information may acquire new significance as further investigation brings new details to light and the accuracy of such information can only be determined in a court of law. The restrictions of subsection (e)(5) would restrict the ability of trained investigators and intelligence analysts to exercise their judgment in reporting on investigations and impede the development of intelligence necessary for effective law enforcement.
(viii) From subsection (e)(8) because compliance would provide an impediment to law enforcement by interfering with the ability to issue warrants or subpoenas and by revealing investigative techniques, procedures, or evidence.
(ix) From subsection (f) and (g) because this record system is exempt from the individual access provisions of subsection (d).
(x) Consistent with the legislative purpose of the Privacy Act of 1974, the DON will grant access to nonexempt material in the records being maintained. Disclosure will be governed by the DON's Privacy Regulation, but will be limited to the extent that the identity of confidential sources will not be compromised; subjects of an investigation of an actual or potential criminal violation will not be alerted to the investigation; the physical safety of witnesses, informants and law enforcement personnel will not be endangered, the privacy of third parties will not be violated; and that the disclosure would not otherwise impede effective law enforcement. Whenever possible, information of the above nature will be deleted from the requested documents and the balance made available. The controlling principle behind this limited access is to allow disclosures except those indicated above. The decisions to release information from these systems will be made on a case-by-case basis.
(v) System identifier and name:
(1) NM05211–1, Privacy Act Request Files and Tracking System.
(2) Exemption: During the processing of a Privacy Act request (which may include access requests, amendment requests, and requests for review for initial denials of such requests), exempt materials from other systems of records may in turn become part of the case record in this system. To the extent that copies of exempt records from those “other” systems of records are entered into this system, the DON hereby claims the same exemptions for the records from those “other” systems that are entered into this system, as claimed for the original primary system of which they are a part.
(3) Authority: 5 U.S.C. 552a(j)(2), (k)(1), (k)(2), (k)(3), (k)(4), (k)(5), (k)(6), and (k)(7).
(4) Records are only exempt from pertinent provisions of 5 U.S.C. 552a to the extent such provisions have been identified and an exemption claimed for the original record and the purposes underlying the exemption for the original record still pertain to the record which is now contained in this system of records. In general, the exemptions were claimed in order to protect properly classified information relating to national defense and foreign policy, to avoid interference during the conduct of criminal, civil, or administrative actions or investigations, to ensure protective services provided the President and others are not compromised, to protect the identity of confidential sources incident to Federal employment, military service, contract, and security clearance determinations, and to preserve the confidentiality and integrity of Federal evaluation materials. The exemption rule for the original records will identify the specific reasons why the records are exempt from specific provisions of 5 U.S.C. 552a.
(w) System identifier and name:
(1) NM05720–1, FOIA Request/Appeal Files and Tracking System.
(2) Exemption: During the processing of a Freedom of Information Act request, exempt materials from other systems of records may in turn become part of the case record in this system. To the extent that copies of exempt records from those ‘other’ systems of records are entered into this system, the DON hereby claims the same exemptions for the records from those ‘other’ systems that are entered into this system, as claimed for the original primary system of which they are a part.
(3) Authority: 5 U.S.C. 552a(j)(2), (k)(1), (k)(2), (k)(3), (k)(4), (k)(5), (k)(6), and (k)(7).
(4) Records are only exempt from pertinent provisions of 5 U.S.C. 552a to the extent such provisions have been identified and an exemption claimed for the original record and the purposes underlying the exemption for the original record still pertain to the record which is now contained in this system of records. In general, the exemptions were claimed in order to protect properly classified information relating to national defense and foreign policy, to avoid interference during the conduct of criminal, civil, or administrative actions or investigations, to ensure protective services provided the President and others are not compromised, to protect the identity of confidential sources incident to Federal employment, military service, contract, and security clearance determinations, and to preserve the confidentiality and integrity of Federal evaluation materials. The exemption rule for the original records will identify the specific reasons why the records are exempt from specific provisions of 5 U.S.C. 552a.
§ 701.129 Exemptions for specific Marine Corps record systems.
top
(a) System identifier and name:
(1) MMN00018, Base Security Incident Report System.
(2) Exemptions: (i) Parts of this system may be exempt pursuant to 5 U.S.C. 552a(j)(2) if the information is compiled and maintained by a component of the agency which performs as its principle function any activity pertaining to the enforcement of criminal laws.
(ii) Portions of this system of records are exempt from the following subsections of the Privacy Act: (c)(3), (c)(4), (d), (e)(2) and (3), (e)(4)(G) through (I), (e)(5), (e)(8), (f), and (g).
(3) Authority: 5 U.S.C. 552a(j)(2).
(4) Reasons: (i) Granting individuals access to information collected and maintained by these activities relating to the enforcement of criminal laws could interfere with orderly investigations, with the orderly administration of justice, and might enable suspects to avoid detection or apprehension. Disclosure of this information could result in the concealment, destruction, or fabrication of evidence, and jeopardize the safety and well being of informants, witnesses and their families, and law enforcement personnel and their families. Disclosure of this information could also reveal and render ineffectual investigative techniques, sources, and methods used by this component, and could result in the invasion of the privacy of individuals only incidentally related to an investigation. The exemption of the individual's right of access to his or her records, and the reasons therefore, necessitate the exemption of this system of records from the requirements of other cited provisions.
(ii) [Reserved]
(b) System identifier and name:
(1) MIN00001, Personnel and Security Eligibility and Access Information System.
(2) Exemption:
(i) Investigatory material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.
(ii) Records maintained in connection with providing protective services to the President and other individuals under 18 U.S.C. 3506, may be exempt pursuant to 5 U.S.C. 552a(k)(3).
(iii) Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.
(iv) Portions of this system of records are exempt for the following subsections of the Privacy Act: (c)(3), (d), (e)(1), (e)(4)(G) through (I), and (f).
(3) Authority: 5 U.S.C. 552a(k)(2), (k)(3), and (k)(5), as applicable.
(4) Reasons: (i) Exempt portions of this system contain information that has been properly classified under E.O. 12,958, and that is required to be kept secret in the interest of national defense or foreign policy.
(ii) Exempt portions of this system also contain information considered relevant and necessary to make a determination as to qualifications, eligibility, or suitability for Federal civilian employment, military service, Federal contracts, or access to classified, compartmented, or otherwise sensitive information, and was obtained by providing an expressed or implied assurance to the source that his or her identity would not be revealed to the subject of the record.
(iii) Exempt portions of this system further contain information that identifies sources whose confidentiality must be protected to ensure that the privacy and physical safety of these witnesses and informants are protected.
Browse Previous |
Browse Next
|