[Federal Register Volume 70, Number 224 (Tuesday, November 22, 2005)]
[Rules and Regulations]
[Pages 70489-70491]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-23070]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 310


Department of Defense Privacy Program

AGENCY: Department of Defense.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Defense updates policies and 
responsibilities for the Defense Privacy Program which implements the 
Privacy Act of 1974 by showing organizational changes and realignments 
and by revising referenced statutory and regulatory authority.

DATES: Effective Date: November 7, 2005.

FOR FURTHER INFORMATION CONTACT: Mr. Vahan Moushegian, Jr., at (703) 
607-2943.

SUPPLEMENTARY INFORMATION: The proposed rule was published September 7, 
2005 at 70 FR 53135. No comments were received. The Office of the 
Secretary is therefore adopting the rule as published.

Executive Order 12866, ``Regulatory Planning and Review''

    It has been determined that Privacy Act rules for the Department of 
Defense are not significant rules. The rules do not (1) have an annual 
effect on the economy of $100 million or more or adversely affect in a 
material way the economy; a sector of the economy; productivity; 
competition; jobs; the environment; public health or safety; or State, 
local, or tribal governments or communities; (2) Create a serious 
inconsistency or otherwise interfere with an action taken or planned by 
another Agency; (3) Materially alter the budgetary impact of 
entitlements, grants, user fees, or loan programs, or the rights and 
obligations of recipients thereof; or (4) Raise novel legal or policy 
issues arising out of legal mandates, the President's priorities, or 
the principles set forth in this Executive order.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    It has been determined that Privacy Act rules for the Department of 
Defense do not have significant economic impact on a substantial number 
of small entities because they are concerned only with the 
administration of Privacy Act systems of records within the Department 
of Defense.

[[Page 70490]]

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been determined that Privacy Act rules for the Department of 
Defense impose no information requirements beyond the Department of 
Defense and that the information collected within the Department of 
Defense is necessary and consistent with 5 U.S.C. 552a, known as the 
Privacy Act of 1974.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    It has been determined that Privacy Act rulemaking for the 
Department of Defense does not involve a Federal mandate that may 
result in the expenditure by State, local and tribal governments, in 
the aggregate, or by the private sector, of $100 million or more and 
that such rulemaking will not significantly or uniquely affect small 
governments.

Executive Order 13132, ``Federalism''

    It has been determined that Privacy Act rules for the Department of 
Defense do not have federalism implications. The rules do not have 
substantial direct effects on the States, on the relationship between 
the National Government and the States, or on the distribution of power 
and responsibilities among the various levels of government.

List of Subjects in 32 CFR Part 310

    Privacy.


0
Accordingly, 32 CFR part 310, Subpart A--DoD Policy, is amended as 
follows:

PART 310--DOD PRIVACY PROGRAM

0
1. The authority citation for 32 CFR part 310 continues to read as 
follows:

    Authority: Pub. L. 93-579, 88 Stat 1896 (5 U.S.C. 552a).


0
2. Section 310.1 is revised to read as follows:


Sec.  310.1  Reissuance.

    This part is reissued to consolidate into a single document (32 CFR 
part 310) Department of Defense (DoD) policies and procedures for 
implementing the Privacy Act of 1974, as amended (5 U.S.C. 552a) by 
authorizing the development, publication and maintenance of the DoD 
Privacy Program set forth by DoD Directive 5400.11 \1\ and 5400.11-R, 
both entitled: ``DoD Privacy Program.''

0
3. Section 310.3 is amended by revising paragraph (a) to read as 
follows:
---------------------------------------------------------------------------

    \1\ Copies of DoD issuances may be obtained at http://www.dtic.mil/whs/directives/.
---------------------------------------------------------------------------


Sec.  310.3  Applicability and scope.

* * * * *
    (a) Applies to the Office of the Secretary of Defense (OSD), the 
Military Departments, the Chairman of the Joint Chiefs of Staff, the 
Combatant Commands, the Office of the Inspector General of the 
Department of Defense (IG, DoD), the Defense Agencies, the DoD Field 
Activities, and all other organizational entities in the Department of 
Defense (hereinafter referred to collectively as ``the DoD 
Components''). This part is mandatory for use by all DoD Components. 
Heads of DoD Components may issue supplementary instructions only when 
necessary to provide for unique requirements within heir Components. 
Such instructions will not conflict with the provisions of this part.
* * * * *

0
4. Section 310.4 amended by revising the definition of ``Individual'' 
to read as follows:


Sec.  310.4  Definitions.

* * * * *
    Individual. A living person who is a citizen of the United States 
or an alien lawfully admitted for permanent residence. The parent of a 
minor or the legal guardian of any individual also may act on behalf of 
an individual. Members of the United States Armed Forces are 
individuals. Corporations, partnerships, sole proprietorships, 
professional groups, businesses, whether incorporated or 
unincorporated, and other commercial entities are not individuals.
* * * * *

0
5. Section 310.5 is amended as follows:
0
a. Removing the introductory text;
0
b. Revising paragraphs (a) and (g);
0
c. Adding paragraph (j) to read as follows:


Sec.  310.5  Policy.

    a. The privacy of an individual is a personal and fundamental right 
that shall be respected and protected.
* * * * *
    (g) Disclosure of records pertaining to personnel of the National 
Security Agency, the Defense Intelligence Agency, the National 
Reconnaissance Office, and the National Geospatial-Intelligence Agency 
shall be prohibited to the extent authorized by Public Law 86-36 (1959) 
and 10 U.S.C. 424. Disclosure of records pertaining to personnel of 
overseas, sensitive, or routinely deployable units shall be prohibited 
to the extent authorized by 10 U.S.C. 130b. Disclosure of medical 
records is prohibited except as authorized by DoD 6025.18-R. \2\
---------------------------------------------------------------------------

    \2\ See footnote 1 to Sec.  310.1.
---------------------------------------------------------------------------

* * * * *
    (j) DoD Field Activities shall receive Privacy Program support from 
the Director, Washington Headquarters Services.

0
6. Section 310.6 is amended by revising paragraphs (a)(4), (b), (c) 
introductory text, (c)(3), (d) introductory text and (d)(5); and adding 
paragraph (a)(5) to read as follows:


Sec.  310.6   Responsibilities.

    (a) * * *
    (4) Serve as the Chair to the Defense Privacy Board and Defense 
Data Integrity Board (Sec.  310.9).
    (5) Supervise and oversee the activities of the Defense Privacy 
Office (Sec.  310.9).
    (b) The Director, Washington Headquarters Services, under the DA&M, 
OSD, shall provide Privacy Program support for DoD Field Activities.
    (c) The General Counsel of the Department of Defense (GC, DoD) 
shall:
* * * * *
    (3) Serve as a member of the Defense Privacy Board, the Defense 
Data Integrity Board, the Defense Privacy Board Legal Committee (Sec.  
310.9).
    (d) The Secretaries of the Military Departments and the Heads of 
the Other DoD Components, except as noted in Sec. 310.5(j), shall:
* * * * *
    (5) Submit reports, consistent with the requirements of DoD 
5400.11-R, as mandated by 5 U.S.C. 552a and OMB Circular A-130, and as 
otherwise directed by the Defense Privacy Office.
* * * * *

0
7. Section 310.9 is amended as follows:
0
a. Revise paragraphs (a)(1), (b)(1), (c)(1);
0
b. Redesignate the second paragraph (c) as a new paragraph (d);
0
c. Revise newly redesignated (d)(2)(vi) and (d)(2)(x) to read as 
follows:


Sec.  310.9   Privacy boards and office composition and 
responsibilities.

    (a) * * *
    (1) Membership. The Board shall consist of the DA&M, OSD, who shall 
serve as the Chair; the Director of the Defense Privacy Office, DA&M, 
who shall serve as the Executive Secretary and as a member; The 
representatives designated by the Secretaries of the Military 
Departments; and the following officials or their designees: The Deputy 
Under Secretary of Defense for Program

[[Page 70491]]

Integration (DUSD (PI)); the Assistant Secretary of Defense for Health 
Affairs; the Assistant Secretary of Defense for Networks and 
Information Integration (ASD(NII))/Chief Information Officer (CIO); the 
Director, Executive Services and Communications Directorate, Washington 
Headquarters Services (WHS); the GC, DoD; and the Director for 
Information Technology Management Directorate (ITMD), WHS. The 
designees also may be the principal point of contact for the DoD 
Component for privacy matters.
* * * * *
    (b) * * *
    (1) Membership. The Board shall consist of the DA&M, OSD, who shall 
serve as the Chair; the Director of the Defense Privacy Office, DA&M, 
who shall serve as the Executive Secretary; and the following officials 
or their designees: The representatives designated by the Secretaries 
of the Military Departments; the DUSD (PI); the ASD (NII)/CIO; the GC, 
DoD; the Inspector General, DoD; the ITMD, WHS; and the Director, 
Defense Manpower Data Center. The designees also may be the principal 
points of contact for the DoD Component for privacy matters.
* * * * *
    (c) * * *
    (1) The Committee shall consist of the Director, Defense Privacy 
Office, DA&M, who shall serve as the Chair and the Executive Secretary; 
the GC, DoD, or designee; and civilian and/or military counsel from 
each of the DoD Components. The General Counsels (GCs) and The Judge 
Advocates General of the Military Departments shall determine who shall 
provide representation for their respective Department to the 
Committee. This does not preclude representation from each office. The 
GCs of the other DoD Components shall provide legal representation to 
the Committee. Other DoD civilian or military counsel may be appointed 
by the Executive Secretary, after coordination with the DoD Component 
concerned, to serve on the Committee on those occasions when 
specialized knowledge or expertise shall be required.
* * * * *
    (d) The Defense Privacy Office.
* * * * *
    (2) * * *
    (vi) Review proposed DoD Component privacy rulemaking, to include 
submission of the rule to the Office of the Federal Register for 
publication and providing OMB and the Congress reports, consistent with 
5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
* * * * *
    (x) Compile and submit the ``Biennial Matching Activity Report'' to 
the OMB as required by OMB Circular A-130 and DoD 5400.11-R, and such 
other reports as required.
* * * * *

    Dated: November 16, 2005.
L.M. Bynum,
OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 05-23070 Filed 11-21-05; 8:45 am]
BILLING CODE 5001-06-M