Privacy Act Program


(Overview of the Privacy Act of 1974)

The Privacy Act: An employee guide to privacy

As employees of the Department of Defense Education Activity (DoDEA), many of you work with information about other people–principals, teachers, students, fellow employees, and others. You could not review activities, conduct audits, or perform other services, without knowing some personal information about these individuals. Likewise, DoDEA, and other Federal agencies need to know and maintain some personal information about you as an employee in order to hire, promote, pay you, and assure that personnel practices in keeping with Federal laws and regulations. This pamphlet describes your responsibilities as a DoDEA employee for safeguarding this information, and explains rights as a person who is also the subject of Government records.

General Provisions

The Privacy Act establishes safeguards for the protection of records the Government collects and keeps on individuals. The Privacy Act provides the Government with a framework in which to conduct its day-to-day business when that business requires the collection or use of information about individuals. Specifically, it requires that the Government:

  • Maintain no secret files on individuals.
  • Inform individuals at the time it is collecting information about them, why this information is needed, and how it will be used.
  • Assure that personal information is used only for the reasons given, or seek the person's permission when another purpose for its use is considered necessary or desirable.
  • Allow individuals to see the records kept on them, and provide individuals with the opportunity to correct inaccuracies in their records.

The Privacy Act binds Federal agencies to a "code of fair information practices." The code sets standards which each Federal agency must meet as it collects, maintains, and uses information. As an employee who works with Federal records, you see effects of these standards.

For example, the last Government form for personal information you were asked to complete should have contained a Privacy Act Statement that indicated the authority for collecting this information, why the information is needed, who would use the information, and what the consequences would be for not providing the information.

Records Covered by the Privacy Act

The Privacy Act applies to Federal agencies. Federal agencies are defined in the law as all agencies, offices and departments of the Executive Branch, independent regulatory agencies such as the Securities and Exchange Commission, and Government-controlled corporations such as the Postal Service.

The Privacy Act does not apply to records held by the Legislative and Judicial Branches of the Federal Government, state and local governments or private organizations, except in isolated instances where these organizations hold special types of contracts with a Federal agency.

Specifically, the Privacy Act applies to Agency records that:

  • Contain information on individuals, and
  • Are filed so that the records are retrieved by the person's name or some other personal identifier, such as a social security number.

The Privacy Act defines an individual as a U.S. citizen or alien lawfully admitted for permanent residence. Excluded, then, from Privacy Act coverage are the records that Federal agencies maintain on organizations and businesses, including small businesses, even where the company's trade name could be the same as that of the owner. Also excluded are records that Federal agencies may maintain on deceased persons.

Privacy legislation had its origins in the late 1960's when people became concerned about abuses that could occur with computer data banks. The Privacy Act applies to personal information stored on computers as well as in manual files. Easy access to and quick transfer of information are features that make the computer a valuable tool. However, these very same features make the confidentiality of information difficult to protect. Since the Privacy Act became law, the Federal Government has been developing and establishing safeguards for the protection of personal information held in computer data banks.

DoDEA Records

DoDEA has published in the Federal Register a description of its record systems that are covered by the Privacy Act. Included among these are personnel, security, other administrative, and school student record files. In addition, the Office of Personnel Management and other Federal agencies have also published notices of record systems that may be of interest to you, such as official personnel folders, discrimination complaint records, and other personnel-related records.

For each one of these record systems, a specified person, known as a system manager, is responsible for answering questions you may have about seeing your records, and amending or correcting information contained in them. This person, along with his or her mailing address, is listed in the Federal Register notice. Summary information about all record system notices in the Federal Government is published in the Federal Register bi-annually and is periodically updated.

Rights and Responsibilities of DoDEA Employees

As a DoDEA employee you "wear two hats" one as a citizen entitled to the full protection and rights established by the Privacy Act, and the other as a Federal employee working with records containing personal information and sharing some responsibility in carrying out the requirements of the law. The seriousness of this responsibility is evident from the penalties the Privacy Act imposes upon Federal employees who willfully violate key sections of the law. Fines up to $5,000 can be imposed for willfully disclosing personal information that should not be released under the Privacy Act, or for maintaining secret records on individuals. The following presents a summary of your rights and responsibilities under the Privacy Act.

Collection of Personal Information


When you are requested to provide personal information to a Federal agency, you are entitled to know: the legal authority for requesting the information, the purpose for collecting it, what routine uses (disclosures) might be made of this mandatory or voluntary disclosure, and what effect your refusal to provide the information would have.


You must collect only personal information that is relevant and necessary, not simply useful to accomplish a specific objective. Whenever you request personal information from someone, you must inform him or her in writing of the legal authority for requesting the information, the purpose for collecting it, what routine uses will be made of this information, whether a response is mandatory or voluntary, and what will be the effect if he or she refuses to respond. Also, whenever you ask a person for his or her social security number, you must state the legal authority and purpose for requesting it, and whether a response is mandatory or voluntary. You should always attempt to collect personal information directly from the individual rather than from other sources wherever practicable.

Access to Records


You can request to see your records in writing, in person, or by telephone. You should describe the information you wish to see. Blanket requests for "all the information the agency has on me" cannot be honored. If you appear in person, identification will be required to verify you are the person whose record you are requesting.

If you have no suitable identification, you will be asked to certify your identity in writing.

Another person of your choice may accompany you when you check your records.

You are not required to receive a copy of your record or an acknowledgment of your request within a reasonable period.

You are not required to give a reason for your request; however, the more specific your request, the faster you can expect a response.


When a person requests to see his or her record, you must verify the identity (a driver's license, passport, alien or voter registration card) or require the person to certify in writing that he or she is the subject of the record requested and that the person understands that any knowing and willful request for a record under false pretense is a criminal offense subject to a $5,000 fine. If the request is by telephone, you should verify the person's identity, if possible, or require that a request be made in writing.

You must have the requester of a record authorize in writing the presence of another person if he or she desires someone to be present for the inspection and discussion of the record.

When a request for a record is received, you should check to see whether a record on the person exists in a system of records that is subject to the Privacy Act. The system manager or another designated official must either present the record or a copy of it, or acknowledge the request within ten working days or as soon as possible.

You should not ask the person to give a reason or justify a need to see his or her own record.


If the Privacy Act is to achieve its objectives, there must be cooperation by every Federal employee who works with records containing personal information. You are more than a program analyst, personnel management specialist, secretary, computer programmer, file clerk, auditor, and so on. In the course of your work you become a steward or custodian of the information entrusted to you. In order to meet the responsibilities of this stewardship, there are certain steps you should take:

  1. Learn as much as possible about the requirements of the Privacy Act and how these requirements relate to your job. This can be accomplished through formal training, on-the job training, discussions with your supervisor, and reading to keep up with new developments, policy guidelines and operating procedures. Acquaint yourself with DoD Directive 5400.11, "DoD Privacy Program", which contains Privacy Act policies and procedures.
  2. Consider how you handle the information you work with, and what measures, if any, you need to take to safeguard the personal information in you possession.
  3. Become familiar with the kind of information that is available under the Privacy Act. Certain employees within DoDEA components have been designated to provide assistance in meeting the requirements of this law. These individuals are "Privacy Act Coordinators" for their respective regions.
  4. Respond promptly to requests for information by quickly referring such requests to the responsible official.
  5. Take care that personal information is not disclosed to anyone unless; (1) the individual, such as another Federal employee, requires the information in the performance of his or her job, or (2) the individual has received prior permission to see the information from the subject of the record, or (3) disclosures of the record are authorized by law.

In conclusion, it should be noted that this pamphlet has only tried to touch on the main points concerning your rights and responsibilities as a Federal employee under the Privacy Act. You are urged to become more familiar with DoDEA's policies on the Privacy Act and to consult your supervisor when you have any questions.

This document is adapted from an existing document written by Defense Contract Audit Agency, Fort Belvoir, Virginia,

Overview of the Privacy Act of 1974

Privacy Impact Assessment (PIA)

This is a DoD mandated policy taken from the DoD Privacy Impact Assessment (PIA) Guidance - DoDI 5400.16, dated February 12, 2009.

a. Privacy Impact Assessments (PIA)s are completed on DoD information systems and electronic collections that collect, maintain, use, or disseminate Personal Identifiable Information (PII) in order to:

  1. Ensure PII handling conforms to applicable legal, regulatory, and policy requirements regarding privacy;
  2. Determine the need, privacy risks, and effects of collecting, maintaining, using, and disseminating PII in electronic form; and
  3. Examine and evaluate protections and alternative processes to mitigate potential privacy risks.

b. PIAs are performed when PII about members of the public, Federal personnel, contractors or foreign nationals employed at U.S. military facilities internationally, is collected, maintained, used, or disseminated in electronic form.

Benchmark Tracker (BMT) Online Assessment Delivery System
Benchmark Assessment System Online Data Management System
The Professional Development Differentiated Instruction
The DoDEA Directives Portal System
The Non-DoD Schools Program
The Educator Career Program
The Education Budget Tracking System
The Software Approval Application Version
The Teacher Certifications
Serious Incident Reports/Accident Injury Reports
New Employee Orientation
The Multidimensional Administrator Performance Appraisal
The File Valet
The English as Second language Alternate Assessment Database
The Education Screening Assignment Concerns
The ePower Document Management System
The Executive Personnel Database
The Employment Application System DDESS
The DoD Civilian Pay System Archive System
The Alternate Assessment Database
The DoDEA WHS Allotment Accounting System
The Teacher Transfer Program
The Travel Order Processing System
The Summer Workshop Application
The NDSP - Student Online Registration System
The Non DoD Schools Program World Wide
The Grievance Tracking System
The Employment Application System
The General Counsel Electric Management System
The ASPEN/Online Student Pre-Registration
The One Call Now PIA
DoDEA Privacy Impact Assessments (PIA) for the Non-DoD Schools Program
The Chancery Student Information System
The Aspen Student Information System
The Impact AID Database
The Consolidated Database Warehouse

DoDEA Systems Notices
The DoDEA Systems of Records Notices are located below:
Defense Privacy and Civil Liberties Office (DPCLO)
(Click on the above link, scroll down to the system notice, click on notice, for example, DoDEA 21)
DoDEA 21
Department of Defense Education Activity (DoDEA) Grievance Records.
DoDEA 23
Educator Certification/Recertification Files
DoDEA 26
Department of Defense Education Activity Dependent Children's School Program Files
DoDEA 27
Department of Defense Education Activity Research Approval Process
DoDEA 30
Department of Defense Education Activity Travel Orders Processing System
Freedom of Information Act Case Files (Notice is Combined with WHS)
Privacy Act Case Files

The Purpose of Privacy Act Systems of Records Notices is to:

  • inform the general public of what data is being collected, the purpose of the collection, and the authority for doing so.
  • set the rules that agencies must follow in collecting and maintaining data about individuals.
  • permit the collection of information about individuals.

The Systems of Records notices are published in the Federal Register.