32 CFR 317.3 - Policy.
(a) It is DCAA policy that personnel will comply with the DCAA Privacy Program; the Privacy Act of 1974; and the DoD Privacy Program ( 32 CFR part 310). Strict adherence is necessary to ensure uniformity in the implementation of the DCAA Privacy Program and create conditions that will foster public trust. It is also Agency policy to safeguard personal information contained in any system of records maintained by DCAA organizational elements and to make that information available to the individual to whom it pertains to the maximum extent practicable.
(b) DCAA policy specifically requires that DCAA organizational elements:
(1) Collect, maintain, use, and disseminate personal information only when it is relevant and necessary to achieve a purpose required by statute or Executive Order.
(2) Collect personal information directly from the individuals to whom it pertains to the greatest extent practical.
(3) Inform individuals who are asked to supply personal information for inclusion in any system of records:
(i) The authority for the solicitation.
(ii) Whether furnishing the information is mandatory or voluntary.
(iii) The intended uses of the information.
(iv) The routine disclosures of the information that may be made outside of DoD.
(v) The effect on the individual of not providing all or any part of the requested information.
(4) Ensure that records used in making determinations about individuals and those containing personal information are accurate, relevant, timely, and complete for the purposes for which they are being maintained before making them available to any recipients outside of DoD, other than a Federal agency, unless the disclosure is made under DCAA Regulation 5410.8, DCAA Freedom of Information Act Program.
(5) Keep no record that describes how individuals exercise their rights guaranteed by the First Amendment to the U.S. Constitution, unless expressly authorized by statute or by the individual to whom the records pertain or is pertinent to and within the scope of an authorized law enforcement activity.
(6) Notify individuals whenever records pertaining to them are made available under compulsory legal processes, if such process is a matter of public record.
(7) Establish safeguards to ensure the security of personal information and to protect this information from threats or hazards that might result in substantial harm, embarrassment, inconvenience, or unfairness to the individual.
(8) Establish rules of conduct for DCAA personnel involved in the design, development, operation, or maintenance of any system of records and train them in these rules of conduct.
(9) Assist individuals in determining what records pertaining to them are being collected, maintained, used, or disseminated.
(10) Permit individual access to the information pertaining to them maintained in any system of records, and to correct or amend that information, unless an exemption for the system has been properly established for an important public purpose.
(11) Provide, on request, an accounting of all disclosures of the information pertaining to them except when disclosures are made:
(i) To DoD personnel in the course of their official duties.
(ii) Under DCAA Regulation 5410.8, DCAA Freedom of Information Act Program.
(iii) To another agency or to an instrumentality of any governmental jurisdiction within or under control of the United States conducting law enforcement activities authorized by law.
(12) Advise individuals on their rights to appeal any refusal to grant access to or amend any record pertaining to them, and file a statement of disagreement with the record in the event amendment is refused.