Incorporating Change 1, September 7, 2000

ADMINISTRATIVE INSTRUCTION NO. 81

(e)  through (i), see enclosure 1

This Administrative Instruction reissues reference (a) to update and implement basic policies and procedures outlined in references (b), (c), and (d) and to provide guidance and procedures for use in establishing the Privacy Program in the Office of the Secretary of Defense (OSD) and those organizations assigned to OSD for administrative support.

The terms used in this Instruction are defined in enclosure 2.

4.2.  Each office maintaining records and information about individuals shall ensure that their privacy is protected from unauthorized disclosure of personal information.  These offices shall permit individuals to have access to, and to have a copy made of all, or any portion of records about them, except as provided in Chapters 3 and 5, DoD 5400.11-R (reference (d)), and to have an opportunity to request that such records be amended as provided by the Privacy Act of 1974 (reference (b)) and Chapter 3 of DoD 5400.11-R (reference (d)).  Individuals requesting access to their records shall receive concurrent consideration under reference (b) and the Freedom of Information Act reference (e) as amended, if appropriate.

5.1.1.  Direct and administer the DoD Privacy Program for the OSD Components.

5.1.2.  Establish standards and procedures to ensure implementation of and compliance with the Privacy Act of 1974, OMB Circular No. A-130, and DoD 5400.11-R (references (b), (c), and (d)).

5.1.3.  Designate the Director for Freedom of Information and Security Review as the point of contact for individuals requesting information or access to records and copies about themselves.

5.1.4.  Serve as the appellate authority within OSD when a requester appeals a denial for access to records under the Privacy Act (reference (b)).

5.1.5.  Serve as the appellate authority within OSD when a requester appeals a denial for amendment of a record or initiates legal action to correct a record.

5.1.6.  Evaluate and decide, in coordination with The General Counsel of the Department of Defense (GC, DoD), appeals resulting from denials of access or amendments to records by the OSD Components.

5.1.7.  Designate the Directives and Records Division, Correspondence and Directives Directorate, Washington Headquarters Services (WHS) as the office responsible for all aspects of the Privacy Act (reference (b)), except that portion about receiving and acting on public requests for personal records.  As such, the Directives and Records Division shall:

5.1.7.1.  Exercise oversight and administrative control of the Privacy Act Program in OSD and those organizations assigned to OSD for administrative support.

5.1.7.2.  Provide guidance and training to organizational entities as required by references (b) and (c).  Periodic training will be provided to public affairs officers and others who may be expected to deal with the news media or the public.

5.1.7.3.  Collect and consolidate data from the OSD Components, and submit an annual report to the Defense Privacy Office, as required by references (b) and (c), and DoD 5400.11-R (reference (d)).

5.1.7.4.  Coordinate and consolidate information for reporting all record systems, as well as changes to approved systems, to the OMB, the Congress, and the Federal Register, as required by references (b), (c), and (d).

5.1.7.5.  Collect information from OSD Components, and prepare consolidated reports required by references (b) and (d).

5.2.1.  Forward requests for information or access to records to the appropriate OSD Component having primary responsibility for any pertinent system of records under reference (b), or to the OSD Components, under the Freedom of Information Act (reference (e)), as amended.

5.2.2.  Maintain deadlines to ensure that responses are made within the time limits prescribed in DoD 5400.7-R (reference (f)), DoD Instruction 5400.10 (reference (g)), reference (d), and this Instruction.

5.2.3.  Collect fees charged and assessed for reproducing requested materials.

5.2.4.  Refer all matters about amendments of records and general and specific exemptions under the Privacy Act of 1974 (reference (b)) to the proper OSD Components.

5.3.1.  Coordinate all OSD final denials of appeals for amending records, and review actions to confirm denial of access to records, as appropriate

5.3.2.  Provide advice and assistance to the DA&M, OSD, in the discharge of appellate and review responsibilities, and to the Directorate for Freedom of Information and Security Review (DFOISR) on all access matters.

5.3.3.  Provide advice and assistance to the OSD Components on legal matters pertaining to the Privacy Act of 1974 (reference (b)).

5.4.1.  Designate an individual as the point of contact for Privacy Act (reference (b)) matters; designate an official to deny initial requests for access to an individual's records or changes to records; and advise both the DA&M, OSD, and the DFOISR of names of officials so designated.

5.4.2.  Report any new record system, or changes to an existing system, to the Chief, Directives and Records Division, WHS, at least 90 days before the intended use of the system.

5.4.3.  Review all contracts that provide for maintaining records systems, by or on behalf of his or her office, to ensure within his or her authority, that language is included that provides that such systems shall be maintained in a manner consistent with reference (b).

5.4.4.  Revise procurement guidance to ensure that any contract providing for the maintenance of a records system, by or on behalf of his or her office, includes language that ensures that such system shall be maintained in accordance with reference (b).

5.4.5.  Revise computer and telecommunications procurement policies to ensure that Agencies review all proposed contracts for equipment and services to comply with reference (b).

5.4.6.  Coordinate with Automatic Data Processing and word processing managers providing services to ensure that an adequate risk analysis is conducted to comply with DoD 5400.11-R (reference (d)).

5.4.7.  Review all Directives that require forms or other methods used to collect information about individuals to ensure that they are in compliance with reference (b).

5.4.8.  Establish administrative systems in OSD Component organizations to comply with the procedures listed in this Instruction and reference (d).

5.4.9.  Coordinate with the GC, DoD, on all proposed denials of access to records.

5.4.10.  Provide justification to the DFOISR when access to a record is denied in whole or in part.

5.4.11.  Provide the record to the DFOISR when the initial denial of a request for access to such record has been appealed by the requester, or at the time of initial denial when appeal seems likely.

5.4.12.  Maintain an accurate account of the actions resulting in a denial for access to a record or for the correction of a record.  This account should be maintained so that it can be readily certified as the complete record of proceedings if litigation occurs.

5.4.13.  Ensure that all personnel who either have access to the system of records, or who are engaged in developing or supervising procedures for handling records in the system, are aware of their responsibilities for protecting personal information as established in the Privacy Act and DoD 5400.11R (references (b) and (d)).

5.4.14.  Forward all requests for access to records received directly from an individual to the DFOISR for appropriate suspense control and recording.

5.4.15.  Provide the DFOISR with a copy of the requested record when the request is granted.

5.5.1.  Determining whether to submit the request in writing or in person.  A requester who seeks access to records pertaining to himself or herself who are filed by his or her name or personal identifier: May make such a request in person to the custodian of the records.  If the requester is not satisfied with the response, however, in order to invoke any provision of reference (b), reference (d), or this Instruction, the requester must file a request in writing as provided in subparagraph 6.2.10.  The requester must provide proof of identity by showing driver's license or similar credentials.

5.5.2.  Describing the record sought, and providing sufficient information to enable the material to be located (e.g., identification of system of records, approximate date it was initiated, originating organization, and type of document).

5.5.3.  Complying with procedures provided in reference (d) for inspecting and/or obtaining copies of requested records.

5.5.4.  Submitting a written request to amend the record to the system manager or to the office designated in the system notice.

6.1.1.  A notice shall be published in the Federal Register of any record system meeting the definition of a system of records in reference (d).

6.1.2.  Regarding new or revised records systems, each OSD Component shall provide the Chief, Directives and Records Division, with 90 days advance notice of any anticipated new or revised system of records.  This material shall be submitted to the OMB and to Congress at least 60 days before use and to the Federal Register at least 30 days before being put into use, to provide an opportunity for interested persons to submit written data, views, or arguments to the OSD Components.  Instructions on content and preparation are outlined in reference (d).

6.2.1.  Upon request, and as provided by the Privacy Act (reference (b)), records shall be disclosed only to the individual they pertain to and under whose individual name or identifier they are filed, unless exempted by provisions stated in reference (d).

6.2.2.  There is no requirement under reference (b) that a record be created or that an individual be given access to records that are not in a group of records that meet this definition of a system of records in reference (b).

6.2.3.  Granting access to a record containing personal information shall not be conditioned upon any requirement that the individual state a reason or otherwise justify the need to gain access.

6.2.4.  No verification of identity shall be required of an individual seeking access to records that are otherwise available to the public.

6.2.5.  Individuals shall not be denied access to a record in a system of records about themselves because those records are exempted from disclosure under DoD 5400.7-R (reference (f)).  Individuals may only be denied access to a record in a system of records about themselves when those records are exempted from the access provisions of the Privacy Act under DoD 5400.11-R, Chapter 5 (reference (d)).

6.2.6.  Individuals shall not be denied access to their records for refusing to disclose their Social Security Numbers (SSNs), unless disclosure of the SSN is required by statute, by regulation adopted before January 1, 1975, or if the record's filing identifier and only means of retrieval is by SSN.

6.2.7.  Individuals may request access to their records, in person or by mail, in accordance with the procedures outlined in subparagraph 6.2.8., below.

6.2.8.  Information necessary to identify a record is: the individual's name, date of birth, place of birth, identification of the records system as listed in the Federal Register, or sufficient information to identify the type of records being sought, and the approximate date the records might have been created.  Any individual making a request for access to records in person shall come to the Directorate for Freedom of Information and Security Review (DFOISR), Room 2C757, Pentagon, Washington, DC 20301-1155; and shall provide personal identification acceptable to the Director, DFOISR, to verify the individual's identity (e.g., driver's license, other licenses, permits, or passes used for routine identification purposes).

6.2.9.  If an individual wishes to be accompanied by a third party when seeking access to records or wishes to have the record released directly to a third party, the individual may be required to furnish a signed access authorization granting the third party access.

6.2.10.  Any individual submitting a request by mail for access to information shall address such request to the Directorate for Freedom of Information and Security Review, Pentagon, Room 2C757, Washington, DC 20301-1155.  To verify the identity of the individual, the request shall include either a signed notarized statement or an unsworn declaration in the format specified by 28 U.S.C. §1746 (reference (h)).

6.2.11.  The following procedures shall apply to requests for access to records or information compiled for law enforcement purposes:

6.2.11.1.  Individuals requesting access to records or information about themselves and compiled for law enforcement purposes are processed under DoD 5400.11-R (reference (d)) and DoD 5400.7-R (reference (f)) to give them the greater degree of access.

6.2.11.2.  Individual requests for access to records or information about themselves and compiled for law enforcement purposes (and in the custody of law enforcement activities) that have been incorporated into the records system, exempted from the access provisions of reference (d), will be processed in accordance with paragraph C1.5.13. and Chapter 5, reference (f).  Individuals shall not be denied access to records solely because they are in the exempt system, but they will have the same access that they would receive under reference (f).  (Also see section A.10., Chapter 3, reference (d).)

6.2.11.3.  Requests by individuals for access to records or information about themselves and compiled for law enforcement purposes that are in records systems exempted from access provisions will be processed under section C.1.1., Chapter 5 of reference (d) or reference (f), depending upon which regulation gives the greater degree of access.  (See also section A.10.1., Chapter 3, reference (d).)

6.2.11.4.  Individual requests for access to records or information about themselves and compiled for law enforcement purposes exempted from access under Section B, Chapter 5 of reference (d), that are temporarily in the hands of a non-law enforcement element for adjudicative or personnel actions, shall be referred to the originating agency.  The requester will be informed in writing of these referrals.

6.2.12.  The following procedures shall apply to requests for illegible, incomplete, or partially exempt records:

6.2.12.1.  An individual shall not be denied access to a record or a copy of a record solely because the physical condition or format of the record does not make it readily available (e.g., deteriorated state or on magnetic tape).  The document will be prepared as an extract, or it will be exactly recopied.

6.2.12.2.  If a portion of the record contains information that is exempt from access, an extract or summary containing all of the information in the record that is releasable shall be prepared.

6.2.12.3.  When the physical condition of the record makes it necessary to prepare an extract for release, the extract shall be prepared so that the requester will understand it.

6.2.12.4.  The requester shall be informed of all deletions or changes to records.

6.2.13.  Medical records shall be disclosed to the individual they pertain to, unless a determination is made in consultation with a medical doctor, that the disclosure could have adverse effects on the individual's physical or mental health.  Such information may be transmitted to a medical doctor named by the individual concerned.  If the named medical doctor declines to provide the record to the individual, the OSD Component shall take positive action to ensure that the requested records are provided the individual.

6.2.14.  The individual may be charged reproduction fees for copies or records as outlined in DoD 5400.11-R (reference (d)).

6.3.1.  The Head of an OSD Component, or the designated official, shall allow individuals to request amendment to their records to the extent that such records are not accurate, relevant, timely, or complete.  Requests should be as brief and as simple as possible and should contain, as a minimum, identifying information to locate the record, a description of the items to be amended, and the reason for the change.  A request shall not be rejected nor required to be resubmitted unless additional information is essential to process the request.  Requesters shall be required to provide verification of their identity as stated in subparagraph 6.2.8., above, to ensure that they are seeking to amend records about themselves, and not, inadvertently or intentionally, the records of others.

6.3.2.  The appropriate system manager shall mail a written acknowledgment to an individual's request to amend a record within 10 days after receipt, excluding Saturdays, Sundays, and legal public holidays.  Such acknowledgment shall identify the request and may, if necessary, request any additional information needed to make a determination.  No acknowledgment is necessary if the request can be reviewed, processed, and if the individual can be notified of compliance or denial within the 10-day period.  Whenever practical, the decision shall be made within 30 working days.  For requests presented in person, written acknowledgment may be provided at the time the request is presented.

6.3.3.  The Head of an OSD Component, or designated official, shall promptly take one of the following actions on requests to amend the records:

6.3.3.1.  If the OSD Component official agrees with any portion or all of an individual's request, he or she will proceed to amend the records in accordance with existing statutes, regulations, or administrative procedures, and inform the requester of the action taken.  The OSD Component official shall also notify all previous holders of the record that the amendment has been made, and shall explain the substance of the correction.

6.3.3.2.  If the OSD Component official disagrees with all or any portion of a request, the individual shall be informed promptly of the refusal to amend a record, the reason for the refusal, and the procedure established by OSD for an appeal as outlined in subparagraph 6.3.6., below.

6.3.3.3.  If the request for an amendment pertains to a record controlled and maintained by another Federal Agency, the request shall be referred to the appropriate Agency, and the requester advised of this.

6.3.4.  The following procedures shall be used when reviewing records under dispute:

6.3.4.1.  In response to a request for an amendment to records, officials shall determine whether the requester has adequately supported their claim that the record is inaccurate, irrelevant, untimely, or incomplete.

6.3.4.2.  The Head of an OSD Component, or designated official, shall limit the review of a record to those items of information that clearly bear on any determination to amend the records and shall ensure that all those elements are present before determination is made.

6.3.5.  If the Head of an OSD Component, or designated official, after an initial review of a request to amend a record, disagrees with all or any portion of a record, he or she shall:

6.3.5.1.  Advise the individual of the denial and the reason for it.

6.3.5.2.  Inform the individual that he or she may appeal the denial.

6.3.5.3.  Describe the procedures for appealing the denial including the name and address of the official to whom the appeal should be directed.  The procedures should be as brief and simple as possible.

6.3.5.4.  Furnish a copy of the justification of any denial to amend a record to the DA&M, OSD.

6.3.6.  If an individual disagrees with the initial OSD determination, he or she may file an appeal.  The request should be sent to the Director of Administration and Management, Office of the Secretary of Defense (DA&M, OSD), 1950 Defense Pentagon, Washington, DC 20301-1950, if the record is created and maintained by an OSD Component.

6.3.7.  If, after review, the DA&M, OSD further refuses to amend the record as requested, he shall advise the individual:

6.3.7.1.  Of the refusal and the reason and authority for the denial.

6.3.7.2.  Of his or her right to file a statement of the reason for disagreeing with the DA&M's decision.

6.3.7.3.  Of the procedures for filing a statement of disagreements.

6.3.7.4.  That the statement filed shall be made available to anyone the record is disclosed to, together with a brief statement, at the discretion of the OSD Component, summarizing its reasons for refusing to amend the records.

6.3.7.5.  That prior recipients of copies of disputed records be provided a copy of any statement of dispute to the extent that an accounting of disclosure is maintained.

6.3.7.6.  Of his or her right to seek judicial review of the DA&M's refusal to amend a record.

6.3.8.  If, after the review, the DA&M, OSD, determines that the record should be amended in accordance with the individual's request, the OSD Component shall amend the record, advise the individual, and inform previous recipients where an accounting of disclosure has been maintained.

6.3.9.  All appeals should be processed within 30 days (excluding Saturdays, Sundays, and legal public holidays) after receipt by the proper office.  If the DA&M determines that a fair and equitable review cannot be made within that time, the individual shall be informed in writing of the reasons for the delay and of the approximate date the review is expected to be completed.

6.4.1.  If the DA&M, OSD, has refused to amend a record and the individual has filed a statement under subparagraph 6.3.7., above, the OSD Component shall clearly annotate the disputed record so that it is apparent to any person to whom the record is disclosed that a statement has been filed.  Where feasible, the notation itself shall be integral to the record.  Where an accounting of a disclosure has been made, the OSD Component shall advise previous recipients that the record has been disputed and shall provide a copy of the individual's statement.

6.4.1.1.  This statement shall be maintained to permit ready retrieval whenever the disputed portion of the record is to be disclosed.

6.4.1.2.  When information that is the subject of a statement of dispute is subsequently disclosed, the OSD Component's designated official shall note which information is disputed and provide a copy of the individual's statement.

6.4.2.  The OSD Component shall include a brief summary of its reasons for not making a correction when disclosing disputed information.  Such statement shall normally be limited to the reasons given to the individual for not amending the record.

6.4.3.  Copies of the OSD Component's summary will be treated as part of the individual's record; however, it will not be subject to the amendment procedure outlined in subparagraph 6.3.3., above.

6.5.1.  Civil Action

6.5.1.1.  An individual may file a civil suit against the United States and may recover damages, for:

6.5.1.1.1.  Refusal to amend a record.

6.5.1.1.2.  Improper denial of the access to a record.

6.5.1.1.3.  Failure to maintain an accurate, relevant, timely, and complete record that is used to make determinations adverse to the individual.

6.5.1.2.  An individual may also file a suit against the United States for failure to implement a provision of the Privacy Act (reference (b)) when such failure leads to an adverse determination.

6.5.1.3.  If the individual's suit is upheld, the court may direct the United States to pay the court costs and attorney's fees.

6.5.2.  Criminal Action

6.5.2.1.  Criminal penalties may be imposed against an OSD officer or employee for certain offenses listed in Section (i) of the Privacy Act (reference (b)), as follows: willful unauthorized disclosure of protected information in the records; failure to publish a notice of the existence of a record system in the Federal Register; requesting or gaining access to the individual's record under false pretenses.

6.5.2.2.  An OSD officer or employee may be fined up to $5,000 for a violation as outlined in subparagraph 6.5.2.1., above.

6.5.3.  Litigation Status Sheet.  Whenever a complaint citing reference (b) is filed in a U.S. District Court against the Department of Defense, a DoD Component, or any DoD employee, the responsible system manager shall promptly notify the Defense Privacy Office.  The litigation status sheet in DoD 5400.11-R (reference (d)) provides a standard format for this notification.  (The initial litigation status sheet shall, as a minimum, provide the information required by items 1 through 6).  A revised litigation status sheet shall be provided at each stage of the litigation.  When a court renders a formal opinion or judgment, copies of the judgment or opinion shall be provided to the Defense Privacy Office with the litigation status sheet reporting that judgment or opinion.

6.6.  Computer Matching Programs.  Paragraph B of Chapter 11 of reference (d) prescribes that all requests for participation in a matching program (either as a matching agency or a source agency) be submitted to the Defense Privacy Office for review and compliance.  The OSD Components shall submit these requests through the Directives and Records Division.

The Defense Privacy Office shall establish requirements and deadlines for DoD privacy reports.  These reports shall be licensed in accordance with DoD Directive 8910.1 (reference (i)).

E1.  References, continued

E2.  Definitions

(f)  DoD 5400.7-R, "DoD Freedom of Information Act Program," September 1998

(g)  DoD Instruction 5400.10, "OSD Implementation of DoD Freedom of Information Act Program," January 24, 1991

(i)  DoD Directive 8910.1, "Management and Control of Information Requirements," June 11, 1993