(a) If a match is to be conducted internally within DoD, a memorandum of understanding (MOU) shall be prepared. It shall contain the same elements as a CMA, except as otherwise indicated in paragraph (b)(4)(ii) of this section.
(b) A CMA shall contain the following elements:
(1) Purpose. Why the match is being proposed and what will be achieved by conducting the match.
(2) Legal authority. What is the Federal or state statutory or regulatory basis for conducting the match. The Privacy Act does not constitute independent authority for matching. Other legal authority shall be identified.
(3) Justification and expected results. Explain why computer matching as opposed to some other administrative means is being proposed and what the expected results will be, including a specific estimate of any savings (see paragraph (b)(13) of this section).
(4) Records description. Identify:
(i) The system of records or non-Federal records. For DoD systems of records, provide the Federal Register citation for the system notice;
(ii) The specific routine use in the system notice if records are to be disclosed outside the Department of Defense (see Sec. 310.22(c)). If records are disclosed within the Department of Defense for an internal match, disclosures are permitted pursuant to paragraph (a) of Sec. 310.22.
(iii) The number of records involved;
(iv) The data elements to be included in the match;
(v) The projected start and completion dates of the match. CMAs remain in effect for 18 months but can be renewed for an additional 12 months provided:
(A) The match will be conducted without any change, and
(B) Each party to the match certifies in writing that the program has been conducted in compliance with the CMA or MOU.
(vi) How frequently will the records be matched.
(5) Records accuracy assessment. Provide an assessment by the source and recipient agencies as to the quality of the information that will be used for the match. The poorer the quality, the more likely that the program will not be cost-effective.
(6) Notice procedures. Identify what direct and indirect means will be used to inform individuals that matching will take place.
(i) Direct notice. Indicate whether the individual is advised that matching may be conducted when he or she applies for a Federal benefit program. Such an advisory should normally be part of the Privacy Act Statement that is contained in the application for benefits. Individual notice sometimes is provided by a separate notice that is furnished the individual upon receipt of the benefit.
(ii) Indirect notice. Indicate whether the individual is advised that matching may be conducted by constructive notice. Indirect or constructive notice is achieved by publication of a routine use in the Federal Register when the matching is between agencies or is achieved by publication of the match notice in the Federal Register.
(7) Verification procedures. Explain how information produced as a result of the match will be independently verified to ensure any adverse information obtained is that of the individual identified in the match.
(8) Due process procedures. Describe what procedures will be used to notify individuals of any adverse information uncovered as a result of the match and to give such individuals an opportunity to either explain the information or how to contest the information. No adverse action shall be taken against the individual until the due process procedures have been satisfied.
(i) Unless other statutory or regulatory authority provides for a longer period of time, the individual shall be given 30 calendar days from the date of the notice to respond to the notice.
(ii) If an individual contacts the agency within the notice period and indicates his or her acceptance of the validity of the adverse information, the agency may take final action. If the period expires without a response, the agency may take final action.
(iii) If the agency determines that there is a potentially significant effect on public health or safety, it may take appropriate action notwithstanding the due process provisions.
(9) Security procedures. Describe the administrative, technical, and physical safeguards that will be established to preserve and protect the privacy and confidentiality of the records involved in the match. The level of security must be commensurate with the level of the sensitivity of the records.
(10) Records usage, duplication, and redisclosure restrictions. Describe any restrictions imposed by the source agency or by statute or regulation on the collateral uses of the records. Recipient agencies may not use the records obtained for matching purposes for any other purpose absent a specific statutory requirement or where the disclosure is essential to the conduct of the matching program.
(11) Disposition procedures. Clearly state that the records used in the match will be retained only for the time required for conducting the match. Once the matching purpose has been achieved, the records will be destroyed unless the records must be retained as directed by other legal authority. Unless the source agency requests that the records be returned, identify the means by which destruction will occur, i.e., shredding, burning, electronic erasure, etc.
(12) Comptroller General access. Include a statement that the Comptroller General may have access to all records of the recipient agency to monitor or verify compliance with the terms of the CMA.
(13) Cost-benefit analysis. (i) A cost-benefit analysis shall be conducted for the proposed computer matching program unless:
(i) A cost-benefit analysis shall be conducted for the proposed computer matching program unless:
(A) The Data Integrity Board waives the requirement, or
(B) The matching program is required by a specific statute.
(ii) The analysis must demonstrate that the program is likely to be cost-effective. This analysis is to ensure agencies are following sound management practices. The analysis provides an opportunity to examine the programs and to reject those that will only produce marginal results.
Sec. Appendix A to Part 310--Safeguarding Personally Identifiable
Information (PII) (See Sec. 310.13 of Subpart B)
A. General
1. The IT environment subjects personal information to special hazards as to unauthorized compromise, alteration, dissemination, and use. Therefore, special considerations must be given to safeguarding personal information in IT systems consistent with the requirements of DoD Directive 8500.1 and DoD Instruction 8500.2.
2. Personally identifiable information must also be protected while it is being processed or accessed in computer environments outside the data processing installation (such as, remote job entry stations, terminal stations, minicomputers, microprocessors, and similar activities).
3. IT facilities authorized to process classified material have adequate procedures and security for the purposes of this Regulation. However, all unclassified information subject to this Regulation must be processed following the procedures used to process and access information designated ``For Official Use Only.'' (See DoD 5200.1-R.)
B. Risk Management and Safeguarding Standards
1. Establish administrative, technical, and physical safeguards that are adequate to protect the information against unauthorized disclosure, access, or misuse. (See OMB Circular A-130 and DoD Instruction 8500.2.)
2. Tailor safeguards to the type of system, the nature of the information involved, and the specific threat to be countered.
C. Minimum Administrative Safeguards
The minimum safeguarding standards as set forth in Sec. 310.13(b) apply to all personal data within any IT system. In addition:
1. Consider the following when establishing IT safeguards:
a. The sensitivity of the data being processed, stored and accessed.
b. The installation environment.
c. The risk of exposure.
d. The cost of the safeguard under consideration.
2. Label or designate media products containing personal information that do not contain classified material in such a manner as to alert those using or handling the information of the need for special protection. Designating products ``For Official Use Only'' in accordance with the requirements of DoD 5200.1-R satisfies this requirement.
3. Mark and protect all computer products containing classified data in accordance with the requirements of DoD 5200.1-R and DoD Directive 8500.1.
4. Mark and protect all computer products containing ``For Official Use Only'' material in accordance with the requirements of DoD 5200.1-R.
5. Ensure that safeguards for protected information stored at secondary sites are appropriate.
6. If there is a computer failure, restore all protected information being processed at the time of the failure using proper recovery procedures to ensure data integrity.
7. Train personnel involved in processing information subject to this Regulation in proper safeguarding procedures.
D. Physical Safeguards
1. For all unclassified facilities, areas, and devices that process information subject to this Regulation, establish physical safeguards that protect the information against reasonably identifiable threats that could result in unauthorized access or alteration.
2. Develop access procedures for unclassified computer rooms, tape libraries, micrographic facilities, decollating shops, product distribution areas, or other direct support areas that process or contain personal information subject to this Regulation that control adequately access to these areas.
3. Safeguard on-line devices directly coupled to IT systems that contain or process information from systems of records to prevent unauthorized disclosure, use, or alteration.
4. Dispose of paper records following appropriate record destruction procedures. (See Sec. 310.13(c) and DoD 5200.1-R.)
E. Technical Safeguards
1. Components are to ensure that all PII not explicitly cleared for public release is protected according to Confidentially Level Sensitive, as established in DoD Instruction 8500.2. In addition, all DoD information and data owners shall conduct risk assessments of compilations of PII and identify those needing more stringent protection for remote access or mobile computing.
2. Encrypt unclassified personal information in accordance with current Information Assurance (IA) policies and procedures, as issued.
3. Remove personal data stored on magnetic storage media by methods that preclude reconstruction of the data.
4. Ensure that personal information is not inadvertently disclosed as residue when transferring magnetic media between activities.
5. Only DoD authorized devices shall be used for remote access. Any remote access, whether for user or privileged functions, must conform to IA controls specified in DoD Instruction 8500.2.
6. Remote access for processing PII should comply with the latest IA policies and procedures.
7. Minimize access to data fields necessary to accomplish an employee's task-normally, access shall be granted only to those data elements (fields) required for the employee to perform his or her job rather than granting access to the entire database.
8. Do not totally rely on proprietary software products to protect personnel data during processing or storage.
F. Special Procedures
1. Managers shall:
a. Prepare and submit for publication all system notices and amendments and alterations thereto. (See Sec. 310.30(f).)
b. Identify required controls and individuals authorized access to PII and maintain updates to the access authorizations.
c. When required, ensure Privacy Impact Assessments are prepared consistent with the requirements of the DoD Deputy Chief Information Officer Memorandum, ``DoD Privacy Impact Assessment Guidance,'' October 28, 2005.
d. Train all personnel whose official duties require access to the system of records in the proper safeguarding and use of the information and ensure that they receive Privacy Act training.
G. Record Disposal
1. Dispose of records subject to this Regulation so as to prevent compromise. (See Sec. 310.13(c).) Magnetic tapes or other magnetic medium may be cleared by degaussing, overwriting, or erasing. (See DoD Memorandum, ``Disposition of Unclassified DoD Computer Hard Drives,'' June 4, 2001.)
2. Do not use respliced waste computer products containing personal data.
Sec. Appendix B to Part 310--Sample Notification Letter (See Sec. 310.14 of subpart C) Dear Mr. John Miller:
On January 1, 2006, a Department of Defense (DoD) laptop computer was stolen from the parked car of a DoD employee in Washington, DC after normal duty hours while the employee was running a personal errand. The laptop contained personally identifying information on 100 DoD employees who were participating in the xxx Program. The compromised information is the name, social security number, residential address, date of birth, office and home email address, office and home telephone numbers of the Program participants.
The theft was immediately reported to local and DoD law enforcement authorities who are now conducting a joint inquiry into the loss.
We believe that the laptop was the target of the theft as opposed to any information that the laptop might contain. Because the information in the laptop was password protected and encrypted, we also believe that the probability is low that the information will be acquired and used for an unlawful purpose. However, we cannot say with certainty that this might not occur. We therefore believe that you should consider taking such actions as are possible to protect against the potential that someone might use the information to steal your identity.
You should be guided by the actions recommended by the Federal Trade Commission at its Web site at http://www.consumer.gov/idtheft/con_steps.htm. The FTC urges that you immediately place an initial fraud alert on your credit file. The Fraud alert is for a period of 90 days, during which, creditors are required to contact you before a new credit card is issued or an existing card changed. The site also provides other valuable information that can be taken now or in the future if problems should develop.
The DoD takes this loss very seriously and is reviewing its current policies and practices with a view of determining what must be changed to preclude a similar occurrence in the future. At a minimum, we will be providing additional training to personnel to ensure that they understand that personally identifiable information must at all times be treated in a manner that preserves and protects the confidentiality of the data.
We deeply regret and apologize for any inconvenience and concern this theft may cause you.
Should you have any questions, please call ------------. Sincerely, Signature Block(Directorate level or higher)
Sec. Appendix C to Part 310--DoD Blanket Routine Uses (See paragraph (c) of Sec. 310.22 of subpart E)
A. Routine Use--Law Enforcement
If a system of records maintained by a DoD Component to carry out its functions indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or by regulation, rule, or order issued pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the agency concerned, whether Federal, State, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto.
B. Routine Use--Disclosure When Requesting Information
A record from a system of records maintained by a Component may be disclosed as a routine use to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to a Component decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.
C. Routine Use--Disclosure Of Requested Information
A record from a system of records maintained by a Component may be disclosed to a Federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
D. Routine Use--Congressional Inquiries
Disclosure from a system of records maintained by a Component may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
E. Routine Use--Private Relief Legislation
Relevant information contained in all systems of records of the Department of Defense published on or before August 22, 1975, may be disclosed to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular A-19 at any stage of the legislative coordination and clearance process as set forth in that circular.
F. Routine Use--Disclosures Required By International Agreements
A record from a system of records maintained by a Component may be disclosed to foreign law enforcement, security, investigatory, or administrative authorities to comply with requirements imposed by, or to claim rights conferred in, international agreements and arrangements, including those regulating the stationing and status in foreign countries of Department of Defense military and civilian personnel.
G. Routine Use--Disclosure to State and Local Taxing Authorities
Any information normally contained in Internal Revenue Service (IRS) Form W-2 which is maintained in a record from a system of records maintained by a Component may be disclosed to State and local taxing authorities with which the Secretary of the Treasury has entered into agreements under 5 U.S.C., sections 5516, 5517, 5520, and only to those State and local taxing authorities for which an employee or military member is or was subject to tax regardless of whether tax is or was withheld. This routine use is in accordance with Treasury Fiscal Requirements Manual Bulletin No. 76-07.
H. Routine Use--Disclosure to the Office of Personnel Management
A record from a system of records subject to the Privacy Act and maintained by a Component may be disclosed to the Office of Personnel Management (OPM) concerning information on pay and leave, benefits, retirement reductions, and any other information necessary for the OPM to carry out its legally authorized government-wide personnel management functions and studies.
I. Routine Use--Disclosure to the Department of Justice for Litigation
A record from a system of records maintained by a Component may be disclosed as a routine use to any component of the Department of Justice for the purpose of representing the Department of Defense, or any officer, employee or member of the Department in pending or potential litigation to which the record is pertinent.
J. Routine Use--Disclosure to Military Banking Facilities
Information as to current military addresses and assignments may be provided to military banking facilities who provide banking services overseas and who are reimbursed by the Government for certain checking and loan losses. For personnel separated, discharged, or retired from the Armed Forces, information as to last known residential or home of record address may be provided to the military banking facility upon certification by a banking facility officer that the facility has a returned or dishonored check negotiated by the individual or the individual has defaulted on a loan and that if restitution is not made by the individual, the U.S. Government will be liable for the losses the facility may incur.
K. Routine Use--Disclosure of Information to the General Services
Administration
A record from a system of records maintained by a Component may be disclosed as a routine use to the General Services Administration (GSA) for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
L. Routine Use--Disclosure of Information to the National Archives and
Records Administration
A record from a system of records maintained by a Component may be disclosed as a routine use to the National Archives and Records Administration (NARA) for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
M. Routine Use--Disclosure to the Merit Systems Protection Board
A record from a system of records maintained by a Component may be disclosed as a routine use to the Merit Systems Protection Board, including the Office of the Special Counsel, for the purpose of litigation, including administrative proceedings, appeals, special studies of the civil service and other merit systems, review of OPM or Component rules and regulations, investigation of alleged or possible prohibited personnel practices, including administrative proceedings involving any individual subject of a DoD investigation, and such other functions, promulgated in 5 U.S.C. 1205 and 1206 or as may be authorized by law.
N. Routine Use--Counterintelligence Purposes
A record from a system of records maintained by a Component may be disclosed as a routine use outside the Department of Defense (DoD) or the U.S. Government for the purpose of counterintelligence activities authorized by U.S. law or Executive Order or for the purpose of enforcing laws that protect the national security of the United States.
Appendix D to Part 310--Provisions of the Privacy Act From Which a
General or Specific Exemption May Be Claimed (See paragraph (d) of Sec. 310.26 ) ------------------------------------------------------------------------
Exemptions-------------------------------- Section of the Privacy Act
(j)(2) (k) (1-7)------------------------------------------------------------------------No............ No............. (b)(1) Disclosures within the
(2) (k) (1-7)------------------------------------------------------------------------No............ No............. (b)(1) Disclosures within the
Department of Defense.No............ No............. (2) Disclosures to the public.No............ No............. (3) Disclosures for a ``Routine Use.''No............ No............. (4) Disclosures to the Bureau of
Census.No............ No............. (5) Disclosures for statistical
research and reporting.No............ No............. (6) Disclosures to the NARA.No............ No............. (7) Disclosures for law enforcement
purposes.No............ No............. (8) Disclosures under emergency
circumstances.
No............ No............. (9) Disclosures to the Congress.No............ No............. (10) Disclosures to the GAO.No............ No............. (11) Disclosures pursuant to court
orders.No............ No............. (12) Disclosure to consumer reporting
(1) Making disclosure accountings.No............ No............. (2) Retaining disclosure accountings.Yes........... Yes............ (c)(3) Making disclosure accounting
available to the individual.Yes........... No............. (c)(4) Informing prior recipients of
(1) Individual access to records.Yes........... Yes............ (2) Amending records.Yes........... Yes............ (3) Review of the Component's refusal
to amend a record.Yes........... Yes............ (4) Disclosure of disputed information.Yes........... Yes............ (5) Access to information compiled in
(1) Restrictions on collecting
information.Yes........... No............. (e)(2) Collecting directly from the
individual.Yes........... No............. (3) Informing individuals from whom
information is requested.No............ No............. (e)(4)(A) Describing the name and
location of the system.No............ No............. (B) Describing categories of
individuals.No............ No............. (C) Describing categories of records.No............ No............. (D) Describing routine uses.No............ No............. (E) Describing records management
policies and practices.No............ No............. (F) Identifying responsible officials.Yes........... Yes............ (e)(4)(G) Procedures for determining if
a system contains a record on an
individual.Yes........... Yes............ (H) Procedures for gaining access.Yes........... Yes............ (I) Describing categories of
information sources.Yes........... No............. (e)(5) Standards of accuracy.No............ No............. (e)(6) Validating records before
disclosure.No............ No............. (e)(7) Records of First Amendment
activities.No............ No............. (e)(8) Notification of disclosure under
compulsory legal process.No............ No............. (e)(9) Rules of conduct.No............ No............. (e)(10) Administrative, technical, and
physical safeguards.No............ No............. (11) Notice for new and revised routine
(1) Rules for determining if an
individual is subject of a record.Yes........... Yes............ (f)(2) Rules for handling access
(1) Basis for civil action.Yes........... No............. (g)(2) Basis for judicial review and
remedies for refusal to amend.Yes........... No............. (g)(3) Basis for judicial review and
remedies for denial of access.Yes........... No............. (g)(4) Basis for judicial review and
(i)(1) Criminal penalties for
(1) Criminal penalties for
unauthorized disclosure.No............ No............. (2) Criminal penalties for failure to
publish.No............ No............. (3) Criminal penalties for obtaining
(1) General exemption for the
Central Intelligence Agency.N/A........... No............. (j)(2) General exemption for criminal
(1) Exemption for classified
material.N/A........... No............. (k)(2) Exemption for law enforcement
material.Yes........... N/A............ (k)(3) Exemption for records pertaining
to Presidential protection.Yes........... N/A............ (k)(4) Exemption for statistical
records.Yes........... N/A............ (k)(5) Exemption for investigatory
material compiled for determining
suitability for employment or service.Yes........... N/A............ (k)(6) Exemption for testing or
examination material.Yes........... N/A............ (k)(7) Exemption for promotion
evaluation materials used by the Armed
(1) Records stored in GSA records
centers.Yes........... No............. (l)(2) Records archived before
September 27, 1975.Yes........... No............. (l)(3) Records archived on or after
September 27, 1975.Yes........... No............. (m) Applicability to Government
contractors.Yes........... No............. (n) Mailing lists.Yes \1\....... No............. (o) Reports on new systems.Yes \1\....... No............. (p) Annual report.------------------------------------------------------------------------\1\ See paragraph (d) of Sec. 310.26. Sec. Appendix E to Part 310--Sample of New or Altered System of Records
Notice in Federal Register Format (See paragraph (f) of Sec. 310.30)
New system of records notice
DEPARTMENT OF DEFENSE
Office of the Secretary
Privacy Act of 1974; System of Records AGENCY: Office of the Secretary, DoD.ACTION: Notice to add a system of records.SUMMARY: The Office of the Secretary of Defense proposes to add a system of records to its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.DATES: The changes will be effective on (insert date thirty days after publication in the Federal Register) unless comments are received that would result in a contrary determination.ADDRESSES: Send comments to OSD Privacy Act Coordinator, Records Management Section, Washington Headquarters Services, 1155 Defense Pentagon, Washington, DC 20301-1155.FOR FURTHER INFORMATION CONTACT: Ms. Mary Smith at (703) 000-0000.SUPPLEMENTARY INFORMATION: The Office of the Secretary of Defense notices for systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.
The proposed systems reports, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, were submitted on January 20, 2006, to the House Committee on Government Reform, the Senate Committee on Homeland Security and Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, ``Federal Agency Responsibilities for Maintaining Records About Individuals,'' dated February 8, 1996 (February 20, 1996, 61 FR 6427).
Dated: February 1, 2006. John Miller, OSD Federal Register Liaison Officer, Department of Defense.
NSLRB 01
System name: The National Security Labor Relations Board (NSLRB).
System location: National Security Labor Relations Board (NSLRB), 1401 Wilson Boulevard, Arlington, VA 22209-2325.
Categories of individuals covered by the system: Current and former civilian Federal Government employees who have filed unfair labor practice charges, negotiability disputes, exceptions to arbitration awards, and impasses with the National Security Labor Relations Board (NSLRB) pursuant to the National Security Personnel System (NSPS).
Categories of records in the system: Documents relating to the proceedings before the Board, including the name of the individual initiating NSLRB action, statements of witnesses, reports of interviews and hearings, examiner's findings and recommendations, a copy of the original decision, and related correspondence and exhibits.
Authority for maintenance of the system: The National Defense Authorization Act for FY 2004, Public Law 108-136, Section 1101; 5 U.S.C. 9902(m), Labor Management Relations in the Department of Defense; and 5 CFR 9901.907, National Security Labor Relations Board.
Purpose(s): To establish a system of records that will document adjudication of unfair labor practice charges, negotiability disputes, exceptions to arbitration awards, and impasses filed with the National Security Labor Relations Board.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To the Federal Labor Relations Authority (FLRA) or the Equal Employment Opportunity Commission, when requested, for performance of functions authorized by law.
To disclose, in response to a request for discovery or for appearance of a witness, information that is relevant to the subject matter involved in a pending judicial or administrative proceeding.
To provide information to officials of labor organizations recognized under 5 U.S.C. 71 when relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting work conditions.
The DoD ``Blanket Routine Uses'' set forth at the beginning of OSD's compilation of systems of records notices apply to this system.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage: Records are maintained on electronic storage media and paper.
Retrievability: Records will be retrieved in the system by the following identifiers: assigned case number; individual's name; labor organizations filing the unfair labor practice charges; negotiability disputes; exceptions to arbitration awards; date, month, year or filing; complaint type; and the organizational component from which the complaint arises.
Safeguards: Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Access to records is limited to person(s) responsible for servicing the record in performance of their official duties and who are properly screened and cleared for need-to-know. Access to computerized data is restricted by passwords, which are changed periodically.
Retention and disposal: Records are disposed of 5 years after final resolution of case.
System manager(s) and address: Executive Director, National Security Personnel System, Program Executive Office, 1401 Wilson Boulevard, Arlington, VA 22209-2325.
Notification procedure: Individuals seeking to determine whether this system of records contains information about themselves should address written inquiries to the Executive Director, National Security Personnel System, Program Executive Office, 1401 Wilson Boulevard, Arlington, VA 22209-2325.
Request should contain name; assigned case number; approximate case date (day, month, and year); case type; the names of the individuals and/or labor organizations filed the unfair labor practice charges; negotiability disputes; exceptions to arbitration awards; and impasses.
Record access procedures: Individuals seeking access to records about themselves contained in this system of records should address written inquiries to the Executive Director, National Security Personnel System, Program Executive Office, 1401 Wilson Boulevard, Arlington, VA 22209-2325.
Request should contain name; assigned case number; approximate case date (day, month, and year); case type; the names of the individuals and/or labor organizations filed the unfair labor practice charges; negotiability disputes; exceptions to arbitration awards; and impasses.
Contesting record procedures: The OSD's rules for accessing records, for contesting contents and appealing initial agency determinations are published in OSD Administrative Instruction No. 81; 32 CFR part 311; or may be obtained from the system manager.
Record source categories: Individual; other officials or employees; and departmental and other records containing information pertinent to the NSLRB action.
Exemptions claimed for the system: None.
Altered System of Record Notice
DEPARTMENT OF DEFENSE
Defense Logistics Agency
Privacy Act of 1974; Systems of Records AGENCY: Defense Logistics Agency.ACTION: Notice to alter a system of records.SUMMARY: The Defense Logistics Agency proposes to alter a system of records notice in its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. The alteration adds two routine uses, revises the purpose category, and makes other administrative changes to the system notice.DATES: This action will be effective without further notice on (insert date thirty days after publication in the Federal Register) unless comments are received that would result in a contrary determination.ADDRESSES: Send comments to the Privacy Act Officer, Headquarters, Defense Logistics Agency, ATTN: DSS-B, 8725 John J. Kingman Road, Suite 2533, Fort Belvoir, VA 22060-6221.FOR FURTHER INFORMATION CONTACT: Ms. Mary Smith at (703) 000-0000.SUPPLEMENTARY INFORMATION: The Defense Logistics Agency notices for systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.
The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on January 29, 2004, to the House Committee on Government Reform, the Senate Committee on Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, `Federal Agency Responsibilities for Maintaining Records About Individuals,' dated February 8, 1996 (February 20, 1996, 61 FR 6427).
Dated: February 2, 2004. John Miller, Alternate OSD Federal Register Liaison Officer, Department of Defense.
S253.10 DLA-G
System name: Invention Disclosure (February 22, 1993, 58 FR 10854).
Changes:
* * * * *
System identifier: Replace `S253.10 DLA-G' with `S100.70'.
* * * * *
Categories of individuals covered by the system: Delete `to the DLA General Counsel' at the end of the sentence and replace with `to DLA.'
* * * * *
Categories of records in the system: Delete entry and replace with `Inventor's name, Social Security Number, address, and telephone numbers; descriptions of inventions; designs or drawings, as appropriate; evaluations of patentability; recommendations for employee awards; licensing documents; and similar records. Where patent protection is pursued by DLA, the file may also contain copies of applications, Letters Patent, and related materials.'
* * * * *
Authority for maintenance of the system: Delete entry and replace with `5 U.S.C. 301, Departmental Regulations; 5 U.S.C. 4502, General provisions; 10 U.S.C. 2320, Rights in technical data; 15 U.S.C. 3710b, Rewards for scientific, engineering, and technical personnel of federal agencies; 15 U.S.C. 3711d, Employee activities; 35 U.S.C. 181-185, Secrecy of Certain Inventions and Filing Applications in Foreign Countries; E.O. 9397 (SSN); and E.O. 10096 (Inventions Made by Government Employees) as amended by E.O. 10930.'
* * * * *
Purpose(s): Delete entry and replace with `Data is maintained for making determinations regarding and recording DLA interest in the acquisition of patents; for documenting the patent process; and for documenting any rights of the inventor. The records may also be used in conjunction with the employee award program, where appropriate.'
* * * * *
Routine uses of records maintained in the system, including categories of users and the purpose of such uses: Add two new paragraphs: `To the U.S. Patent and Trademark Office for use in processing applications and performing related functions and responsibilities under Title 35 of the U.S. Code.
To foreign government patent offices for the purpose of securing foreign patent rights.'
* * * * *
Safeguards: Delete entry and replace with `Access is limited to those individuals who require the records for the performance of their official duties. Paper records are maintained in buildings with controlled or monitored access. During non-duty hours, records are secured in locked or guarded buildings, locked offices, or guarded cabinets. The electronic records systems employ user identification and password or smart card technology protocols.'
* * * * *
Retention and disposal: Delete entry and replace with `Records maintained by Headquarters and field Offices of Counsel are destroyed 26 years after file is closed. Records maintained by field level Offices of Counsel where patent applications are not prepared are destroyed 7 years after closure.'
* * * * *
Record source categories: Delete entry and replace with `Inventors, reviewers, evaluators, officials of U.S. and foreign patent offices, and other persons having a direct interest in the file.'
* * * * *
S100.70
System name: Invention Disclosure.
System location: Office of the General Counsel, HQ DLA-DG, 8725 John J. Kingman Road, Stop 2533, Fort Belvoir, VA 22060-6221, and the offices of counsel of the DLA field activities. Official mailing addresses are published as an appendix to DLA's compilation of systems of records notices.
Categories of individuals covered by the system: Employees and military personnel assigned to DLA who have submitted invention disclosures to DLA.
Categories of records in the system: Inventor's name, Social Security Number, address, and telephone numbers; descriptions of inventions; designs or drawings, as appropriate; evaluations of patentability; recommendations for employee awards; licensing documents; and similar records. Where patent protection is pursued by DLA, the file may also contain copies of applications, Letters Patent, and related materials.
Authority for maintenance of the system: 5 U.S.C. 301, Departmental Regulations; 5 U.S.C. 4502, General provisions; 10 U.S.C. 2320, Rights in technical data; 15 U.S.C. 3710b, Rewards for scientific, engineering, and technical personnel of federal agencies; 15 U.S.C. 3711d, Employee activities; 35 U.S.C. 181-185, Secrecy of Certain Inventions and Filing Applications in Foreign Countries; E.O. 9397 (SSN); and E.O. 10096 (Inventions Made by Government Employees) as amended by E.O. 10930.
Purpose(s): Data is maintained for making determinations regarding and recording DLA interest in the acquisition of patents, for documenting the patent process, and for documenting any rights of the inventor. The records may also be used in conjunction with the employee award program, where appropriate.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To the U.S. Patent and Trademark Office for use in processing applications and performing related functions and responsibilities under Title 35 of the U. S. Code.
To foreign government patent offices for the purpose of securing foreign patent rights.
Information may be referred to other government agencies or to non-government agencies or to non-government personnel (including contractors or prospective contractors) having an identified interest in a particular invention and the Government's rights therein.
The DoD `Blanket Routine Uses' set forth at the beginning of DLA's compilation of systems of records notices apply to this system.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage: Records are maintained in paper and computerized form.
Retrievability: Filed by names of inventors.
Safeguards: Access is limited to those individuals who require the records for the performance of their official duties. Paper records are maintained in buildings with controlled or monitored access. During non-duty hours, records are secured in locked or guarded buildings, locked offices, or guarded cabinets. The electronic records systems employ user identification and password or smart card technology protocols.
Retention and disposal: Records maintain by the HQ and field Offices of Counsel are destroyed 26 years after file is closed. Records maintained by field level Offices of Counsel where patent applications are not prepared are destroyed 7 years after closure.
System manager(s) and address: Office of the General Counsel, Headquarters, Defense Logistics Agency, ATTN: DG, 8725 John J. Kingman Road, Stop 2533, Fort Belvoir, VA 22060-6221.
Notification procedure: Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Privacy Officer, Headquarters, Defense Logistics Agency, ATTN: DSS-B, 8725 John J. Kingman Road, Stop 6220, Fort Belvoir, VA 22060-6221, or the Privacy Officers at DLA field activities. Official mailing addresses are published as an appendix to DLA's compilation of systems of records notices.
Record access procedures: Individuals seeking access to information about themselves contained in this system should address written inquiries to the Privacy Officer, Headquarters, Defense Logistics Agency, ATTN: DSS-B, 8725 John J. Kingman Road, Stop 6220, Fort Belvoir, VA 22060-6221, or the Privacy Officers at the DLA field activities. Official mailing addresses are published as an appendix to DLA's compilation of systems of records notices.
Individuals should provide information that contains full name, current address and telephone numbers of requester.
For personal visits, each individual shall provide acceptable identification, e.g., driver's license or identification card.
Contesting record procedures: The DLA rules for accessing records, contesting contents, and appealing initial agency determinations are contained in 32 CFR part 323, or may be obtained from the Privacy Act Officer, Headquarters, Defense Logistics Agency, ATTN: DSS-B, 8725 John J. Kingman Road, Stop 6220, Fort Belvoir, VA 22060-6221.
Record source categories: Inventors, reviewers, evaluators, officials of U.S. and foreign patent offices, and other persons having a direct interest in the file.
Exemptions claimed for the system: None.
Sec. Appendix F to Part 310--Format for New or Altered System Report (See paragraph (c) of Sec. 310.33)
The report on a new or altered system shall consist of a transmittal letter, a narrative statement, and include supporting documentation.
A. Transmittal Letter
The transmittal letter shall be prepared by the Defense Privacy Office and shall contain assurances that the new or altered system does not duplicate any existing Component systems, DoD-wide systems or government-wide systems. The narrative statement, and the system notice, shall be attached thereto.
B. Narrative Statement
The statement shall include information on the following:
1. System Identifier and name;
2. Responsible official;
3. Purpose of establishing the system [for a new system only] or Nature of the changes proposed for the system [for altered system only];
4. Authority for maintenance of the System;
5. Probable or potential effects on the privacy of individuals;
6. Is the system, in whole or part, being maintained by a contractor;
7. Steps taken to minimize risk of unauthorized access;
8. Routine use compatibility;
9. OMB information collection requirements; and
10. Supporting documentation.
Attachment 1--Sample Format for Narrative Statement
DEPARTMENT OF DEFENSE
[Component Name]
Narrative Statement on a [New/Altered] System of Records
Under the Privacy Act of 1974
1. System Identifier and Name. This caption sets forth the identification and name of the system (see subparagraphs (b)(c) of Sec. 310.32).
2. Responsible Official. The name, title, address, and telephone number of the official responsible for the report and to whom inquiries and comments about the report may be directed by Congress, the Office of Management and Budget, or the Defense Privacy Office.
3. Purpose of establishing the system or nature of the changes proposed for the system: Describe the purpose of the new system or how an existing system is being changed.
4. Authority for maintenance of the system. See paragraph (g) of Sec. 310.32.
5. Probable or potential effects on the privacy of individuals. What effect, if any, will the new or altered system impact the personal privacy of the affected individuals.
6. Is the system, in whole or in part, being maintained by a contractor. If yes, Components shall ensure that the contract has incorporated the Federal Acquisition privacy clause (see paragraph (a)(1) of Sec. 310.12).
7. Steps taken to minimize risk of unauthorized access. Describe actions taken to reduce the vulnerability of the system to potential threats. See Appendix A to this part.
8. Routine use compatibility. Provide assurances that any records contained in the system that are disclosed outside the DoD shall be for a use that is compatible with the purpose for which the record was collected. Advise whether or not the blanket routine uses apply to this system.
9. OMB collection requirements. If information is to be collected from members of the public, the requirements of reference ( ) apply and OMB must be advised.
10. Supporting documentation. The following are typical enclosures that may be required:
a. An advance copy of the system notice for a new or altered system that is proposed for publication.
b. An advance copy of a proposed exemption rule if the new or altered system is to be exempted in accordance with subpart F.
c. Any other supporting documentation that may be pertinent or helpful in understanding the need for the system or clarifying its intended use.
Attachment 2--SAMPLE NARRATIVE STATEMENT
DEPARTMENT OF DEFENSE
Office of the Secretary
Narrative Statement on a New System of Records
Under the Privacy Act of 1974
1. System identifier and name: NSLRB 01, entitled ``The National Security Labor Relations Board (NSLRB).''
2. Responsible official: Mr. John Miller, National Security Labor Relations Board (NSLRB), 0000 Smith Boulevard, Arlington, VA 22209, Telephone (703) 000-0000.
3. Purpose of establishing the system: The Office of the Secretary of Defense is proposing to establish a system of records that will document adjudication of unfair labor practice charges, negotiability disputes, exceptions to arbitration awards, and impasses filed with the National Security Labor Relations Board.
4. Authority for the maintenance of the system: The National Defense Authorization Act for FY 2004, Pub Law 108-136, Section 1101; 5 U.S.C. 9902(m), Labor Management Relations in the Department of Defense; and 5 CFR 9901.907, National Security Labor Relations Board.
5. Probable or potential effects on the privacy of individuals: None
6. Is the system, in whole or in part, being maintained by a contractor? No
7. Steps taken to minimize risk of unauthorized access: Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Access to records is limited to person(s) responsible for servicing the record in performance of their official duties and who are properly screened and cleared for need-to-know. Access to computerized data is restricted by passwords, which are changed periodically.
8. Routine use compatibility: Any release of information contained in this system of records outside of the DoD will be compatible with purposes for which the information is collected and maintained. The DoD ``Blanket Routine Uses'' apply to this system of records.
9. OMB information collection requirements: None.
10. Supporting documentation: None.
Sec. Appendix G to Part 310--Sample Amendments or Deletions to System
Notices in Federal Register Format (See Sec. 310.34)
Amendment of system notice
DEPARTMENT OF DEFENSE
Department of the Army
Privacy Act of 1974; System of Records AGENCY: Department of the Army, DoD.ACTION: Notice to Amend a System of Records.SUMMARY: The Department of the Army is proposing to amend a system of records notice in its existing inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended.DATES: This proposed action will be effective without further notice on (insert date thirty days after publication in Federal Register) unless comments are received which result in a contrary determination.ADDRESSES: Department of the Army, Freedom of Information/Privacy Division, U.S. Army Records Management and Declassification Agency, ATTN: AHRC-PDD-FPZ, 7701 Telegraph Road, Casey Building, Suite 144, Alexandria, VA 22325-3905. FOR FURTHER INFORMATION CONTACT: Ms. Mary Smith at (703) 000-0000.SUPPLEMENTARY INFORMATION: The Department of the Army systems of records notices subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.
The specific changes to the records systems being amended are set forth below followed by the notices, as amended, published in their entirety. The proposed amendments are not within the purview of subsection (r) of the Privacy Act of 1974, (5 U.S.C. 552a), as amended, which requires the submission of a new or altered system report.
Dated: February 3, 2006. John Miller, OSD Federal Register Liaison Officer, Department of Defense.
A0055 USEUCOM
System name: Europe Command Travel Clearance Records (August 23, 2004, 69 FR 51817).
Changes:
* * * * *
System name: Delete system identifier and replace with: ``A0055 USEUCOM DoD''.
* * * * *
A0055 USEUCOM DoD
System name: Europe Command Travel Clearance Records.
System location: Headquarters, United States European Command, Computer Network Operations Center, Building 2324, P.O. Box 1000, APO AE 09131-1000.
Categories of individuals covered by the system: Military, DoD civilians, and non-DoD personnel traveling under DoD sponsorship (e.g., contractors, foreign nationals and dependents) and includes temporary travelers within the United States European Command's (USEUCOM) area of responsibility as defined by the DoD Foreign Clearance Guide Program.
Categories of records in the system: Travel requests, which contain the individual's name; rank/pay grade; Social Security Number; military branch or department; passport number; Visa Number; office address and telephone number, official and personal email address, detailed information on sites to be visited, visitation dates and purpose of visit.
Authority for the maintenance of the system: 10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 5013, Secretary of the Navy; 10 U.S.C. 8013, Secretary of the Air Force; DoD 4500.54-G, Department of Defense Foreign Clearance Guide; Public Law 99-399, Omnibus Diplomatic Security and Antiterrorism Act of 1986; 22 U.S.C. 4801, 4802, and 4805, Foreign Relations and Intercourse; E.O. 12333, United States Intelligence Activities; Army Regulation 55-46, Travel Overseas; and E.O. 9397 (SSN).
Purpose(s): To provide the DoD with an automated system to clear and audit travel within the United States European Command's area of responsibility and to ensure compliance with the specific clearance requirements outline in the DoD Foreign Clearance Guide; to provide individual travelers with intelligence and travel warnings; and to provide the Defense Attach[eacute] and other DoD authorized officials with information necessary to verify official travel by DoD personnel.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To the Department of State Regional Security Officer, U.S. Embassy officials, and foreign police for the purpose of coordinating security support for DoD travelers.
The DoD `Blanket Routine Uses' set forth at the beginning of the Army's compilation of systems of records notices also apply to this system.
Policies and practices for storing, retiring, accessing, retaining, and disposing of records.
Storage: Electronic storage media.
Retrievability: Retrieved by individual's surname, Social Security Number and/or passport number.
Safeguards: Electronic records are located in the United States European Command's Theater Requirements Automated Clearance System (TRACS) computer database with built in safeguards. Computerized records are maintained in controlled areas accessible only to authorized personnel with an official need to know access. In addition, automated files are password protected and in compliance with the applicable laws and regulations. Another built in safeguard of the system is records are access to the data through secure network.
Retention and disposal: Records are destroyed 3 months after travel is completed.
System manager(s) and address: Special Assistant for Security Matters, Headquarters, United States European Command, Unit 30400, P.O. Box 1000, APO AE 09131-1000.
Notification procedures: Individuals seeking to determine whether information about themselves is contained in this system of records should address written inquiries to the Special Assistant for Security Matters, Headquarters, United States European Command, Unit 30400, P.O. Box 1000, APO AE 09131-1000.
Requests should contain individual's full name, Social Security Number, and/or passport number.
Record access procedures: Individuals seeking to access information about themselves that is contained in this system of records should address written inquiries to the Special Assistant for Security Matters, Headquarters, United States European Command, Unit 30400, P.O. Box 1000, APO AE 09131-1000.
Requests should contain individual's full name, Social Security Number, and/or passport number.
Contesting record procedures: The Army's rules for accessing records and for contesting contents and appealing initial agency determinations are contained in Army Regulation 340-21; 32 CFR part 505; or may be obtained from the system manager.
Record source categories: From individuals.
Exemptions claimed for the system: None.
Deletion of System Notice
DEPARTMENT OF DEFENSE
Office of the Secretary
Privacy Act of 1974; System of Records AGENCY: Office of the Secretary, DoD. ACTION: Notice to delete systems of records. SUMMARY: The Office of the Secretary of Defense is deleting a system of records notice from its existing inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended.DATES: This proposed action will be effective without further notice on (insert date thirty days after publication in Federal Register) unless comments are received which result in a contrary determination.ADDRESSES: OSD Privacy Act Coordinator, Records Management Section, Washington Headquarters Services, 1155 Defense Pentagon, Washington, DC 20301-1155.FOR FURTHER INFORMATION CONTACT: Ms. Mary Smith at (703) 000-0000.SUPPLEMENTARY INFORMATION: The Office of the Secretary of Defense systems of records notices subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.
The specific changes to the records system being amended are set forth below followed by the notice, as amended, published in its entirety. The proposed amendments are not within the purview of subsection (r) of the Privacy Act of 1974, (5 U.S.C. 552a), as amended, which requires the submission of a new or altered system report.
Dated: April 2, 2006. John Miller, OSD Federal Register Liaison Officer, Department of Defense.
DODDS 27 System name: DoD Domestic and Elementary School Employee File (May 9, 2003, 68 FR 24935).Reason: The records contained in this system of records are covered by OPM/GOVT-1 (General Personnel Records), a government-wide system notice.
Sec. Appendix H to Part 310--Litigation Status Sheet
(See Sec. 310.49)
Litigation Status Sheet 1. Case Number \1\---------------------------------------------------------------------------
\1\ Number used by the Component for reference purposes.--------------------------------------------------------------------------- 2. Requester3. Document Title or Description \2\---------------------------------------------------------------------------
\2\ Indicate the nature of the case, such as, ``Denial of access,'' ``Refusal to amend,'' ``Incorrect records,'' or other violations of the Act (specify).--------------------------------------------------------------------------- 4. Litigationa. Date Complaint Filedb. Courtc. Case File Number \1\5. Defendants (DoD Component and individual)6. Remarks (brief explanation of what the case is about)7. Court Actiona. Court's Finding b. Disciplinary Action (as appropriate)8. Appeal (as appropriate)a. Date Complaint Filedb. Courtc. Case File Numberd. Court's Findinge. Disciplinary Action (as appropriate)