The Privacy Act of 1974, DoD Directive 5400.7 (a) and (b), and AR 340-21,(The Army Privacy Program), apply to information in Department of the Army systems of records on living US citizens and permanent aliens. In order for it to be an official "system of records," a record system must be:
Authorized by law or Executive Order.
Controlled by an Army or lower level directive. Agency records are "The products of data compilation, regardless of physical form or characteristics, made or received by a DoD Component in connection with the transaction of public business and preserved by a DoD component primarily as evidence of the organization, policies, functions, decisions, or procedures of the DoD components.
Needed to carry out an Army mission or function.
The Army does not:
Keep records on how a person exercises First Amendment rights. EXCEPTIONS are when: the Army has the permission of that individual or is authorized by Federal statute; or the information pertains to an authorized law enforcement activity.
Penalize or harass an individual for exercising rights guaranteed under the Privacy Act. The Army gives reasonable aid to individuals exercising their rights.
Keep paper and electronic records containing personal information and retrieved by name or personal identifier only in approved systems published in the Federal Register.
Collect, maintain, and use information in such systems only to support programs authorized by law or Executive Order.
Safeguard the records in the system and keep them the minimum time required.
Keep the records timely, accurate, complete, and relevant.
Amend and correct records on request.
Let individuals review and receive copies of their own records unless the Secretary of the Army approved an exemption for the system or the Army created the records in anticipation of a civil action or proceeding.
Provide a review of decisions that deny individuals access to or amendment of their records.
Violation Penalties: An individual may file civil suit against the Army for failing to comply with the Privacy Act. The courts may find an individual offender guilty of a misdemeanor and fine that individual offender not more than $5,000 for:
Willfully maintaining a system of records that doesn't meet the public notice requirements.
Disclosing information from a system of records to someone not entitled to the information.
Obtaining someone else's records under false pretenses.
Persons or their designated representative may ask for a copy of their records in a system of records. Requesters need not state why they want access to their records. Before releasing personal information, a number of things should be considered before you make a disclosure. Verify the identity of the requester to avoid unauthorized disclosures. How you verify identity will depend on the sensitivity of the requesters records. Persons without access to notary services may use an unsworn declaration in the following format:
"I declare under penalty of perjury (if outside the United States, add "under the laws of the United States of America") that the foregoing is true and correct. Executed on (date). (Signature)."