32 CFR 310.26 - Use and establishment of exemptions.
(a) Types of exemptions.
(1) There are three types of exemptions permitted by the Privacy Act (5 U.S.C. 552a).
(ii) General exemptions that authorize the exemption of a system of records from all but certain specifically identified provisions of the Act (see appendix D).
(iii) Specific exemptions that allow a system of records to be exempted only from certain designated provisions of the Act (see appendix D).
(2) Nothing in the Act permits exemption of any system of records from all provisions of the Act.
(b) Establishing exemptions.
(1) The access exemption is self-executing. It does not require an implementing rule to be effective.
(2) Neither a general nor a specific exemption is established automatically for any system of records. The Heads of the DoD Components maintaining the system of records must make a determination whether the system is one for which an exemption properly may be claimed and then propose and establish an exemption rule for the system. No system of records within the Department of Defense shall be considered exempted until the Head of the Component has approved the exemption and an exemption rule has been published as a final rule in the Federal Register (See § 310.30(e).)
(3) Only the Head of the DoD Component or an authorized designee may claim an exemption for a system of records.
(4) A system of records is considered exempt only from those provision of the Privacy Act (5 U.S.C. 552a) that are identified specifically in the Component exemption rule for the system and that are authorized by the Privacy Act.
(5) To establish an exemption rule, see § 310.31.
(c) Blanket exemption for classified material.
(1) Component rules shall include a blanket exemption under 5 U.S.C. 552a(k)(1) of the Privacy Act from the access provisions (5 U.S.C. 552a(d)) and the notification of access procedures (5 U.S.C. 522a(e)(4)(H)) of the Act for all classified material in any systems of records maintained.
(2) Do not claim specifically an exemption under section 552a(k)(1) of the Privacy Act for any system of records. The blanket exemption affords protection to all classified material in all system of records maintained.
(d) Provisions from which exemptions may be claimed. The Head of a DoD Component may claim an exemption from any provision of the Act from which an exemption is allowed (see appendix D).
(e) Use of exemptions.
(1) Use exemptions only for the specific purposes set forth in the exemption rules (see paragraph (b) of § 310.31).
(2) Use exemptions only when they are in the best interest of the Government and limit them to the specific portions of the records requiring protection.
(f) Exempt records in non-exempt systems.
(1) Exempt records temporarily in the custody of another Component are considered the property of the originating Component. Access to these records is controlled by the system notices and rules of the originating Component.
(2) Exempt records that have been incorporated into a nonexempt system of records are still exempt but only to the extent to which the provisions of the Act for which an exemption has been claimed are identified and an exemption claimed for the system of records from which the record is obtained and only when the purposes underlying the exemption for the record are still valid and necessary to protect the contents of the record.