317.4—Responsibilities.

(a) The Assistant Director, Resources has overall responsibility for the DCAA Privacy Act Program and will serve as the sole appellate authority for appeals to decisions of respective initial denial authorities.
(b) The Chief, Administrative Management Division under the direction of the Assistant Director, Resources, shall:
(1) Establish, issue, and update policies for the DCAA Privacy Act Program; monitor compliance with this part; and provide policy guidance for the DCAA Privacy Act Program.
(2) Resolve conflicts that may arise regarding implementation of DCAA Privacy Act policy.
(3) Designate an Agency Privacy Act Advisor, as a single point of contact, to coordinate on matters concerning Privacy Act policy.
(4) Make the initial determination to deny an individual's written Privacy Act request for access to or amendment of documents filed in Privacy Act systems of records. This authority cannot be delegated.
(c) The DCAA Privacy Act Advisor under the supervision of the Chief, Administrative Management Division shall:
(1) Manage the DCAA Privacy Act Program in accordance with this part and applicable DCAA policies, as well as DoD and Federal regulations.
(2) Provide guidelines for managing, administering, and implementing the DCAA Privacy Act Program.
(3) Implement and administer the Privacy Act program at the Headquarters.
(4) Ensure that the collection, maintenance, use, or dissemination of records of identifiable personal information is in a manner that assures that such action is for a necessary and lawful purpose; that the information is timely and accurate for its intended use; and that adequate safeguards are provided to prevent misuse of such information.
(5) Maintain and publish DCAA Pamphlet 5410.13, DCAA Compilation of Privacy Act System Notices. 4

Code of Federal Regulations


Footnote(s): 4 Copies may be obtained from the Defense Contract Audit Agency, ATTN: DCAA-CMO, 8725 John J. Kingman Road, Suite 2135, Fort Belvoir, VA 22060-6219. Electronic copies of DCAA Privacy notices may be obtained from http://www.defenselink.mil/privacy.
(6) Prepare promptly any required new, amended, or altered system notices for systems of records subject to the Privacy Act and submit them to the Defense Privacy Office for subsequent publication in the Federal Register.
(7) Prepare the annual Privacy Act Report as required by DoD 5400.11-5, DoD Privacy program.
(8) Conduct training on the Privacy Act program for Agency personnel.
(d) Heads of Principal Staff Elements are responsible for:
(1) Reviewing all regulations or other policy and guidance issuances for which they are the proponent to ensure consistency with the provisions of this part.
(2) Ensuring that the provisions of this part are followed in processing requests for records.
(3) Forwarding to the DCAA Privacy Act Advisor, any Privacy Act requests received directly from a member of the public, so that the request may be administratively controlled and processed.
(4) Ensuring the prompt review of all Privacy Act requests, and when required, coordinating those requests with other organizational elements.
(5) Providing recommendations to the DCAA Privacy Act Advisor regarding the releasability of DCAA records to members of the public, along with the responsive documents.
(6) Providing the appropriate documents, along with a written justification for any denial, in whole or in part, of a request for records to the DCAA Privacy Act Advisor. Those portions to be excised should be bracketed in red pencil, and the specific exemption or exemptions cites which provide the basis for denying the requested records.
(e) The General Counsel is responsible for:
(1) Ensuring uniformity is maintained in the legal position, and the interpretation of the Privacy Act; 32 CFR part 310; and this part.
(2) Consulting with DoD General Counsel on final denials that are inconsistent with decisions of other DoD components, involve issues not previously resolved, or raise new or significant legal issues of potential significance to other Government agencies.
(3) Providing advice and assistance to the Assistant Director, Resources; Regional Directors; and the Regional Privacy Act Officer, through the DCAA Privacy Act Advisor, as required, in the discharge of their responsibilities.
(4) Coordinating Privacy Act litigation with the Department of Justice.
(5) Coordinating on Headquarters denials of initial requests.
(f) Each Regional Director is responsible for the overall management of the Privacy Act program within their respective regions. Under his/her direction, the Regional Resources Manager is responsible for the management and staff supervision of the program and for designating a Regional Privacy Act Officer. Regional Directors will, as designee of the Director, make the initial determination to deny an individual's written Privacy Act request for access to or amendment of documents filed in Privacy Act systems of records. This authority cannot be delegated.
(g) Regional Privacy Act Officers will:
(1) Implement and administer the Privacy Act program throughout the region.
(2) Ensure that the collection, maintenance, use, or dissemination of records of identifiable personal information is in a DCAAR 5410.10 manner that assures that such action is for a necessary and lawful purpose; that the information is timely and accurate for its intended use; and that adequate safeguards are provided to prevent misuse of such information.
(3) Prepare input for the annual Privacy Act Report when requested by the DCAA Information and Privacy Advisor.
(4) Conduct training on the Privacy Act program for regional and FAO personnel.
(5) Provide recommendations to the Regional Director through the Regional Resources Manager regarding the releasability of DCAA records to members of the public.
(h) Managers, Field Audit Offices (FAOs) will:
(1) Ensure that the provisions of this part are followed in processing requests for records.
(2) Forward to the Regional Privacy Act Officer, any Privacy Act requests received directly from a member of the public, so that the request may be administratively controlled and processed.
(3) Ensure the prompt review of all Privacy Act requests, and when required, coordinating those requests with other organizational elements.
(4) Provide recommendation to the Regional Privacy Act Officer regarding the releasability of DCAA records to members of the public, along with the responsive documents.
(5) Provide the appropriate documents, along with a written justification for any denial, in whole or in part, of a request for records to the Regional Privacy Act Officer. Those portions to be excised should be bracketed in red pencil, and the specific exemption or exemptions cited which provide the basis for denying the requested records.
(i) DCAA Employees will:
(1) Not disclose any personal information contained in any system of records, except as authorized by this part.
(2) Not maintain any official files which are retrieved by name or other personal identifier without first ensuring that a notice for the system has been published in the Federal Register.
(3) Report any disclosures of personal information from a system of records or the maintenance of any system of records that are not authorized by this part to the appropriate Privacy Act officials for their action.