32 CFR 806b.50 - Computer matching.
Computer matching programs electronically compare records from two or more automated systems that may include DoD, another Federal agency, or a state or other local government. A system manager proposing a match that could result in an adverse action against a Federal employee must meet these requirements of the Privacy Act:
(1) Prepare a written agreement between participants;
(2) Secure approval of the Defense Data Integrity Board;
(3) Publish a matching notice in the Federal Register before matching begins;
(4) Ensure full investigation and due process; and
(5) Act on the information, as necessary.
(a) The Privacy Act applies to matching programs that use records from: Federal personnel or payroll systems and Federal benefit programs where matching:
(1) Determines Federal benefit eligibility;
(2) Checks on compliance with benefit program requirements;
(3) Recovers improper payments or delinquent debts from current or former beneficiaries.
(b) Matches used for statistics, pilot programs, law enforcement, tax administration, routine administration, background checks and foreign counterintelligence, and internal matching that won't cause any adverse action are exempt from Privacy Act matching requirements.
(c) Any activity that expects to participate in a matching program must contact Air Force Chief Information Officer/P immediately. System managers must prepare a notice for publication in the Federal Register with a Routine Use that allows disclosing the information for use in a matching program. Send the proposed system notice to Air Force Chief Information Officer/P. Allow 180 days for processing requests for a new matching program.
(d) Record subjects must receive prior notice of a match. The best way to do this is to include notice in the Privacy Act Statement on forms used in applying for benefits. Coordinate computer matching statements on forms with Air Force Chief Information Officer/P through the Major Command Privacy Act Officer.