Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, the DoD is establishing a new Department-wide system of records titled, "Declared Public Health Emergency Exposure Records," DoD-0013. This system of records covers DoD's maintenance of records about individuals necessitated by a declared public health emergency (DPHE) by an appropriate official, including the Secretary of Health and Human Services pursuant to the Public Health Services Act, a DoD official, or other authorized state, local, or other governmental public health official pursuant to applicable law. These records are maintained to assist the DoD in establishing safe environments, identifying and protecting DoD-affiliated individuals at risk of transmission of or contracting the disease or agent at issue, and in supporting mission readiness. Additionally, the DoD is issuing a direct final rule, which is exempting this system of records from certain provisions of the Privacy Act, elsewhere in today's issue of the Federal Register.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 241 (Friday, December 16, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 241 (Friday, December 16, 2022)]
[Notices]
[Pages 77081-77085]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-27150]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DoD-2022-OS-0138]


Privacy Act of 1974; System of Records

AGENCY: Department of Defense (DoD).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the DoD is 
establishing a new Department-wide system of records titled, ``Declared 
Public Health Emergency Exposure Records,'' DoD-0013. This system of 
records covers DoD's maintenance of records about individuals 
necessitated by a declared public health emergency (DPHE) by an 
appropriate official, including the Secretary of Health and Human 
Services pursuant to the Public Health Services Act, a DoD official, or 
other authorized state, local, or other governmental public health 
official pursuant to applicable law. These records are maintained to 
assist the DoD in establishing safe environments, identifying and 
protecting DoD-affiliated individuals at risk of transmission of or 
contracting the disease or agent at issue, and in supporting mission 
readiness. Additionally, the DoD is issuing a direct final rule, which 
is exempting this system of records from certain provisions of the 
Privacy Act, elsewhere in today's issue of the Federal Register.

DATES: This system of records is effective upon publication; however, 
comments on the Routine Uses will be accepted on or before January 17, 
2023. The Routine Uses are effective at the close of the comment 
period.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>. Follow 
the instructions for submitting comments.
    * Mail: Department of Defense, Office of the Assistant to the 
Secretary of Defense for Privacy, Civil Liberties, and Transparency, 
Regulatory Directorate, 4800 Mark Center Drive, Attn: Mailbox 24, Suite 
08D09, Alexandria, VA 22350-1700.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the internet 
at <a href="https://www.regulations.gov">https://www.regulations.gov</a> as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Rahwa Keleta, Defense Privacy and 
Civil Liberties Division, Directorate for Privacy, Civil Liberties and 
Freedom of Information, Office of the Assistant to the Secretary of 
Defense for Privacy, Civil Liberties, and Transparency, Department of 
Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, 
VA 22350-1700; <a href="/cdn-cgi/l/email-protection#5e110d1a701a0e1d120a1a1e333f373270333732"><span class="__cf_email__" data-cfemail="5d120e1973190d1e1109191d303c343173303431">[email&#160;protected]</span></a>; (703) 571-0070.

SUPPLEMENTARY INFORMATION: 

I. Background

    DoD is establishing the Declared Public Health Emergency Exposure 
Records, DoD-0013 as a DoD-wide Privacy Act system of records. A DoD-
wide system of records notice (SORN) supports multiple DoD paper or 
electronic recordkeeping systems operated by more than one DoD 
component that maintain the same kind of information about individuals 
for the same purpose. The establishment of DoD-wide SORNs helps DoD 
standardize the rules governing the collection, maintenance, use, and 
sharing of personal information in key areas across the enterprise. 
DoD-wide SORNs also reduce duplicative and overlapping SORNs published 
by separate DoD components. The creation of DoD-wide SORNs is expected 
to make locating relevant SORNs easier for DoD personnel and the 
public, and create efficiencies in the operation of the DoD privacy 
program.
    DoD prioritizes the safety of its workforce to ensure Department's 
missions are able to be accomplished successfully at all times in 
defense of the Nation. To do that, DoD must maintain operationally 
ready capabilities, including operating within degraded environments 
such as during a DPHE. Public health emergencies are varied; they may 
be broad or limited in geographical scope and may be declared by 
various authorities such as the Secretary of Health and Human Services 
or the responsible, designated State, local, tribal, or territorial 
official, or cognizant military commander. Responses to public health 
emergencies depend on the nature of the emergency, but in some cases 
the degraded environment created by the public health emergency may 
require the DoD to collect personal information to ensure a safe and 
secure workplace for employees and visitors to DoD facilities, and 
ultimately, to ensure DoD is able to continue to carry out its mission.
    DoD Instruction 6200.03, ``Public Health Emergency Management 
within the DoD,'' establishes DoD policy for DPHE. This includes the 
authority and responsibilities of DoD commanders and other officials 
during a DPHE, and various activities that may be required to address 
the emergency. For example, paragraph 3.1.d(1) provides that DoD

[[Page 77082]]

may need to initiate actions to collect and analyze data on the health 
hazard causing the DPHE, and paragraph 3.1.d(3) provides that DoD may 
need to act to ensure identification, interview, and tracking of all 
individuals or groups suspected to have been exposed to the health 
hazard to characterize the source and spread of the health hazard. In 
carrying out these and other activities, DoD may collect and maintain 
information about individuals that is subject to the Privacy Act and 
therefore requires a SORN, but is not already covered by other DoD 
SORNs. Examples of the types of data in records that may be uniquely 
covered by this SORN include contact tracing data, which is the 
identification and contact information of individuals suspected or 
confirmed to have contracted a disease or illness, or exposed to an 
individual suspected or confirmed to have contracted a disease or 
illness, related to a DPHE; individual circumstances and dates of 
suspected exposure; and health status information. The data may also 
include information about individuals exposed to a public health threat 
other than a communicable disease such as a radiological exposure or 
the release of a toxin or chemical agents, related to a DPHE. This 
system of records also supports the sharing of information that may 
need to occur during a DPHE, such as sharing of exposure information 
about individuals with public health authorities to support public 
health goals, such as contact tracing and the reduction of the spread 
of a health hazard.
    The information covered by this system of records is separate and 
unique from other DoD systems of records which contain records 
maintained by DoD for accountability and assessment of DoD-affiliated 
personnel, or created during the normal course of DoD's delivery of 
occupational health and safety services, which DoD provides routinely 
to members of the military and DoD civilians, and sometimes to DoD 
visitors, concessionaires, and contractors. These records are covered 
by other SORNs, and are specifically identified in the notice below for 
clarity.
    DoD maintains this information to ensure mission success through 
the appropriate management and response to the public health emergency, 
and to reduce the risk of disease or illness among DoD military and 
civilian personnel, contractors, concessionaires, and visitors to DoD 
facilities. The collection and use of records covered by this system of 
records is only permitted during times of a declared public health 
emergency.
    Finally, the Health Insurance Portability and Accountability Act of 
1996 (HIPAA) Rules, as amended by the Omnibus Final Rule, include the 
HIPAA Privacy Rule, the HIPAA Breach Rule, the HIPAA Security Rule, and 
the HIPAA Enforcement (Parts 160 and 164 of Title 45 CFR), permit a DoD 
covered entity to use or disclose protected health information for 
public health activities as noted in DoD Manual 6025.18. Under HIPAA, 
``public health authority'' means an agency or authority of the United 
States, a State, a territory, a political subdivision of a State or 
territory, or an Indian tribe, or a person or entity acting under a 
grant of authority from or contract with such public agency, including 
the employees or agents of such public agency or its contractors or 
persons or entities to whom it has granted authority, that is 
responsible for public health matters as part of its official mandate. 
45 CFR 164.501 (definition of ``public health authority''). The HIPAA 
Rules only apply if the entity or individual that is disclosing 
protected health information meets the definition of a HIPAA covered 
entity or business associate. The records covered under this SORN are 
not subject to the HIPAA Rules.
    Additionally, the DoD is issuing a direct final rule to exempt this 
system of records from certain provisions of the Privacy Act elsewhere 
in today's issue of the Federal Register. DoD SORNs have been published 
in the Federal Register and are available from the address in FOR 
FURTHER INFORMATION CONTACT or at the Defense Privacy, Civil Liberties, 
and Freedom of Information Directorate website at <a href="https://dpcld.defense.gov">https://dpcld.defense.gov</a>.

II. Privacy Act

    Under the Privacy Act, a ``system of records'' is a group of 
records under the control of an agency from which information is 
retrieved by the name of an individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. In 
the Privacy Act, an individual is defined as a U.S. citizen or lawful 
permanent resident.
    In accordance with 5 U.S.C. 552a(r) and Office of Management and 
Budget (OMB) Circular No. A-108, DoD has provided a report of this 
system of records to the OMB and to Congress.

    Dated: December 9, 2022.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.

SYSTEM NAME AND NUMBER:
    Declared Public Health Emergency Exposure Records, DoD-0013.

SECURITY CLASSIFICATION:
    Unclassified and classified.

SYSTEM LOCATION:
    Department of Defense (Department or DoD), located at 1000 Defense 
Pentagon, Washington, DC 20301-1000, and other Department 
installations, offices, or mission locations. Information may also be 
stored within a government-certified cloud, implemented and overseen by 
the Department's Chief Information Officer (CIO), 6000 Defense 
Pentagon, Washington, DC 20301-6000.

SYSTEM MANAGERS:
    The system managers for this system of records are as follows:
    A. Office of the Assistant Secretary of Defense for Health Affairs, 
Under Secretary of Defense (Personnel and Readiness), 1000 Defense 
Pentagon, Washington, DC 20301-1100.
    B. Deputy Assistant Secretary of the Army, Office of the Surgeon 
General, U.S. Army Medical Command, 2050 Worth Road, Suite 13, Fort Sam 
Houston, TX 78234-6013.
    C. Air Force Occupational Safety and Health (AFOSH), Department of 
the Air Force, 1000 Defense Pentagon, Washington, DC 20301-1100, 
<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e89d9b898ec6988d869c898f8786c6898ec589d9c6858a90c689d999b79f879a838e84879fa885898184c6858184">[email&#160;protected]</a>.
    D. Chief of Naval Personnel, Occupational and Environmental 
Medicine, Navy & Marine Corps Public Health Center, 620 John Paul Jones 
Circle, Suite 1100, Portsmouth, VA 23708-2103.
    E. The Privacy Act responsibilities concerning access, amendment, 
and disclosure of the records within this system of records have been 
delegated to the DoD components. DoD components include the Military 
Departments of the Army, Air Force (including the U.S. Space Force), 
and Navy (including the U.S. Marine Corps), field operating agencies, 
major commands, field commands, installations, and activities. To 
contact the system managers at the DoD component with oversight of the 
records, go to <a href="http://www.FOIA.gov">www.FOIA.gov</a> to locate the contact information for each 
component's Freedom of Information Act (FOIA) office.

[[Page 77083]]

AUTHORITY FOR MAINTAINANCE OF THIS SYSTEM:
    10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 136, Under Secretary 
of Defense for Personnel and Readiness; 10 U.S.C. 2672, Protection of 
Buildings, Grounds, Property, and Persons and Implementation of Section 
2672 of Title 10, United States Code; E.O. 14043, Requiring Coronavirus 
Disease 2019 Vaccination for Federal Employees; DoD Directive 5525.21, 
Protection of Buildings, Grounds, Property, and Persons; DoDI 6200.03, 
Public Health Emergency Management within the DoD; and DoDI 6055.17, 
DoD Emergency Management Program; or successor DoD policies, and E.O. 
9397, as amended.

    Note 1:  The records covered under this SORN, while covered by 
the Privacy Act, are not subject to the HIPAA Rules.

PURPOSE(S) OF THE SYSTEM:
    A. To support required or authorized activities during a declared 
public health emergency, such as contact tracing and coordination with 
medical and public health officials, for the purpose of maintaining 
safe and healthy DoD environments, including work and training 
environments, transportation facilities and vehicles, base housing, 
retail and recreation areas, hospitals, and other health care 
facilities.
    B. To support the managing, monitoring, tracking, reporting and 
sharing of records created during a declared public health emergency to 
protect DoD Service members and their dependents, the civilian 
workforce, contractors, concessionaires, and visitors to DoD 
facilities.
    C. To identify and protect individuals at risk for transmitting or 
contracting a communicable disease related to a declared public health 
emergency; to identify and protect those who may be at elevated risk of 
symptomatic or severe disease from a public health threat, such as a 
communicable disease or biohazard, or exposure to radiation, toxins, or 
chemical agents; and to limit exposure to the source(s) of infection or 
illness through public health mitigation and surveillance activities, 
such as monitoring and contact tracing.
    D. To support DoD and non-DoD health care personnel, including 
public health officials, who need to collect, use, and review this 
information in performance of their duties related to the public health 
emergency or to delivering health care to affected individuals.
    E. To support use of this information by other DoD officials to 
determine mission readiness and conduct after-action reviews. 
Statistical data instead of identifiable information will be used 
wherever practicable for these efforts.

    Note 2:  A declared public health emergency may be limited or 
broad in geographic scope, and could affect one, many, or all DoD 
installations and facilities. This system of records may support 
worldwide DoD public health emergency activities in the case of a 
pandemic, or local or regional DoD activities in the case of a 
geographically limited public health emergency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    DoD military Service members (Active Duty, Guard/Reserve, and Coast 
Guard personnel when acting as a military service with the Navy), 
civilian personnel (including non-appropriated fund employees), DoD 
spouses/dependents and cohabitants, military retirees, and DoD 
contractors. Also, personnel of partner organizations, visitors, 
eligible patrons, or concessionaires accessing or sharing DoD 
facilities or attending DoD-sponsored events, and individuals residing 
in military housing during a declared public health emergency, 
including a pandemic.

CATEGORIES OF RECORDS IN THE SYSTEM:
    A. Personal and Employment Information: name, Employee 
Identification Number/DoD ID number, Social Security Number, date of 
birth, gender, address, phone number(s), email(s), demographic or 
biographical information, recent domestic and international travel and 
status (e.g., Service member, dependent, civilian, contractor, visitor, 
etc.); emergency contact information (emergency contact's name, phone 
number, address, email address, and relationship to the individual); 
employment information (title, organizational affiliation, duty 
location); employment time and attendance records; disability 
information; personnel accountability information (such as current work 
status of the individual and affiliated leave status information).
    B. Medical Information: confirmed medical test results, physician 
assessment of medical transmission risk status (either for the 
individual or because the individual cohabitates with others who may be 
considered medically high-risk); medical diagnoses and prognosis 
information; dates of medical visits or tests, individual symptoms; 
potential or actual exposure to the public health threat (e.g., 
biohazard or communicable disease); medical history related to the 
treatment of a virus or communicable disease essential to mitigate the 
spread of disease during a public health emergency; immunizations and 
vaccination information; medical directives and/or expressions of 
interest in receiving a vaccine or other medical treatments, religious 
or other objections to medical treatment; correspondence with 
individuals or medical/family representatives on medical treatment; 
medical, treatment, or disclosure consent forms;, medical or health 
emergency notification forms.
    C. Contact Tracing Information: proximity tracking information of 
individuals after diagnosis or suspected exposure, to include dates 
when the individual visited a DoD facility or attended a DoD-sponsored 
event, the locations visited within the facility (e.g., floor, room 
number), time duration spent in the facility, and identification of 
persons in contact with while at the facility; records that indicate an 
individual's location and/or proximity to others on DoD property or at 
the event over time as compiled through either manual or through 
technical means (such as badge access, office location, and information 
technology system login information; and any other relevant information 
completed, obtained, or developed as a result of an individual 
attending, working or entering a DoD facility/event during a public 
health emergency).

    Note 3:  Excluded from this system of records are employee 
occupational medical records covered by the U.S. Office of Personnel 
Management (OPM) regulation at 5 CFR part 293, subpart E, Employee 
Medical File System Records. The regulation requires agencies that 
are subject to OPM's recordkeeping requirements to maintain employee 
occupational medical records in the agency's Employee Medical File 
System. Such records are covered exclusively by the OPM/GOVT-10, 
Employee Medical File System of Records.


    Note 4:  Excluded from this system of records are DoD 
accountability and assessment records as described in DoD-0012, 
Defense Accountability and Assessment Records SORN. Records in DoD-
0012 are collected and used to account for DoD-affiliated personnel 
in a natural or man-made disaster, during a public health emergency, 
or when directed by the Secretary of Defense. During a declared 
public health emergency, DoD may collect and maintain records under 
both the DoD-0012 SORN to support DoD accountability and assessment 
for DoD-affiliated individuals, and this SORN to support contract 
tracing and other authorized public health objectives necessitated 
by the declared public health emergency.

RECORD SOURCE CATEGORIES:
    Records and information stored in this system of records are 
obtained from:

[[Page 77084]]

Individuals, healthcare personnel, entities designated as public health 
authorities, and information systems maintaining data described in the 
Categories of Records section above, such as DoD medical systems, DoD 
human resources/personnel systems, DoD identity and credentialing 
software for information technology systems; and visitor, security, and 
access control systems for DoD facilities or locations where DoD-
sponsored events are held. When the individual is a minor or is 
otherwise unable to provide information about themselves due to illness 
or other incapacity, DoD may collect information from appropriate 
sources such as family members, co-workers, friends, or co-habitants 
for the purposes described in this notice.

ROUTINE USES AND RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, all or a portion of the 
records or information contained herein may specifically be disclosed 
outside the DoD as Routine Use pursuant to 5 U.S.C. 552a(b)(3) as 
follows:
    A. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal government when 
necessary to accomplish an agency function related to this system of 
records.
    B. To the appropriate Federal, State, local, territorial, tribal, 
foreign, or international law enforcement authority or other 
appropriate entity where a record, either alone or in conjunction with 
other information, indicates a violation or potential violation of law, 
whether criminal, civil, or regulatory in nature.
    C. To any component of the Department of Justice for the purpose of 
representing the DoD, or its components, officers, employees, or 
members in pending or potential litigation to which the record is 
pertinent.
    D. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body or official, when the DoD or other 
Agency representing the DoD determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant to the proceeding.
    E. To the National Archives and Records Administration for the 
purpose of records management inspections conducted under the authority 
of 44 U.S.C. 2904 and 2906.
    F. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    G. To appropriate agencies, entities, and persons when (1) the DoD 
suspects or confirms a breach of the system of records; (2) the DoD 
determines as a result of the suspected or confirmed breach there is a 
risk of harm to individuals, the DoD (including its information 
systems, programs, and operations), the Federal government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the DoD's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    H. To another Federal agency or Federal entity, when the DoD 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal government, or national security, resulting from a 
suspected or confirmed breach.
    I. To another Federal, State or local agency for the purpose of 
comparing to the agency's system of records or to non-Federal records, 
in coordination with an Office of Inspector General in conducting an 
audit, investigation, inspection, evaluation, or some other review as 
authorized by the Inspector General Act of 1978, as amended.
    J. To such recipients and under such circumstances and procedures 
as are mandated by Federal statue or treaty.
    K. To Federal, State, local, foreign, or international public 
health agencies and officials, including the Centers for Disease 
Control and Prevention, to the extent necessary to comply with laws or 
policies governing reporting on the impact of a communicable disease, 
agent, or other cause responsible for the declared public health 
emergency.
    L. To an emergency contact for purposes of locating an individual 
to communicate possible exposure to or treatment options for a public 
health threat such as a communicable disease or exposure to a 
biohazard.
    M. To the U.S. Department of State when it requires information to 
consider or provide an informed response to a request for information 
from a foreign, international, or intergovernmental agency, authority, 
or organization about public health relating to DoD personnel, 
facilities, or activities abroad.
    N. To individuals for the purpose of determining if they have had 
contact with a person known or suspected to have a communicable 
disease, illness, or other exposure that requires quarantine, and to 
identify and protect the health and safety of others who may have been 
exposed.
    O. To hospitals, physicians, and other healthcare providers for the 
purpose of protecting the health and safety of individuals who may have 
been exposed to a contagion or biohazard, or to assist such persons or 
organizations in preventing exposure to or transmission of a 
communicable disease.
    P. To Federal, state, local, tribal, territorial, or foreign 
governmental agencies; multilateral governmental organizations; medical 
facilities or providers, or other public health entities, for the 
purpose of protecting the vital interests of a record subject or other 
persons, including to assist such agencies or organizations during an 
epidemiological investigation, in facilitating continuity of care, or 
in preventing exposure to or transmission of a communicable disease or 
biohazard of public health significance.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records may be stored electronically or on paper in secure 
facilities in a locked drawer behind a locked door. Electronic records 
may be stored locally on digital media; in agency-owned cloud 
environments; or in vendor Cloud Service Offerings certified under the 
Federal Risk and Authorization Management Program (FedRAMP).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by an individual's name and/or individual 
identification number, such as Social Security Number or DoD ID Number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are to be retained by the Office of the Secretary of 
Defense, the Joint Staff, the Military Departments, the Defense 
Agencies, and the Defense Field Activities in accordance with their 
NARA-approved records retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DoD safeguards records in this system of records according to 
applicable rules,

[[Page 77085]]

policies, and procedures, including all applicable DoD automated 
systems security and access policies. DoD policies require the use of 
controls to minimize the risk of compromise of personally identifiable 
information (PII) in paper and electronic form and to enforce access by 
those with a need to know and with appropriate clearances. 
Additionally, DoD has established security audit and accountability 
policies and procedures which support the safeguarding of PII and 
detection of potential PII incidents. DoD routinely employs safeguards 
such as the following to information systems and paper recordkeeping 
systems: Multifactor log-in authentication including Common Access Card 
(CAC) authentication and password; physical token as required; physical 
and technological access controls governing access to data; network 
encryption to protect data transmitted over the network; disk 
encryption securing disks storing data; key management services to 
safeguard encryption keys; masking of sensitive data as practicable; 
mandatory information assurance and privacy training for individuals 
who will have access; identification, marking, and safeguarding of PII; 
physical access safeguards including multifactor identification 
physical access controls, detection and electronic alert systems for 
access to servers and other network infrastructure; and electronic 
intrusion detection systems in DoD facilities.
    Personal information maintained will be the minimum necessary and 
only used for the purposes stated in this notice. Such information will 
be retained for the minimum amount of time, remain accessible only to 
personnel with a valid operational need, and only be used for the 
public health emergency and no other purposes. These records may be 
provided in aggregate for accountability and mission readiness 
purposes, as long as the information may not be easily re-identified.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to their records should follow the 
procedures in 32 CFR part 310. Individuals should address written 
inquiries to the DoD component with oversight of the records, as the 
component has Privacy Act responsibilities concerning access, 
amendment, and disclosure of the records within this system of records. 
The public may identify the contact information for the appropriate DoD 
office through the following website: <a href="http://www.FOIA.gov">www.FOIA.gov</a>. Signed written 
requests should contain the name and number of this system of records 
notice along with the full name, current address, and email address of 
the individual. In addition, the requester must provide either a 
notarized statement or an unsworn declaration made in accordance with 
28 U.S.C. 1746, in the appropriate format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    Individuals seeking to amend or correct the content of records 
about them should follow the procedures in 32 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether information about 
themselves is contained in this system of records should follow the 
instructions for Record Access Procedures above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The DoD has exempted records maintained in this system from 5 
U.S.C. 552a(c)(3); (d)(1), (2), (3), and (4); (e)(1); (e)(4)(G), (H), 
and (I); and (f) pursuant to 5 U.S.C. 552a(k)(1). In addition, when 
exempt records received from other systems of records become part of 
this system, the DoD also claims the same exemptions for those records 
that are claimed for the prior system(s) of records of which they were 
a part, and claims any additional exemptions set forth here. An 
exemption rule for this system has been promulgated in accordance with 
requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) and (e), and 
published in 32 CFR part 310.

HISTORY:
    None.

[FR Doc. 2022-27150 Filed 12-15-22; 8:45 am]
BILLING CODE 5001-06-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>