32 C.F.R. Subpart J—Protecting and Disposing of Records


Title 32 - National Defense


Title 32: National Defense
PART 806b—PRIVACY ACT PROGRAM

Browse Previous |  Browse Next

Subpart J—Protecting and Disposing of Records

§ 806b.34   Protecting records.

Maintaining information privacy is the responsibility of every federal employee, military member, and contractor who comes into contact with information in identifiable form. Protect information according to its sensitivity level. Consider the personal sensitivity of the information and the risk of disclosure, loss or alteration. Most information in systems of records is FOUO. Refer to DoD 5400.7–R/Air Force Supp, DoD Freedom of Information Act Program, for protection methods.

§ 806b.35   Balancing protection.

Balance additional protection against sensitivity, risk and cost. In some situations, a password may be enough protection for an automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and password systems are obviously less vulnerable than unprotected files. Follow Air Force Instruction 33–202, Computer Security,5 for procedures on safeguarding personal information in automated records.

5 http://www.e-publishing.af.mil/pubfiles/af/33/afi33-202/afi33-202.pdf.

(a) AF Form 3227, Privacy Act Cover Sheet,6 is optional and available for use with Privacy Act material. Use it to cover and protect personal information that you are using in office environments that are widely unprotected and accessible to many individuals. After use, such information should be protected as outlined in DoD 5400.7–R/Air Force Supp.

6 http://www.e-publishing.af.mil/formfiles/af/af3227/af3227.xfd.

(b) Privacy Act Labels. Use of Air Force Visual Aid 33–276, Privacy Act Label, is optional to assist in protecting Privacy Act information on compact disks, diskettes, and tapes.

§ 806b.36   Disposing of records.

You may use the following methods to dispose of records protected by the Privacy Act and authorized for destruction according to records retention schedules:

(a) Destroy by any method that prevents compromise, such as tearing, burning, or shredding, so long as the personal data is not recognizable and beyond reconstruction.

(b) Degauss or overwrite magnetic tapes or other magnetic medium.

(c) Dispose of paper products through the Defense Reutilization and Marketing Office or through activities that manage a base-wide recycling program. The recycling sales contract must contain a clause requiring the contractor to safeguard privacy material until its destruction and to pulp, macerate, shred, or otherwise completely destroy the records. Originators must safeguard Privacy Act material until it is transferred to the recycling contractor. A Federal employee or, if authorized, a contractor employee must witness the destruction. This transfer does not require a disclosure accounting.

Browse Previous |  Browse Next






















chanrobles.com


ChanRobles Legal Resources:

ChanRobles On-Line Bar Review

ChanRobles Internet Bar Review : www.chanroblesbar.com

ChanRobles MCLE On-line

ChanRobles Lawnet Inc. - ChanRobles MCLE On-line : www.chanroblesmcleonline.com