32 CFR 310.6 - Responsibilities.
(a) The Deputy Chief Management Officer of the Department of Defense (DCMO):
(1) Serves as the Senior Agency Official for Privacy (SAOP) for the DoD. These duties, in accordance with OMB Memorandum M-05-08, “Designation of Senior Agency Officials for Privacy” (available at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-08.pdf), include:
(i) Ensuring DoD implementation of information privacy protections, including full compliance with federal laws, regulations, and policies relating to information privacy.
(ii) Overseeing, coordinating, and facilitating DoD privacy compliance efforts.
(iii) Ensuring that DoD personnel and DoD contractors receive appropriate training and education programs regarding the information privacy laws, regulations, policies, and procedures governing DoD-specific procedures for handling of PII.
(2) Provides rules of conduct and policy for, and coordinates and oversees administration of, the DoD Privacy Program to ensure compliance with policies and procedures in 5 U.S.C. 552a and OMB Circular No. A-130.
(3) Publishes this part and other guidance to ensure timely and uniform implementation of the DoD Privacy Program.
(4) Serves as the chair of the Defense Privacy Board and the Defense Data Integrity Board.
(5) As requested, ensures that guidance, assistance, and subject matter expert support are provided to the Combatant Command privacy officers in the implementation and execution of and compliance with the DoD Privacy Program.
(6) Acts as The Privacy Act Access and Amendment appellate authority for OSD and the Office of the Chairman of the Joint Chiefs of Staff when an individual is denied access to or amendment of records pursuant to The Privacy Act, DoD Directive 5105.53, “Director of Administration and Management (DA&M)” (available at http://www.dtic.mil/whs/directives/corres/pdf/510553p.pdf), and Deputy Secretary of Defense Memorandum, “Reorganization of the Office of the Deputy Chief Management Officer.”
(b) Under the authority, direction, and control of the DCMO, through the Director for Oversight and Compliance, the Chief, Defense Privacy and Civil Liberties Division (DPCLD):
(1) Ensures that laws, policies, procedures, and systems for protecting individual privacy rights are implemented throughout DoD.
(2) Oversees and provides strategic direction for the DoD Privacy Program.
(3) Assists the DCMO in performing the responsibilities in paragraphs (a)(1)-(a)(6) of this section.
(4) Reviews DoD legislative, regulatory, and other policy proposals that contain information on privacy issues relating to how the DoD keeps its PII. These reviews must include any proposed legislation, testimony, and comments having privacy implications in accordance with DoD Directive 5500.01, “Preparing, Processing, and Coordinating Legislation, Executive Orders, Proclamations, Views Letters, and Testimony” (available at http://www.dtic.mil/whs/directives/corres/pdf/550001p.pdf).
(5) Reviews proposed new, altered, and amended systems of records. Submits required SORNs for publication in the FR and, when required, provides advance notification to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.
(6) Reviews proposed DoD Component privacy exemption rules. Submits the exemption rules for publication in the FR, and submits reports to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.
(7) Develops, coordinates, and maintains all DoD computer matching agreements. Submits required match notices for publication in the FR and provides advance notification to OMB and Congress consistent with 5 U.S.C. 552a, OMB Circular No. A-130, and this part.
(8) Provides guidance, assistance, and support to the DoD Components in their implementation of the DoD Privacy Program to ensure that:
(i) All requirements developed to maintain PII conform to the DoD Privacy Program standards.
(ii) Appropriate procedures and safeguards are developed and implemented to protect PII when it is collected, used, maintained, or disseminated in any media.
(iii) Specific procedures and safeguards are developed and implemented when PII is collected and maintained for research purposes.
(9) Compiles data in support of the DoD Chief Information Officer (DoD CIO) submission of the Federal Information Security Management Act (FISMA) Privacy Reports, pursuant to OMB Memorandum M-06-15, “Safeguarding Personally Identifiable Information” (available at http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m-06-15.pdf); the Biennial Matching Activity Report to OMB, in accordance with OMB Circular No. A-130 and this part; the semiannual Section 803 report in accordance with 42 U.S.C. 2000ee and 2000ee-1; and other reports as required.
(10) Reviews and coordinates on DoD Component privacy program implementation rules to ensure they are in compliance with the DoD-level guidance.
(11) Provides operational and administrative support to the Defense Privacy Board and the Defense Data Integrity Board.
(c) The General Counsel of the Department of Defense (GC DoD):
(1) Provides advice and assistance on all legal matters related to the administration of the DoD Privacy Program.
(2) Appoints a designee to serve as a member of the Defense Privacy Board and the Defense Data Integrity Board.
(3) When a DoD Privacy Program group is created, appoints a designee to serve as a member.
(d) The DoD Component heads:
(1) Provide adequate funding and personnel to establish and support an effective DoD Privacy Program.
(2) Establish DoD Component-specific procedures in compliance with this part and publish these procedures as well as rules of conduct in the FR.
(3) Establish and implement appropriate administrative, physical, and technical safeguards and procedures prescribed in this part and other DoD Privacy Program guidance.
(4) Ensure Component compliance with supplemental guidance and procedures in accordance with all applicable federal laws, regulations, policies, and procedures.
(5) Appoint a Component senior official for privacy (CSOP) to support the SAOP in carrying out the SAOP's duties identified in OMB Memorandum M-05-08.
(6) Appoint a Component privacy officer to administer the DoD Privacy Program, on behalf of the CSOP.
(7) Ensure DoD personnel and DoD contractors having primary responsibility for implementing the DoD Privacy Program receive appropriate privacy training. This training must be consistent with the requirements of this part and will address the provisions of 5 U.S.C. 552a, OMB Circular No. A-130, and this part.
(8) Ensure that all DoD Component legislative, regulatory, or other policy proposals are evaluated to ensure consistency with the information privacy requirements of this part.
(9) Assess the impact of technology on the privacy of PII and, when feasible, adopt privacy-enhancing technology to:
(i) Preserve and protect PII contained in a DoD Component system of records.
(ii) Audit compliance with the requirements of this part.
(10) Ensure that officials who have specialized knowledge of the DoD Privacy Program periodically review Component implementation of and compliance with the DoD Privacy Program.
(11) Submit reports, consistent with the requirements of this part, in accordance with 5 U.S.C. 552a and OMB Circular No. A-130, and as otherwise directed by the Chief, DPCLD.
(e) In addition to the responsibilities in paragraph (d), the Secretaries of the Military Departments provide program and financial support to the Combatant Commands as identified in DoD Directive 5100.03, “Support to the Headquarters of Combatant and Subordinate Unified Commands” (available at http://www.dtic.mil/whs/directives/corres/pdf/510003p.pdf) to fund, without reimbursement, the administrative and logistic support required by combatant and subordinate unified command headquarters to perform their assigned missions effectively.