32 C.F.R. Subpart J—Protecting and Disposing of Records
Title 32 - National Defense
Maintaining information privacy is the responsibility of every federal employee, military member, and contractor who comes into contact with information in identifiable form. Protect information according to its sensitivity level. Consider the personal sensitivity of the information and the risk of disclosure, loss or alteration. Most information in systems of records is FOUO. Refer to DoD 5400.7–R/Air Force Supp, DoD Freedom of Information Act Program, for protection methods. Balance additional protection against sensitivity, risk and cost. In some situations, a password may be enough protection for an automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and password systems are obviously less vulnerable than unprotected files. Follow Air Force Instruction 33–202, Computer Security,5 5 http://www.e-publishing.af.mil/pubfiles/af/33/afi33-202/afi33-202.pdf. (a) AF Form 3227, Privacy Act Cover Sheet,6 6 http://www.e-publishing.af.mil/formfiles/af/af3227/af3227.xfd. (b) Privacy Act Labels. Use of Air Force Visual Aid 33–276, Privacy Act Label, is optional to assist in protecting Privacy Act information on compact disks, diskettes, and tapes. You may use the following methods to dispose of records protected by the Privacy Act and authorized for destruction according to records retention schedules: (a) Destroy by any method that prevents compromise, such as tearing, burning, or shredding, so long as the personal data is not recognizable and beyond reconstruction. (b) Degauss or overwrite magnetic tapes or other magnetic medium. (c) Dispose of paper products through the Defense Reutilization and Marketing Office or through activities that manage a base-wide recycling program. The recycling sales contract must contain a clause requiring the contractor to safeguard privacy material until its destruction and to pulp, macerate, shred, or otherwise completely destroy the records. Originators must safeguard Privacy Act material until it is transferred to the recycling contractor. A Federal employee or, if authorized, a contractor employee must witness the destruction. This transfer does not require a disclosure accounting.
Title 32: National Defense
PART 806b—PRIVACY ACT PROGRAM
Subpart J—Protecting and Disposing of Records
§ 806b.34 Protecting records.
§ 806b.35 Balancing protection.
§ 806b.36 Disposing of records.