32 CFR 310.6 - Responsibilities.

§ 310.6 Responsibilities.
(a) The Director of Administration and Management, Office of the Secretary of Defense, shall:
(1) Serve as the Senior Privacy Official for the Department of Defense.
(2) Provide policy guidance for, and coordinate and oversee administration of, the DoD Privacy Program to ensure compliance with policies and procedures in 5 U.S.C. 552a and OMB Circular A-130.
(3) Publish DoD 5400.11-R and other guidance, including Defense Privacy Board Advisory Opinions, to ensure timely and uniform implementation of the DoD Privacy Program.
(4) Serve as the Chair to the Defense Privacy Board and the Defense Data Integrity Board (see § 310.9).
(5) Supervise and oversee the activities of the Defense Privacy Office (see § 310.9).
(b) The Director, WHS, under the DA&M, shall provide Privacy Program support for DoD Field Activities.
(c) The General Counsel of the Department of Defense shall:
(1) Provide advice and assistance on all legal matters arising out of, or incident to, the administration of the DoD Privacy Program.
(2) Review and be the final approval authority on all advisory opinions issued by the Defense Privacy Board or the Defense Privacy Board Legal Committee.
(3) Serve as a member of the Defense Privacy Board, the Defense Data Integrity Board, and the Defense Privacy Board Legal Committee (310.9).
(d) The Secretaries of the Military Departments and the Heads of the Other DoD Components, except as noted in § 310.5(k), shall:
(1) Provide adequate funding and personnel to establish and support an effective DoD Privacy Program, to include the appointment of a senior official to serve as the principal point of contact (POC) for DoD Privacy Program matters.
(2) Establish procedures, as well as rules of conduct, necessary to implement this part and DoD 5400.11-R to ensure compliance with the requirements of 5 U.S.C. 552a and OMB Circular A-130.
(3) Conduct training, consistent with the requirements of DoD 5400.11-R, on the provisions of this part, 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R, for assigned, employed and detailed, to include contractor, personnel and individuals having primary responsibility for implementing the DoD Privacy Program.
(4) Ensure all Component legislative proposals, policies, or programs having privacy implications, such as the DoD Privacy Impact Assessment Program, are evaluated to ensure consistency with the information privacy principles of this part and DoD 5400.11-R.
(5) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of records and to permit auditing of compliance with the requirements of this part and DoD 5400.11-R.
(6) Ensure the DoD Privacy Program periodically shall be reviewed by the Inspectors General or other officials, who shall have specialized knowledge of the DoD Privacy Program.
(7) Submit reports, consistent with the requirements of DoD 5400.11-R, as mandated by 5 U.S.C. 552a and OMB Circular A-130, and DoD Directive 5500.1, and as otherwise directed by the DPO.
(e) The Secretaries of the Military Departments shall provide support to the Combatant Commands, as identified in DoD Directive 5100.3, 7 in the administration of the DoD Privacy Program.

Footnote(s):
7 See footnote 1 to § 310.1.

Beta! The text on the eCFR tab represents the unofficial eCFR text at ecfr.gov.
§ 310.6 Responsibilities.

(a) The Deputy Chief Management Officer of the Department of Defense (DCMO):

(1) Serves as the Senior Agency Official for Privacy (SAOP) for the DoD. These duties, in accordance with OMB Memorandum M-05-08, “Designation of Senior Agency Officials for Privacy” (available at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-08.pdf), include:

(i) Ensuring DoD implementation of information privacy protections, including full compliance with federal laws, regulations, and policies relating to information privacy.

(ii) Overseeing, coordinating, and facilitating DoD privacy compliance efforts.

(iii) Ensuring that DoD personnel and DoD contractors receive appropriate training and education programs regarding the information privacy laws, regulations, policies, and procedures governing DoD-specific procedures for handling of PII.

(2) Provides rules of conduct and policy for, and coordinates and oversees administration of, the DoD Privacy Program to ensure compliance with policies and procedures in 5 U.S.C. 552a and OMB Circular No. A-130.

(3) Publishes this part and other guidance to ensure timely and uniform implementation of the DoD Privacy Program.

(4) Serves as the chair of the Defense Privacy Board and the Defense Data Integrity Board.

(5) As requested, ensures that guidance, assistance, and subject matter expert support are provided to the Combatant Command privacy officers in the implementation and execution of and compliance with the DoD Privacy Program.

(6) Acts as The Privacy Act Access and Amendment appellate authority for OSD and the Office of the Chairman of the Joint Chiefs of Staff when an individual is denied access to or amendment of records pursuant to The Privacy Act, DoD Directive 5105.53, “Director of Administration and Management (DA&M)” (available at http://www.dtic.mil/whs/directives/corres/pdf/510553p.pdf), and Deputy Secretary of Defense Memorandum, “Reorganization of the Office of the Deputy Chief Management Officer.”

(b) Under the authority, direction, and control of the DCMO, through the Director for Oversight and Compliance, the Chief, Defense Privacy and Civil Liberties Division (DPCLD):

(1) Ensures that laws, policies, procedures, and systems for protecting individual privacy rights are implemented throughout DoD.

(2) Oversees and provides strategic direction for the DoD Privacy Program.

(3) Assists the DCMO in performing the responsibilities in paragraphs (a)(1)-(a)(6) of this section.

(4) Reviews DoD legislative, regulatory, and other policy proposals that contain information on privacy issues relating to how the DoD keeps its PII. These reviews must include any proposed legislation, testimony, and comments having privacy implications in accordance with DoD Directive 5500.01, “Preparing, Processing, and Coordinating Legislation, Executive Orders, Proclamations, Views Letters, and Testimony” (available at http://www.dtic.mil/whs/directives/corres/pdf/550001p.pdf).

(5) Reviews proposed new, altered, and amended systems of records. Submits required SORNs for publication in the FR and, when required, provides advance notification to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.

(6) Reviews proposed DoD Component privacy exemption rules. Submits the exemption rules for publication in the FR, and submits reports to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.

(7) Develops, coordinates, and maintains all DoD computer matching agreements. Submits required match notices for publication in the FR and provides advance notification to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.

(8) Provides guidance, assistance, and support to the DoD Components in their implementation of the DoD Privacy Program to ensure that:

(i) All requirements developed to maintain PII conform to the DoD Privacy Program standards.

(ii) Appropriate procedures and safeguards are developed and implemented to protect PII when it is collected, used, maintained, or disseminated in any media.

(iii) Specific procedures and safeguards are developed and implemented when PII is collected and maintained for research purposes.

(9) Compiles data in support of the DoD Chief Information Officer (DoD CIO) submission of the Federal Information Security Management Act (FISMA) Privacy Reports, pursuant to OMB Memorandum M-06-15, “Safeguarding Personally Identifiable Information” (available at http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m-06-15.pdf); the Biennial Matching Activity Report to OMB, in accordance with OMB Circular No. A-130 and this part; the semiannual Section 803 report in accordance with 42 U.S.C. 2000ee and 2000ee-1; and other reports as required.

(10) Reviews and coordinates on DoD Component privacy program implementation rules to ensure they are in compliance with the DoD-level guidance.

(11) Provides operational and administrative support to the Defense Privacy Board and the Defense Data Integrity Board.

(c) The General Counsel of the Department of Defense (GC DoD):

(1) Provides advice and assistance on all legal matters related to the administration of the DoD Privacy Program.

(2) Appoints a designee to serve as a member of the Defense Privacy Board and the Defense Data Integrity Board.

(3) When a DoD Privacy Program group is created, appoints a designee to serve as a member.

(d) The DoD Component heads:

(1) Provide adequate funding and personnel to establish and support an effective DoD Privacy Program.

(2) Establish DoD Component-specific procedures in compliance with this part and publish these procedures as well as rules of conduct in the FR.

(3) Establish and implement appropriate administrative, physical, and technical safeguards and procedures prescribed in this part and other DoD Privacy Program guidance.

(4) Ensure Component compliance with supplemental guidance and procedures in accordance with all applicable federal laws, regulations, policies, and procedures.

(5) Appoint a Component senior official for privacy (CSOP) to support the SAOP in carrying out the SAOP's duties identified in OMB Memorandum M-05-08.

(6) Appoint a Component privacy officer to administer the DoD Privacy Program, on behalf of the CSOP.

(7) Ensure DoD personnel and DoD contractors having primary responsibility for implementing the DoD Privacy Program receive appropriate privacy training. This training must be consistent with the requirements of this part and will address the provisions of 5 U.S.C. 552a, OMB Circular No. A-130, and this part.

(8) Ensure that all DoD Component legislative, regulatory, or other policy proposals are evaluated to ensure consistency with the information privacy requirements of this part.

(9) Assess the impact of technology on the privacy of PII and, when feasible, adopt privacy-enhancing technology to:

(i) Preserve and protect PII contained in a DoD Component system of records.

(ii) Audit compliance with the requirements of this part.

(10) Ensure that officials who have specialized knowledge of the DoD Privacy Program periodically review Component implementation of and compliance with the DoD Privacy Program.

(11) Submit reports, consistent with the requirements of this part, in accordance with 5 U.S.C. 552a and OMB Circular No. A-130, and as otherwise directed by the Chief, DPCLD.

(e) In addition to the responsibilities in paragraph (d), the Secretaries of the Military Departments provide program and financial support to the Combatant Commands as identified in DoD Directive 5100.03, “Support to the Headquarters of Combatant and Subordinate Unified Commands” (available at http://www.dtic.mil/whs/directives/corres/pdf/510003p.pdf) to fund, without reimbursement, the administrative and logistic support required by combatant and subordinate unified command headquarters to perform their assigned missions effectively.

[80 FR 4209, Jan. 27, 2015]

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code
Statutes at Large
Public Laws