(a) Judicial sanctions. The Act has both civil remedies and criminal penalties for violations of its provisions.
(1) Civil remedies. The DA is subject to civil remedies for violations of the Privacy Act. In addition to specific remedial actions, 5 U.S.C. 552a(g) may provide for the payment of damages, court costs, and attorney's fees.
(2) Criminal penalties. A DA official or employee may be found guilty of a misdemeanor and fined not more than $5,000 for willfully--
(i) Disclosing individually identifiable personal information to one not entitled to the information;
(ii) Requesting or obtaining information from another's record under false pretenses; or
(iii) Maintaining a system of records without first meeting the public notice requirements of the Act.
(b) Litigation Status Sheet. (1) When a complaint citing the Privacy Act is filed in a U.S. District Court against the Department of the Army, an Army Component, a DA Official, or any Army employee, the responsible system manager will promptly notify the Army Litigation Division, U.S. Army Legal Services Agency (USALSA), 9275 Gunston Road, Fort Belvoir, VA 22060.
(1) When a complaint citing the Privacy Act is filed in a U.S. District Court against the Department of the Army, an Army Component, a DA Official, or any Army employee, the responsible system manager will promptly notify the Army Litigation Division, U.S. Army Legal Services Agency (USALSA), 9275 Gunston Road, Fort Belvoir, VA 22060.
(2) The Litigation Status Sheet at appendix E of this part provides a standard format for this notification. At a minimum, the initial notification will have items (a) through (f) provided.
(3) A revised Litigation Status Sheet must be provided at each stage of the litigation.
(4) When a court renders a formal opinion or judgment, copies must be provided to the Defense Privacy Office by the Army Litigation Division.
(c) Administrative remedies--Privacy Act complaints. (1) The installation level Privacy Act Officer is responsible for processing Privacy Act complaints or allegations of Privacy Act violations. Guidance should be sought from the local Staff Judge Advocate and coordination made with the system manager to assist in the resolution of Privacy Act complaints. The local Privacy Act officer is responsible for--
(1) The installation level Privacy Act Officer is responsible for processing Privacy Act complaints or allegations of Privacy Act violations. Guidance should be sought from the local Staff Judge Advocate and coordination made with the system manager to assist in the resolution of Privacy Act complaints. The local Privacy Act officer is responsible for--
(i) Reviewing allegations of Privacy Act violations and the evidence provided by the complainants;
(ii) Making an initial assessment as to the validity of the complaint, and taking appropriate corrective action;
(iii) Coordinating with the local Staff Judge Advocate to determine whether a more formal investigation such as a commander's inquiry or an AR 15-6 investigation is appropriate; and
(iv) Ensuring the decision at the local level from either the Privacy Act Officer or other individual who directed a more formal investigation is provided to the complainant in writing.
(2) The decision at the local level may be appealed to the next higher command level Privacy Act Officer.
(3) A legal review from the next higher command level Privacy Act Officer's servicing Staff Judge Advocate is required prior to action on the appeal. [71 FR 46052, Aug. 10, 2006, as amended at 78 FR 18473, Mar. 27, 2013]