cte privacy bridges module 2
Post on 04-Apr-2018
217 Views
Preview:
TRANSCRIPT
-
7/29/2019 Cte Privacy Bridges Module 2
1/41
1
Privacy Act System of Records
and Systems Notices
-
7/29/2019 Cte Privacy Bridges Module 2
2/41
Module 2
Explain Privacy Act System of Records
and Systems Notices.
-
7/29/2019 Cte Privacy Bridges Module 2
3/41
3
-
7/29/2019 Cte Privacy Bridges Module 2
4/41
Privacy Act
Records that are retrieved by name orpersonal identifier are subject to PrivacyAct (PA) requirements and are referred toas PA systems of records. The Air Forcemust publish notices in the FederalRegister, describing the collection ofInformation for new, changed or deletedsystems to inform the public and givethem an opportunity to comment beforeimplementing or changing the system.
4
-
7/29/2019 Cte Privacy Bridges Module 2
5/41
A System of Records is agroup of records that:
Contains a personalidentifier (such as a name,
Social Security Number,Employee Number, etc.)
Contains one other item ofpersonal data (such as
home address,performance rating, bloodtype, etc.)
Is retrieved by a personal
identifier.
"Privacy Act System of Records
-
7/29/2019 Cte Privacy Bridges Module 2
6/41
"Privacy Act System of Records
An official system of records must be:
Authorized by law or Executive Order
Controlled by an Air Force or lower level directive Neededto carry out an Air Force mission or function
Published in the Federal Register
-
7/29/2019 Cte Privacy Bridges Module 2
7/41
The following are NOT Privacy Act systems of
recordseven though they may contain
personal information
Read files: These are retrieved by date, notpersonal identifier.
Folders with employees names on the label:only containing non-personal information, such
as a copy of the employee's position
description.These do not contain the required secondelement of personal data.
Folders or databases containingcommercialand financial data pertaining to contracts.
Contractors have no expectation of privacyregarding their operations. They may,however,expect the data to be handled on a proprietaryor confidential basis.
-
7/29/2019 Cte Privacy Bridges Module 2
8/41
Responsibilities
AF Chief Information Officer senior AF Privacy Official w/overall
responsibility for the AF PA program
Office of the General Counsel to the Secretary of the AF(SAF/GCA) makes the final decision on appeals
PRIVACY ACT OF 1974
-
7/29/2019 Cte Privacy Bridges Module 2
9/41
9
Responsibilities
Base Privacy Act Officers: Provide guidance and training to base
personnel.
Submit reports as required.
Review publications and forms forcompliance with this instruction.
Review system notices to validatecurrency.
Direct investigations ofcomplaints/violations.
Evaluate the health of the program atregular intervals using this instructionas guidance.
-
7/29/2019 Cte Privacy Bridges Module 2
10/41
10
Responsibilities
System Managers: Manage and safeguard the system.
Train users on PA requirements.
Protect records from unauthorized
disclosure, alteration, or destruction. Prepare system notices and reports.
Answer PA requests.
Keep records of disclosures.
Validate system notices annually.
Investigate PA complaints
-
7/29/2019 Cte Privacy Bridges Module 2
11/41
11
Responsibilities
System owners anddevelopers:
Decide the need for, and
content of systems. Evaluate PA requirements of
information systems in earlystages of development.
Completes a Privacy ImpactAssessment (PIA) DD FORM2930 NOV 2008
Then submits to the PA officer
-
7/29/2019 Cte Privacy Bridges Module 2
12/41
System Manager Responsibility
Manages, safeguards, and evaluates their systems ofrecords
Provides training resources to assure proper operation andmaintenance of their system(s)
Prepares public notices and report for new or changed
systems
Local System Managers Responsibility:
Answers Privacy Act requests
Keeps accurate records of all reportable disclosures
Compiles annual report data
NOTE: Legal offices are responsible for reviewing andcoordinating all recommendations for denial/partial denials
12
-
7/29/2019 Cte Privacy Bridges Module 2
13/41
13
Systems of Records
Operated by Contractor
Contractors who are required to operateor maintain a PA system of records bycontract must follow this instruction forcollecting, safeguarding, maintaining,using, accessing, amending anddisseminating personal information.
Contract must contain proper PA clausesand provide system number.
Review annually
-
7/29/2019 Cte Privacy Bridges Module 2
14/41
Do not commingle information about different individualsin the same file.
Mark privacy records appropriately.For Official Use Only Privacy Act Data
Do not use interoffice or translucent envelopes to mail PrivacyAct protected data. Instead, use sealable opaque solid white orKraft envelopes. Be sure to mark the envelope to the persons
attention.
Do not place Privacy Act protected data on shared drives,
multi-access calendars, the Intranet, or the Internet.
Do not create Systems of Records on your computer, orin your files without first contacting your Privacy official.
Responsibilities as an Air Force employee
As an employee, you play a very important role in assuring that
the Air Force complies with the provisions of the Privacy Act.
-
7/29/2019 Cte Privacy Bridges Module 2
15/41
15
PRIVACY IMPACT ASSESSMENT
What is PIA. Developing or procuringinformation technology (IT) systems orprojects that collect, maintain, ordisseminate information in identifiableform from or about members of thepublic
Initiating a new electronic collection ofinformation, in identifiable form for 10 ormore persons excluding agencies,instrumentalities, or employees of theFederal Government.
-
7/29/2019 Cte Privacy Bridges Module 2
16/41
16
PRIVACY IMPACT ASSESSMENT
PIA conducted to:
Ensure the public is aware of theinformation collected about them
Any impact these systems have onpersonal privacy is adequately addressed
Collect only enough personal informationto administer our programs, and no more
PIAs confirm that information is
used for the purpose intended
remains timely and accurate
protected while maintained and heldneeded
NOTE: See AFI 33-332, Attachment 4 orhttp://www.foia.af.mil/Privacy/PrivImpAssess.shtml
-
7/29/2019 Cte Privacy Bridges Module 2
17/41
17
SYSTEM NOTICE
Publishing System Notices. The Air Force must
publish notices in the Federal Registerof new,changed, and deleted systems to inform the publicof what records the Air Force keeps and give theman opportunity to comment before the system isimplemented or changed.
Submitting Notices. At least 120 days beforeimplementing a new system, or a major change toan existing system.
Submit a Notice. System Managers must send aproposed notice through MAJCOM Privacy Act
Office. To AF-CIO/P
NOTE: See AFI 33-332, Attachment 2
-
7/29/2019 Cte Privacy Bridges Module 2
18/41
18
SYSTEM NOTICE
Systems of records are grouped by series. (i.e.
Security 31)
System identification: F031 AF SF A or F051 AFJAC
The letter 'F' means Air Force.
The first three digits (031 and 051) show that therecords pertain to Security and Law respectively.
The letters that follow indicate to whom the systemapplies and/or the Office of Primary Responsibility(OPR). (i.e. F031 AF SF A, AF indicates that this isan Air Force-wide system, with SF denotingSecurity Forces as the OPR.
The last alpha designation is for internal
management control. In the records system F051AFJA C, (without a space between the AF and JA)indicates this is a Judge Advocate General Systemand applies to the office of The Judge AdvocateGeneral only.
-
7/29/2019 Cte Privacy Bridges Module 2
19/41
19
Disclosure Accountings
System managers must keep an accurate record of
all disclosures made from any system of recordsexcept disclosures to DOD personnel for officialuse or disclosures under the FOIA.
System managers may use AF Form 771,Accounting of Disclosures.
System managers must keep the disclosure formon file for 5 years and give it to the subject onrequest, send corrected or disputed information toprevious record recipients, explain any disclosures,and provide an audit trail for reviews. Include ineach accounting:
Release date.
Description of information.
Reason for release.
Name and address of recipient.
-
7/29/2019 Cte Privacy Bridges Module 2
20/41
20
Disclosure Accountings
Some exempt systems let
you withhold theaccounting record fromthe subject.
You may withholdinformation aboutdisclosure accountings forlaw enforcement purposesat the law enforcementagencys request.
FOIA
-
7/29/2019 Cte Privacy Bridges Module 2
21/41
21
-
7/29/2019 Cte Privacy Bridges Module 2
22/41
Disclosing Medical Records
of Minors
AF personnel maydisclose the medicalrecords of minors to their
parents or legalguardians in conjunctionwith applicable Federallaws and guidelines. The laws of each state define
the age of majority.
Outside the United States
(overseas), the age of majorityis 18.22
-
7/29/2019 Cte Privacy Bridges Module 2
23/41
Special Provision for
Medical Records If a physician believes that disclosing
requested medical records could harmthe persons mental or physical health:
Requester needs a letter fromphysician to send records
Offer the services of a militaryphysician other that one whoprovided treatment if naming thephysician poses a hardship on theindividual
NOTE: The PA requires that the PAManager ultimately ensure that thesubject receives the records
23
-
7/29/2019 Cte Privacy Bridges Module 2
24/41
24
-
7/29/2019 Cte Privacy Bridges Module 2
25/41
25
Law Enforcement Records
Obtaining Law Enforcement Records. TheCommander, Air Force Office of Special
Investigation (AFOSI); the Commander, Air
Force Security Forces Center (HQ AFSFC);
MAJCOM, FOA, and base chiefs of security
forces; AFOSI detachment commanders;
and designees of those offices may askanother agency for records for law
enforcement under 5 U.S.C. 552a(b)(7).
Indicate in writing
Specify part of record desired
Identify the law enforcement activity
-
7/29/2019 Cte Privacy Bridges Module 2
26/41
26
Confidentially Promises
Confidentiality Promises.Promises of confidentiality
must be prominently
annotated in the record toprotect from disclosure any
confidential information
under 5 United States Code
552a (k)(2), (k)(5), or (k)(7)of the Privacy Act.
-
7/29/2019 Cte Privacy Bridges Module 2
27/41
27
PRIVACY IMPACT
-
7/29/2019 Cte Privacy Bridges Module 2
28/41
28
PRIVACY IMPACT
ASSESSMENT
What is PIA. Developing or procuringinformation technology (IT) systems orprojects that collect, maintain, ordisseminate information in identifiableform from or about members of thepublic
Initiating a new electronic collection ofinformation, in identifiable form for 10 ormore persons excluding agencies,instrumentalities, or employees of theFederal Government.
PRIVACY IMPACT
-
7/29/2019 Cte Privacy Bridges Module 2
29/41
29
PRIVACY IMPACT
ASSESSMENT
PIA conducted to:
Ensure the public is aware of theinformation collected about them
Any impact these systems have onpersonal privacy is adequately addressed
Collect only enough personal informationto administer our programs, and no more
PIAs confirm that information is
used for the purpose intended
remains timely and accurate
protected while maintained and heldneeded
NOTE: See AFI 33-332, Attachment 4 orhttp://www.foia.af.mil/Privacy/PrivImpAssess.shtml
-
7/29/2019 Cte Privacy Bridges Module 2
30/41
30
SYSTEM NOTICE
Publishing System Notices. The AirForce must publish notices in the Federal
Registerof new, changed, and deletedsystems to inform the public of whatrecords the Air Force keeps and givethem an opportunity to comment beforethe system is implemented or changed.
Submitting Notices. At least 120 daysbefore implementing a new system, or amajor change to an existing system.
Submit a Notice. System Managers mustsend a proposed notice throughMAJCOM Privacy Act Office. To AF-CIO/P
NOTE: See AFI 33-332, Attachment 2
-
7/29/2019 Cte Privacy Bridges Module 2
31/41
SYSTEM NOTICES
Systems of records are grouped by series. (i.e. Security 31)
System identification: F031 AF SF A or F051 AFJA C
The letter 'F' means Air Force.
The first three digits (031 and 051) show that the records pertainto Security and Law respectively.
The letters that follow indicate to whom the system appliesand/or the Office of Primary Responsibility (OPR). (i.e. F031 AFSF A, AF indicates that this is an Air Force-wide system, with SFdenoting Security Forces as the OPR.
The last alpha designation is for internal management control. In
the records system F051 AFJA C, (without a space between theAF and JA) indicates this is a Judge Advocate General Systemand applies to the office of The Judge Advocate General only.
31
-
7/29/2019 Cte Privacy Bridges Module 2
32/41
32
Exemption Types
General. Exemptions authorizes theexemption of a system of records from
most parts of the Privacy Act
Specific. Exemption authorizes the
exemption of a system of records fromonly a few parts
-
7/29/2019 Cte Privacy Bridges Module 2
33/41
33
Authorizing Exemptions
Authorizing Exemptions. Denial authoritiesmay withhold records using Privacy Act
exemptions onlywhen an exemption forthe system of records has been publishedin the Federal Register as a final rule.
-
7/29/2019 Cte Privacy Bridges Module 2
34/41
34
Requesting an Exemption
A system manager who believes that asystem needs an exemption from some or
all of the requirements of the PA will senda request to AF-CIO/P through theMAJCOM or FOA PA Officer.
The request will detail the reasons for theexemption, the section of the Act that allowsthe exemption, and the specific
-
7/29/2019 Cte Privacy Bridges Module 2
35/41
35
Exemptions
(b)Applies to information concerning other individuals which
may not be released without their written consent. (d)(5) Information compiled in reasonable anticipation of a civil
action proceeding.
(j)(1)Applies to polygraph records; documents or segregateportions of documents, the release of which would discloseintelligence sources and methods, including names of certainagency employees and organizational components; anddocuments or information provided by foreign governments;(CIA exemption).
(j)(2) Material reporting investigative efforts pertaining to theenforcement of criminal law including efforts to prevent, control,or reduce crime or apprehend criminals, except records ofarrest.
(k)(1)Applies to information and material property classifiedpursuant to an Executive Order in the interest of nationaldefense or foreign policy.
-
7/29/2019 Cte Privacy Bridges Module 2
36/41
36
Exemptions
(k)(3) Material maintained in connection with providing protective
services to the President of the United States or any other individualpursuant to the authority of Title 18, United States Code, Section 3056.
(k)(4) Required by statute to be maintained and used solely as statisticalrecords.
(k)(5) Applies to investigatory material compiled solely for the purpose of
determining suitability, eligibility, or qualifications for Federal civilianemployment, or access to classified information, the release of whichwould disclose a confidential source.
(k)(6) Testing or examination material used to determine individualqualifications for appointment or promotion in Federal government
service, the release of which would compromise the testing orexamination process.
(k)(7) Material used to determine potential for promotion in the armedservices, the disclosure of which would reveal the identity of the personwho furnished the material pursuant to a promise that his identity wouldbe held in confidence.
-
7/29/2019 Cte Privacy Bridges Module 2
37/41
37
12 EXCEPTIONSTO CONSENT RULE
Need to know withinthe agency
Required to bereleased under FOIA
Routine Use
Census Bureau
Statistical Research
National Archives
Law Enforcement Health or Safety
Congress
GAO
Court Order
Consumer ReportingAgency
PRIVACY EXEMPTIONS
-
7/29/2019 Cte Privacy Bridges Module 2
38/41
PRIVACY EXEMPTIONS
GENERAL
(j)(1) CIA (j)(2) Maintained by agency
whose principal function iscriminal law enforcement
Exempts system from mostparts of Privacy Act
PRIVACY EXEMPTIONS
-
7/29/2019 Cte Privacy Bridges Module 2
39/41
PRIVACY EXEMPTIONS
SPECIFIC
(k)(1) Classified (k)(2) Investigatory
material compiled for lawenforcement
(k)(3) Protective servicesto the President
(k)(4) Required by statutefor use as statisticalrecords only
(k)(5) Investigatorymaterial for determiningsuitability for employment
(k)(6) Testing material
(k)(7) Evaluation materialused for promotion
QUESTIONS?
-
7/29/2019 Cte Privacy Bridges Module 2
40/41
QUESTIONS?
-
7/29/2019 Cte Privacy Bridges Module 2
41/41
41
top related