[Federal Register Volume 59, Number 203 (Friday, October 21, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-26085]


[[Page Unknown]]

[Federal Register: October 21, 1994]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE
Department of the Air Force

32 CFR Part 806b

[Air Force Reg. 37-132]

 

Air Force Privacy Act Program

AGENCY: Department of the Air Force, DOD.
ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of the Air Force is revising its Privacy Act 
Regulation. The revision adds a requirement for appointing Privacy Act 
(PA) monitors at HQ USAF and Secretary of the Air Force (SAF) offices; 
adds alternative of using the unsworn declaration; changes the fee 
rates; changes policy on releasing medical records to a subject when 
there is possible harm; changes refusal to amend based on opinion or 
interpretation to a denial with appeal rights; changes list of 
information releasable without consent; provides a new balancing test; 
aligns language on medical records of minors with DoD guidance; adds 
computer matching provisions; adds systems; and deletes provision for 
landfill burials.
    In addition to the above changes, the Department of the Air Force 
is currently conducting a review of its exemption rules. Upon 
completion of the review, the Department of the Air Force will update 
its exemption rules.
EFFECTIVE DATE: October 21, 1994.

FOR FURTHER INFORMATION CONTACT: Mrs. Anne Turner at (703) 697-3491 or 
DSN 227-3491.

SUPPLEMENTARY INFORMATION:

Executive Order 12866

    The Director, Administration and Management, Office of the 
Secretary of Defense has determined that this Privacy Act rule for the 
Department of Defense does not constitute `significant regulatory 
action'. Analysis of the rule indicates that it does not have an annual 
effect on the economy of $100 million or more; does not create a 
serious inconsistency or otherwise interfere with an action taken or 
planned by another agency; does not materially alter the budgetary 
impact of entitlements, grants, user fees, or loan programs or the 
rights and obligations of recipients thereof; does not raise novel 
legal or policy issues arising out of legal mandates, the President's 
priorities, or the principles set forth in Executive Order 12866 
(1993).

Regulatory Flexibility Act of 1980

    The Director, Administration and Management, Office of the 
Secretary of Defense certifies that this Privacy Act rule for the 
Department of Defense does not have significant economic impact on a 
substantial number of small entities because it is concerned only with 
the administration of Privacy Act systems of records within the 
Department of Defense.

Paperwork Reduction Act

    The Director, Administration and Management, Office of the 
Secretary of Defense certifies that this Privacy Act rule for the 
Department of Defense imposes no information requirements beyond the 
Department of Defense and that the information collected within the 
Department of Defense is necessary and consistent with 5 U.S.C. 552a, 
known as the Privacy Act of 1974.
    The Department of the Air Force previously published its proposed 
rule on July 28, 1994, at 59 FR 38389. No comments were received that 
resulted in a contrary determination, therefore, the Department of the 
Air Force is publishing this final rule.


List of Subjects in 32 CFR Part 806b

    Privacy.

    Accordingly, 32 CFR part 806b is revised to read:

PART 806B-AIR FORCE PRIVACY ACT PROGRAM




Subpart A-Overview of the Privacy Act Program

806b.1Basic guidelines.
806b.2Violation penalties.
806b.3Personal notes.
806b.4Responsibilities.

Subpart B-Obtaining Law Enforcement Records and Promises of 
Confidentiality

806b.5Obtaining law enforcement records.
806b.6Promising confidentiality.

Subpart C-Collecting Personal Information

806b.7How to collect personal information.
806b.8When to give privacy act statements (PAS).
806b.9Requesting the social security number (SSN).

Subpart D-Giving Access to Privacy Act Records

806b.10Making a request for access.
806b.11Processing a request for access.
806b.12Fees.
806b.13Denying or limiting access.
806b.14Denial authorities.

Subpart E-Amending the Record

806b.15Amendment reasons.
806b.16Responding to amendment requests.
806b.17Approving or denying a record amendment.
806b.18Seeking review of unfavorable agency determinations.
806b.19Appeal procedures.
806b.20Contents of Privacy Act case files.

Subpart F-Privacy Act Notifications

806b.21When to include a privacy act warning statement in 
publications.
806b.22Publishing system notices.
806b.23Timing of notices.

Subpart G-Protecting and Disposing of Records

806b.24Protecting records.
806b.25Balancing protection.
806b.26Disposing of records.

Subpart H-Privacy Act Exemptions

806b.27Requesting an exemption.
806b.28Exemption types.
806b.29Authorizing exemptions.
806b.30Approved exemptions.

Subpart I-Disclosing Records to Third Parties

806b.31Disclosure considerations.
806b.32Disclosing information for which consent is not required.
806b.33Disclosing other information.
806b.34Agencies or individuals to whom the Air Force may release 
privacy information.
806b.35Disclosing the medical records of minors.
806b.36Disclosure accounting.
806b.37Computer matching.

Subpart J-Training

806b.38Who needs training.
806b.39Training tools.

Subpart K-Privacy Act Reporting

806b.40Privacy act report (RCS: DD-DA&M(A)1379).

Appendix A to part 806b - Glossary of References, Abbreviations, 
Acronyms, and Terms
Appendix B to part 806b - Preparing a System Notice
Appendix C to part 806b - General and Specific Exemptions
    Authority: Pub. L. 93-579, 88 Stat 1896 (5 U.S.C. 552a).

Subpart A - Overview of the Privacy Act Program


Sec. 806b.1  Basic guidelines.

    The Privacy Act of 1974 and this part apply only to information in 
Air Force systems of records on living United States citizens and 
permanent resident aliens.
    (a) An official system of records must be:
    (1) Authorized by law or Executive Order.
    (2) Controlled by an Air Force or lower level directive.
    (3) Needed to carry out an Air Force mission or function.

    (b) The Air Force does not:
    (1) Keep records on how a person exercises First Amendment rights. 
EXCEPTIONS are when: The Air Force has the permission of that 
individual or is authorized by federal statute; or the information 
pertains to an authorized law enforcement activity.
    (2) Penalize or harass an individual for exercising rights 
guaranteed under the Privacy Act. Give reasonable aid to individuals 
exercising their rights.

    (c) Air Force members:
    (1) Keep paper and electronic records containing personal 
information and retrieved by name or personal identifier only in 
approved systems published in the Federal Register.
    (2) Collect, maintain, and use information in such systems only to 
support programs authorized by law or Executive Order.

    (3) Safeguard the records in the system and keep them the minimum 
time required.

    (4) Keep the records timely, accurate, complete, and relevant.

    (5) Amend and correct records on request.

    (6) Let individuals review and receive copies of their own records 
unless the Secretary of the Air Force approved an exemption for the 
system or the Air Force created the records in anticipation of a civil 
action or proceeding.

    (7) Provide a review of decisions that deny individuals access to 
or amendment of their records.

Sec. 806b.2  Violation penalties.

    An individual may file a civil suit against the Air Force for 
failing to comply with the Privacy Act. The courts may find an 
individual offender guilty of a misdemeanor and fine that individual 
offender not more than $5,000 for:

    (a) Willfully maintaining a system of records that doesn't meet the 
public notice requirements.
    (b) Disclosing information from a system of records to someone not 
entitled to the information.
    (c) Obtaining someone else's records under false pretenses.

Sec. 806b.3  Personal notes.

    If you keep personal notes on individuals to use as memory aids to 
supervise or perform other official functions, and do not share them 
with others, and an Air Force directive does not require their 
maintenance, the Privacy Act does not apply.

Sec. 806b.4  Responsibilities.

    (a) The Administrative Assistant to the Secretary of the Air Force 
(SAF/AA) manages the entire program.
    (b) The Office of the General Counsel to the Secretary of the Air 
Force (SAF/GCA) makes final decisions on appeals.
    (c) The Director of Information Management (SAF/AAI), through the 
Access Programs Office of the Policy Division, (SAF/AAIA):
    (1) Administers procedures outlined in this part.

    (2) Submits system notices and required reports to the Defense 
Privacy Office.
    (3) Guides major commands (MAJCOM) and field operating agencies 
(FOA).

    (d) MAJCOM and FOA commanders, HQ USAF and Deputy Chiefs of Staff 
(DCS), and comparable officials, and SAF offices implement this part. 
Each HQ USAF and SAF office appoints a Privacy Act monitor. Send the 
name, office symbol, and phone number to SAF/AAIA.

    (e) MAJCOM and FOA Information Managers:
    (1) Manage the program.
    (2) Appoint a command Privacy Act officer.
    (3) Send the name, office symbol, and phone number to SAF/AAIA.

    (f) Privacy Act Officers:
    (1) Guide and train.
    (2) Review the program at regular intervals.
    (3) Submit reports.
    (4) Review all publications and forms for compliance with this 
part.
    (5) Review system notices.
    (6) Investigate complaints.
    (7) Staff denial recommendations (at MAJCOMs and FOAs only).

    (g) System Managers:
    (1) Decide the need for, and content of systems.
    (2) Manage and safeguard the system.
    (3) Train personnel on Privacy Act requirements.
    (4) Protect records from unauthorized disclosure, alteration, or 
destruction.
    (5) Prepare system notices and reports.
    (6) Answer Privacy Act requests.
    (7) Keep records of disclosures.
    (8) Evaluate the systems annually.

    (h) Privacy Act Monitors (PAM):
    (1) Are the focal point in their functional area for general 
Privacy Act questions and correspondence.
    (2) Maintain a list of all systems of records and system managers 
in their area.
    (3) Act as liaison with the Privacy Act Officer.
    (4) Maintain statistics for the annual Privacy Act report.

Subpart B - Obtaining Law Enforcement Records and Promises of 
Confidentiality

Sec. 806b.5  Obtaining law enforcement records.

    The Commander AFOSI; the Chief, Air Force Security Police Agency 
(AFSPA); MAJCOM, FOA, and base chiefs of security police; AFOSI 
detachment commanders; and designees of those offices may ask another 
agency for records for law enforcement under 5 U.S.C. 552a(b)(7). The 
requesting office must indicate in writing the specific part of the 
record desired and identify the law enforcement activity asking for the 
record.

Sec. 806b.6  Promising confidentiality.

    Record promises of confidentiality to exempt from disclosure any 
`confidential' information under subsections (k)(2), (k)(5), or (k)(7) 
of the Privacy Act.

Subpart C - Collecting Personal Information

Sec.  806b.7  How to collect personal information.

    Collect personal information directly from the subject of the 
record when possible. You may ask third parties when:
    (a) You must verify information.
    (b) You want opinions or evaluations.
    (c) You can't contact the subject.
    (d) The subject asks you.

Sec. 806b.8  When to give Privacy Act statements (PAS).

    (a) Give a PAS orally or in writing:
    (1) To anyone from whom you are collecting personal information 
that will be put in a system of records.
    (2) Whenever you ask someone for his or her Social Security Number 
(SSN).
    Note: Do this regardless of how you collect or record the answers. 
You may display a sign in areas where people routinely furnish this 
kind of information. Give a copy of the PAS if asked. Do not ask the 
person to sign the PAS.
    (3) A PAS must include four items:
    (i) Authority: The legal authority, that is, the United States Code 
or Executive Order authorizing the program the system supports.
    (ii) Purpose: The reason you are collecting the information.
    (iii) Routine Uses: A list of where and why the information will be 
disclosed outside DoD.
    (iv) Disclosure: Voluntary or Mandatory. (Use Mandatory only when 
disclosure is required by law and the individual will be penalized for 
not providing information.) Include any consequences of nondisclosure 
in nonthreatening language.

Sec. 806b.9  Requesting the social security number (SSN).

    (a) Do not deny people a legal right, benefit, or privilege for 
refusing to give their SSNs unless the law requires disclosure, or a 
law or regulation adopted before January 1, 1975, required the SSN and 
the Air Force uses it to verify a person's identity in a system of 
records established before that date. When you ask for an SSN to create 
a record, tell the individual:
    (1) The statute, regulation, or rule authorizing you to ask for the 
SSN.
    (2) The uses that will be made of the SSN.
    (3) If he or she is legally obligated to provide the SSN.
    (b) The Air Force requests an individual's SSN and provides the 
individual information required by law when anyone enters military 
service or becomes an Air Force civilian employee. The Air Force uses 
the SSN as a service or employment number to reference the individual's 
official records. When you ask someone for an SSN as identification 
(ID) to retrieve an existing record, you do not have to restate this 
information.
    (c) Executive Order 9397, November 22, 1943, authorizes using the 
SSN as a personal identifier. This order is not adequate authority to 
collect an SSN to create a record. When law does not require disclosing 
the SSN or when the system of records was created after January 1, 
1975, you may ask for the SSN, but the individual does not have to 
disclose it. If the individual refuses to respond, use alternative 
means of identifying records.
    (d) SSNs are personal and unique to each individual. Protect them 
as FOR OFFICIAL USE ONLY (FOUO). Do not disclose them to anyone without 
an official need to know.

Subpart D - Giving Access to Privacy Act Records

Sec. 806b.10  Making a request for access.

    Persons or their designated representatives may ask for a copy of 
their records in a system of records. Requesters need not state why 
they want access to their records. Verify the identity of the requester 
to avoid unauthorized disclosures. How you verify identity will depend 
on the sensitivity of the requested records. Persons without access to 
notary services may use an unsworn declaration in the following format: 
`I declare under penalty of perjury (if outside the United States, add 
`under the laws of the United States of America') that the foregoing is 
true and correct. Executed on (date). (Signature).'

Sec. 806b.11  Processing a request for access.

    Consider a request from an individual for his or her own records in 
a system of records under both the Freedom of Information Act (FOIA) 
and the Privacy Act regardless of the Act cited. The requester need not 
cite any Act. Process the request under whichever Act gives the most 
information. When necessary, tell the requester under which Act you 
processed the request and why.

    (a) Requesters should describe the records they want. They do not 
have to name a system of records number, but they should at least name 
a type of record or functional area. For requests that ask for `all 
records about me,' ask for more information and tell the person how to 
review the Air Force systems of records published in the Federal 
Register or in AFDIR 37-144\1\, `Privacy Act Systems of Record' 
(formerly AFR 4-36).
---------------------------------------------------------------------------

    \1\Copies may be obtained at cost from the National Technical 
Information Service, 5285 Port Royal Road, Springfield, VA 22161.
---------------------------------------------------------------------------

    (b) Requesters should not use government equipment, supplies, 
stationery, postage, telephones, or official mail channels for making 
Privacy Act requests. Privacy Act Officers and system managers process 
such requests but tell requesters that using government resources to 
make Privacy Act requests is not authorized.
    (c) Tell the requester if a record exists and how to review the 
record. If possible, respond to requests within 10 workdays of 
receiving them. If you cannot answer the request in 10 workdays, send a 
letter explaining why and give an approximate completion date no more 
than 20 workdays after the first office received the request.
    (d) Show or give a copy of the record to the requester within 30 
workdays of receiving the request unless the system is exempt and the 
Air Force lists the exemption in appendix C of this part; or published 
as a final rule in the Federal Register. Give information in a form the 
requester can understand.
    (e) If the requester wants another person present during the record 
review, the system manager may ask for written consent to authorize 
discussing the record with another person present.

Sec. 806b.12  Fees.

    Give the first 100 pages free, and charge only reproduction costs 
for the remainder. Copies cost $.15 per page; microfiche costs $.25 per 
fiche. Charge the fee for the first 100 pages if records show that the 
Air Force already responded to a request for the same records at no 
charge. Do not charge fees:
    (a) When the requester can get the record without charge under 
another publication (for example, medical records).
    (b) For search.
    (c) For reproducing a document for the convenience of the Air 
Force.
    (d) For reproducing a record so the requester can review it.

Sec. 806b.13  Denying or limiting access.

    Process access denials within five workdays after you receive a 
request for access. When you may not release a record, send a copy of 
the request, the record, and why you recommend denying access 
(including the applicable exemption) to the denial authority through 
the Staff Judge Advocate (SJA) and the Privacy Act officer. The SJA 
gives a written legal opinion on the denial. The MAJCOM or FOA Privacy 
Act officer reviews the file, gets written advice from the SJA and the 
functional office of primary responsibility (OPR), and makes a 
recommendation to the denial authority. The denial authority sends the 
requester a letter with the decision. If the denial authority grants 
access, release the record. If the denial authority refuses access, 
tell the requester why and explain pertinent appeal rights.

    (a) Before you deny a request for access to a record, make sure 
that: (1) The system has an SAF approved exemption.
    (2) The exemption covers each document.
    (3) Nonexempt parts are segregated.

    (b) You may refuse to give out medical records if a physician 
believes that doing so could harm the person's mental or physical 
health. You have these options:
    (1) Ask the requester to get a letter from a physician to whom you 
can send the records. Include a letter explaining to the physician that 
giving the records directly to the individual could be harmful.
    (2) Offer the services of a military physician other than one who 
provided treatment if naming the physician poses a hardship on the 
individual.

    (c) Do not delete third-party information from a record when the 
subject requests access, except as noted in Sec. 806b.13(d), unless the 
Air Force covers the record with an established exemption (appendix C 
of this part). Presume that all information in a file pertains to the 
subject of the file.
    (d) Do not release third-party personal data (such as SSN and home 
address). This action is not a denial.
    (e) Withhold records compiled in connection with a civil action or 
other proceeding including any action where the Air Force expects 
judicial or administrative adjudicatory proceedings. This exemption 
does not cover criminal actions. Do not release attorney work products 
prepared before, during, or after the action or proceeding.

Sec. 806b.14  Denial authorities.

    These officials or a designee may deny access or amendment of 
records. Send a letter to SAF/AAIA with the position titles of 
designees. You must get SAF/AA approval before delegating this 
authority to a lower level. Send requests for waiver with justification 
to SAF/AAIA. Authorities are:
    (a) DCSs and chiefs of comparable offices or higher level at SAF or 
HQ USAF.
    (b) MAJCOM or FOA commanders.
    (c) HQ USAF/DPCP, Pentagon, Washington, DC 20330-5060 (for civilian 
personnel records).
    (d) Commander, Air Force Office of Special Investigations (AFOSI), 
Washington, DC 20332-6001 (for AFOSI records).

Subpart E - Amending the Record


Sec. 806b.15  Amendment reasons.

    Individuals may ask to have their records amended to make them 
accurate, timely, relevant, or complete. System managers routinely 
correct a record if the requester can show that it is factually wrong.

Sec. 806b.16  Responding to amendment requests:

    (a) Anyone may request minor corrections orally. Requests for more 
serious modifications should be in writing.
    (b) After verifying the identity of the requester, make the change, 
notify all known recipients of the record, and inform the individual.
    (c) Acknowledge requests within 10 workdays of receipt. Give an 
expected completion date unless you complete the change within that 
time. Final decisions must take no longer than 30 workdays.

Sec. 806b.17  Approving or denying a record amendment.

    The Air Force does not usually amend a record when the change is 
based on opinion, interpretation, or subjective official judgment. This 
action constitutes a denial, and requesters may appeal. If the system 
manager decides not to amend or partially amend the record, send a copy 
of the request, the record, and the recommended denial reasons to the 
denial authority through the SJA and the Privacy Act officer. SJAs will 
include a legal opinion.
    (a) The MAJCOM or FOA Privacy Act officer reviews the proposed 
denial, gets a legal opinion from the SJA and written advice from the 
functional OPR, and makes a recommendation to the denial authority.
    (b) The denial authority sends the requester a letter with the 
decision. If the denial authority approves the request, amend the 
record and notify all previous recipients that it has been changed. If 
the authority denies the request, give the requester the statutory 
authority, reason, and pertinent appeal rights.

Sec. 806b.18  Seeking review of unfavorable agency determinations.

    Requesters should pursue record corrections of subjective matters 
and opinions through proper channels to the Civilian Personnel Office 
using grievance procedures or the Air Force Board for Correction of 
Military Records (AFBCMR). Record correction requests denied by the 
AFBCMR are not subject to further consideration under this part.

Sec. 806b.19  Appeal procedures.

    (a) Individuals may request a denial review by writing to the 
Secretary of the Air Force through the denial authority within 60 
calendar days after receiving a denial letter. The denial authority 
promptly sends a complete appeal package to SAF/AAIA, including:
    (1) Original appeal letter.
    (2) Initial request.
    (3) Initial denial.
    (4) Copy of the record.
    (5) Any internal records or coordination actions relating to the 
denial.
    (6) Denial authority's comments on the appellant's arguments.
    (7) Legal reviews.

    (b) If the denial authority reverses an earlier denial and grants 
access or amendment, notify the requester immediately.
    (c) SAF/AAIA reviews the denial and forwards to SAF/GCA for legal 
review or staffing to grant or deny the appeal. SAF/GCA tells the 
requester the final Air Force decision and explains judicial review 
rights.
    (d) The requester may file a concise statement of disagreement with 
the system manager if SAF/GCA denies the request to amend the record. 
SAF/GCA explains the requester's rights when they issue the final 
appeal decision.

    (1) The records should clearly show that a statement of 
disagreement is filed with the record or separately.
    (2) The disputed part of the record must show that the requester 
filed a statement of disagreement.
    (3) Give copies of the statement of disagreement to the record's 
previous recipients. Inform subsequent record users about the dispute 
and give them a copy of the statement with the record.
    (4) The system manager may include a brief summary of the reasons 
for not amending the record. Limit the summary to the reasons SAF/GCA 
gave to the individual. The summary is part of the individual's record, 
but it is not subject to amendment procedures.

Sec. 806b.20  Contents of Privacy Act case files.

    Do not keep copies of disputed records in this file. Use the file 
solely for statistics and to process requests. Do not use the case 
files to make any kind of determination about an individual. Document 
reasons for untimely responses. These files include:

    (a) Requests from and replies to individuals on whether a system 
has records about them.
    (b) Requests for access or amendment.
    (c) Approvals, denials, appeals, and final review actions.
    (d) Coordination actions and related papers.

Subpart F - Privacy Act Notifications


Sec. 806b.21  When to include a Privacy Act warning statement in 
publications.

    Include a Privacy Act Warning Statement in each Air Force 
publication that requires collecting or keeping personal information in 
a system of records. Also include the warning statement when 
publications direct collection of the SSN from the individual. The 
warning statement will cite legal authority and the system of records 
number and title. You can use the following warning statement: `This 
part requires collecting and maintaining information protected by the 
Privacy Act of 1974 authorized by (U.S.C. citation and or Executive 
Order number). System of records notice (number and title) applies.'

Sec. 806b.22  Publishing system notices.

    The Air Force must publish notices in the Federal Register of new, 
amended, and deleted systems to inform the public of what records the 
Air Force keeps and give them an opportunity to comment. The Privacy 
Act also requires submission of new or significantly altered systems to 
the Office of Management and Budget (OMB) and both houses of the 
Congress before publication in the Federal Register. This includes:

    (a) Starting a new system.
    (b) Instituting significant changes to an existing system.
    (c) Sending out data collection forms or instructions.
    (d) Issuing a request for proposal or invitation for bid to support 
a new system.

Sec. 806b.23  Timing of notices.

    At least 120 days before the effective start date, system managers 
must send the system notice to SAF/AAIA on a 5 1/4 or 3 1/2-inch disk 
in Wordstar (ASCII text file) or Microsoft Word, with a paper copy 
highlighting any changes through the MAJCOM or FOA Privacy Act Officer. 
See Appendix B of this part for a sample system notice.

Subpart G - Protecting and Disposing of Records


Sec. 806b.24  Protecting records.

    Protect information according to its sensitivity level. Consider 
the personal sensitivity of the information and the risk of loss or 
alteration. Most information in systems of records is FOR OFFICIAL USE 
ONLY (FOUO). Refer to AFI 37-131\2\, `Air Force Freedom of Information 
Act Program,' for protection methods.
---------------------------------------------------------------------------

    \2\See footnote 1 to section 806b.11, of this part.
---------------------------------------------------------------------------


Sec. 806b.25  Balancing protection.

    Balance additional protection against risk and cost. AF Form 3227, 
`Privacy Act Cover Sheet', is available for use with Privacy Act 
material. For example, a password may be enough protection for an 
automated system with a log-on protocol. Classified computer systems or 
those with established audit and password systems are obviously less 
vulnerable than unprotected files or word processors in offices that 
are periodically empty. Follow AFI 33-202\3\, `The Air Force Computer 
Security Program,' for procedures on safeguarding personal information 
in automated records.
---------------------------------------------------------------------------

    \3\See footnote 1 to section 806b.11, of this part.
---------------------------------------------------------------------------


Sec. 806b.26  Disposing of records.

    You may use the following methods to dispose of records protected 
by the Privacy Act according to records retention schedules:

    (a) Destroy by any method that prevents compromise, such as 
tearing, burning, or shredding, so long as the personal data is not 
recognizable and beyond reconstruction.
    (b) Degauss or overwrite magnetic tapes or other magnetic medium.
    (c) Dispose of paper products through the Defense Reutilization and 
Marketing Office (DRMO) or through activities who manage a base-wide 
recycling program. The recycling sales contract must contain a clause 
requiring the contractor to safeguard privacy material until its 
destruction and to pulp, macerate, shred, or otherwise completely 
destroy the records. Originators must safeguard Privacy Act material 
until it is transferred to the recycling contractor. A federal employee 
or, if authorized, a contractor employee must witness the destruction. 
This transfer does not require a disclosure accounting.

Subpart H - Privacy Act Exemptions


Sec. 806b.27  Requesting an exemption.

    A system manager who believes that a system needs an exemption from 
some or all of the requirements of the Privacy Act should send a 
request to SAF/AAIA through the MAJCOM or FOA Privacy Act Officer. The 
request should detail the reasons for the exemption and the section of 
the Act that allows the exemption. SAF/AAIA gets approval for the 
request through SAF/AA and the Defense Privacy Office.

Sec. 806b.28  Exemption types.

    (a) A general exemption frees a system from most parts of the 
Privacy Act.
    (b) A specific exemption frees a system from only a few parts of 
the Privacy Act.

Sec. 806b.29  Authorizing exemptions.

    Only SAF/AA can exempt systems of records from any part of the 
Privacy Act. Denial authorities can withhold records using these 
exemptions only if SAF/AA previously approved and published an 
exemption for the system in the Federal Register. Appendix C of this 
part lists the systems of records that have approved exemptions.

Sec. 806b.30  Approved exemptions.

    Approved exemptions exist under 5 U.S.C. 552a for:
    (a) Certain systems of records used by activities whose principal 
function is criminal law enforcement (subsection (j)(2)).
    (b) Classified information in any system of records (subsection 
(k)(1)).
    (c) Law enforcement records (other than those covered by subsection 
(j)(2)). The Air Force must allow an individual access to any record 
that is used to deny rights, privileges or benefits to which he or she 
would otherwise be entitled by federal law or for which he or she would 
otherwise be eligible as a result of the maintenance of the information 
(unless doing so would reveal a confidential source) (subsection 
(k)(2)).
    (d) Statistical records required by law. Data is for statistical 
use only and may not be used to decide individuals' rights, benefits, 
or entitlements (subsection (k)(4)).
    (e) Data to determine suitability, eligibility, or qualifications 
for federal service or contracts, or access to classified information 
if access would reveal a confidential source (subsection (k)(5)).
    (f) Qualification tests for appointment or promotion in the federal 
service if access to this information would compromise the objectivity 
of the tests (subsection (k)(6)).
    (g) Information which the Armed Forces uses to evaluate potential 
for promotion if access to this information would reveal a confidential 
source (subsection (k)(7)).

Subpart I - Disclosing Records to Third Parties


Sec. 806b.31  Disclosure considerations.

    Before releasing personal information to third parties, consider 
the consequences, check accuracy, and make sure that no law or 
directive bans disclosure. You can release personal information to 
third parties when the subject agrees orally or in writing. Air Force 
members consent to releasing their home telephone number and address 
when they sign and check the `Do Consent' block on the AF Form 624, 
`Base/Unit Locator and PSC Directory' (see AFI 37-129\4\, `Base and 
Unit Personnel Locators and Postal Directories').

---------------------------------------------------------------------------
    \4\See footnote 1 to section 806b.11, of this part.

    (a) Before including personal information such as home addresses, 
home phones, and similar information on social rosters or directories, 
ask for written consent statements. Otherwise, do not include the 
information.
    (b) You must get written consent before releasing any of these 
items of information:
    (1) Marital status.
    (2) Number and sex of dependents.
    (3) Gross salary of military personnel (see Sec. 806b.32 for 
releasable pay information).
    (4) Civilian educational degrees and major areas of study.
    (5) School and year of graduation.
    (6) Home of record.
    (7) Home address and phone.
    (8) Age and date of birth.
    (9) Present or future assignments for overseas or for routinely 
deployable or sensitive units.
    (10) Office and unit address and duty phone for overseas or for 
routinely deployable or sensitive units.

Sec. 806b.32  Disclosing information for which consent is not required.

    You don't need consent before releasing any of these items:
    (a) Information releasable under the FOIA.
    (b) Information for use within the Department of Defense by 
officials or employees with a need to know.
    (c) Name.
    (d) Rank.
    (e) Grade.
    (f) Air Force specialty code (AFSC).
    (g) Pay (including base pay, special pay, all allowances except 
Basic Allowance for Quarters (BAQ) and Variable Housing Allowance 
(VHA)).
    (h) Gross salary for civilians.
    (i) Past duty assignments.
    (j) Present and future approved and announced stateside 
assignments.
    (k) Position title.
    (l) Office, unit address, and duty phone number.
    (m) Date of rank.
    (n) Entered on active duty (EAD) date.
    (o) Pay date.
    (p) Source of commission.
    (q) Professional military education.
    (r) Promotion sequence number.
    (s) Military awards and decorations.
    (t) Duty status of active, retired, or reserve.
    (u) Active duty official attendance at technical, scientific, or 
professional meetings.
    (v) Biographies and photos of key personnel.

Sec. 806b.33  Disclosing other information.

    Use these guidelines to decide whether to release information:
    (a) Would the subject have a reasonable expectation of privacy in 
the information requested?
    (b) Would disclosing the information benefit the general public? 
The Air Force considers information as meeting the public interest 
standard if it reveals anything regarding the operations or activities 
of the agency, or performance of its statutory duties.
    (c) Balance the public interest against the individual's probable 
loss of privacy. Do not consider the requester's purpose, 
circumstances, or proposed use.

Sec. 806b.34  Agencies or individuals to whom the Air Force may release 
privacy information.

    The Air Force may release information without consent to these 
individuals or agencies:
    (a) Agencies outside the Department of Defense for a Routine Use 
published in the Federal Register. The purpose of the disclosure must 
be compatible with the purpose in the Routine Use. When initially 
collecting the information from the subject, the Routine Uses block in 
the Privacy Act Statement must name the agencies and reason.
    (b) The Bureau of the Census to plan or carry out a census or 
survey under 13 U.S.C. 8.
    (c) A recipient for statistical research or reporting. The 
recipient must give advanced written assurance that the information is 
for statistical purposes only.
    Note: No one may use any part of the record to decide on 
individuals' rights, benefits, or entitlements. You must release 
records in a format that makes it impossible to identify the real 
subjects.
    (d) The Archivist of the United States and the National Archives 
and Records Administration (NARA) to evaluate records for permanent 
retention. Records stored in Federal Records Centers remain under Air 
Force control.
    (e) A federal, state, or local agency (other than the Department of 
Defense) for civil or criminal law enforcement. The head of the agency 
or a designee must send a written request to the system manager 
specifying the record or part needed and the law enforcement purpose. 
The system manager may also disclose a record to a law enforcement 
agency if the agency suspects a criminal violation. This disclosure is 
a Routine Use for all Air Force systems of records and is published in 
the Federal Register.
    (f) An individual or agency that needs the information for 
compelling health or safety reasons. The affected individual need not 
be the record subject.
    (g) The Congress, a congressional committee, or a subcommittee, for 
matters within their jurisdictions.
    (h) A congressional office acting for the record subject. A 
published, blanket Routine Use permits this disclosure. If the material 
for release is sensitive, get a release statement.
    (i) The Comptroller General or an authorized representative of the 
General Accounting Office on business.
    (j) A court order of a court of competent jurisdiction, signed by a 
judge.
    (k) A consumer credit agency according to the Debt Collections Act 
when a published system notice lists this disclosure as a Routine Use.
    (l) A contractor operating a system of records under an Air Force 
contract. Records maintained by the contractor for the management of 
contractor employees are not subject to the Privacy Act.

Sec. 806b.35  Disclosing the medical records of minors.

    Air Force personnel may disclose the medical records of minors to 
their parents or legal guardians. The laws of each state define the age 
of majority.
    (a) The Air Force must obey state laws protecting medical records 
of drug or alcohol abuse treatment, abortion, and birth control. If you 
manage medical records, learn the local laws and coordinate proposed 
local policies with the servicing SJA.
    (b) Outside the United States (overseas), the age of majority is 
18. Unless parents or guardians have a court order granting access or 
the minor's written consent, they will not have access to minor's 
medical records overseas when the minor sought or consented to 
treatment between the ages of 15 and 17 in a program where regulation 
or statute provides confidentiality of records and he or she asked for 
confidentiality.

Sec. 806b.36  Disclosure accountings.

    System managers must keep an accurate record of all disclosures 
made from any system of records except disclosures to DoD personnel for 
official use or disclosures under the FOIA. System managers may use AF 
Form 771, `Accounting of Disclosures'.
    (a) System managers may file the accounting record any way they 
want as long as they give it to the subject on request, send corrected 
or disputed information to previous record recipients, explain any 
disclosures, and provide an audit trail for reviews. Include in each 
accounting:

    (1) Release date.
    (2) Description of information.
    (3) Reason for release.
    (4) Name and address of recipient.
    (b) Some exempt systems let you withhold the accounting record from 
the subject.
    (c) You may withhold information about disclosure accountings for 
law enforcement purposes at the law enforcement agency's request.

Sec. 806b.37  Computer matching.

    Computer matching programs electronically compare records from two 
or more automated systems which may include the Department of Defense, 
another federal agency, or a state or other local government. A system 
manager proposing a match that could result in an adverse action 
against a federal employee must meet these requirements of the Privacy 
Act:
    (a) Prepare a written agreement between participants.
    (1) Secure approval of the Defense Data Integrity Board.
    (2) Publish a matching notice in the Federal Register before 
matching begins.
    (3) Ensure full investigation and due process.
    (4) Act on the information, as necessary.
    (b) The Privacy Act applies to matching programs that use records 
from:
    (1) Federal personnel or payroll systems.
    (2) Federal benefit programs where matching:
    (i) Determines federal benefit eligibility,
    (ii) Checks on compliance with benefit program requirements,
    (iii) Recovers improper payments or delinquent debts from current 
or former beneficiaries.
    (c) Matches used for statistics, pilot programs, law enforcement, 
tax administration, routine administration, background checks and 
foreign counterintelligence, and internal matching that won't cause any 
adverse action are exempt from Privacy Act matching requirements.
    (d) Any activity that expects to participate in a matching program 
must contact SAF/AAIA immediately. System managers must prepare a 
notice for publication in the Federal Register with a Routine Use that 
allows disclosing the information for use in a matching program. Send 
the proposed system notice to SAF/AAIA. Allow 180 days for processing 
requests for a new matching program.
    (e) Record subjects must receive prior notice of a match. The best 
way to do this is to include notice in the Privacy Act Statement on 
forms used in applying for benefits. Coordinate computer matching 
statements on forms with SAF/AAIA through the MAJCOM Privacy Act 
Officer.

Subpart J - Training


Sec. 806b.38  Who needs training.

    The Privacy Act requires training for all persons involved in the 
design, development, operation and maintenance of any system of 
records. Some persons may need more specialized training. They include 
information managers, supervisors, and individuals working with 
medical, financial, security, and personnel records.

Sec. 806b.39  Training tools.

    Helpful aids include:
    (a) AFH 37-146\5\, `Privacy Act Training', a self-paced course.
---------------------------------------------------------------------------

    \5\See footnote 1 to section 806b.11, of this part.
---------------------------------------------------------------------------

    (b) `The Privacy Act of 1974,' a 32-minute film developed by the 
Defense Privacy Office. Consult your local audiovisual library.
    (c) `A Manager's Overview, What You Need to Know About the Privacy 
Act'. Contact SAF/AAIA for copies.
    Note: Formal school training groups that develop or modify blocks 
of instruction must send the material to SAF/AAIA for coordination.

Subpart K - Privacy Act Reporting


Sec. 806b.40  Privacy Act Report (RCS: DD-DA&M(A)1379).

    By March 1, of each year, MAJCOM and FOA Privacy Act officers must 
send SAF/AAIA a report covering the previous calendar year. The report 
includes:
    (a) Total number of requests granted in whole.
    (b) Total number of requests granted in part.
    (c) Total number of requests denied and the Privacy Act exemptions 
used.
    (d) Total number of requests for which no record was found.
    (e) Total number of amendment requests granted in whole.
    (f) Total number of amendment requests granted in part.
    (g) Total number of amendment requests wholly denied.
    (h) Specific recommendations for changes to the Act or the Privacy 
Act Program.

Appendix A to part 806b - Glossary of References, Abbreviations, 
Acronyms, and Terms

    a. Privacy Act of 1974, as amended, Pub. L. 93-579, 88 Stat 1896 (5 
U.S.C. 552a).
    b. 10 U.S.C 8013, `Secretary of the Air Force: Powers and Duties.'
    c. Executive Order 9397, `Numbering System for Federal Accounts 
Relating to Individual Persons.'
    d. 32 CFR part 806b, `Air Force Privacy Act Program.'
    e. DoD Directive 5400.11\1\, `Department of Defense Privacy 
Program.'
---------------------------------------------------------------------------

    \1\Copies may be obtained at cost from the National Technical 
Information Service, 5285 Port Royal Road, Springfield, VA 22161.
---------------------------------------------------------------------------

    f. DoD 5400.11-R\2\, `Department of Defense Privacy Program.'
---------------------------------------------------------------------------

    \2\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    g. AFI 33-202\3\, `The Air Force Computer Security Program' 
(formerly AFR 205-16).
---------------------------------------------------------------------------

    \3\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    h. AFPD 37-1\4\, `Air Force Information Management.'
---------------------------------------------------------------------------

    \4\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    i. AFI 37-131\5\, `Air Force Freedom of Information Act Program' 
(formerly AFR 4-33).
---------------------------------------------------------------------------

    \5\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    j. AFI 37-129\6\, `Base and Unit Personnel Locators and Postal 
Directories' (formerly AFR 11-24).
---------------------------------------------------------------------------

    \6\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    k. AFMAN 37-139\7\, `Disposition of Records' (formerly AFR 4-20, 
volume 2).
---------------------------------------------------------------------------

    \7\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    l. AFDIR 37-144\8\, `Air Force Privacy Act Systems of Records 
Notices.'
---------------------------------------------------------------------------

    \8\See footnote 1 to section B, appendix A to part 806b.
---------------------------------------------------------------------------

    m. AFH 37-146\9\, `Privacy Act Training.'
---------------------------------------------------------------------------

    \9\See footnote 1 to section B, appendix A to part 806b.


    a. AETC - Air Education and Training Command
    b. AFA - Air Force Academy
    c. AFBCMR - Air Force Board for Correction of Military Records
    d. AFISA - Air Force Intelligence Services Agency
    e. AFMC - Air Force Materiel Command
    f. AFOSI - Air Force Office of Special Investigations
    g. AFSC - Air Force Specialty Code
    h. AFSCO - Air Force Security Clearance Office
    i. AFSPA - Air Force Security Police Agency
    j. ASCII - American Standard Code for Information Interchange
    k. BAQ - Basic Allowance for Quarters
    l. CFR - Code of Federal Regulations
    m. DCS - Deputy Chief of Staff
    n. DoD - Department of Defense
    o. DR&MO - Defense Reutilization and Marketing Office
    p. EAD - Entered on Active Duty
    q. FOA - Field Operating Agency
    r. FOIA - Freedom of Information Act
    s. FOUO - For Official Use Only
    t. IG - Inspector General
    u. IMC - Interim Message Change
    v. LE - Logistics and Engineering
    w. MAJCOM - Major Command
    x. MIRS - Management Information and Research System
    y. MP - Military Personnel
    z. MPC - Military Personnel Center
    aa. NARA - National Archives and Records Administration
    bb. OMB - Office of Management and Budget
    cc. OPR - Office of Primary Responsibility
    dd. PA - Privacy Act
    ee. PAM - Privacy Act Monitor
    ff. PAS - Privacy Act Statement
    gg. RCS - Reports Control Symbol
    hh. SAF - Secretary of the Air Force
    ii. SAF/AA - The Administrative Assistant to the Secretary of the 
Air Force
    jj. SAF/AAIA - Policy Division, Directorate of Information 
Management
    kk. SAF/GCA - Assistant General Counsel for Civilian Personnel and 
Fiscal Law
    ll. SG - Surgeon General
    mm. SJA - Staff Judge Advocate
    nn. SP - Security Police
    oo. SSN - Social Security Number
    pp. US - United States
    qq. USAF - United States Air Force
    rr. U.S.C. - United States Code
    ss. VHA - Variable Housing Allowance


    a. Access. Allowing individuals to review or receive copies of 
their records.
    b. Amendment. The process of adding, deleting, or changing 
information in a system of records to make the data accurate, relevant, 
timely, or complete.
    c. Computer matching. A computerized comparison of two or more 
automated systems of records or a system of records with non-Federal 
records to establish or verify eligibility for payments under Federal 
benefit programs or to recover delinquent debts for these programs.
    d. Confidential source. A person or organization giving information 
under an express or implied promise of confidentiality made before 
September 27, 1975.
    e. Confidentiality. An expressed and recorded promise to withhold 
the identity of a source or the information provided by a source. The 
Air Force promises confidentiality only when the information goes into 
a system with an approved exemption for protecting the identity of 
confidential sources.
    f. Defense Data Integrity Board. Representatives from the Services 
and the Department of Defense who oversee, coordinate, and approve all 
DoD computer matching programs covered by the Act.
    g. Denial authority. The individuals with authority to deny 
requests for access or amendment of records under the Privacy Act.
    h. Disclosure. Giving information from a system, by any means, to 
anyone other than the record subject.
    i. Federal benefit program. A federally funded or administered 
program for individuals that provides cash or in-kind assistance 
(payments, grants, loans, or loan guarantees).
    j. Individual. A living United States citizen or a permanent 
resident alien.
    k. Matching agency. The agency that performs a computer match.
    l. Minor. Anyone under the age of majority according to local state 
law. If there is no applicable state law, a minor is anyone under age 
18. Military members and married persons are not minors, no matter what 
their chronological age.
    m. Personal identifier. A name, number, or symbol which is unique 
to an individual, usually the person's name or SSN.
    n. Personal information. Information about an individual other than 
items of public record.
    o. Privacy Act request. An oral or written request by an individual 
about his or her records in a system of records.
    p. Recipient agency. An agency or contractor that receives the 
records and actually performs the computer match.
    q. Record. Any information about an individual.
    r. Routine use.  A disclosure of records to individuals or agencies 
outside the Department of Defense for a use that is compatible with the 
purpose for which the Air Force created the records.
    s. Source agency.  A federal, state, or local government agency 
that discloses records for the purpose of a computer match.
    t. System manager. The official who is responsible for managing a 
system of records, including policies and procedures to operate and 
safeguard it. Local system managers operate record systems or are 
responsible for part of a decentralized system.
    u.  System of records. A group of records containing personal 
information retrieved by the subject's name, personal identifier, or 
individual identifier through a cross-reference system.
    v.  System notice. The official public notice published in the 
Federal Register of the existence and content of the system of records.

Appendix B to part 806b - Preparing a System Notice

    The following elements comprise a system of records notice for 
publication in the Federal Register:
    a. System identifier. SAF/AAIA assigns the notice number, for 
example, F011 AFMC A, where `F' indicates `Air Force,' the next number 
represents the series from AFMAN 37-139 regarding records disposition, 
and the final letter group shows the system manager's command or DCS. 
The last character `A' indicates that this is the first notice for this 
series and system manager.
    b. System name. Use a short, specific, plain-language title that 
identifies the system's general purpose (limited to 55 characters).
    c. System location. Specify the address of the primary system and 
any decentralized elements, including automated data systems with a 
central computer facility and input or output terminals at separate 
locations. Use street address, 2-letter state abbreviations and 9-digit 
ZIP Codes. Spell out office names. Do not use office symbols.
    d. Categories of individuals covered by the system. Use 
nontechnical, specific categories of individuals about whom the Air 
Force keeps records. Do not use categories like `all Air Force 
personnel' unless they are actually true.
    e. Categories of records in the system. Describe in clear, 
nontechnical terms, all categories of records in the system. List only 
documents actually kept in the system. Do not show source documents 
that are used to collect data and then destroyed. Do not list form 
numbers.
    f. Authority for maintenance of the system. Cite the specific law 
or Executive Order that authorizes the program the records support. 
Cite the DoD directive or instruction or the Air Force or other 
instruction that authorizes the system of records. Always include 
titles with the citations.
    Note: Executive Order 9397 authorizes using the Social Security 
Number (SSN). Include this authority whenever the SSN is used to 
retrieve records.
    g. Purpose(s). Describe briefly and specifically what the Air Force 
does with the information collected.
    h. Routine uses of records maintained in the system including 
categories of users and the purpose of such uses. The Blanket Routine 
Uses published in the Air Force Directory of System Notices apply to 
all system notices unless you indicate otherwise. Also list each 
specific agency or activity outside DoD to whom the records may be 
released and the purpose for such release.
    i. Policies and practices for storing, retrieving, accessing, 
retaining, and disposing of records in the system.
    j. Storage. State the medium in which the Air Force keeps the 
records, for example, in file folders, card files, microfiche, 
computer, and so on. Storage does not refer to the storage container.
    k. Retrievability. State how the Air Force retrieves the records, 
for example, by name, SSN, or personal characteristics (such as 
fingerprints or voiceprints).
    l. Safeguards. List the kinds of officials who have immediate 
access to the system. List those responsible for safeguarding the 
records. Identify the system safeguards, for example, storage in safes, 
vaults, locked cabinets or rooms, use of guards, visitor controls, 
personnel screening, computer systems software, and so on. Describe 
safeguards fully without compromising system security.
    m. Retention and disposal. State how long AFMAN 37-139 requires the 
activity to maintain the record. Indicate when or if the records may be 
transferred to a Federal Records Center and how long the record stays 
there. Specify when the Records Center sends the record to the National 
Archives or destroys it. Indicate how the records may be destroyed.
    n. System manager(s) and address. List the title and duty address 
of the system manager. For decentralized systems, show the locations 
and the position or duty title of each category of officials 
responsible for any segment of the system.
    o. Notification procedure. List the title and duty address of the 
official authorized to tell requesters if their records are in the 
system. Specify the information a requester must submit, for example., 
full name, military status, SSN, date of birth, or proof of identity, 
and so on.
    p. Record access procedures. Explain how individuals may arrange to 
access their records. Include the titles or categories of officials who 
may assist, for example, the system manager.
    q. Contesting records procedures. SAF/AAIA provides this standard 
caption.
    r. Record source categories. Show categories of individuals or 
other information sources for the system. Do not list confidential 
sources protected by subsections (k)(2), (k)(5), or (k)(7) of the Act.
    s. Exemptions claimed for the system. When a system has no approved 
exemption, write `none' under this heading. Specifically list any 
approved exemption including the subsection in the Act.

Appendix C to part 806b - General and Specific Exemptions

    (a) General exemption. The following systems of records are exempt 
under 5 U.S.C. 552a(j)(2):
    (1) System identifier and name: F124 AF A, Counter Intelligence 
Operations and Collection Records.
    (2) System identifier and name: F124 AF C, Criminal Records.
    (3) System identifier and name: F125 AF SP E, Security Police 
Automated System (SPAS).
    (4) System identifier and name: F124 AF D, Investigative Support 
Records.
    (5) System identifier and name: F125 AF A, Correction and 
Rehabilitation Records.
    Exemption-Portions of this system that fall within 5 
U.S.C.552a(j)(2) are exempt from the following provisions of 5 U.S.C. 
552a, Sections (c)(3) and (c)(4); (d)(1) through (d)(5); (e)(2) and 
(e)(3); (e)(4)(G) and (e)(4)(H), (e)(5); (f)(1) through (f)(5); (g)(1) 
through (g)(5); and (h) of the Act.
    Authority-5 U.S.C. 552a(j)(2).
    Reason-The general exemption will protect ongoing investigations 
and protect from access criminal investigation information contained in 
this record system so as not to jeopardize any subsequent judicial or 
administrative process taken as a result of information contained in 
the files.

    (b) Specific exemptions. The following systems of records are 
subject to the specific exemptions shown:
    (1) Classified records.
    (i) All records in any systems of records that are properly 
classified according to Executive Orders 11652, 12065 or 12356, are 
exempt from 5 U.S.C. 552a(c)(3); (d); (e)(4)(G), (H), and (I); and (f), 
regardless of whether the entire system is otherwise exempt or not.
    (ii) Authority. 5 U.S.C. 552a(k)(1).
    (2)System identifier and name: F053 AFA C, Admissions and Registrar 
Records.
    (i) Exemption. Parts of this system of records (Liaison Officer 
Evaluation and Selection Panel Candidate Evaluation) are exempt from 5 
U.S.C. 552a(d), (e)(4)(H), and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (iii) Reasons. To ensure the frankness of information used to 
determine whether cadets are qualified for graduation and commissioning 
as officers in the Air Force.

    (3) System identifier and name: F035 MPC R, Air Force Personnel 
Test 851, Test Answer Cards.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f).
    (ii) Authority. 5 U.S.C. 552a(k)(6).
    (iii) Reasons. To protect the objectivity of the promotion testing 
system by keeping the test questions and answers in confidence.

    (4) System identifier and name: F035 AFA A, Cadet Personnel 
Management System.
    (i) Exemption. Parts of this system are exempt from 5 U.S.C. 
552a(d), (e)(4)(H), and (f), but only insofar as disclosure would 
reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(7).
    (iii) Reasons. To maintain the candor and integrity of comments 
needed to evaluate an Air Force Academy cadet for commissioning in the 
Air Force.

    (5) System identifier and name: F045 AETC C, Cadet Records.
    (i) Exemption. Portions of this system (Detachment Professional 
Officer Course (POC) Selection Rating Sheets; Air Force Reserve Officer 
Training Corps (AFROTC) Form 0-24-Disenrollment Review; Memoranda for 
Record and Staff Papers with Staff Advice, Opinions, or Suggestions) 
are exempt from 5 U.S.C. 552a(c)(3); (d); (e)(4)(G) and (H), and (f), 
but only to the extent that disclosure would reveal the identity of a 
confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (iii) Reasons. To protect the identity of a confidential source who 
furnishes information necessary to make determinations about the 
qualifications, eligibility, and suitability of cadets for graduation 
and commissioning in the Air Force.

    (6) System identifier and name: F168 AF SG B, Family Advocacy 
Program Record.
    (i) Exemption. Parts of this system are exempt from 5 U.S.C. 
552a(c)(3) and (d), but only to the extent that disclosure would reveal 
the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(2) and (k)(5).
    (iii) Reasons. To encourage those who know of exceptional medical 
or educational conditions or family maltreatments to come forward by 
protecting their identities, and the integrity of ongoing and civil law 
investigations of criminal and civil law violations. Giving subjects 
access to their files could result in them concealing, altering, or 
fabricating evidence could hamper the identification of offenders and 
alleged offenders; and could jeopardize the safety and well-being of 
the family.

    (7) System identifier and name: F035 AF MP A, Effectiveness/
Performance Reporting System.
    (i) Exemptions-Brigadier General Selectee Effectiveness Reports and 
Colonel and Lieutenant Colonel Promotion Recommendations with close out 
dates on or before January 31, 1991, may be exempt from subsections of 
5 U.S.C. 552a(c)(3); (d); (e)(4)(H); and (f).
    (ii) Authority-5 U.S.C. 552a(k)(7).
    (iii) Reasons-Subsection (c)(3) because making the disclosure 
accounting available to the individual may compromise express promises 
of confidentiality by revealing details about the report and identify 
other record sources, which may result in circumvention of the access 
exemption.
    Subsection (d) because individual disclosure compromises express 
promises of confidentiality conferred to protect the integrity of the 
promotion rating system.
    Subsection (e)(4)(H) because of and to the extent that portions of 
this record system are exempt from the individual access provisions of 
subsection (d).
    Subsection (f) because of and to the extent that portions of this 
record system are exempt from the individual access provisions of 
subsection (d).
    (8) System identifier and name: F030 AF LE A, Equal Opportunity in 
Off Base-Housing.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f).
    (ii) Authority. 5 U.S.C. 552a(k)(2).
    (iii) Reasons. To enforce civil laws, court orders, and the 
activities of the Departments of Housing and Urban Development and 
Justice.

    (9) System identifier and name: F035 AP A, Files on General 
Officers and Colonels Assigned to General Officer Positions.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4)(G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(7).
    (iii) Reasons. To protect the integrity of information used in the 
Reserve Initial Brigadier General Screening Board, the release of which 
would compromise the selection process.

    (10) System identification and name: F035 AF MP P, General Officer 
Personnel Data System.
    (i) Exemption-Air Force General Officer Promotion and Effectiveness 
Reports with close out dates on or before January 31, 1991, may be 
exempt from subsections of 5 U.S.C. 552a(c)(3); (d); (e)(4)(H); and 
(f).
    (ii) Authority-5 U.S.C. 552a(k)(7).
    (iii) Reason-Subsection (c)(3) because making the disclosure 
accounting available to the individual may compromise express promises 
of confidentiality by revealing details about the report and identify 
other record sources, which may result in circumvention of the access 
exemption.
    Subsection (d) because individual disclosure compromises express 
promises of confidentiality conferred to protect the integrity of the 
promotion rating system.
    Subsection (e)(4)(H) because of and to the extent that portions of 
this record system are exempt from the individual access provisions of 
subsection (d).
    Subsection (f) because of and to the extent that portions of this 
record system are exempt from the individual access provisions of 
subsection (d).
    (11) System identifier and name: F035 MPC L, Historical Airman 
Promotion Master Test File.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f).
    (ii) Authority. 5 U.S.C. 552a(k)(6).
    (iii) Reasons. To protect the integrity, objectivity, and equity of 
the promotion testing system by keeping test questions and answers in 
confidence.

    (12) System identifier and name: F120 AF IG B, Inspector General 
Records.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f). However, if a person is denied any 
right, privilege, or benefit, he or she would otherwise be entitled to 
as a result of keeping this material, it must be released, unless doing 
so would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(2).
    (iii) Reasons. Granting individuals access to information collected 
while an Inspector General inquiry is in progress could interfere with 
the just, thorough, and timely resolution of the complaint or inquiry 
and could possibly enable individuals to conceal wrong doing or mislead 
the inquiring officer. Disclosure might also subject sources, 
witnesses, and their families to harassment or intimidation.
    (13) System identifier and name: F124 AFOSI B, Investigative 
Applicant Processing Records.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (iii) Reasons. To protect those who gave information in confidence 
during Air Force Office of Special Investigations (AFOSI) applicant 
inquiries. Fear of harassment could cause sources not to make frank and 
open responses about applicant qualifications. This could compromise 
the integrity of the AFOSI personnel program that relies on selecting 
only qualified people.

    (14) System identifier and name: F035 AFB B, Master Cadet Personnel 
Record (Active/Historical).
    (i) Exemptions. Parts of these systems are exempt from 5 U.S.C. 
552a(d), (e)(4)(H), and (f), but only to the extent that they would 
reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(7).
    (iii) Reasons. To maintain the candor and integrity of comments 
needed to evaluate a cadet for commissioning in the Air Force.

    (15) System identifier and name: F205 AFISA A, Sensitive 
Compartmented Information Personnel Records.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(a)(3); (d); 
(e)(4) (G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(2) and (k)(5).
    (iii) Reasons. To protect the identity of sources to whom proper 
promises of confidentiality have been made during investigations. 
Without these promises, sources will often be unwilling to provide 
information essential in adjudicating access in a fair and impartial 
manner.

    (16) F124 AFA, Security and Related Investigative Records.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (iii) Reasons. To protect the identity of those who give 
information in confidence for personnel security and related 
investigations. Fear of harassment could cause sources to refuse to 
give this information in the frank and open way needed to pinpoint 
those areas in an investigation that should be expanded to resolve 
charges of questionable conduct.

    (17) System identifier and name: F205 AFSCO A, Special Security 
Case Files.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d), 
(e)(4) (G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (iii) Reasons. To protect the identity of those who give 
information in confidence for personnel security and related 
investigations. Fear of harassment could cause sources to refuse to 
give this information in the frank and open way needed to pinpoint 
those areas in an investigation that should be expanded to resolve 
charges of questionable conduct.

    (18) System identifier and name: F205 AF SP A, Special Security 
Files.
    (i) Exemption. This system is exempt from 5 U.S.C. 552a(c)(3); (d); 
(e)(4) (G), (H), and (I); and (f), but only to the extent that 
disclosure would reveal the identity of a confidential source.
    (ii) Authority. 5 U.S.C. 552a(k)(5).
    (ii) Reasons. To protect the identity of those who give information 
in confidence for personnel security and related investigations. Fear 
of harassment could cause them to refuse to give this information in 
the frank and open way needed to pinpoint areas in an investigation 
that should be expanded to resolve charges of questionable conduct.

    (19) System identifier and name: F035 AF MP R, Applications for 
Appointment and Extended Active Duty Files.
    (i) Exemption. Parts of this system of records are exempt from 5 
U.S.C. 552a(d), but only to the extent that disclosure would reveal the 
identity of a confidential source.
    (ii) Authority.5 U.S.C. 552a(k)(5).
    (iii)Reasons. To protect the identity of confidential sources who 
furnish information necessary to make determinations about the 
qualifications, eligibility, and suitability of health care 
professionals who apply for Reserve of the Air Force appointment or 
interservice transfer to the Air Force.

    Dated: October 14, 1994.

L. M. Bynum,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 94-26085 Filed 10-20-94; 8:45 am]
BILLING CODE 5000-04-F