80 FR 70765 - Privacy Act of 1974; System of Records

DEPARTMENT OF DEFENSE
Office of the Secretary

Federal Register Volume 80, Issue 220 (November 16, 2015)

The Office of the Secretary of Defense proposes to alter a new system of records, DHRA 10 DoD, entitled ``Defense Sexual Assault Advocate Certification Program'' to track the certification of SARC and SAPR VAs. Information will be used to review, process, and report on the status of SARC and SAPR VA certification to Congress.

[Federal Register Volume 80, Number 220 (Monday, November 16, 2015)]
[Notices]
[Pages 70765-70767]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2015-28927]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID DoD-2015-OS-0127]


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary of Defense, DoD.

ACTION: Notice to alter a System of Records.

-----------------------------------------------------------------------

SUMMARY: The Office of the Secretary of Defense proposes to alter a new 
system of records, DHRA 10 DoD, entitled ``Defense Sexual Assault 
Advocate Certification Program'' to track the certification of SARC and 
SAPR VAs. Information will be used to review, process, and report on 
the status of SARC and SAPR VA certification to Congress.

DATES: Comments will be accepted on or before December 16, 2015. This 
proposed action will be effective the day following the end of the 
comment period unless comments are received which result in a contrary 
determination.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
    * Mail: Department of Defense, Office of the Deputy Chief 
Management Officer, Directorate of Oversight and Compliance, Regulatory 
and Audit Matters Office, 9010 Defense Pentagon, Washington, DC 20301-
9010.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the Internet 
at http://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Cindy Allard, Chief, OSD/JS 
Privacy Office, Freedom of Information Directorate, Washington 
Headquarters Service, 1155 Defense Pentagon, Washington, DC 20301-1155, 
or by phone at (571) 372-0461.

SUPPLEMENTARY INFORMATION: The Office of the Secretary of Defense 
notices for systems of records subject to the Privacy Act of 1974 (5 
U.S.C. 552a), as amended, have been published in the Federal Register 
and are available from the address in FOR FURTHER INFORMATION CONTACT 
or at http://dpcld.defense.gov/ gov/. The proposed system report, as 
required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, 
was submitted on November 4, 2015, to the House Committee on Oversight 
and Government Reform, the Senate Committee on Governmental Affairs, 
and the Office of Management and Budget (OMB) pursuant to paragraph 4c 
of Appendix I to OMB Circular No. A-130, ``Federal Agency 
Responsibilities for Maintaining Records About Individuals,'' dated 
February 8, 1996 (February 20, 1996, 61 FR 6427).

    Dated: November 10, 2015.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
DHRA 10 DoD

System name:
    Defense Sexual Assault Advocate Certification Program (July 11, 
2012, 77 FR 40861).

Changes:
* * * * *

System location:
    Delete entry and replace with ``National Organization for Victim 
Assistance, 510 King Street, Suite 424, Alexandria, VA 22314-3132.
    Back-up: Suntrust Bank, 515 King Street, Alexandria, VA 22314-
3157.''
* * * * *

Categories of records in the system:
    Delete entry and replace with ``Applicant's first name, middle 
initial, and last name; position type (Sexual Assault Response 
Coordinator (SARC) or Sexual Assault Prevention Representative Victim 
Advocate (SAPR VA)); Service/DoD affiliation and status; grade/rank; 
installation/command; work email address and telephone number; official 
military address of applicant and applicant's SARC (commanding officer, 
street, city, state, ZIP code, country); position level (Level I, II, 
III, or IV); certificates of training; date of application; 
verification of sexual assault victim advocacy experience (position, 
dates, hours, supervisor; name, title, and work telephone number of 
verifier); evaluation of sexual assault victim experience (description 
of

[[Page 70766]]

applicant skills, abilities, and experience; name, title, and office of 
evaluator), letters of recommendation by the first person in the chain 
of command, SARC, and the Senior Commander or the Commander; supervisor 
and commander statement of understanding, documentation of continuing 
education training courses; Defense Sexual Assault Advocate 
Certification Program (D-SAACP) identification (ID) number.''

Authority for maintenance of the system:
    Delete entry and replace with ``10 U.S.C. 136, Under Secretary of 
Defense for Personnel and Readiness; DoD Directive 6495.01, Sexual 
Assault Prevention and Response (SAPR) Program; DoD Instruction 
6495.02, Sexual Assault Prevention and Response (SAPR) Program 
Procedures; and Directive-type Memorandum (DTM) 14-001, Defense Sexual 
Assault Advocate Certification Program (D-SAACP).''
* * * * *

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    Delete entry and replace with ``In addition to those disclosures 
generally permitted in accordance with 5 U.S.C. 552a(b) of the Privacy 
Act of 1974, as amended, the records contained herein may specifically 
be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 
552a(b)(3) as follows:
    To the Department of Justice Office for Victims of Crime and 
Training Technical Assistance Center for the purpose of verifying 
certified SARCs and SAPR VAs for participation in Advance Military 
Sexual Assault Advocate Training.

Law Enforcement Routine Use:
    If a system of records maintained by a DoD Component to carry out 
its functions indicates a violation or potential violation of law, 
whether civil, criminal, or regulatory in nature, and whether arising 
by general statute or by regulation, rule, or order issued pursuant 
thereto, the relevant records in the system of records may be referred, 
as a routine use, to the agency concerned, whether federal, state, 
local, or foreign, charged with the responsibility of investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, rule, regulation, or order issued pursuant thereto.

Disclosure When Requesting Information Routine Use:
    A record from a system of records maintained by a DoD Component may 
be disclosed as a routine use to a federal, state, or local agency 
maintaining civil, criminal, or other relevant enforcement information 
or other pertinent information, such as current licenses, if necessary 
to obtain information relevant to a DoD Component decision concerning 
the hiring or retention of an employee, the issuance of a security 
clearance, the letting of a contract, or the issuance of a license, 
grant, or other benefit.

Disclosure of Requested Information Routine Use:
    A record from a system of records maintained by a DoD Component may 
be disclosed to a federal agency, in response to its request, in 
connection with the hiring or retention of an employee, the issuance of 
a security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.

Congressional Inquiries Disclosure Routine Use:
    Disclosure from a system of records maintained by a DoD Component 
may be made to a congressional office from the record of an individual 
in response to an inquiry from the congressional office made at the 
request of that individual.

Disclosure to the Office of Personnel Management Routine Use:
    A record from a system of records subject to the Privacy Act and 
maintained by a DoD Component may be disclosed to the Office of 
Personnel Management (OPM) concerning information on pay and leave, 
benefits, retirement deduction, and any other information necessary for 
the OPM to carry out its legally authorized government-wide personnel 
management functions and studies.

Disclosure of Information to the National Archives and Records 
Administration Routine Use:
    A record from a system of records maintained by a DoD Component may 
be disclosed as a routine use to the National Archives and Records 
Administration for the purpose of records management inspections 
conducted under authority of 44 U.S.C. 2904 and 2906.

Disclosure to the Merit Systems Protection Board Routine Use:
    A record from a system of records maintained by a DoD Component may 
be disclosed as a routine use to the Merit Systems Protection Board, 
including the Office of the Special Counsel for the purpose of 
litigation, including administrative proceedings, appeals, special 
studies of the civil service and other merit systems, review of OPM or 
component rules and regulations, investigation of alleged or possible 
prohibited personnel practices; including administrative proceedings 
involving any individual subject of a DoD investigation, and such other 
functions, promulgated in 5 U.S.C. 1205 and 1206, or as may be 
authorized by law.

Data Breach Remediation Purposes Routine Use:
    A record from a system of records maintained by a Component may be 
disclosed to appropriate agencies, entities, and persons when (1) The 
Component suspects or has confirmed that the security or 
confidentiality of the information in the system of records has been 
compromised; (2) the Component has determined that as a result of the 
suspected or confirmed compromise there is a risk of harm to economic 
or property interests, identity theft or fraud, or harm to the security 
or integrity of this system or other systems or programs (whether 
maintained by the Component or another agency or entity) that rely upon 
the compromised information; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the Components efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    The DoD Blanket Routine Uses set forth at the beginning of the 
Office of the Secretary of Defense (OSD) compilation of systems of 
records notices may apply to this system. The complete list of DoD 
blanket routine uses can be found Online at: http://dpclo.defense.gov/
Privacy/SORNsIndex/BlanketRoutineUses.aspx.''

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Delete entry and replace with ``Paper file folders and electronic 
storage media.''

Retrievability:
    Delete entry and replace with ``First and last name and/or D-SAACP 
ID number.''

Safeguards:
    Delete entry and replace with ``Records are maintained in a 
controlled

[[Page 70767]]

facility that employs physical restrictions such as double locks and is 
accessible only to authorized persons who hold key fobs. Access to 
electronic data files in the system is role-based, restricted to 
essential personnel only, and requires the use of a password. The data 
server is locked in a windowless room with restricted access. Data is 
encrypted, and backup data is also encrypted and removed to an off-site 
secure location for storage. Paper files are stored in a locked filing 
cabinet in a locked room in the controlled facility. System access to 
case files will be limited to computers within a closed network, not 
connected to the internet or other servers.''

Retention and disposal:
    Delete entry and replace with ``Temporary, Destroy when 5 years 
old.''

System manager(s) and address:
    Delete entry and replace with ``Sexual Assault Prevention and 
Response Office, ATTN: D-SAACP Manager, 4800 Mark Center Drive, 
Alexandria, VA 22350-1500.''

Notification procedure:
    Delete entry and replace with ``Individuals seeking to determine 
whether information about themselves is contained in this system of 
records should address written inquiries to the Sexual Assault 
Prevention and Response Office, ATTN: D-SAACP Manager, 4800 Mark Center 
Drive, Alexandria, VA 22350-1500.
    Signed, written requests should contain first and last name and/or 
D-SAACP ID number.''

Record access procedures:
    Delete entry and replace with ``Individuals seeking access to 
records about themselves contained in this system should address 
written inquiries to the OSD/Joint Staff Freedom of Information Act, 
Requester Service Center, Office of Freedom of Information, 1155 
Defense Pentagon, Washington, DC 20301-1155.
    Signed, written requests should contain first and last name, D-
SAACP ID number, and the name and number of this system of records 
notice.''
* * * * *
[FR Doc. 2015-28927 Filed 11-13-15; 8:45 am]
BILLING CODE 5001-06-P