32 CFR 310.9 - Privacy boards and office, composition and responsibilities.
(a)The Defense Privacy Board -
(1)Membership. The Board consists of:
(i)Voting members. Representatives designated by the Secretaries of the Military Departments and the following officials or their designees:
(A) The DCMO, who serves as the chair.
(B) The Chief, DPCLD, who serves as the Executive Secretary and as a member.
(C) The Under Secretary of Defense for Personnel and Readiness.
(D) The Assistant Secretary of Defense for Health Affairs.
(E) The DoD CIO.
(F) The Director, Defense Manpower Data Center.
(G) The Director, Executive Services Directorate, Washington Headquarters Services (WHS).
(H) The GC DoD.
(I) The Chief of the National Guard Bureau.
(ii)Non-voting members. Non-voting members are the Director, Enterprise Information Technology Services Directorate (EITSD), WHS; and the representatives designated by Defense Agency and DoD Field Activity directors.
(2)Responsibilities. The Board:
(i) Serves as the primary DoD policy forum for matters involving the DoD Privacy Program, meeting as necessary to address issues of common concern to ensure that consistent policy is adopted and followed by the DoD Components. The Board issues advisory opinions, as necessary, on the DoD Privacy Program to promote uniform and consistent application of 5 U.S.C. 552a, OMB Circular No. A-130, and this part.
(ii) Establishes and convenes committees as necessary.
(iii) Establishes working groups whose membership is composed of DoD Component privacy officers and others as necessary.
(b)The Defense Data Integrity Board -
(1)Membership. The Board consists of:
(i) The DCMO, who serves as the chair.
(ii) The Chief, DPCLD, who serves as the Executive Secretary.
(iii) The representatives designated by the Secretaries of the Military Departments; the DoD CIO; the GC DoD; the Inspector General of the Department of Defense, who is a non-voting advisory member; the Director, EITSD; and the Director, Defense Manpower Data Center.
(2)Responsibilities. The Board:
(i) Oversees and coordinates, consistent with the requirements of 5 U.S.C. 552a, OMB Circular No. A-130, and this part, all computer matching agreements involving personal records contained in systems of records maintained by the DoD Components.
(ii) Reviews and approves all computer matching agreements between the DoD and other federal, state, or local governmental agencies, as well as any memorandums of understanding, when the match is internal to the DoD. This review ensures that, in accordance with 5 U.S.C. 552a, OMB Circular No. A-130, and this part, appropriate procedural and due process requirements are established before engaging in computer matching activities.
(c)The Defense Privacy Board Legal Committee -
(1)Membership. The Committee shall consist of the Director, DPO, DA&M, who shall serve as the Chair and the Executive Secretary; the GC, DoD, or designee; and civilian and/or military counsel from each of the DoD Components. The General Counsels (GCs) and The Judge Advocates General of the Military Departments shall determine who shall provide representation for their respective Department to the Committee. This does not preclude representation from each office. The GCs of the other DoD Components shall provide legal representation to the Committee. Other DoD civilian or military counsel may be appointed by the Executive Secretary, after coordination with the DoD Component concerned, to serve on the Committee on those occasions when specialized knowledge or expertise shall be required.
(i) The Committee shall serve as the primary legal forum for addressing and resolving all legal issues arising out of or incident to the operation of the DoD Privacy Program.
(ii) The Committee shall consider legal questions regarding the applicability of 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R and questions arising out of or as a result of other statutory and regulatory authority, to include the impact of judicial decisions, on the DoD Privacy Program. The Committee shall provide advisory opinions to the Defense Privacy Board and, on request, to the DoD Components.
(d)The DPO -
(1)Membership. It shall consist of a Director and a staff. The Director also shall serve as the Executive Secretary and a member of the Defense Privacy Board; as the Executive Secretary to the Defense Data Integrity Board; and as the Chair and the Executive Secretary to the Defense Privacy Board Legal Committee.
(i) Manage activities in support of the Privacy Program oversight responsibilities of the DA&M.
(ii) Provide operational and administrative support to the Defense Privacy Board, the Defense Data Integrity Board, and the Defense Privacy Board Legal Committee.
(iii) Direct the day-to-day activities of the DoD Privacy Program.
(iv) Provide guidance and assistance to the DoD Components in their implementation and execution of the DoD Privacy Program.
(v) Review DoD legislative, regulatory, and other policy proposals which implicate information privacy issues relating to the Department's collection, maintenance, use, or dissemination of personal information, to include any testimony and comments having such implications under DoD Directive 5500.1.
(vi) Review proposed new, altered, and amended systems of records, to include submission of required notices for publication in the Federal Register and, when required, providing advance notification to the OMB and the Congress, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(vii) Review proposed DoD Component privacy rulemaking, to include submission of the rule to the Office of the Federal Register for publication and providing to the OMB and the Congress reports, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(viii) Develop, coordinate, and maintain all DoD computer matching agreements, to include the submission of required match notices for publication in the Federal Register and the provision of advance notification to the OMB and the Congress, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(ix) Provide advice and support to the DoD Components to ensure:
(B) Appropriate procedures and safeguards shall be developed, implemented, and maintained to protect personal information when it is stored in either a manual and/or automated system of records or transferred by electronic or non-electronic means; and
(C) Specific procedures and safeguards shall be developed and implemented when personal data is collected and maintained for research purposes.
(x) Serve as the principal POC for coordination of privacy and related matters with the OMB and other Federal, State, and local governmental agencies.
(xi) Compile and submit the “Biennial Matching Activity Report” to the OMB as required by OMB Circular A-130 and DoD 5400.11-R, and the Quarterly and Annual Federal Information Security Management Agency (FISMA) Privacy Reports, as required by 44 U.S.C. 3544(c), such other reports as may be required.
(xii) Update and maintain this part and DoD 5400.11-R.