32 CFR 701.118 - Privacy, IT, and PIAs.

Status message

There is 1 rule appearing in the Federal Register for 32 CFR 701. View below or at eCFR (GPOAccess)
§ 701.118 Privacy, IT, and PIAs.
(a) Development. Privacy must be considered when requirements are being analyzed and decisions are being made about data usage and storage design. This applies to all of the development methodologies and system life cycles used in the DON.
(b) E-Government Act of 2002. The E-Government Act of 2002 (Pub. L. 107-347) directs agencies to conduct reviews of how privacy issues are considered when purchasing or creating new IT systems or when initiating new electronic collections of IIF. See DOD Memo of 28 Oct 05, subject “DOD PIA Guidance” regarding DOD PIA Guidance.
(c) Purpose. To ensure IIF is only acquired and maintained when necessary and the supporting IT that is being developed and used protects and preserves the privacy of the American public and to provide a means to assure compliance with applicable laws and regulations governing employee privacy. A PIA should be prepared before developing or procuring a general support system or major application that collects, maintains, or disseminates IIF from or about DON civilian or military personnel.
(d) Scope. The PIA incorporates privacy into the development life cycle so that all system development initiatives can appropriately consider privacy issues from the earliest stages of design. During the early stages of the development of a system, both the system owner and system developer shall work together to identify, evaluate, and resolve any privacy risks. Accordingly,
(1) System owners must address what data is to be used, how the data is to be used, and who will use the data.
(2) System developers must address whether the implementation of the owner's requirements presents any threats to privacy.
(e) Requirements. Before developing, modifying or establishing an automated system of records that collects, maintains, and/or disseminates IIF, DON activities shall conduct a PIA to effectively address privacy factors. Guidance is provided at http://www.doncio.navy.mil.
(f) Coverage. E-Government Act of 2002 (Pub. L. 107-347) mandates the preparation of a PIA either before developing or procuring IT systems that collect, maintain, or disseminate IIF from or about members of the public or initiating a new electronic collection of IIF for 10 or more persons of the public. (Note: The public DOES NOT include DON civilian or military personnel, but DOES cover family members of such personnel, retirees and their family members, and DON contractors.) A PIA should be prepared before developing, modifying, or procuring IT systems that collect, maintain, or disseminate IIF from or about members of the public or initiating a new electronic collection of IIF for 10 or more members of the public. A PIA shall also be prepared before developing, modifying or procuring a general support system or major application that collects, maintains, or disseminates IIF from or about DON civilian and military personnel.
(g) PIA not required.
(1) Legacy systems do not require completion of a PIA. However, DON CIO may request a PIA if the automation or upgrading of these systems puts the data at risk.
(2) Current operational systems do not require completion of a PIA. However, if privacy is a concern for a system the DON CIO can request that a PIA be completed. If a potential problem is identified concerning a currently operational system, the DON will use all reasonable efforts to remedy the problem.

Title 32 published on 2013-07-01

The following are only the Rules published in the Federal Register after the published date of Title 32.

For a complete list of all Rules, Proposed Rules, and Notices view the Rulemaking tab.

  • 2013-11-20; vol. 78 # 224 - Wednesday, November 20, 2013
    1. 78 FR 69552 - Privacy Act; Implementation
      GPO FDSys XML | Text
      DEPARTMENT OF DEFENSE, Department of the Navy
      Direct final rule with request for comments.
      The rule will be effective on January 29, 2014 unless adverse comment is received by January 21, 2014. If adverse comment is received, Department of the Navy will publish a timely withdrawal of the rule in the Federal Register .
      32 CFR Part 701

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code
U.S. Code: Title 5 - GOVERNMENT ORGANIZATION AND EMPLOYEES

Title 32 published on 2013-07-01

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 32 CFR 701 after this date.

  • 2013-11-20; vol. 78 # 224 - Wednesday, November 20, 2013
    1. 78 FR 69552 - Privacy Act; Implementation
      GPO FDSys XML | Text
      DEPARTMENT OF DEFENSE, Department of the Navy
      Direct final rule with request for comments.
      The rule will be effective on January 29, 2014 unless adverse comment is received by January 21, 2014. If adverse comment is received, Department of the Navy will publish a timely withdrawal of the rule in the Federal Register .
      32 CFR Part 701