310.8—Rules of conduct.
(1)
Take such actions, as considered appropriate, to ensure that personal information contained in a system of records, to which they have access to or are using incident to the conduct of official business, shall be protected so that the security and confidentiality of the information shall be preserved.
(2)
Not disclose any personal information contained in any system of records except as authorized by DoD 5400.11-R or other applicable law or regulation. Personnel willfully making such a disclosure when knowing that disclosure is prohibited are subject to possible criminal penalties and/or administrative sanctions.
(3)
Report any unauthorized disclosures of personal information from a system of records or the maintenance of any system of records that are not authorized by this part to the applicable Privacy POC for his or her DoD Component.
(1)
Ensure that all personnel who either shall have access to the system of records or who shall develop or supervise procedures for handling records in the system of records shall be aware of their responsibilities and are properly trained to safeguard personal information being collected and maintained under the DoD Privacy Program.
(2)
Prepare promptly any required new, amended, or altered system notices for the system of records and submit them through their DoD Component Privacy POC to the DPO for publication in the Federal Register.
(3)
Not maintain any official files on individuals which are retrieved by name or other personal identifier without first ensuring that a notice for the system of records shall have been published in the Federal Register. Any official who willfully maintains a system of records without meeting the publication requirements, as prescribed by 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R, is subject to possible criminal penalties and/or administrative sanctions.