Department of Defense Education Activity

Privacy, Forms & Information Collections Programs

The mission of this office is to implement and administer the Department of Defense Education Activity's Federally Mandated Programs through advice, monitoring, transparency, official reporting, and training.

IMPORTANT NOTICE

If you are getting a "Please wait..." message while viewing a Form, you are most likely trying to open a Dynamic XFA (XML Form Architecture) PDF. Dynamic XFA Forms CANNOT be opened in browser. To view the Form, we recommend you download it locally to your desktop and open it either in Adobe Reader or Adobe Acrobat from your desktop.

External Inventory

Guidance

 

Report a Breach of PII

A PII breach is a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic. This includes, but is not limited to, posting PII on public-facing websites; sending PII via e-mail to unauthorized recipients; providing hard copies of PII to individuals without a need to know; loss of electronic devices or media on which PII is stored; use of PII by employees for unofficial business; and all other unauthorized access to and use of PII. 

 
Immediate Actions to be Taken if a Breach of pii Occurs:

The most important thing to do if you discover that a breach of PII has occurred or is ongoing is to STOP IT as soon as possible.

1. If there is a suspected or confirmed breach of PII, fill out DD Form DD2959, Breach of Personally Identifiable Information (PII) Report, to report it immediately.

2. After you complete the form, submit it to the  within 24 hours of breach discovery.

The DD2959 form should also be used to report updates to previous submissions.

 
Repercussions for DODEA Personnel Who Breach PII Security:

Employee(s) responsible for a breach of PII will be required, at minimum, to complete the Safeguarding PII Refresher Training and submit their Certificate of Completion to their direct supervisor and the DoDEA Privacy Office

The Privacy Act imposes civil and/or criminal penalties on employees who fail to safeguard PII. Non-compliance may result in adverse action being taken against them.

 

Notification to Affected Parties:
  • The office responsible for the breach of PII must generate an official notification letter after receiving confirmation from the DoDEA Privacy Office that notifications are required. 
  • The letter must be signed by an empowered official and securely emailed or sent via certified USPS mail. 
  • Letters must be sent to those affected within 10 business days from the date of breach discovery.

 

General Privacy Related Inquiries

Please send general questions, comments, or concerns along with your name, phone number and email address to the DoDEA Privacy Office at the below email address:

 

NOTE: This email address is NOT for Privacy Act Requests.

 

Privacy Act Requests

A Privacy Act (PA) Request is one in which a United States citizen or Legal Permanent Resident seeks records on themselves that are contained in a file retrievable by the individual's name or personal identifier. Privacy Act Requests must be submitted IN WRITING; must be signed by you; and must include the name and number of the related System of Records Notice (SORN)

  • The request must include a valid form of identification, such as a copy of a photo ID or driver's license (both sides).

  • Include your full name, current address and email address, so we may contact you if questions arise.

  • Describe the record you are seeking in detail. Details may include information about the document; the specific System of Records Notice (SORN) if known, including the System ID and System Name, where the records can be found; and the time frame to be searched.

  • Only the individual to whom the record pertains can request the records.

  • Sign your request. Your signature must be notarized or submitted via an unsworn declaration in accordance with 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization.

  • If you are executing the unsworn declaration within the United States, its territories, possessions, or commonwealths, it must read as follows: "I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature)."

  • If you are executing the unsworn declaration outside the United States, it must read as follows: "I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature)."

Privacy Act Requests CANNOT be submitted electronically; please use the below mailing address:

Department of Defense Education Activity 
Attn: Executive Services Division, Privacy Office 
4800 Mark Center Drive
Alexandria, Virginia 22350

 

 

DoDEA Guidance on Information Collections (Forms & Surveys)

PRA Process Map

The Paperwork Reduction Act of 1995 requires Federal agencies to obtain approval from OMB each time they propose to collect or sponsor, even under a contract or other agreement, the collection of identical information from more than nine respondents. In addition, activities related to development or testing of data collection plans are also subject to OMB review and approval if identical information is sought from more than nine respondents in either a formal or informal manner.

COLLECTIONS Requiring a Clearance
  • Report forms, application forms, questionnaires, or interview guides for in-person or telephone surveys.
  • Orders, regulations or other directives that include requirements for respondents to provide information or maintain records to be used or made available for use in the collection of information.
  • Requests for answers to identical questions which are addressed to respondents by telephone, form letters, information circulars and other devices.
  • Any supplementary documents involved in these reporting or recordkeeping requirements, such as instructions or covering letters or introductory statements.

NOTE: OMB interprets the use of Internet surveys as surveys requiring approval if these fall into the above guidelines. However, see below under Surveys NOT Requiring a Clearance for additional information.

COLLECTIONS NOT Requiring a Clearance
  • Collecting identical information from 9 or fewer people.
  • Surveying other Federal agencies, bureaus, labs, etc. States, tribes, and local governments however require a clearance for surveys.
  • Passive means of obtaining feedback and comments without using structured questions. For example, we can provide a passive opportunity for our customers to provide us with feedback and comments through our web homepages.  This merely means offering customers an opportunity to send feedback to an email address or to place comments on a webpage.
  • Feedback obtained through discussions that are not structured as a survey or focus group mechanism.
  • Hotlines and complaint systems.
Definitions of Generic Clearance and Burden

Generic clearance involves advance approval of a well-defined class of low-burden data collections (a bundle of individual collection requests) that are not fully documented until they are actually used. A generic clearance typically includes a set of agreements negotiated between the sponsoring agency and OMB, covering limitations on methods and usage, a burden cap, a periodic reporting requirement to update the OMB Docket, and a commitment by OMB to review any specific application quickly.

Generic clearances require more than 100 days for approval by OMB. The specific application usage review by OMB, following the generic clearance, is purported to take only 10 days once the generic clearance has been granted. Generic clearances are usually effective for three years. After the three year time-period, the generic clearance can be renewed by following the 100-day process described above.

Individual clearances can be obtained for specific surveys or information collection activities. Individual clearances also require OMB approval and are subject to the same 100-day review process.

Burden means "total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency." The burden consists only of expenditures on information collection activities beyond those that "would be incurred by persons in the normal course of their activities"; it does not include expenditures on reporting, recordkeeping, or disclosure activities that are "usual and customary."

Generic Clearance Package Requirements:

OMB provides for a simplified generic clearance for customer satisfaction surveys made in compliance with the Executive Order. The proposal should include:

  • A description of the kinds of customer surveys the clearance will cover as well as the agency programs they will address.
  • Cite the authority of Executive Order 12862.
  • Request a three-year expiration data (since these data collection programs are expected to support a process of repeated measurement).
  • Propose a maximum number of burden hours (per year) against which burden will be charged for each survey actually used.
  • Include an arrangement to submit a brief summary of objectives, specific burden estimates, and all final or near final survey instruments (focus group scripts, test questions, etc.) covered by the generic clearance for inclusion in the OMB public docket prior to their use.
  • Specify an adequate internal review process to ensure that individual applications are consistent with the Paperwork Reduction Act (PRA), the Paperwork Rule, and the terms of the generic clearance. This requires qualified reviewers who are independent of sponsoring programs. Review by a professional statistician may be needed in some cases (if the generic clearance will include quantitative surveys). This review must also assure that material submitted for the public docket is accurate, timely, and complete. (OMB recommends working with other Federal agencies that have experience with this and mentions several with points of contact germane to our needs including National Science Foundation, Environmental Protection Agency, the National Center for Education Statistics and the Energy Information Administration.).
  • Propose an appropriate progress reporting schedule (such as at one-year intervals) for summarizing actual burden, reporting results achieved, and addressing any problems or revisions needed to the basic clearance agreement.
  • Completion of OMB Form 83-I is mandatory and certification of compliance with PRA.
  • Supporting supplemental data including a listing of focus groups, surveys, etc. as part of our plan.

 

Form/Survey Related Inquiries/Requests

Please send your requests, general questions, comments, or concerns along with your name, phone number and email address to the DoDEA Information Collection Office at the below email address:

 

 

 

Website Privacy

The Department of Defense Education Activity (DoDEA) is committed to protecting the privacy of employees, students, and members of the public. The DoDEA.edu website is provided as a public service by the Department of Defense Education Activity Communications Division.

Information presented on this website is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

If you choose to provide us with personal information -- like filling out a Contact Us form with email and/or postal addresses -- we only use that information to respond to your message or request. We will only share the information you give us with another government agency if your inquiry relates to that agency, or as otherwise required by law. We never create individual profiles or give it to privately owned companies or organizations. DoDEA.edu never collects information for commercial marketing and does not sell or rent any of your personal information. While you must provide an email address or postal address for a response other than those generated automatically in response to questions or comments that you may submit, we recommend that you NOT include any other personal information or other sensitive factors, especially Social Security Numbers. DoDEA enforces strict adherence to DTM 07-015 and DoDI 1000.30 and has prohibited the intake/distribution of SSN on all methods of collection.

We maintain a variety of physical, technical and administrative safeguards to protect your personal information. For site security purposes and to ensure that this service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with Office of the Secretary of Defense Records Disposition Schedules, Record Group 330, and National Archives and Records Administration guidelines.

Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

If you have any questions or comments about the information presented here, please forward them to us using our Contact Us page.

Use of Measurement and Customization Technology:

This website uses measurement and customization technology known as a "cookies." Cookies are used to remember a user's online interactions with a website or online application to conduct measurement and analysis of usage or to customize the user's experience.

Two kinds of cookies are used on this website. A single-session cookie (Tier 1) is a line of text that is stored temporarily on a user's computer and deleted as soon as the browser is closed. A persistent or multisession cookie (Tier 2) is saved to a file on a user's hard drive and is called up the next time that user visits a website. Use of these cookies does not involve the collection of a visitor's personally identifiable information.

The Department of Defense Education Activity does not use the information associated with cookies to track individual user activity on the internet outside DoDEA websites, nor does it share the data obtained through such technologies, without the user's explicit consent, with other departments or agencies. DoDEA does not keep a database of information obtained from the use of cookies.

Cookies are enabled by default to optimize website functionality and customize user experience. Users can choose not to accept the use of these cookies by changing the settings on their local computer's web browser. The USA.gov website, https://www.usa.gov/optout-instructions, provides general instructions on how to opt out of cookies and other commonly used web measurement and customization technologies. Opting out of cookies still permits users to access comparable information and services; however, it may take longer to navigate or interact with the website if a user is required to fill out certain information repeatedly.

Specific Technologies/Vendors:

Tier 1 cookies are used for technical purposes to improve a user experience and to allow users to more easily navigate the website.

Akamai speeds the delivery of content and applications for customers through using automatic, intermediate and temporary information storage to make the onward transmission of that information to other recipients more efficient. Temporary storage processes retain information only as long as is reasonably necessary to transmit the data. Intermediate storage processes retain information only so long as is reasonably necessary for continued transmission, to maintain the security of the network and the data, to monitor and improve website performance and for related administrative purposes. Akamai does not collect, use or disclose your personally identifiable information.

SiteImprove and Google Analytics collect aggregate statistics of website visitor characteristics, traffic, and activity. This information is used to assess what content is of most and least interest, determine technical design specifications, and identify system performance or problem areas. The software records a variety of data, including IP addresses (the locations of computers or networks on the internet), unique visits, page views, hits, referring websites and what hyperlinks have been clicked. Tier 2 cookies are used to distinguish between summary statistics for users who have been to the site before and those that are visiting the site for the first time. The Department of Defense Education Activity does not gather, request, record, require, collect or track any internet users' personally identifiable information through these processes.

Client side opt-out mechanisms allow the user to opt out of web measurement and customization technologies by changing the settings of a specific application or program on the user's local computer. For example, users may be able to disable persistent cookies by changing the settings on commonly used web browsers. For general instructions on how to opt out of some of the most commonly used web measurements and customization technologies, go to https://www.usa.gov/optout-instructions.

Use of Third-Party Websites and Applications

Third-party websites and applications that are not owned, operated, or controlled by the Department of Defense Education Activity are integral to internet-based operations across DoDEA and used to augment official communication. These capabilities include, but are not limited to, networking services, media sharing services, wikis and data mashups. A list of DoDEA's authorized pages and uses of these services is available at  https://www.dodea.edu/aboutDoDEA/DoDEA-Websites.cfm. These sites may collect personally identifiable information and may make it available to the DoDEA and other users; however, the information is not collected on behalf of, nor is it provided specifically for DoDEA. DoDEA does not harvest and additionally collect, maintain, share or otherwise use such personally identifiable information for any purpose other than that for which it is made available to all users.

DoDEA uses the YouTube API Client to display and present videos on dodea.edu. Please visit the YouTube Terms of Services  and Google's Privacy Policy for additional information.