(a) The Director of Administration and Management, Office of the Secretary of Defense, shall:
(1) Serve as the Senior Privacy Official for the Department of Defense.
(2) Provide policy guidance for, and coordinate and oversee administration of, the DoD Privacy Program to ensure compliance with policies and procedures in 5 U.S.C. 552a and OMB Circular A-130.
(3) Publish DoD 5400.11-R and other guidance, including Defense Privacy Board Advisory Opinions, to ensure timely and uniform implementation of the DoD Privacy Program.
(4) Serve as the Chair to the Defense Privacy Board and the Defense Data Integrity Board (see § 310.9).
(5) Supervise and oversee the activities of the Defense Privacy Office (see § 310.9).
(b) The Director, WHS, under the DA&M, shall provide Privacy Program support for DoD Field Activities.
(c) The General Counsel of the Department of Defense shall:
(1) Provide advice and assistance on all legal matters arising out of, or incident to, the administration of the DoD Privacy Program.
(2) Review and be the final approval authority on all advisory opinions issued by the Defense Privacy Board or the Defense Privacy Board Legal Committee.
(3) Serve as a member of the Defense Privacy Board, the Defense Data Integrity Board, and the Defense Privacy Board Legal Committee (310.9).
(d) The Secretaries of the Military Departments and the Heads of the Other DoD Components, except as noted in § 310.5(k), shall:
(1) Provide adequate funding and personnel to establish and support an effective DoD Privacy Program, to include the appointment of a senior official to serve as the principal point of contact (POC) for DoD Privacy Program matters.
(2) Establish procedures, as well as rules of conduct, necessary to implement this part and DoD 5400.11-R to ensure compliance with the requirements of 5 U.S.C. 552a and OMB Circular A-130.
(3) Conduct training, consistent with the requirements of DoD 5400.11-R, on the provisions of this part, 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R, for assigned, employed and detailed, to include contractor, personnel and individuals having primary responsibility for implementing the DoD Privacy Program.
(4) Ensure all Component legislative proposals, policies, or programs having privacy implications, such as the DoD Privacy Impact Assessment Program, are evaluated to ensure consistency with the information privacy principles of this part and DoD 5400.11-R.
(5) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of records and to permit auditing of compliance with the requirements of this part and DoD 5400.11-R.
(6) Ensure the DoD Privacy Program periodically shall be reviewed by the Inspectors General or other officials, who shall have specialized knowledge of the DoD Privacy Program.
(7) Submit reports, consistent with the requirements of DoD 5400.11-R, as mandated by 5 U.S.C. 552a and OMB Circular A-130, and DoD Directive 5500.1, and as otherwise directed by the DPO.
(e) The Secretaries of the Military Departments shall provide support to the Combatant Commands, as identified in DoD Directive 5100.3, 7 in the administration of the DoD Privacy Program.