[Federal Register Volume 64, Number 81 (Wednesday, April 28, 1999)]
[Rules and Regulations]
[Pages 22784-22789]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-10570]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 311


OSD Privacy Program

AGENCY: Department of Defense.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This rule updates and implements procedures of the Privacy Act 
Program in the Office of the Secretary of Defense (OSD) and 
organizations provided Privacy Act administrative support by Washington 
Headquarters Services (WHS).

DATES: This rule is effective February 4, 1999. Comments must be 
received by June 28, 1999.

ADDRESSES: Forward comments to: DoD, WHS(C&D)D&R(records), 1155 Defense 
Pentagon, Washington, DC 20301-1155.

FOR FURTHER INFORMATION CONTACT:
David Bosworth, 703-588-0159.

SUPPLEMENTARY INFORMATION:

Executive Order 12866, ``Regulatory Planning and Review''

    It has been determined that 32 CFR part 311 is not a significant 
regulatory action. The rule does not:
    (1) Have an annual effect to the economy of $100 million or more or 
adversely affect in a material way the economy; a section of the 
economy; productivity; competition; jobs; the environment; public 
health or safety; or State, local, or tribal governments or 
communities;
    (2) Create a serious inconsistency or otherwise interfere with an 
action taken or planned by another Agency;
    (3) Materially alter the budgetary impact of entitlements, grants, 
user fees, or loan programs, or the rights and obligations of 
recipients thereof; or
    (4) Raise novel legal or policy issues arising out of legal 
mandates, the President's priorities, or the principles set forth in 
this Executive Order.

[[Page 22785]]

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)

    It has been certified that this rule is not subject to the 
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if 
promulgated, have a significant economic impact on a substantial number 
of small entities.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 
35)

    It has been certified that this part does not impose any reporting 
or recordkeeping requirements under the Paperwork Reduction Act of 
1995.

List of Subjects in 32 CFR Part 311

    Privacy.

    Accordingly, 32 CFR part 311 is revised to read as follows:

PART 311--OSD PRIVACY PROGRAM

Sec.
311.1  Purpose.
311.2  Applicability and scope.
311.3  Definitions.
311.4  Policy.
311.5  Responsibilities.
311.6  Procedures.
311.7  Information requirements.

    Authority: Pub. L. 93-579, 88 Stat. 1986 (5 U.S.C. 552a).


Sec. 311.1  Purpose.

    This part updates and implements basic policies and procedures 
outlined in 5 U.S.C. 552a, OMB Circular A-130,\1\ and DoD 5400.11-R \2\ 
and provides guidance and procedures for use in establishing the 
Privacy Program in the Office of the Secretary of Defense (OSD) and 
those organizations assigned to OSD for administrative support.
---------------------------------------------------------------------------

    \1\ Copies may be obtained by contacting EOP Publications, 725 
16th Street, NW., NEOB, Washington, DC 20503.
    \2\ Copies may be obtained via internet at http://
web7.whs.osd.mil/corres.htm.
---------------------------------------------------------------------------


Sec. 311.2  Applicability and scope.

    This part:
    (a) Applies to the OSD, the Chairman of the Joint Chiefs of Staff, 
Uniformed Services University of the Health Sciences (USUHS) and other 
activities assigned to OSD for administrative support hereafter 
referred to collectively as ``OSD Components.''
    (b) Covers record systems maintained by OSD Components and governs 
the maintenance, access, change, and release of information contained 
in OSD Component record systems, from which information about an 
individual is retrieved by a personal identifier.


Sec. 311.3  Definitions.

    Access. Any individual's review of a record or a copy of a record 
or parts of a system of records.
    Disclosure. The transfer of any personal information from a system 
of records by any means of oral, written, electronic, mechanical, or 
other communication, to any person, private entity, or Government 
agency, other than the subject of the record, the subject's designated 
agent, or the subject's guardian.
    Individual. A living citizen of the United States or an alien 
lawfully admitted to the United States for permanent residence. The 
legal guardian of an individual has the same rights as the individual 
and may act on his or her behalf.
    Individual access. Access to personal information pertaining to the 
individual, by the individual, his or her designated agent or legal 
guardian.
    Maintain. Includes maintenance, collection, use or dissemination.
    Personal information. Information about an individual that is 
intimate or private, as distinguished from information related solely 
to the individual's official functions or public life.


Sec. 311.4  Policy.

    (a) It is DoD policy to safeguard personal information contained in 
any system of records maintained by any DoD Component and to permit any 
individual to know what existing records pertain to him or her in any 
OSD Component covered by this part.
    (b) Each office maintaining records and information about 
individuals shall ensure that their privacy is protected from 
unauthorized disclosure of personal information. These offices shall 
permit individuals to have access to, and to have a copy made of all, 
or any portion of records about them, except as provided in Chapters 3 
and 5, DoD 5400.11-R, and to have an opportunity to request that such 
records be amended as provided by the Privacy Act of 1974 and Chapter 3 
of DoD 5400.11-R. Individuals requesting access to their records shall 
receive concurrent consideration under 5 U.S.C. 552a and the Freedom of 
Information Act, as amended, if appropriate.
    (c) Heads of OSD Components shall maintain any necessary record of 
a personal nature that is individually identifiable in a manner that 
complies with the law and DoD policy. Any information collected must be 
as accurate, relevant, timely, and complete as is reasonable to ensure 
fairness to the individual. Adequate safeguards must be provided to 
prevent misuse or unauthorized release of such information.


Sec. 311.5  Responsibilities.

    (a) The Director of Administration and Management, Office of the 
Secretary of Defense (DA&M, OSD) shall:
    (1) Direct and administer the DoD Privacy Program for OSD 
Components.
    (2) Establish standards and procedures to ensure implementation of 
and compliance with the Privacy Act of 1974, OMB Circular No. A-130, 
and DoD 5400.11-R.
    (3) Designate the Director for Freedom of Information and Security 
Review as the point of contact for individuals requesting information 
of access to records and copies about themselves.
    (4) Serve as the appellate authority within OSD when a requester 
appeals a denial for access to records under the Privacy Act.
    (5) Serve as the appellate authority within OSD when a requester 
appeals a denial for amendment of a record or initiates legal action to 
correct a record.
    (6) Evaluate and decide, in coordination with The General Counsel 
of the Department of Defense (GC, DoD), appeals resulting from denials 
of access or amendments to records by the OSD Components.
    (7) Designate the Directives and Records Division, Correspondence 
and Directives Directorate, Washington Headquarters Services (WHS) as 
the office responsible for all aspects of the Privacy Act, except that 
portion about receiving and acting on public requests for personal 
records. As such, the Directives and Records Division shall:
    (i) Exercise oversight and administrative control of the Privacy 
Act Program in OSD and those organizations assigned to OSD for 
administrative support.
    (ii) Provide guidance and training to organizational entities as 
required by 5 U.S.C. 552a and OMB Circular A-130.
    (iii) Collect and consolidate data from OSD Components, and submit 
an annual report to the Defense Privacy Office, as required by 5 U.S.C. 
552a, OMB Circular A-130, and DoD 5400.11-R.
    (iv) Coordinate and consolidate information for reporting all 
record systems, as well as changes to approved systems, to the OMB, the 
Congress, and the Federal Register, as required by 5 U.S.C. 552a, OMB 
Circular A-130, and DoD 5400.11-R.
    (v) Collect information from OSD Components, and prepare 
consolidated reports required by 5 U.S.C. 552a and DoD 5400.11-R.
    (b) The Director for Freedom of Information and Security Review 
shall:
    (1) Forward requests for information or access to records to the 
appropriate OSD Component having primary

[[Page 22786]]

responsibility for any pertinent system of records under 5 U.S.C. 552a, 
or to OSD Components, under the Freedom of Information Act, as amended.
    (2) Maintain deadlines to ensure that responses are made within the 
time limits prescribed in DoD 5400.7-R,\3\ DoD Instruction 5400.10,\4\ 
and this part.
---------------------------------------------------------------------------

    \3\ See footnote 2 to Sec. 311.1.
    \4\ See footnote 2 to Sec. 311.1.
---------------------------------------------------------------------------

    (3) Collect fees charged and assessed for reproducing requested 
materials.
    (4) Refer all matters about amendments of records and general and 
specific exemptions under the 5 U.S.C. 552a to the proper OSD 
Components.
    (c) The General Counsel of the Department of Defense shall:
    (1) Coordinate all OSD final denials of appeals for amending 
records, and review actions to confirm denial of access to records, as 
appropriate.
    (2) Provide advice and assistance to the DA&M, OSD in the discharge 
of appellate and review responsibilities, and to the DFOISR on all 
access matters.
    (3) Provide advice and assistance to OSD Components on legal 
matters pertaining to the Privacy Act of 1974.
    (d) The Heads of the OSD Components shall:
    (1) Designate an individual as the point of contact for Privacy Act 
matters; designate an official to deny initial requests for access to 
an individual's records or changes to records; and advise both DA&M, 
OSD and DFOISR of names of officials so designated.
    (2) Report any new record system, or changes to an existing system, 
to the Chief, Directives and Records Division, WHS, at least 90 days 
before the intended use of the system.
    (3) Review all contracts that provide for maintaining records 
systems, by or on behalf of his or her office, to ensure within his or 
her authority, that language is included that provides that such 
systems shall be maintained in a manner consistent with 5 U.S.C. 552a.
    (4) Revise procurement guidance to ensure that any contract 
providing for the maintenance of a records system, by or on behalf of 
his or her office, includes language that ensures that such system 
shall be maintained in accordance with 5 U.S.C. 552a.
    (5) Revise computer and telecommunications procurement policies to 
ensure that agencies review all proposed contracts for equipment and 
services to comply with 5 U.S.C. 552a.
    (6) Coordinate with Automatic Data Processing (ADP) and word 
processing managers providing services to ensure that an adequate risk 
analysis is conducted to comply with DoD 5400.11-R.
    (7) Review all Directives that require forms or other methods used 
to collect information about individuals to ensure that they are in 
compliance with 5 U.S.C. 552a.
    (8) Establish administrative systems in OSD Component organizations 
to comply with the procedures listed in this part and DoD 5400.11-R.
    (9) Coordinate with the GC, DoD on all proposed denials of access 
to records.
    (10) Provide justification to the DFOISR when access to a record is 
denied in whole or in part.
    (11) Provide the record to the DFOISR when the initial denial of a 
request for access to such record has been appealed by the requester, 
or at the time of initial denial when appeal seems likely.
    (12) Maintain an accurate account of the actions resulting in a 
denial for access to a record or for the correction of a record. This 
account should be maintained so that it can be readily certified as the 
complete record of proceedings if litigation occurs.
    (13) Ensure that all personnel who either have access to the system 
of records, or who are engaged in developing or supervising procedures 
for handling records in the system, are aware of their responsibilities 
for protecting personal information as established in the Privacy Act 
and DoD 5400.11-R.
    (14) Forward all requests for access to records received directly 
from an individual to the DFOISR for appropriate suspense control and 
recording.
    (15) Provide DFOISR with a copy of the requested record when the 
request is granted.
    (e) The requester who desires to submit a request is responsible 
for:
    (1) Determining whether to submit the request in writing or in 
person. A requester who seeks access to records pertaining to himself 
or herself which are filed by his or her name or personal identifier:
    (i) May make such a request in person to the custodian of the 
records. If the requester is not satisfied with the response, however, 
in order to invoke any provision of 5 U.S.C. 552a, DoD 5400.11-R, or 
this part, the requester must file a request in writing as provided in 
Sec. 311.6(b)(10). The requester must provide proof of identify by 
showing drivers license or similar credentials.
    (ii) Describing the record sought, and providing sufficient 
information to enable the material to be located (e.g., identification 
of system of records, approximate date it was initiated, originating 
organization, and type of document).
    (iii) Complying with procedures provided in DoD 5400.11-R for 
inspecting and/or obtaining copies of requested records.
    (iv) Submitting a written request to amend the record to the system 
manager or to the office designated in the system notice.


Sec. 311.6  Procedures.

    (a) Publication of notice in the Federal Register. (1) A notice 
shall be published in the Federal Register of any record system meeting 
the definition of a system of records in DoD 5400.11-R.
    (2) Regarding new or revised records systems, each OSD Component 
shall provide the Chief, Directives and Records Division with 90 days 
advance notice of any anticipated new or revised system of records. 
This material shall be submitted to the OMB and to Congress at least 60 
days before use and to the Federal Register at least 30 days before 
being put into use, to provide an opportunity for interested persons to 
submit written data, views, or arguments to the OSD Components. 
Instructions on content and preparation are outlined in DoD 5400.11-R.
    (b) Access to information on records systems. (1) Upon request, and 
as provided by the Privacy Act, records shall be disclosed only to the 
individual they pertain to and under whose individual name or 
identifier they are filed, unless exempted by provisions stated in DoD 
5400.11-R.
    (2) There is not requirement under 5 U.S.C. 552a that a record be 
created or that an individual be given access to records that are not 
in a group of records that meet this definition of a system of records 
in 5 U.S.C. 552a.
    (3) Granting access to a record containing personal information 
shall not be conditioned upon any requirement that the individual state 
a reason or otherwise justify the need to gain access.
    (4) No verification of identity shall be required of an individual 
seeking access to records that are otherwise available to the public.
    (5) Individuals shall not be denied access to a record in a system 
of records about themselves because those records are exempted from 
disclosure under DoD 5400.7-R. Individuals may only be denied access to 
a record in a system of records about themselves when those records are 
exempted from the access provisions of the Privacy Act under DoD 
5400.11-R, Chapter 5.
    (6) Individuals shall not be denied access to their records for 
refusing to disclose their Social Security Numbers

[[Page 22787]]

(SSNs), unless disclosure of the SSN is required by statute, by 
regulation adopted before January 1, 1975, or if the record's filing 
identifier and only means of retrieval is by SSN.
    (7) Individuals may request access to their records, in person or 
by mail, in accordance with the procedures outlined in paragraph (b)(8) 
of this section.
    (8) Information necessary to identify a record is: the individual's 
name, date of birth, place of birth, identification of the records 
system as listed in the Federal Register, or sufficient information to 
identify the type of records being sought, and the approximate date the 
records might have been created. Any individual making a request for 
access to records in person shall come to the Directorate for Freedom 
of Information and Security Review (DFOISR), Room 2C757, Pentagon, 
Washington, DC 20301-1155; and shall provide personal identification 
acceptable to the Director, DFOISR, to verify the individual's identity 
(e.g., driver's license, other licenses, permits, or passes used for 
routine identification purposes).
    (9) If an individual wishes to be accompanied by a third party when 
seeking access to records or wishes to have the record released 
directly to a third party, the individual may be required to furnish a 
signed access authorization granting the third party access.
    (10) Any individual submitting a request by mail for access to 
information shall address such request to the Directorate for Freedom 
of Information and Security Review, Pentagon, Room 2C757, Washington, 
DC 20301-1155. To verify the identity of the individual, the request 
shall include either a signed notarized statement or an unsworn 
declaration in the format specified by 28 U.S.C. 1746.
    (11) The following procedures shall apply to requests for access to 
records or information complied for law enforcement purposes:
    (i) Individuals requesting access to records or information about 
themselves and complied for law enforcement purposes are processed 
under DoD 5400.11-R and DoD 5400.7-R to give them the greater degree of 
access.
    (ii) Individual requests for access to records or information about 
themselves and compiled for law enforcement purposes (and in the 
custody of law enforcement activities) that have been incorporated into 
the records system, exempted from the access provisions of 5 U.S.C. 
552a, will be processed in accordance with subsection C1.5.13 and 
Chapter 5, DoD 5400.7-R. Individuals shall not be denied access to 
records solely because they are in the exempt system, but they will 
have the same access that they would receive under DoD 5400.7-R. (Also 
see subsection A.10., Chapter 3, DoD 5400.11-R).)
    (iii) Requests by the individuals for access to records or 
information about themselves and compiled for law enforcement purposes 
that are in records systems exempted from access provisions will be 
processed under subsection C.1., Chapter 5 of DoD 5400.11-R or DoD 
5400.7-R, depending upon which regulation gives the greater degree of 
access. (See also subsection A. 10., Chapter 3, DoD 5400.1-R)
    (iv) Individual requests for access to records or information about 
themselves and complied for law enforcement purposes exempted from 
access under Section B, Chapter 5 of DoD 54.11-R, that are temporarily 
in the hands of a non-law enforcement element for adjudicative or 
personnal actions, shall be referred to the originating agency. The 
requester will be informed in writing of these referrals.
    (12) The following procedures shall apply to requests for 
illegible, incomplete, or partially exempt records:
    (i) An individual shall not be denied access to a record or a copy 
of a record solely because the physical condition or format of the 
record does not make it readily available (e.g., deteriorated state or 
on magnetic tape). The document will be prepared as an extract, or it 
will be exactly recopied.
    (ii) If a portion of the record contains information that is exempt 
from access, an extract or summary containing all of the information in 
the record that is releasable shall be prepared.
    (iii) When the physical condition to the record makes it necessary 
to prepare an extract for release, the extract shall be prepared so 
that the requester will understand it.
    (iv) The requester shall be informed of all deletions or changes to 
records.
    (13) Medical records shall be disclosed to the individual they 
pertain to, unless a determination is made in consultation with a 
medical doctor, that the disclosure could have adverse effects on the 
individual's physical or mental health. Such information may be 
transmitted to a medical doctor named by the individual concerned. If 
the named medical doctor declines to provide the record to the 
individual, the OSD Components shall take positive action to ensure 
that the requested records are provided the individual.
    (14) The individual may be charged reproduction fees for copies or 
records as outlined in DoD 5400.11-R.
    (c) Requested to amend personal information in records systems and 
disputes. (1) The Head of an OSD Component, or the designated official, 
shall allow individuals to request amendment to their records to the 
extent that such records are not accurate, relevant, timely, or 
complete. Requests should be as brief and as simple as possible and 
should contain, as a minimum, identifying information to locate the 
record, as description of the items to be amended, and the reason for a 
change. A request shall not be rejected nor required to be resubmitted 
unless additional information is essential to process the request. 
Requesters shall be required to provide verification of their identify 
as stated in paragraph (b)(8) of this section, to ensure that they are 
seeking to amend records about themselves, and not, inadvertently or 
intentially, the records of others.
    (1) The appropriate system manager shall mail a written 
acknowledgement to an individual's request to amend a record within 10 
days after receipt, excluding Saturdays, Sundays, and legal public 
holidays. Such acknowledgement shall identify the request and may, if 
necessary, request any additional information needed to make a 
determination. No acknowledgment is necessary if the request can be 
reviewed, processed, and if the individual can be notified of 
compliance or denial within the 10-day period. Whenever practical, the 
decision shall be made within 30 working days. For requests presented 
in person, written acknowledgment may be provided at the time the 
request is presented.
    (3) The Head of an OSD Component, or designated official, shall 
promptly take one of the following actions on requests to amend the 
records:
    (i) If the OSD Component official agrees with any portion or all of 
an individual's request, he or she will proceed to amend the records in 
accordance with existing statutes, requlations, or administrative 
procedures, and inform the requester of the action taken. The OSD 
Component official shall also notify all previous holders of the record 
that the amendment has been made, and shall explain the substance of 
the correction.
    (ii) If the OSD Component official disagrees with all or any 
portion of a request, the individual shall be informed promptly of the 
refusal to amend a record, the reason for the refusal, and the 
procedure established by OSD for an appeal as outlined in paragraph 
(c)(6) of this section.
    (iii) If the request for an amendment pertains to a record 
controlled and maintained by another Federal Agency,

[[Page 22788]]

the request shall be referred to the appropriate Agency, and the 
requester advised of this:
    (4) The following procedures shall be used when reviewing records 
under dispute:
    (i) In response to a request for an amendment to records, officials 
shall determine whether the requester has adequately supported their 
claim that the record is inaccurate, irrelevant, untimely, or 
incomplete.
    (ii) The Head of an OSD Component, or designated official, shall 
limit the review of a record of those items of information that clearly 
bear on any determination to amend the records and shall ensure that 
all those elements are present before determination is made.
    (5) If the Head of an OSD Component, or designated official, after 
an initial review of a request to amend a record, disagrees with all or 
any portion of a record, he or she shall:
    (i) Advise the individual of the denial and the reason for it.
    (ii) Inform the individual that he or she may appeal the denial.
    (iii) Describe the procedures for appealing the denial including 
the name and address of the official to whom the appeal should be 
directed. The procedures should be as brief and simple as possible.
    (iv) Furnish a copy of the justification of any denial to amend a 
record to the DA&M, OSD.
    (6) If an individual disagrees with the initial OSD determination, 
he or she may file an appeal. The request should be sent to the 
Director of Administration and Management, Office of the Secretary of 
Defense (DA&M, OSD), 1950 Defense Pentagon, Washington, D.C. 20301-
1950, if the record is created and maintained by an OSD Component.
    (7) If, after review, the DA&M, OSD further refuses to amend the 
record as requested, he shall advise the individual:
    (i) Of the refusal and the reason and authority for the denial.
    (ii) Of his or her right to file a statement of the reason for 
disagreeing with the DA&M's decision.
    (iii) Of the procedures for filing a statement of disagreements.
    (iv) That the statement filed shall be made available to anyone the 
record is dislosed to, together with a brief statement, at the 
discretion of the OSD Component, summarizing its reasons for refusing 
to amend the records.
    (v) That prior recipients of copies of disputed records by provided 
by a copy of any statement of dispute to the extent that an accounting 
of disclosure is maintained.
    (vi) Of his or her right to seek judicial review of the DA&M's 
refusal to amend a record.
    (8) If, after the review, the DA&M, OSD, determines that the record 
should be amended in accordance with the individual's request, the OSD 
Component shall amend the record, advise the individual, and inform 
previous recipients where an accounting of disclosure has been 
maintained.
    (9) All appeals should be processed within 30 days (excluding 
Saturdays, Sundays, and legal public holidays) after receipt by the 
proper office. If the DA&M determines that a fair and equitable review 
cannot be made within that time, the individual shall be informed in 
writing of the reasons for the delay and of the approximate date the 
review is expected to be completed.
    (d) Disclosure of disputed information. (1) If the DA&M, OSD, has 
refused to amend a record and the individual has filed a statement 
under paragraph (c)(7) of this section, the OSD Component shall clearly 
annotate the disputed record so that it is apparent to any person to 
whom the record is disclosed that a statement has been filed. Where 
feasible, the notation itself shall be integral to the record. Where an 
accounting of a disclosure has been made, the OSD Component shall 
advise previous recipients that the record has been disputed and shall 
provide a copy of the individual's statement.
    (i) This statement shall be maintained to permit ready retrieval 
whenever the disputed portion of the record is to be disclosed.
    (ii) When information that is the subject of a statement of dispute 
is subsequently disclosed, the OSD Component's designated official 
shall note which information is disputed and provide a copy of the 
individual's statement.
    (2) The OSD Component shall include a brief summary of its reasons 
for not making a correction when disclosing disputed information. Such 
statement shall normally be limited to the reasons given to the 
individual for not amending the record.
    (3) Copies of the OSD Component's summary will be treated as part 
of the individual's record; however, it will not be subject to the 
amendment procedure outlined in paragraph (c)(3)(iii) of this section.
    (e) Penalties--(1) Civil action. (i) An individual may file a civil 
suit against the United States and may recover damages, for:
    (A) Refusal to amend a record.
    (B) Improper denial of the access to a record.
    (C) Failure to maintain an accurate, relevant, timely, and complete 
record that is used to make determinations adverse to the individual.
    (ii) An individual may also file a suit against the United States 
for failure to implement a provision of the Privacy Act when such 
failure leads to an adverse determination.
    (iii) If the individual's suit is upheld, the court may direct the 
United States to pay the court costs and attorney's fees.
    (2) Criminal action. (i) Criminal penalties may be imposed against 
an OSD officer or employee for certain offenses listed in section (i) 
of the Privacy Act, as follows: willful unauthorized disclosure of 
protected information in the records; failure to publish a notice of 
the existence of a record system in the Federal Register; requesting or 
gaining access to the individual's record under false pretenses.
    (ii) An OSD officer or employee may be fine up to $5,000 for a 
violation as outlined in paragraph (e)(2)(i) of this section.
    (3) Litigation status sheet. Whenever a complaint citing 5 U.S.C. 
552a is filed in a U.S. District Court against the Department of 
Defense, a DoD component, or any DoD employee, the responsible system 
manager shall promptly notify the Defense Privacy Office. The 
litigation status sheet in DoD 5400.II-R provides a standard format for 
this notification. (The initial litigation status sheet shall, as a 
minimum, provide the information required by items 1. through 6.) A 
revised litigation status sheet shall be provided at each stage of the 
litigation. When a court renders a formal opinion or judgment, copies 
of the judgment or opinion shall be provided to the Defense Privacy 
Office with the litigation status sheet reporting that judgment or 
opinion.
    (f) Computer matching programs. Paragraph B of Chapter 11 of DoD 
5400.11-R prescribes that all requests for participation in a matching 
program (either as a matching agency or a source agency) be submitted 
to the Defense Privacy Office for review and compliance. OSD Components 
shall submit these request through the Directives and Records Division.


Sec. 311.7  Information requirements.

    The Defense Privacy Office shall establish requirements and 
deadlines for DoD privacy reports. These reports shall be licensed in 
accordance with DoD Directive 8910.1.\5\

    \5\ See footnote 2 to Sec. 311.1.

---------------------------------------------------------------------------

[[Page 22789]]

    Dated: April 22, 1999.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 99-10570 Filed 4-27-99; 8:45 am]
BILLING CODE 5001-10-M