All terms used in this part which are defined in 5 U.S.C. 552a shall have the same meaning herein.
Access. Allowing individuals to review or receive copies of their records.
Accuracy. Within sufficient tolerance for error to assure the quality of the record in terms of its use in making a determination.
Agency. Any Executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the [federal] Government (including the Executive Office of the President), or any independent regulatory agency (as defined by 5 U.S.C. 552a).
Amendment. The process of adding, deleting, or changing information in a System of Records (SOR) to make the data accurate, relevant, timely, and/or complete.
Appellate authority. The individual with authority to deny requests for access or amendment of records under 5 U.S.C. 552a.
Breach. A loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where a person other than authorized users (with an official need to know), and for an other than authorized purpose has access or potential access to personally identifiable information, whether physical or electronic. A breach can include identifiable information in any form. (As defined by DoD Director of Administration and Management Memo, 5 Jun 2009 entitled ``Safeguarding Against and Responding to the Breach of Personally Identifiable Information (PII).'') (Available at http://www.dod.mil/pubs/foi/privacy/docs/ DA_M6_5_2009Responding--toBreach_ of_PII.pdf)
Chief, National Guard Bureau (CNGB). A principal advisor to the Secretary of Defense, through the Chairman of the Joint Chiefs of Staff, on matters involving non-federalized National Guard forces and on other matters as determined by the Secretary of Defense; and the principal adviser to the Secretary of the Army and the Chief of Staff of the Army, and to the Secretary of the Air Force and the Chief of Staff of the Air Force, on matters relating to the National Guard, the Army National Guard of the United States, and the Air National Guard of the United States. The CNGB also represents the National Guard on the Joint Chiefs of Staff.
Completeness. All elements necessary for making a determination are present before such determination is made.
Computer matching program. A program that matches the personal records in computerized database of two or more Federal agencies.
Denial authority. The individual with authority to deny requests for access or amendment of records under 5 U.S.C. 552a.
Determination. Any decision affecting an individual which, in whole or in part, is based on information contained in the record and which is made by any person or agency.
Directorate/Division. The terms directorate and division are used to refer to suborganizations within the NGB. The Joint Staff and Air Guard Readiness Center uses the term ``Directorate'' to refer to their suborganizations and the Army Guard Readiness Center uses the term ``Division'' to refer to their suborganizations.
Disclosure. Giving information from a system, by any means, to anyone other than the record subject.
Disclosure accounting. A record of all disclosures made from a SOR, except for disclosures made to Department of Defense personnel for use in performance of their official duties or disclosures made as required by 5 U.S.C. 552.
Federal Register (FR). A daily publication of notices and rules issued by Federal Agencies and the President printed on a daily Federal workday.
Individual. A citizen of the United States or an alien lawfully admitted for permanent residence. (As defined by 5 U.S.C. 552a)
Maintain. Maintain, collect, use or disseminate. (As defined by 5 U.S.C. 552a)
Memorandum of Agreement. A written understanding (agreement) between parties to cooperatively work together on an agreed upon project or meet an agreed objective.
Memorandum of Understanding. A written agreement between parties describing a bilateral or multilateral agreement between parties.
Necessary. A threshold of need for an element of information greater than mere relevance and utility.
Personal information. Information about an individual other than items of public record.
Personally Identifiable Information (PII). Personal information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her. Information which can be used to distinguish or trace an individual's identity which is linked or linkable to a specified individual.
Privacy Act (5 U.S.C. 552a) Request. An oral (in person) or written request by an individual to access his or her records in a SOR.
Privacy Act (5 U.S.C. 552a) Statement (PAS). A statement given to an individual when soliciting personal information that will be maintained in a SOR that advises them of the authority to collect information, the principal purpose(s) that the information will be used for, the routine uses on how the information will be disclosed outside of the agency, and whether it is mandatory or voluntary to provide the information and any consequences for not providing the information.
Privacy Impact Assessment (PIA). A written assessment of an information system that addresses the information to be collected, the purpose and intended use; with whom the information will be shared; notice or opportunities for consent to individuals; how the information will be secured; and whether a new SOR is being created under 5 U.S.C. 552a. Privacy Impact Assessments are required for all information systems and electronic collections that collect, maintain, use, or disseminate personally identifiable information about members of the public (this includes contractors and family members), under Public Law 107-347, Section 208 of the E-Government Act of 2002. DoD Regulation 5400.16-R, entitled ``Department of Defense Privacy Impact Assessment (PIA)'' (Available at http://www.dtic.mil/whs/directives/corres /pdf/540016p.pdf), provides additional requirements for PIAs, including a requirement to write a PIA on any information systems or electronic collection of PII on Federal personnel.
Protected Health Information (PHI). Any information about health status, provision of health care, or payment for health care that can be linked to a specific individual.
Record. Any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, the individual's education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph (As defined by 5 U.S.C. 552a).
Relevance. Limitation to only those elements of information that clearly bear of the determination(s) for which the records are intended.
Routine use. The disclosure of a record outside the DoD for a use that is compatible with the purpose for which the information was collected and maintained by the DoD. The routine use must be included in the published system notice for the SOR involved. The DoD Blanket Routine Uses, found in 32 CFR part 310, Appendix C are applicable to all SORNs published by DoD.
System Manager. The official who is responsible for managing a SOR, including policies and procedures to operate and safeguard it. Local System Managers operate record systems or are responsible for the records that are maintained in decentralized locations but are covered by a SORN published by another DoD activity or a Government-Wide SORN.
System of Records (SOR). A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
System of Records Notice (SORN). The official public notice published in the FR of the existence and content of the SOR. As required by 5 U.S.C. 552a and 32 CFR part 310, appendix E. The notice shall include:
(1) System ID.
(2) The name and location of the system.
(3) The categories of individuals on whom records are maintained in the system.
(4) The categories of records maintained in the system.
(5) Each routine use of the records contained in the system, including the categories of users and the purpose of such use.
(6) The policies and practices of the agency regarding storage, retrievability, access controls, retention, and disposal of the records.
(7) The title and business address of the agency official who is responsible for the SOR.
(8) The agency procedures whereby an individual can be notified at his request if the SOR contains a record pertaining to him.
(9) The agency procedures whereby an individual can be notified at his request how he can gain access to any record pertaining to him contained in the SOR, and how he can contest its contents.
(10) The categories of sources of records in the system.
(11) Exemptions claimed for the system.
Timeliness. Sufficiently current to ensure that any determination based on the record will be accurate and fair.