310.9—Privacy boards and office, composition and responsibilities.
(a) The Defense Privacy Board—
(1) Membership.
The Board shall consist of the DA&M, OSD, who shall serve as the Chair; the Director of the DPO, DA&M, who shall serve as the Executive Secretary and as a member; the representatives designated by the Secretaries of the Military Departments; and the following officials or their designees: the Deputy Under Secretary of Defense for Program Integration (DUSD(PI)); the Assistant Secretary of Defense for Health Affairs; the Assistant Secretary of Defense for Networks and Information Integration (ASD) (NII)/Chief Information Officer (CIO); the Director, Executive Services and Communications Directorate, WHS; the GC, DoD; and the Director for Information Technology Management Directorate (ITMD), WHS. The designees also may be the principal POC for the DoD Component for privacy matters.
(2) Responsibilities.
(i)
The Board shall have oversight responsibility for implementation of the DoD Privacy Program. It shall ensure the policies, practices, and procedures of that Program are premised on the requirements of 5 U.S.C. 552a and OMB Circular A-130, as well as other pertinent authority, and the Privacy Programs of the DoD Component are consistent with, and in furtherance of, the DoD Privacy Program.
(ii)
The Board shall serve as the primary DoD policy forum for matters involving the DoD Privacy Program, meeting as necessary, to address issues of common concern so as to ensure uniform and consistent policy shall be adopted and followed by the DoD Components. The Board shall issue advisory opinions as necessary on the DoD Privacy Program so as to promote uniform and consistent application of 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(b) The Defense Data Integrity Board—
(1) Membership.
The Board shall consist of the DA&M, OSD, who shall serve as the Chair; the Director of the DPO, DA&M, who shall serve as the Executive Secretary; and the following officials or their designees: the representatives designated by the Secretaries of the Military Departments; the DUSD(PI); the (ASD) (NII)/CIO; the GC, DoD; the Inspector General, DoD; the ITMD, WHS; and the Director, Defense Manpower Data Center. The designees also may be the principal points of contact for the DoD Component for privacy matters.
(2) Responsibilities.
(i)
The Board shall oversee and coordinate, consistent with the requirements of 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R, all computer matching programs involving personal records contained in system of records maintained by the DoD Components.
(ii)
The Board shall review and approve all computer matching agreements between the Department of Defense and the other Federal, State or local governmental agencies, as well as memoranda of understanding when the match is internal to the Department of Defense, to ensure, under 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R, appropriate procedural and due process requirements shall have been established before engaging in computer matching activities.
(c) The Defense Privacy Board Legal Committee—
(1) Membership.
The Committee shall consist of the Director, DPO, DA&M, who shall serve as the Chair and the Executive Secretary; the GC, DoD, or designee; and civilian and/or military counsel from each of the DoD Components. The General Counsels (GCs) and The Judge Advocates General of the Military Departments shall determine who shall provide representation for their respective Department to the Committee. This does not preclude representation from each office. The GCs of the other DoD Components shall provide legal representation to the Committee. Other DoD civilian or military counsel may be appointed by the Executive Secretary, after coordination with the DoD Component concerned, to serve on the Committee on those occasions when specialized knowledge or expertise shall be required.
(2) Responsibilities.
(i)
The Committee shall serve as the primary legal forum for addressing and resolving all legal issues arising out of or incident to the operation of the DoD Privacy Program.
(ii)
The Committee shall consider legal questions regarding the applicability of 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R and questions arising out of or as a result of other statutory and regulatory authority, to include the impact of judicial decisions, on the DoD Privacy Program. The Committee shall provide advisory opinions to the Defense Privacy Board and, on request, to the DoD Components.
(d) The DPO—
(1) Membership.
It shall consist of a Director and a staff. The Director also shall serve as the Executive Secretary and a member of the Defense Privacy Board; as the Executive Secretary to the Defense Data Integrity Board; and as the Chair and the Executive Secretary to the Defense Privacy Board Legal Committee.
(2) Responsibilities.
(i)
Manage activities in support of the Privacy Program oversight responsibilities of the DA&M.
(ii)
Provide operational and administrative support to the Defense Privacy Board, the Defense Data Integrity Board, and the Defense Privacy Board Legal Committee.
(iv)
Provide guidance and assistance to the DoD Components in their implementation and execution of the DoD Privacy Program.
(v)
Review DoD legislative, regulatory, and other policy proposals which implicate information privacy issues relating to the Department's collection, maintenance, use, or dissemination of personal information, to include any testimony and comments having such implications under DoD Directive 5500.1.
(vi)
Review proposed new, altered, and amended systems of records, to include submission of required notices for publication in the Federal Register and, when required, providing advance notification to the OMB and the Congress, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(vii)
Review proposed DoD Component privacy rulemaking, to include submission of the rule to the Office of the Federal Register for publication and providing to the OMB and the Congress reports, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(viii)
Develop, coordinate, and maintain all DoD computer matching agreements, to include the submission of required match notices for publication in the Federal Register and the provision of advance notification to the OMB and the Congress, consistent with 5 U.S.C. 552a, OMB Circular A-130, and DoD 5400.11-R.
(A)
All information requirements developed to collect or maintain personal data conform to DoD Privacy Program standards;
(B)
Appropriate procedures and safeguards shall be developed, implemented, and maintained to protect personal information when it is stored in either a manual and/or automated system of records or transferred by electronic or non-electronic means; and
(C)
Specific procedures and safeguards shall be developed and implemented when personal data is collected and maintained for research purposes.
(x)
Serve as the principal POC for coordination of privacy and related matters with the OMB and other Federal, State, and local governmental agencies.
(xi)
Compile and submit the “Biennial Matching Activity Report” to the OMB as required by OMB Circular A-130 and DoD 5400.11-R, and the Quarterly and Annual Federal Information Security Management Agency (FISMA) Privacy Reports, as required by 44 U.S.C. 3544(c), such other reports as may be required.