your consent, it can be revoked in writing at Without Your Consent Without your consent, a Federal agency Exceptions In some circumstances, a Federal agency Transfer of Information Generally, a Federal agency that obtains Penalties If the Federal agency or financial institu- Additional Information If you have any questions about your (Last Name, First Name, Middle Initial) (Component activity, address) APPENDIX C TO PART 504-CERTIFICATE (Official Letterhead) Mr./Mrs. XXXXXXXXXX, Dear Mr./Mrs. XXXXXXXXXX: I certify, (Describe the specific records to be exam- The Army has no authority to issue an ad- A copy of this request was (personally Upon expiration of the above mentioned 174-116 0-97--2 (List applicable courts) c. Mail or deliver a copy of your motion d. Be prepared to come to court and pre- You do not need to have a lawyer, although If you do not follow the above procedures, These records may be transferred to other § 505.1 General information. (a) Purpose. This regulation sets forth (b) References (1) Required publica- (ii) AR 340-17, Release of Information (iii) AR 430-21-8, The Army Privacy (iv) AR 380–380, Automated System (2) Related publications. (A related (i) DOD Directive 5400.11, DOD Pri- (ii) DOD Regulation 5400.11-R, DOD (iii) Treasury Fiscal Requirements Manual. This publication can be obtained from The Treasury Department, 15th and Pennsylvania Ave., NW, Washington, DC 20220 (c) Explanation of abbreviations and terms. Abbreviations and special terms used in this regulation are explained in the glossary. (d) Responsibilities. (1) The Director of Information Systems for Command, Control, Communications, and Computers (DISC4) is responsible for issuing policy and guidance for the Army Privacy Program in consultation with the Army General Counsel. (2) The Commander, U.S. Army Information Systems Command is responsible for developing policy for and executing the Privacy Act Program under the policy and guidance of the DISC4. (3) Heads of Joint Service agencies or commands for which the Army is the Executive Agent, or otherwise has responsibility for providing fiscal, logistical, or administrative support, will adhere to the policies and procedures in this regulation. (4) Commander, Army and Air Force Exchange Service (AAFES), is responsible for the supervision and execution of the privacy program within that command pursuant to this regulation. (e) Policy. Army Policy concerning the privacy rights of individuals and the Army's responsibilities for compliance with operational requirements established by the Privacy Act are as follows: (1) Protect, as required by the Privacy Act of 1974 (5 U.S.C. 552a), as amended, the privacy of individuals from unwarranted intrusion. Individuals covered by this protection are living citizens of the United States and aliens lawfully admitted for permanent residence. (2) Collect only the personal information about an individual that is legally authorized and necessary to support Army operations. Disclose this information only as authorized by the Privacy Act and this regulation. (3) Keep only personal information that is timely, accurate, complete, and relevant to the purpose for which it was collected. (4) Safeguard personal information to prevent unauthorized use, access, disclosure, alteration, or destruction. (5) Let individuals know what records the Army keeps on them and let them review or get copies of these records, subject to exemptions authorized by law and approved by the Secretary of the Army. (See § 505.5.) (6) Permit individuals to amend records about themselves contained in Army systems of records, which they can prove are factually in error, not up-to-date, not complete, or not relevant. (7) Allow individuals to ask for an administrative review or decisions that deny them access to or the right to amend their records. (8) Maintain only information about an individual that is relevant and necessary for Army purposes required to be accomplished by statute or Executive Order. (9) Act on all requests promptly, accurately, and fairly. (f) Authority. The Privacy Act of 1974 (5 U.S.C. 552a), as amended, is the statutory basis for the Army Privacy Program. With in the Department of Defense, the Act is implemented by DOD Directive 5400.11 and DOD 5400.11-R. The Act Assigns (1) Overall Government-wide responsibilities for implementation to the Office of Management and Budget. (2) Specific responsibilities to the Office of Personnel Management and the General Services Administration. (g) Access and Amendment Refusal Authority (AARA). Each Access and Amendment Refusal Authority (AARA) is responsible for action on requests for access to, or amendment of, records referred to them under this part. The officials listed below are the only AARA for records in their authority. Authority may be delegated to an officer or subordinate commander. All delegations must be in writing. If an AARA's delegate denies access or amendment, the delegate must clearly state that he or she is acting on behalf of the AARA and identify the AARA by name and position in the written response to the requester. Denial of access or amendment by an AARA's delegate must have appropriate legal review. Delegations will not be made below the colonel (06) or GS/GM-15 level. Such delegations must not slow Privacy actions. AARAS will send the names, offices, telephone numbers of heir delegates to the Director of Information Systems for Command, Control, Communications and Computers, Headquarters, Department of the Army, ATTN: SAISIDP, Washington, DC 20310-0107; and the Department of the Army Privacy Review Board, Crystal Square 1, Suite 201, 1725 Jefferson Davis Highway, Arlington, VA 22202. (1) The Administrative Assistant to the Secretary of the Army (AASA) for records of the Secretariat and its serviced activities, to include the personnel records maintained by the General Officer Management Office, personnel records pertaining to Senior Executive Service personnel serviced by the Office of the Secretary of the Army (OSA), and Equal Employment Opportunity (EEO) records from offices serviced by the OSA. The AASA will also serve as AARA for those records requiring the personal attention of the Secretary of the Army. (2) The Inspector General (TIG) for TIG investigative records. (3) The president or executive secretary of boards, councils, and similar bodies established by the Department of the Army to consider personnel matters, including the Army Board of Correction of Military Appeals, for records under their purview. (4) The Deputy Chief of Staff for Personnel (DCSPER) for records of active and former non-appropriated fund employees (except those in the Army and Air Force Exchange Service), alcohol and drug abuse treatment records, behavioral science records, recruiting, Armed Services Vocational Aptitude Battery (ASVAB), equal opportunity, Junior Reserve Officers' Training Corps (ROTC), Senior ROTC Instructor, military academy cadet, selection, promotion, and reduction boards; special review boards; professional staff informational records; and entrance processing records (when records pertain to those not entering active duty). (5) The Deputy Chief of Staff for Operations and Plans (DCSOPS) for military police records and reports and prisoner confinement and correctional records. (6) Chief of Engineers (COE) for records pertaining to civil work (including litigation), military construction, engineer procurement, other engineering matters not under the purview of another AARA, ecology, and contractor qualifications. (7) The Surgeon General (TSG) for medical records, except properly part of the Official Personnel Folder (OPM GOVT-1 system of records). (8) Chief of Chaplains (CCH) for ecclesiastical records. (9) The Judge Advocate General (TJAG) for legal records under TJAG responsibility. (10) Chief, National Guard Bureau (NGB) for personnel records of the Army National Guard. (11) Chief, Army Reserve (CAR) for personnel records of Army retired, separated and reserve military personnel members. (12) Commander, United States Army Material Command (USAMC) for records of Army contractor personnel of the Army Material Command. (13) Commander, United States Army Criminal Investigation Command (USACIDC) for criminal investigation reports and military police reports included therein. (14) Commander, United States Total Army Personnel Command (PERSCOM) for personnel and personnel related records of Army members on active duty and current Federal appropriated fund civilian employees. (Requests from former civilian employees to amend a record in any OPM system of records such as the Official Personnel Folder should be sent to the Office of Personnel Management, Assistant Director for Workforce Information, Compliance and Investigations Group, 1900 E Street, NW., Washington, DC 20415-0001. (15) Commander, U.S. Army Community and Family Support Center (USACFSC) for records relating to morale, welfare and recreation activities; community life programs; family action programs, retired activities, club management, Army emergency relief, consumer protection, retiree survival benefits, and records dealing with Department of the Army relationships and social security veteran's affairs, United Service Organizations, U.S. Soldiers' and Airmen's home and American Red Cross. (16) Commander, U.S. Army Intelligence and Security Command (INSCOM) for intelligence, investigative and security records; foreign scientific and technological information; intelligence training, mapping and geodesy information; ground surveillance records; intelligence threat assess ments; and missile intelligence data relating to tactical land warfare systems. (17) Commander, Army and Air Force Exchange Service (AAFES) for records pertaining to employees, patrons, and other matters which are the responsibility of the Exchange Service. (18) Commander, Military Traffic Management Command (MTMC) for transportation records. (19) Director of Army Safety for safety records. (20) Commander, U.S. Army Information Systems Command (USAISC) for records which do not fall within the functional area of another AARA. (h) Department of the Army Privacy Review Board. The Department of the Army Privacy Review Board acts on behalf of the Secretary of the Army in deciding appeals from refusal of the appropriate AARAS to amend records. Board membership is comprised of the AASA, the Commander, USAISC, Pentagon, and TJAG, or their representatives. The AARA may serve as a nonvoting member when the Board considers matters in the AARA's area of functional specialization. The Commander, USAISC, Pentagon, chairs the Board and provides the recording secretary. (i) Privacy Official. (1) Heads of Army Staff agencies and commanders of major Army commands and subordinate commands and activities will designate a privacy official who will serve as a staff adviser on privacy matters. This function will not be assigned below battalion level. (2) The privacy official will ensure that (i) requests are processed promptly and responsively, (ii) records subject to the Privacy Act in his/her command/ agency are described properly by a published system notice, (iii) privacy statements are included on forms and questionnaires that seek personnel information from an individual, and (iv) procedures are in place to meet reporting requirements. [50 FR 42164, Oct. 18, 1985, as amended at 58 FR 51012, Sept. 30, 1993] § 505.2 Individual rights of access and amendment. (a) Access under the Privacy Act. Upon a written or oral request, an individual or his/her designated agent or legal guardian will be granted access to a record pertaining to that individual, maintained in a system of records, unless the record is subject to an exemption and the system manager has invoked the exemption (see §505.5), or the record is information compiled in reasonable anticipation of a civil action or proceeding. The requester does not have to state a reason or otherwise justify the need to gain access. Nor can an individual be denied access solely because he/she refused to provide his/her Social Security Number unless the Social Security Number was required for access by statute or regulation adopted prior to January 1, 1975. The request should be submitted to the custodian of the record. (b) Notifying the individual. The custodian of the record will acknowledge requests for access within 10 work days of receipt. Records will be provided within 30 days, excluding Saturdays, Sundays, and legal public holidays. (c) Relationship between the Privacy Act and the Freedom of Information Act. A Privacy Act request for access to records should be processed also as a Freedom of Information Act request. If all or any portion of the requested material is to be denied, it must be considered under the substantive provisions of both the Privacy Act and the Freedom of Information Act. Any withholding of information must be justified by asserting a legally applicable exemption in each Act. (d) Functional requests. If an individual asks for his/her record and does not cite, or reasonably imply, either the Privacy Act or the Freedom of Information Act, and another prescribing directive authorizes release, the records should be released under that directive. Examples of functional requests are military members asking to |