Privacy Act

Disclosure Information

 

Disclosure Information

Is it mandatory for an individual to provide the information only if the statute or executive order require it?

  • A regulation alone cannot mandate that the individual provide the information. If the statute or executive order provides a penalty for not providing the, then it is mandatory.
  • The Internal Revenue Code requires that certain personal information be provided and, if it is not, penalties are authorized.
  • Unless the statute or executive order makes it mandatory, then providing the information is voluntary.

The question of whether providing the information is mandatory or voluntary, is different from the question of whether there are nay effects of not providing the information.

  • The law may not require mandatory disclosure for individuals to apply for a, but not supplying certain minimal information might preclude the agency from providing the benefit.

The individual must be told what, if any, effects will accrue to him/her for failure to provide the requested information.

  • This allows the individual to make an informed decision as to whether or not to provide the information on the collection form or during an interview.
  • The wording of the statement must be drafted carefully to avoid misleading or appearing to coerce the individual.

Managing Privacy Act Information

 

Managing Privacy Act Information

Subject to the Privacy Act of 1974

When not under the continuing control and supervision of a person authorized access to such material, it must be, as a minimum, maintained under locked condition.

If you are responsible for creating, managing or using Privacy Act information you should:

Restrict access to those persons with a "need to know."

  • Only those persons who need the records in performance of their mission may have access to the necessary information.

All individuals have the right to access records maintained on themselves.

  • Third parties may be granted access to information only with the written authorization from the individual on whom the record is maintained.

Data output on paper and in electronic formats must be protected.

  • Paper records should be locked in a secure cabinet, desk, or office when not in use. When in use, record need to be covered with DA Label 87 or turned faced down if unauthorized personnel are present.
  • Access to data in electronic formats must also be controlled. Do not leave sensitive data on your computer screen when you are not at your desk. Apply a screen password. Change your password often and do not give out your password to anyone.
  • Sensitive information must be shredded. Do not put in the general recycle bins. Use the secure recycle program if no access to a shredder.
  • Disks, tapes and other media for storing Privacy Act data must be protected.
  • When your computer leaves your control, i.e. property turn-in, make sure all Privacy Act data is removed from the system.
  • When sending personal information through email make sure the subject line contains either "FOUO" or "Privacy Information Enclosed."

Disclosure to Third Parties

 

Disclosure to Third Parties

You cannot give out lists of names and/or emails of DOD personnel.

You can release individual information on the following:

Military personnel

  • Name
  • Rank
  • Date of rank
  • Gross salary
  • Present and past duty assignments
  • Future assignments that are officially established
  • Office phone number
  • Source of commission
  • Promotion sequence number
  • Awards and decorations
  • Military and civilian education level
  • Duty status

Civilians

  • Name
  • Present and past position titles
  • Grade
  • Salary
  • Office phone number

Requests for any other information on DOD personnel, to include lists, must be directed to the Freedom of Information (FOIA) and Privacy Acts (PA) Office for processing.

When in doubt, do not release information. Direct the individual requesting the information to the FOIA/Privacy Act Office.

Privacy, Your Role and Responsibility

 

Privacy, Your Role and Responsibility

  • Do not collect personal information that has not been authorized for collection.
  • Do not maintain illegal files; do not maintain inaccurate information.
  • Do not distribute or release personal information to individuals who do not have a need for access.
  • Do not send personal information over the email for fax or messages unless the documents is properly marked and alerts the reader to the necessary protections accorded such information.
  • Do not maintain records longer than permitted or destroy them before the records disposal requirements are met.
  • Do not place unauthorized documents in a records system.
  • Do not commingle information about individuals in the same file, since the Privacy Act does not have an exemption that protects the release of such information.
  • Ensure that you mark all documents that contain privacy information as "For Official Use Only."
  • Ensure that all messages, faxes, and emails that contain personal information are properly marked.
  • Respect privacy and remember the civil and criminal penalties associated with violating the Act.
  • Do not place information on the Internet the Internet is Privacy Act protected or which would not be released if requested under the Freedom of Information Act.
  • Do not entertain verbal requests, unless the information is releasable under the Freedom of Information Act.
  • Think privacy before you seek to establish new data collections on your computer; fax personal information, etc.