Privacy, Information Collections, and Forms Management

Forms 

• DoDEA Forms Desk Reference Guide
• DoD Manual 7750.08, Forms Management Program Procedures
• DoD Instruction 7750.07, Forms Management Program

Information Collections

• DoD Instruction 8910.01, Information Collections and Reporting
• DoD Manual 8910.01, Information Collections Manual: Procedures for DoD Internal Information Collections
• Guidance on Implementing the PRA (5 CFR 1320)
• PRA Implementation Guide 2011
• PRA Memorandum 

Privacy 

• DoD Instruction 5400.11, Privacy and Civil Liberties Programs
• DoD Manual 5400.11, Volume 2, Breach Preparedness and Response Plan
• DoD Regulation 5400.11-R, Privacy Program
• DoD Instruction 5400.16, Privacy Impact Assessment (PIA) Guidance
• DoDI 1000.30, Reduction of Social Security Number (SSN) Use Within DoD
• DoDEA Adapted Privacy Impact Assessment Process
• DoDEA Guide to Emailing PII

• Privacy Act of 1974, 5 U.S.C. § 552a
• Paperwork Reduction Act (PRA) of 1995
• 42 U.S.C §2000ee–1
• Executive Order 9397 (As Amended)  [November 18, 2008]
• Executive Order 9397 (Amendments) [November 20, 2008]
• Executive Order 9397 [November 22, 1943]
• Public Law 107-347 [December 17, 2002]
• CFR Title 32 [July 1, 2016]

A PII breach is a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic. This includes, but is not limited to, posting PII on public-facing websites; sending PII via e-mail to unauthorized recipients; providing hard copies of PII to individuals without a need to know; loss of electronic devices or media on which PII is stored; use of PII by employees for unofficial business; and all other unauthorized access to and use of PII. 

Immediate Actions to be Taken if a Breach of pii Occurs:

The most important thing to do if you discover that a breach of PII has occurred or is ongoing is to STOP IT as soon as possible.

1. If there is a suspected or confirmed Privacy breach, fill out Form DD2959, Breach of Personally Identifiable Information (PII) Report, to report it immediately.

2. After you complete the form, submit it to the Privacy Office within 24 hours of discovery.

NOTE: The DD2959 form should also be used to report updates to previous submissions.

Repercussions for DODEA Personnel Who Breach PII Security:

 DoDEA employees responsible for a PII breach will be required, at minimum, to complete the Safeguarding PII Course and submit their certificate of completion to their supervisor and the DoDEA Privacy Office. DoDEA supervisors must report to the Privacy Office within 15 days of the breach what disciplinary and/or administrative actions were assessed against those personnel responsible for a breach. 

Notification of Affected Parties:

• The office responsible for the breach is also responsible for generating the letters after receiving notice from a Privacy Analyst that notifications are required. 
• The letters have to be generated, signed, and securely emailed or sent via certified USPS mail. 
• The office responsible for the breach will ensure the letters are sent within 10 business days from the date of discovery.

Please send general questions, comments, or concerns along with your name, phone number and email address to the DoDEA Privacy Office at the below email address:

 HQ-Privacy@DoDEA.EDU

NOTE: This email address is NOT for Privacy Act Requests.

A Privacy Act (PA) Request is one in which a United States citizen or Legal Permanent Resident seeks records on themselves that are contained in a file retrievable by the individual's name or personal identifier. Privacy Act Requests must be submitted IN WRITING; must be signed by you; and must include the name and number of the related System of Records Notice (SORN). 

• The request must include a valid form of identification, such as a copy of a photo ID or driver's license (both sides).

• Include your full name, current address and email address, so we may contact you if questions arise.

• Describe the record you are seeking in detail. Details may include information about the document; the specific System of Records Notice (SORN) if known, including the System ID and System Name, where the records can be found; and the time frame to be searched.

• Only the individual to whom the record pertains can request the records.

• Sign your request. Your signature must be notarized or submitted via an unsworn declaration in accordance with 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization.

• If you are executing the unsworn declaration within the United States, its territories, possessions, or commonwealths, it must read as follows: "I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature)."

• If you are executing the unsworn declaration outside the United States, it must read as follows: "I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature)."

Privacy Act Requests CANNOT be submitted electronically; please use the below mailing address:

Department of Defense Education Activity 
Attn: Privacy/FOIA Officer 
4800 Mark Center Drive
Alexandria, Virginia 22350

The Paperwork Reduction Act of 1995 requires Federal agencies to obtain approval from OMB each time they propose to collect or sponsor, even under a contract or other agreement, the collection of identical information from more than nine respondents. In addition, activities related to development or testing of data collection plans are also subject to OMB review and approval if identical information is sought from more than nine respondents in either a formal or informal manner.

Surveys Requiring a Clearance

• Report forms, application forms, questionnaires, or interview guides for in-person or telephone surveys.
• Orders, regulations or other directives that include requirements for respondents to provide information or maintain records to be used or made available for use in the collection of information.
• Requests for answers to identical questions which are addressed to respondents by telephone, form letters, information circulars and other devices.
• Any supplementary documents involved in these reporting or recordkeeping requirements, such as instructions or covering letters or introductory statements.

NOTE: OMB interprets the use of Internet surveys as surveys requiring approval if these fall into the above guidelines. However, see below under Surveys NOT Requiring a Clearance for additional information.

Surveys NOT Requiring a Clearance

• Collecting identical information from 9 or fewer people.
• Surveying other Federal agencies, bureaus, labs, etc. States, tribes, and local governments however require a clearance for surveys.
• Passive means of obtaining feedback and comments without using structured questions. For example, we can provide a passive opportunity for our customers to provide us with feedback and comments through our web homepages.  This merely means offering customers an opportunity to send feedback to an email address or to place comments on a webpage.
• Feedback obtained through discussions that are not structured as a survey or focus group mechanism.
• Hotlines and complaint systems.

Definitions of Generic Clearance and Burden

Generic clearance involves advance approval of a well-defined class of low-burden data collections (a bundle of individual collection requests) that are not fully documented until they are actually used. A generic clearance typically includes a set of agreements negotiated between the sponsoring agency and OMB, covering limitations on methods and usage, a burden cap, a periodic reporting requirement to update the OMB Docket, and a commitment by OMB to review any specific application quickly.

Generic clearances require more than 100 days for approval by OMB. The specific application usage review by OMB, following the generic clearance, is purported to take only 10 days once the generic clearance has been granted. Generic clearances are usually effective for three years. After the three year time-period, the generic clearance can be renewed by following the 100-day process described above.

Individual clearances can be obtained for specific surveys or information collection activities. Individual clearances also require OMB approval and are subject to the same 100-day review process.

Burden means "total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency." The burden consists only of expenditures on information collection activities beyond those that "would be incurred by persons in the normal course of their activities"; it does not include expenditures on reporting, recordkeeping, or disclosure activities that are "usual and customary."

Generic Clearance Package Requirements:

OMB provides for a simplified generic clearance for customer satisfaction surveys made in compliance with the Executive Order. The proposal should include:

• A description of the kinds of customer surveys the clearance will cover as well as the agency programs they will address.
• Cite the authority of Executive Order 12862.
• Request a three-year expiration data (since these data collection programs are expected to support a process of repeated measurement).
• Propose a maximum number of burden hours (per year) against which burden will be charged for each survey actually used.
• Include an arrangement to submit a brief summary of objectives, specific burden estimates, and all final or near final survey instruments (focus group scripts, test questions, etc.) covered by the generic clearance for inclusion in the OMB public docket prior to their use.
• Specify an adequate internal review process to ensure that individual applications are consistent with the Paperwork Reduction Act (PRA), the Paperwork Rule, and the terms of the generic clearance. This requires qualified reviewers who are independent of sponsoring programs. Review by a professional statistician may be needed in some cases (if the generic clearance will include quantitative surveys). This review must also assure that material submitted for the public docket is accurate, timely, and complete. (OMB recommends working with other Federal agencies that have experience with this and mentions several with points of contact germane to our needs including National Science Foundation, Environmental Protection Agency, the National Center for Education Statistics and the Energy Information Administration.).
• Propose an appropriate progress reporting schedule (such as at one-year intervals) for summarizing actual burden, reporting results achieved, and addressing any problems or revisions needed to the basic clearance agreement.
• Completion of OMB Form 83-I is mandatory and certification of compliance with PRA.
• Supporting supplemental data including a listing of focus groups, surveys, etc. as part of our plan.

Please send your requests, general questions, comments, or concerns along with your name, phone number and email address to the DoDEA Information Collection Office at the below email address:

 HQ-Forms@DoDEA.EDU