32 CFR 310.26 - Use and establishment of exemptions.

prev | next
§ 310.26 Use and establishment of exemptions.

(a)Types of exemptions.

(1) There are three types of exemptions permitted by the Privacy Act ( 5 U.S.C. 552a).

(i) An access exemption that exempts records compiled in reasonable anticipation of a civil action or proceeding from the access provisions of the Act.

(ii) General exemptions that authorize the exemption of a system of records from all but certain specifically identified provisions of the Act (see appendix D).

(iii) Specific exemptions that allow a system of records to be exempted only from certain designated provisions of the Act (see appendix D).

(2) Nothing in the Act permits exemption of any system of records from all provisions of the Act.

(b)Establishing exemptions.

(1) The access exemption is self-executing. It does not require an implementing rule to be effective.

(2) Neither a general nor a specific exemption is established automatically for any system of records. The Heads of the DoD Components maintaining the system of records must make a determination whether the system is one for which an exemption properly may be claimed and then propose and establish an exemption rule for the system. No system of records within the Department of Defense shall be considered exempted until the Head of the Component has approved the exemption and an exemption rule has been published as a final rule in the Federal Register (See § 310.30(e).)

(3) Only the Head of the DoD Component or an authorized designee may claim an exemption for a system of records.

(4) A system of records is considered exempt only from those provision of the Privacy Act ( 5 U.S.C. 552a) that are identified specifically in the Component exemption rule for the system and that are authorized by the Privacy Act.

(5) To establish an exemption rule, see § 310.31.

(c)Blanket exemption for classified material.

(1) Component rules shall include a blanket exemption under 5 U.S.C. 552a(k)(1) of the Privacy Act from the access provisions ( 5 U.S.C. 552a(d)) and the notification of access procedures ( 5 U.S.C. 522a(e)(4)(H)) of the Act for all classified material in any systems of records maintained.

(2) Do not claim specifically an exemption under section 552a(k)(1) of the Privacy Act for any system of records. The blanket exemption affords protection to all classified material in all system of records maintained.

(d)Provisions from which exemptions may be claimed. The Head of a DoD Component may claim an exemption from any provision of the Act from which an exemption is allowed (see appendix D).

(e)Use of exemptions.

(1) Use exemptions only for the specific purposes set forth in the exemption rules (see paragraph (b) of § 310.31).

(2) Use exemptions only when they are in the best interest of the Government and limit them to the specific portions of the records requiring protection.

(3) Do not use an exemption to deny an individual access to any record to which he or she would have access under 32 CFR part 286.

(f)Exempt records in non-exempt systems.

(1) Exempt records temporarily in the custody of another Component are considered the property of the originating Component. Access to these records is controlled by the system notices and rules of the originating Component.

(2) Exempt records that have been incorporated into a nonexempt system of records are still exempt but only to the extent to which the provisions of the Act for which an exemption has been claimed are identified and an exemption claimed for the system of records from which the record is obtained and only when the purposes underlying the exemption for the record are still valid and necessary to protect the contents of the record.

(3) If a record is accidentally misfiled into a system of records, the system notice and rules for the system in which it should actually be filed shall govern.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.

United States Code
Statutes at Large
Public Laws

Title 32 published on 2015-08-22

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 32 CFR Part 310 after this date.

  • 2016-10-17; vol. 81 # 200 - Monday, October 17, 2016
    1. 81 FR 71378 - Privacy Act of 1974; Implementation
      GPO FDSys XML | Text
      DEPARTMENT OF DEFENSE, Office of the Secretary
      Final rule.
      Effective Date: This rule is effective October 17, 2016.
      32 CFR Part 310