[Code of Federal Regulations] [Title 32, Volume 6] [Revised as of July 1, 2005] From the U.S. Government Printing Office via GPO Access [CITE: 32CFR806b.7] [Page 39-40] TITLE 32-NATIONAL DEFENSE CHAPTER VII--DEPARTMENT OF THE AIR FORCE PART 806b_PRIVACY ACT PROGRAM--Table of Contents Subpart A_Overview of the Privacy Act Program Sec. 806b.7 Responsibilities. (a) The Air Force Chief Information Officer is the senior Air Force Privacy Official with overall responsibility for the Air Force Privacy Act Program. (b) The Office of the General Counsel to the Secretary of the Air Force, Fiscal and Administrative Law Division (GCA) makes final decisions on appeals. (c) The General Litigation Division, Air Force Legal Services Agency (JACL), receives Privacy Act appeals and provides recommendations to the appellate authority. Service unique appeals, from combatant commands, should go through the respective chain of command. (d) The Plans and Policy Directorate, Office of the Chief Information Officer manages the program through the Air Force Privacy Act Officer who: (1) Administers procedures outlined in this part. (2) Reviews publications and forms for compliance with this part. (3) Reviews and approves proposed new, altered, and amended systems of records; and submits system notices and required reports to the Defense Privacy Office. (4) Serves as the Air Force member on the Defense Privacy Board and the Defense Data Integrity Board. (5) Provides guidance and assistance to Major Commands, field operating agencies, direct reporting units and combatant commands for which AF is executive agent in their implementation and execution of the Air Force Privacy Program. Ensures availability of training and training tools for a variety of audiences. [[Page 40]] (6) Provides advice and support to those commands to ensure that information requirements developed to collect or maintain personal data conform to Privacy Act standards; and that appropriate procedures and safeguards are developed, implemented, and maintained to protect the information. (e) Major Command commanders, and Deputy Chiefs of Staff and comparable officials at Secretary of the Air Force and Headquarters United States Air Force offices implement this part. (f) 11th Communications Squadron will provide Privacy Act training and submit Privacy Act reports for Headquarters United States Air Force and Secretary of the Air Force offices. (g) Major Command Commanders: Appoint a command Privacy Act officer, and send the name, office symbol, phone number, and e-mail address to Air Force Chief Information Officer/P. (h) Major Command and Headquarters Air Force Functional Chief Information Officers: (1) Review and provide final approval on Privacy Impact Assessments (see Appendix E of this part). (2) Send a copy of approved Privacy Impact Assessments to Air Force Chief Information Officer/P. (i) Major Command Privacy Act Officers: (1) Train base Privacy Act officers. May authorize appointment of unit Privacy Act monitors to assist with implementation of the program. (2) Promote Privacy Act awareness throughout the organization. (3) Review publications and forms for compliance with this part (do forms require a Privacy Act Statement; is Privacy Act Statement correct?). (4) Submit reports as required. (5) Review system notices to validate currency. (6) Evaluate the health of the program at regular intervals using this part as guidance. (7) Review and provide recommendations on completed Privacy Impact Assessments for information systems. (8) Resolve complaints or allegations of Privacy Act violations. (9) Review and process denial recommendations. (10) Provide guidance as needed to functionals on implementing the Privacy Act. (j) Base Privacy Act Officers: (1) Provide guidance and training to base personnel. (2) Submit reports as required. (3) Review publications and forms for compliance with this part. (4) Review system notices to validate currency. (5) Direct investigations of complaints/violations. (6) Evaluate the health of the program at regular intervals using this part as guidance. (k) System Managers: (1) Manage and safeguard the system. (2) Train users on Privacy Act requirements. (3) Protect records from unauthorized disclosure, alteration, or destruction. (4) Prepare system notices and reports. (5) Answer Privacy Act requests. (6) Records of disclosures. (7) Validate system notices annually. (8) Investigate Privacy Act complaints. (l) System owners and developers: (1) Decide the need for, and content of systems. (2) Evaluate Privacy Act requirements of information systems in early stages of development. (3) Complete a Privacy Impact Assessment and submit to the Privacy Act Officer.