[Federal Register Volume 70, Number 172 (Wednesday, September 7, 2005)]
[Proposed Rules]
[Pages 53135-53136]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-17646]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 310


Department of Defense Privacy Program

AGENCY: Department of Defense.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Defense is proposing to update policies and 
responsibilities for the Defense Privacy Program which implements the 
Privacy Act of 1974 by showing organizational changes and realignments 
and by revising referenced statutory and regulatory authority.

DATES: Comments must be received on or before November 7, 2005 to be 
considered by this agency.

ADDRESSES: Send comments to the Director, Defense Privacy Office, 1901 
South Bell Street, Suite 920, Arlington, VA 22202-4512.

FOR FURTHER INFORMATION CONTACT: Mr. Vahan Moushegian, Jr., at (703) 
607-2943.

SUPPLEMENTARY INFORMATION: 

Executive Order 12866, ``Regulatory Planning and Review''

    It has been determined that Privacy Act rules for the Department of 
Defense are not significant rules. The rules do not (1) have an annual 
effect on the economy of $100 million or more or adversely affect in a 
material way the economy; a sector of the economy; productivity; 
competition; jobs; the environment; public health or safety; or State, 
local, or tribal governments or communities; (2) Create a serious 
inconsistency or otherwise interfere with an action taken or planned by 
another Agency; (3) Materially alter the budgetary impact of 
entitlements, grants, user fees, or loan programs, or the rights and 
obligations of recipients thereof; or (4) Raise novel legal or policy 
issues arising out of legal mandates, the President's priorities, or 
the principles set forth in this Executive order.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    It has been determined that Privacy Act rules for the Department of 
Defense do not have significant economic impact on a substantial number 
of small entities because they are concerned only with the 
administration of Privacy Act systems of records within the Department 
of Defense.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been determined that Privacy Act rules for the Department of 
Defense impose no information requirements beyond the Department of 
Defense and that the information collected within the Department of 
Defense is necessary and consistent with 5 U.S.C. 552a, known as the 
Privacy Act of 1974.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    It has been determined that Privacy Act rulemaking for the 
Department of Defense does not involve a Federal mandate that may 
result in the expenditure by State, local and tribal governments, in 
the aggregate, or by the private sector, of $100 million or more and 
that such rulemaking will not significantly or uniquely affect small 
governments.

Executive Order 13132, ``Federalism''

    It has been determined that Privacy Act rules for the Department of 
Defense do not have federalism implications. The rules do not have 
substantial direct effects on the States, on the relationship between 
the National Government and the States, or on the distribution of power 
and responsibilities among the various levels of government.

List of Subjects in 32 CFR Part 310

    Privacy.

    Accordingly, 32 CFR part 310, Subpart A-DoD Policy, is proposed to 
be amended as follows:

PART 310--DOD PRIVACY PROGRAM

    1. The authority citation for 32 CFR part 310 continues to read as 
follows:

    Authority: Pub. L. 93-579, 88 Stat 1896 (5 U.S.C. 552a).

    2. Revise Sec.  310.1 to read as follows:


Sec.  310.1  Reissuance.

    This part is reissued to consolidate into a single document (32 CFR 
part 310) Department of Defense (DoD) policies and procedures for 
implementing the Privacy Act of 1974, as amended (5 U.S.C. 552a) by 
authorizing the development, publication and maintenance of the DoD 
Privacy Program set forth by DoD Directive 5400.11, November 16, 2004, 
and 5400.11-R, August 31, 1983, both entitled: ``DoD Privacy Program.''
    3. Amend Sec.  310.3 by revising paragraph (a) to read as follows:


Sec.  310.3  Applicability and scope.

    (a) Applies to the Office of the Secretary of Defense (OSD), the 
Military Departments, the Chairman of the Joint Chiefs of Staff, the 
Combatant Commands, the Office of the Inspector General of the 
Department of Defense (IG, DoD), the Defense Agencies, the DoD Field 
Activities, and all other organizational entities in the Department of 
Defense (hereinafter referred to collectively as ``the DoD 
Components''). This part is mandatory for use by all DoD Components. 
Heads of DoD Components may issue supplementary instructions only when 
necessary to provide for unique requirements within their Components. 
Such instructions will not conflict with the provisions of this part.
* * * * *
    4. Amend Sec.  310.4 by revising the definition of Individual to 
read as follows:


Sec.  310.4  Definitions.

* * * * *
    Individual. A living person who is a citizen of the United States 
or an alien lawfully admitted for permanent residence. The parent of a 
minor or the legal guardian of any individual also may act on behalf of 
an individual. Members of the United States Armed Forces are 
individuals. Corporations, partnerships, sole proprietorships, 
professional groups, businesses, whether incorporated or 
unincorporated, and other commercial entities are not individuals.
* * * * *
    5. Amend Sec.  310.5 as follows:
    a. Remove the introductory text;
    b. Revise paragraphs (a) and (g);
    c. Add paragraph (j) to read as follows:

[[Page 53136]]

Sec.  310.5  Policy.

    (a) The privacy of an individual is a personal and fundamental 
right that shall be respected and protected.
* * * * *
    (g) Disclosure of records pertaining to personnel of the National 
Security Agency, the Defense Intelligence Agency, the National 
Reconnaissance Office, and the National Geospatial-Intelligence Agency 
shall be prohibited to the extent authorized by Public Law 86-36 (1959) 
and 10 U.S.C. 424. Disclosure of records pertaining to personnel of 
overseas, sensitive, or routinely deployable units shall be prohibited 
to the extent authorized by 10 U.S.C. 130b. Disclosure of medical 
records is prohibited except as authorized by DoD 6025.18-R.
* * * * *
    (j) DoD Field Activities shall receive Privacy Program support from 
the Director, Washington Headquarters Services.
    6. Amend Sec.  310.6 as follows:
    a. Revise paragraphs (a)(4), (b), (c) introductory text, (c)(3), 
(d) introductory text and (d)(5);
    b. Add paragraph (a)(5[d3]) to read as follows:


Sec.  310.6  Responsibilities.

    (a) * * *
    (4) Serve as the Chair to the Defense Privacy Board and Defense 
Data Integrity Board (Sec.  310.9).
    (5) Supervise and oversee the activities of the Defense Privacy 
Office (Sec.  310.9).
    (b) The Director, Washington Headquarters Services, under the DA&M, 
OSD, shall provide Privacy Program support for DoD Field Activities.
    (c) The General Counsel of the Department of Defense (GC, DoD) 
shall:
* * * * *
    (3) Serve as a member of the Defense Privacy Board, the Defense 
Data Integrity Board, the Defense Privacy Board Legal Committee (Sec.  
310.9).
    (d) The Secretaries of the Military Departments and the Heads of 
the Other DoD Components, except as noted in Sec.  310.5(j), shall:
* * * * *
    (5) Submit reports, consistent with the requirements of DoD 
5400.11-R, as mandated by 5 U.S.C. 552a and OMB Circular A-130, and as 
otherwise directed by the Defense Privacy Office.
* * * * *
    7. Amend Sec.  310.9 as follows:
    a. Revise paragraphs (a)(1), (b)(1), (c)(1);
    b. Redesignate the second paragraph (c) as a new paragraph (d);
    c. Revise newly redesignated (d)(1)(vi) and (d)(1)(x) to read as 
follows:


Sec.  310.9  Privacy boards and office composition and 
responsibilities.

    (a) * * *
    (1) Membership. The Board shall consist of the DA&M, OSD, who shall 
serve as the Chair; the Director of the Defense Privacy Office, DA&M, 
who shall serve as the Executive Secretary and as a member; The 
representatives designated by the Secretaries of the Military 
Departments; and the following officials or their designees: The Deputy 
Under Secretary of Defense for Program Integration (DUSD(PI)); the 
Assistant Secretary of Defense for Health Affairs; the Assistant 
Secretary of Defense for Networks and Information Integration 
(ASD(NII)/Chief Information Officer (CIO); the Director, Executive 
Services and Communications Directorate, Washington Headquarters 
Services (WHS); the GC, DoD; and the Director for Information 
Technology Management Directorate (ITMD), WHS. The designees also may 
be the principal point of contact for the DoD Component for privacy 
matters.
* * * * *
    (b) * * *
    (1) Membership. The Board shall consist of the DA&M, OSD, who shall 
serve as the Chair; the Director of the Defense Privacy Office, DA&M, 
who shall serve as the Executive Secretary; and the following officials 
or their designees: The representatives designated by the Secretaries 
of the Military Departments; the DUSD(PI); the ASD(NII)/CIO; the GC, 
DoD; the Inspector General, DoD; the ITMD, WHS; and the Director, 
Defense Manpower Data Center. The designees also may be the principal 
points of contact for the DoD Component for privacy matters.
* * * * *
    (c) * * *
    (1) The Committee shall consist of the Director, Defense Privacy 
Office, DA&M, who shall serve as the Chair and the Executive Secretary; 
the GC, DoD, or designee; and civilian and/or military counsel from 
each of the DoD Components. The General Counsels (GCs) and The Judge 
Advocates General of the Military Departments shall determine who shall 
provide representation for their respective Department to the 
Committee. This does not preclude representation from each office. The 
GCs of the other DoD Components shall provide legal representation to 
the Committee. Other DoD civilian or military counsel may be appointed 
by the Executive Secretary, after coordination with the DoD Component 
concerned, to serve on the Committee on those occasions when 
specialized knowledge or expertise shall be required.
* * * * *
    (d) The Defense Privacy Office.
    (1) * * *
    (vi) Review proposed DoD Component privacy rulemaking, to include 
submission of the rule to the Office of the Federal Register for 
publication and providing OMB and the Congress reports, consistent with 
5 U.S.S. 552a, OMB Circular A-130, and DoD 5400.11-R.
* * * * *
    (x) Compile and submit the ``Biennial Matching Activity Report'' to 
the OMB as required by OMB Circular A-130 and DoD 5400.11-R, and such 
other reports as required.
* * * * *

    Dated: August 31, 2005.
L.M. Bynum,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 05-17646 Filed 9-6-05; 8:45 am]
BILLING CODE 5001-08-P