[Federal Register Volume 66, Number 154 (Thursday, August 9, 2001)]
[Rules and Regulations]
[Pages 41780-41783]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-19818]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Defense Logistics Agency

32 CFR Part 323

[Defense Logistics Agency Regulation 5400.21]


Defense Logistics Agency Privacy Program

AGENCY: Defense Logistics Agency, DoD.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Defense Logistics Agency (DLA) is amending its Privacy Act 
regulations. These changes consist of DLA office code changes and DLA 
publication name changes. DLA is also adding language to clarify the 
training requirements for its employees and military members who work 
with the news media or the public.

EFFECTIVE DATE: December 12, 2000.

FOR FURTHER INFORMATION CONTACT: Ms. Susan Salus at (703) 767-6183.

SUPPLEMENTARY INFORMATION: The proposed rule was published on October 
13, 2000, at 65 FR 60900. No comments were received during the sixty-
day public comment period. Therefore, DLA is adopting the amendments.

Executive Order 12866, ``Regulatory Planning and Review''

    The Director of Administration and Management, Office of the 
Secretary of

[[Page 41781]]

Defense, hereby determines that Privacy Act rules for the Department of 
Defense are not significant rules. The rules do not (1) Have an annual 
effect on the economy of $100 million or more or adversely affect in a 
material way the economy; a sector of the economy; productivity; 
competition; jobs; the environment; public health or safety; or State, 
local, or tribal governments or communities; (2) Create a serious 
inconsistency or otherwise interfere with an action taken or planned by 
another Agency; (3) Materially alter the budgetary impact of 
entitlements, grants, user fees, or loan programs, or the rights and 
obligations of recipients thereof; or (4) Raise novel legal or policy 
issues arising out of legal mandates, the President's priorities, or 
the principles set forth in this Executive order.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 
6)

    The Director of Administration and Management, Office of the 
Secretary of Defense, hereby certifies that Privacy Act rules for the 
Department of Defense do not have significant economic impact on a 
substantial number of small entities because they are concerned only 
with the administration of Privacy Act systems of records within the 
Department of Defense.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 
35)

    The Director of Administration and Management, Office of the 
Secretary of Defense, hereby certifies that Privacy Act rules for the 
Department of Defense impose no information requirements beyond the 
Department of Defense and that the information collected within the 
Department of Defense is necessary and consistent with 5 U.S.C. 552a, 
known as the Privacy Act of 1974.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    The Director of Administration and Management, Office of the 
Secretary of Defense, hereby certifies that the Privacy Act rulemaking 
for the Department of Defense does not involve a Federal mandate that 
may result in the expenditure by State, local and tribal governments, 
in the aggregate, or by the private sector, of $100 million or more and 
that such rulemaking will not significantly or uniquely affect small 
governments.

Executive Order 13132, ``Federalism''

    The Director of Administration and Management, Office of the 
Secretary of Defense, hereby certifies that the Privacy Act rules for 
the Department of Defense do not have federalism implications. The 
rules do not have substantial direct effects on the States, on the 
relationship between the National Government and the States or on the 
distribution of power and responsibilities among the various levels of 
government.

List of Subjects in 32 CFR Part 323

    Privacy.

    Accordingly, 32 CFR part 323 is amended as follows:

PART 323--DEFENSE LOGISTICS AGENCY PRIVACY PROGRAM

    1. The authority citation for 32 CFR Part 323 continues to read as 
follows:

    Authority: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).


    2. 32 CFR part 323 is amended by revising footnotes 1 through 8 to 
read as follows:

    Copies may be obtained from the Defense Logistics Agency, ATTN: 
DSS-CV, 8725 John J. Kingman Road, Suite 2533, Fort Belvoir, VA 
22060-6221.


    3. Section 323.2, paragraph (e), is revised to read as follows:


Sec. 323.2  Policy.

* * * * *
    (e) Make reasonable efforts to ensure that records containing 
personal information are accurate, relevant, timely, and complete for 
the purposes for which they are being maintained before making them 
available to any recipients outside DoD, other than a Federal agency, 
unless the disclosure is made under DLAR 5400.14, DLA Freedom of 
Information Act Program (32 CFR part 1285).
* * * * *

    4. Section 323.4 is amended as follows:
    a. By revising paragraph (a)(1) introductory text.
    b. Adding paragraph (a)(1)(v), and
    c. Revising paragraph (a)(2) introductory text, paragraphs (a)(3) 
and (b)(4). The revisions and addition read as follows:


Sec. 323.4  Responsibilities.

    (a) * * *
    (1) The Staff Director, Corporate Communications, DLA Support 
Services (DSS-C) will:
* * * * *
    (v) Establish training programs for all individuals with public 
affairs duties, and all other personnel whose duties require access to 
or contact with systems of records affected by the Privacy Act. Initial 
training will be given to new employees and military members upon 
assignment. Refresher training will be provided annually or more 
frequently if conditions warrant.
    (2) The General Counsel, DLA (DLA-GC) will:
* * * * *
    (3) The DLA Chief Information Office (J-6) will formulate and 
implement protective standards for personal information maintained in 
automated data processing systems and facilities.
    (b) * * *
    (4) Establish training programs for all individuals with public 
affairs duties, and all other personnel whose duties require access to 
or contact with systems of records affected by the Privacy Act. Initial 
training will be given to new employees and military members upon 
assignment. Refresher training will be provided annually or more 
frequently if conditions warrant.

    5. Section 323.5 is amended by revising, paragraphs (b)(3)(iv), 
(b)(4), (b)(5), (c)(5)(ii), (c)(6) introductory text, (c)(6)(i), 
(f)(3), (h)(6), (i)(5)(ii), (j)(5), (k), (l)(1), (l)(2), and (l)(3), 
and by removing paragraph (b)(3)(v) to read as follows:


Sec. 323.5  Procedures.

* * * * *
    (b) * * *
    (3) * * *
    (iv) Notice to the individual of his or her right to appeal the 
denial within 60 calendar days of the date of the denial letter and to 
file any such appeal with the HQ DLA Privacy Act Officer, Defense 
Logistics Agency (DSS-CA), 8725 John J. Kingman Road, Suite 2533, Fort 
Belvoir, VA 22060-6221.
    (4) DLA will process all appeals within 30 days of receipt unless a 
fair an equitable review cannot be made within that period. The written 
appeal notification granting or denying access is the final DLA action 
on access.
    (5) The records in all systems of records maintained in accordance 
with the Office of Personnel Management (OPM) Government-wide system 
notices are technically only in the temporary custody of DLA. All 
requests for access to these records must be processed in accordance 
with the Federal Personnel Manual (5 CFR parts 293, 294, 297 and 735) 
as well as this part. DLA-GC is responsible for the appellate review of 
denial of access to such records.
    (c) * * *
    (5) * * *
    (ii) Notification that he or she may seek further independent 
review of the decision by filing an appeal with the HQ DLA Privacy Act 
Officer, Defense Logistics Agency (DSS-CA), 8725 John J. Kingman Road, 
Suite 2533, Fort Belvoir, VA 22060-6221, and including all supporting 
materials.

[[Page 41782]]

    (6) DLA will process all appeals within 30 days unless a fair 
review cannot be made within this time limit.
    (i) If the appeal is granted, DLA will promptly notify the 
requester and system manager of the decision. The system manager will 
amend the record(s) as directed and ensure that all prior known 
recipients of the records who are known to be retaining the record are 
notified of the decision and the specific nature of the amendment and 
that the requester is notified as to which DoD Components and Federal 
agencies have been told of the amendment.
* * * * *
    (f) * * *
    (3) All records must be disclosed if their release is required by 
the Freedom of Information Act. DLAR 5400.14, (32 CFR part 1285) 
requires that records be made available to the public unless exempted 
from disclosure by one of the nine exemptions found in the Freedom of 
Information Act. The standard for exempting most personal records, such 
as personnel records, medical records, and similar records, is found in 
DLAR 5400.14 (32 CFR part 1285). Under the exemption, release of 
personal information can only be denied when its release would be a 
`clearly unwarranted invasion of personal privacy.'
* * * * *
    (h) * * *
    (6) DLAI 5530.1, Publications, Forms, Printing, Duplicating, 
Micropublishing, Office Copying, and Automated Information Management 
Programs,\2\ provides guidance on administrative requirements for 
Privacy Act Statements used with DLA forms. Forms subject to the 
Privacy Act issued by other Federal agencies have a Privacy Act 
Statement attached or included. Always ensure that the statement 
prepared by the originating agency is adequate for the purpose for 
which the form will be used by the DoD activity. If the Privacy Act 
Statement provided is inadequate, the activity concerned will prepare a 
new statement of a supplement to the existing statement before using 
the form. Forms issued by agencies not subject to the Privacy Act 
(state, municipal, and other local agencies) do not contain Privacy Act 
Statements. Before using a form prepared by such agencies to collect 
personal data subject to this part, an appropriate Privacy Act 
Statement must be added.
    (i) * * *
    (5) * * *
    (ii) Special administrative, physical, and technical procedures are 
required to protect data that are stored or being processed temporarily 
in an automated data processing (ADP) system or in a word processing 
activity to protect it against threats unique to those environments 
(see DLAR 5200.17, Security Requirements for Automated Information and 
Telecommunications Systems,\3\ and appendix D to this part).
* * * * *
    (j) * * *
    (5) Systems notices and reports of new and altered systems will be 
submitted to DLA Support Services (DSS-CA) as required.
* * * * *
    (k) Exemptions. The Director, DLA will designate the DLA records 
which are to be exempted from certain provisions of the Privacy Act. 
DLA Support Services (DSS-CA) will publish in the Federal Register 
information specifying the name of each designated system, the specific 
provisions of the Privacy Act from which each system is to be exempted, 
the reasons for each exemption, and the reason for each exemption of 
the record system.
    (l) * * *
    (1) Forward all requests for matching programs to include necessary 
routine use amendments and analysis and proposed matching program 
reports to DLA Support Services. Changes to existing matching programs 
shall be processed in the same manner as a new matching program report.
    (2) No time limits are set by the OMB guidelines. However, in order 
to establish a new routine use for a matching program, the amended 
system notice must have been published in the Federal Register at least 
30 days before implementation. Submit the documentation required above 
to DLA Support Services (DSS-CA) at least 60 days before the proposed 
initiation date of the matching program. Waivers to the 60 days' 
deadline may be granted for good cause shown. Requests for waivers will 
be in writing a fully justified.
    (3) For the purpose of the OMB guidelines, DoD and all DoD 
Components are considered a single agency. Before initiating a matching 
program using only the records of two or more DoD activities, notify 
DLA Support Services (DSS-CA) that the match is to occur. Further 
information may be requested from the activity proposing the match.
* * * * *

    6. Section 323.6 is revised to read as follows:


Sec. 323.6  Forms and reports.

    DLA activities may be required to provide data under reporting 
requirements established by the Defense Privacy Office and DLA Support 
Services (DSS-CA). Any report established shall be assigned Report 
Control Symbol DD-DA&M(A)1379.

Appendix A to Part 323 [Amended]

    6a. Appendix A to part 323 is amended by redesignating footnotes 
5 through 8 as footnotes 1 through 4 respectfully.

    7. Appendix A to part 323 is amended by revising paragraphs C.2., 
F.2., I.4 to read as follows:

Appendix A to Part 323--Instructions for Preparations of System Notices

    C. * * *
    2. When multiple locations are identified by type of 
organization, the system location may indicate that official mailing 
addresses are contained in an address directory published as an 
appendix to DLAH 5400.1.
* * * * *
    F. * * *
    2. For administrative housekeeping records, cite the directive 
establishing DLA as well as the Secretary of Defense authority to 
issue the directive. For example, `Pursuant to the authority 
contained in the National Security Act of 1947, as amended (10 
U.S.C. 133d), the Secretary of Defense has issued DoD Directive 
5105.22 (32 CFR part 398), Defense Logistics Agency (DLA), the 
charter of the Defense Logistics Agency (DLA) as a separate agency 
of the Department of Defense under this control. Therein, the 
Director, DLA, is charged with the responsibility of maintaining all 
necessary and appropriate records.'
    I. * * *
    4. Retention and disposal. Indicate how long the record is 
retained. When appropriate, state the length of time the records are 
maintained by the activity, when they are transferred to a Federal 
Records Center, length of retention at the Records Center and when 
they are transferred to the National Archives or are destroyed. A 
reference to DLAI 5015.1,\4\ DLA Records Management Procedures and 
Records Schedules, or other issuances without further detailed 
information is insufficient.

Appendix B to Part 323 [Amended]

    8. Appendix B is amended by revising paragraphs C. and F.1. 
introductory text to read as follows:

Appendix B to Part 323--Criteria for New and Altered Record Systems

* * * * *
    C. Reports of new and altered systems. Submit a report of a new 
or altered system to DLA Support Services (DSS-CA) before collecting 
information and for using a new system or altering an existing 
system.
* * * * *
    F. * * *
    1. The OMB may authorize a Federal agency to begin operation of 
a system of records before the expiration of time limits described 
above. When seeking such a waiver, include in the letter of 
transmittal to DLA Support Services (CA) an explanation

[[Page 41783]]

why a delay of 60 days in establishing the system of records would 
not be in the public interest. The transmittal must include:
* * * * *

    Dated: August 1, 2001.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 01-19818 Filed 8-8-01; 8:45 am]
BILLING CODE 5001-08-M