Subparts F and G of this part implement the Privacy Act (5 U.S.C. 552a), and the DOD Directives 5400.11 and 5400.11-R series, DOD Privacy Program (see 32 CFR part 310) and provides DON policies and procedures to ensure that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities under the provisions of the Privacy Act (PA); to balance the Government's need to maintain information with the obligation to protect individuals against unwarranted invasions of their privacy stemming from the DON's collection, maintenance, use, and disclosure of Protected Personal Information (PPI); and to require privacy management practices and procedures be employed to evaluate privacy risks in publicly accessible DON Web sites and unclassified non-national security information systems.
(a) Scope. Governs the collection, safeguarding, maintenance, use, access, amendment, and dissemination of PPI kept by DON in PA systems of records.
(b) Guidance. Provides guidance on how to respond to individuals who seek access to information in a PA system of records that is retrieved by their name and/or personal identifier.
(c) Verify identity. Establishes ways to verify the identity of individuals who request their records before the records are made available to them.
(d) Online resources. Directs the public to the Navy's PA Online Web site at http://www.privacy.navy.mil that defines the DON's PA Program, lists all Navy, Marine Corps, and Government-wide systems of records and provides guidance on how to gain access to those records.
(e) Rules of conduct. Governs the PA rules of conduct for personnel, who will be subject to either civil or criminal penalties for noncompliance with 5 U.S.C. 552a.
(f) Privacy impact assessment (PIA) requirements. Establishes requirements for conducting, reviewing, approving, and publishing PIAs.