[Federal Register Volume 65, Number 199 (Friday, October 13, 2000)]
[Proposed Rules]
[Pages 60900-60902]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-26254]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Logistics Agency

32 CFR Part 323

[Defense Logistics Agency Regulation 5400.21]


Defense Logistics Agency Privacy Program

AGENCY:  Defense Logistics Agency, DoD.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Defense Logistics Agency (DLA) is proposing to amend its 
Privacy Act regulations. These changes consist of DLA office code 
changes and DLA publication name changes. DLA is also adding language 
to clarify the training requirements for its employees and military 
members who work with the news media or the public.

DATES: Comments must be received on or before December 12, 2000 to be 
considered by this agency.

ADDRESSES: Send comments to the Privacy Act Officer, Defense Logistics 
Agency, ATTN: CAAR, 8725 John J. Kingman Road, Suite 2533, Fort 
Belvoir, VA 22060-6221.

FOR FURTHER INFORMATION CONTACT: Ms. Susan Salus at (703) 767-6183.

SUPPLEMENTARY INFORMATION:

Executive Order 12866

    It has been determined that this Privacy Act rule for the 
Department of Defense does not constitute ``significant regulatory 
action''. Analysis of the rule indicates that it does not have an 
annual effect on the economy of $100 million or more; does not create a 
serious inconsistency or otherwise interfere with an action taken or 
planned by another agency; does not materially alter the budgetary 
impact of entitlements, grants, user fees, or loan programs or the 
rights and obligations of recipients thereof; does not raise novel 
legal or policy issues arising out of legal mandates, the President's 
priorities, or the principles set forth in Executive Order 12866.

Regulatory Flexibility Act

    It has been determined that this Privacy Act rule for the 
Department of Defense does not have significant economic impact on a 
substantial number of small entities because it is concerned only with 
the administration of Privacy Act systems of records within the 
Department of Defense.

Paperwork Reduction Act

    It has been determined that this Privacy Act rule for the 
Department of Defense imposes no information requirements beyond the 
Department of Defense and that the information collected within the 
Department of Defense is necessary and consistent with 5 U.S.C. 552a, 
known as the Privacy Act, and 44 U.S.C. Chapter 35.

List of Subjects in 32 CFR Part 323

    Privacy.

    Accordingly, 32 CFR part 323 is proposed to be amended as follows:

PART 323--DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM

    1. The authority citation for 32 CFR Part 323 continues to read as 
follows:

    Authority: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).

    2. 32 CFR part 323 is propose to be amended by revising footnotes 1 
through 8 to read as follows:

    Copies may be obtained, if needed, from the Defense Logistics 
Agency, ATTN: DSS-CV, 8725 John J. Kingman Road, Suite 2533, Fort 
Belvoir, VA 22060-6221.

    3. Section 323.2(e) is proposed to be revised to read as follows:


Sec. 323.2  Policy.

* * * * *
    (e) Make reasonable efforts to ensure that records containing 
personal information are accurate, relevant, timely, and complete for 
the purposes for which they are being maintained before making them 
available to any recipients outside DoD, other than a Federal agency, 
unless the disclosure is made under DLAR 5400.14, DLA Freedom of 
Information Act Program (32 CFR part 1285).
* * * * *
    4. Section 323.4 is proposed to be amended as follows:
    a. By revising paragraph (a)(1) introductory text,
    b. Adding paragraph (a)(1)(v), and
    c. Revising paragraph (a)(2), introductory text, paragraphs (a)(3) 
and (b)(4). The revisions and addition read as follows:


Sec. 323.4  Responsibilities.

    (a) * * *
    (1) The Staff Director, Corporate Communications, DLA Support 
Services (DSS-C) will:
* * * * *
    (v) Establish training programs for all individuals with public 
affairs duties, and all other personnel whose duties require access to 
or contact with systems of records affected by the Privacy Act. Initial 
training will be given to new employees and military members upon 
assignment. Refresher training will be provided annually or more 
frequently if conditions warrant.

[[Page 60901]]

    (2) The General Counsel, DLA (DLA-GC) will:
* * * * *
    (3) The DLA Chief Information Office (J-6) will formulate and 
implement protective standards for personal information maintained in 
automated data processing systems and facilities.
    (b) * * *
    (4) Establish training programs for all individuals with public 
affairs duties, and all other personnel whose duties require access to 
or contact with systems of records affected by the Privacy Act. Initial 
training will be given to new employees and military members upon 
assignment. Refresher training will be provided annually or more 
frequently if conditions warrant.
    5. Section 323.5 is proposed to be amended by revising, paragraphs 
(b)(3)(iv), (b)(4), (b)(5), (c)(5)(ii), (c)(6) introductory text, 
(c)(6)(i), (f)(3), introductory text, (h)(6), (i)(5)(ii), (j)(5), (k), 
(l)(1), (1)(2), and (1)(3) and by removing paragraph (b)(3)(v) to read 
as follows:


Sec. 323.5  Procedures.

* * * * *
    (b) * * *
    (3) * * *
    (iv) Notice to the individual of his or her right to appeal the 
denial within 60 calendar days of the date of the denial letter and to 
file any such appeal with the HQ DLA Privacy Act Officer, Defense 
Logistics Agency (DSS-CA), 8725 John J. Kingman Road, Suite 2533, Fort 
Belvoir, VA 22060-6221.
    (4) DLA will process all appeals within 30 days of receipt unless a 
fair and equitable review cannot be made within that period. The 
written appeal notification granting or denying access is the final DLA 
action on access.
    (5) The records in all systems of records maintained in accordance 
with the Office of Personnel Management (OPM) Government-wide system 
notices are technically only in the temporary custody of DLA. All 
requests for access to these records must be processed in accordance 
with the Federal Personnel Manual (5 CFR part 293, 294, 297 and 735) as 
well as this part. DLA-GC is responsible for the appellate review of 
denial of access to such records.
    (c) * * *
    (5) * * *
    (ii) Notification that he or she may seek further independent 
review of the decision by filing an appeal with the HQ DLA Privacy Act 
Officer, Defense Logistics Agency (DSS-CA), 8725 John J. Kingman Road, 
Suite 2533, Fort Belvoir, VA 22060-6221, and including all supporting 
materials.
    (6) DLA will process all appeals within 30 days unless a fair 
review cannot be made within this time limit.
    (i) If the appeal is granted, DLA will promptly notify the 
requester and system manager of the decision. The system manager will 
amend the record(s) as directed and ensure that all prior known 
recipients of the records who are known to be retaining the record are 
notified of the decision and the specific nature of the amendment and 
that the requester is notified as to which DoD Components and Federal 
agencies have been told of the amendment.
* * * * *
    (f) * * *
    (3) All records must be disclosed if their release is required by 
the Freedom of Information Act. DLAR 5400.14, (32 CFR part 1285) 
requires that records be made available to the public unless exempted 
from disclosure by one of the nine exemptions found in the Freedom of 
Information Act. The standard for exempting most personal records, such 
as personnel records, medical records, and similar records, is found in 
DLAR 5400.14 (32 CFR part 1285). Under the exemption, release of 
personal information can only be denied when its release would be a 
``clearly unwarranted invasion of personal privacy.''
* * * * *
    (f) * * *
    (6) DLAI 5530.1, Publications, Forms, Printing, Duplicating, 
Micropublishing, Office Copying, and Automated Information Management 
Programs,\2\ provides guidance on administrative requirements for 
Privacy Act Statements used with DLA forms. Forms subject to the 
Privacy Act issued by other Federal agencies have a Privacy Act 
Statement attached or included. Always ensure that the statement 
prepared by the originating agency is adequate for the purpose for 
which the form will be used by the DoD activity. If the Privacy Act 
Statement provided is inadequate, the activity concerned will prepare a 
new statement of a supplement to the existing statement before using 
the form. Forms issued by agencies not subject to the Privacy Act 
(state, municipal, and other local agencies) do not contain Privacy Act 
statements. Before using a form prepared by such agencies to collect 
personal data subject to this part, an appropriate Privacy Act 
Statement must be added.
* * * * *
    (i) * * *
    (5) * * *
    (ii) Special administrative, physical, and technical procedures are 
required to protect data that are stored or being processed temporarily 
in an automated data processing (ADP) system or in a work processing 
activity to protect it against threats unique to those environments 
(see DLAR 5200.17, Security Requirements for Automated Information and 
Telecommunications System,\3\ and appendix D of this part).
* * * * *
    (j) * * *
    (5) Systems notices and reports of new and altered systems will be 
submitted to DLA Support Services (DSS-CA) as required.
* * * * *
    (k) Exemptions. The Director, DLA will designate the DLA records 
which are to be exempted from certain provision of the Privacy Act. DLA 
Support Services (DSS-CA) will publish in the Federal Register 
information specifying the name of each designated system, the specific 
provisions of the Privacy Act from which each system is to be exempted, 
the reasons for each exemption, and the reason for each exemption of 
the record system.
    (l) * * *
    (1) Forward all requests for matching programs to include necessary 
routine use amendments and analysis and proposed matching program 
reports to DLA Support Services. Changes to existing matching programs 
shall be processed in the same manner as a new matching program report.
    (2) No time limits are set by the OMB guidelines. However, in order 
to establish a new routine use for a matching program, the amended 
system notice must have been published in the Federal Register at least 
30 days before implementation. Submit the documentation required above 
to DLA Support Services (DSS-CA) at least 60 days before the proposed 
initiation date of the matching program. Waivers to the 60 days' 
deadline may be granted for good cause shown. Requests for waivers will 
be in writing a fully justified.
    (3) For the purpose of the OMB guidelines, DoD and all DoD 
Components are considered a single agency. Before initiating a matching 
program using only the records of two or more DoD activities, notify 
DLA Support Services (DSS-CA) that the match is to occur. Further 
information may be requested from the activity proposing the match.
* * * * *
    6. Section 323.6 is proposed to be revised to read as follows:


Sec. 323.6  Forms and reports.

    DLA activities may be required to provide data under reporting 
requirements established by the Defense

[[Page 60902]]

Privacy Office and DLA Support Services (DSS-CA). Any report 
established shall be assigned Report Control Symbol DD-DA&M(A)1379.

Appendix A to Part 323 [Amended]

    7. Appendix A to part 323 is proposed to be amended by revising 
paragraphs C.2., F.2., I.4., revised to read as follows:
* * * * *
    C. * * *
    2. When multiple locations are identified by type of 
organization, the system location may indicate that official mailing 
addresses are contained in an address directory published as an 
appendix to DLAH 5400.1.
* * * * *
    F. * * *
    2. For administrative housekeeping records, cite the directive 
establishing DLA as well as the Secretary of Defense authority to 
issue the directive. For example, `Pursuant to the authority 
contained in the National Security Act of 1947, as amended (10 
U.S.C. 133d), the Secretary of Defense has issued DoD Directive 
5105.22 (32 CFR part 398), Defense Logistics Agency (DLA), the 
charter of the Defense Logistics Agency (DLA) as a separate agency 
of the Department of Defense under his control. Therein, the 
Director, DLA, is charged with the responsibility of maintaining all 
necessary and appropriate records.'
    I. * * *
    4. Retention and disposal. Indicate how long the record is 
retained. When appropriate, state the length of time the records are 
maintained by the activity, when they are transferred to a Federal 
Records Center, length of retention at the Records Center and when 
they are transferred to the National Archives or are destroyed. A 
reference to DLAI 5015.1,\8\ DLA Records Management Procedures and 
Records Schedules, or other issuance without further detailed 
information is insufficient.
* * * * *

Appendix B to Part 323 [Amended]

    8. Appendix B to part 323 is proposed to be amended by revising 
paragraphs C. and F.1 introductory text to read as follows:
* * * * *
    C. Reports of new and altered systems. Submit a report of a new 
or altered system to DLA Support Service (DSS-CA) before collecting 
information and for using a new system or altering an existing 
system.
* * * * *
    F. * * *
    11. The OMB may authorize a Federal agency to begin operation of 
a system of records before the expiration of time limits described 
above. When seeking such a waiver, include in the letter of 
transmittal to DLA Support Services (CA) an explanation why a delay 
of 60 days in establishing the system of records would not be in the 
public interest. The transmittal must include:
* * * * *

    Dated: October 6, 2000.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 00-26254 Filed 10-12-00; 8:45 am]
BILLING CODE 5001-10-M