Agency policy prescribes that all personnel will comply with the DCAA Privacy Program and the Privacy Act of 1974. Strict adherence is necessary to ensure uniformity in the implementation of the DCAA Privacy Program and create conditions that will foster public trust. It is also Agency policy to safeguard personal information contained in any system of records maintained by DCAA organizational elements and to make that information available to the individual to whom it pertains to the maximum extent practicable. The following issuances have been created to administer the DCAA Privacy Act program.
DCAA Instruction 5410.10; DCAA Privacy Act Program - This is DCAA's instruction governing the Privacy Act of 1974. It provides policies and procedures for the Agency's implementation of the Act and is intended to promote uniformity within the Agency. The Agency's final rule, which is the Code of Federal Regulations (CFRs) version of the DCAA's Privacy Act regulation (originally published in the Federal Register), may be found at 32 CFR Part 317, Defense Contract Audit Agency (DCAA) Privacy Act Program.
DCAA Privacy Impact Assessments - The Defense Contract Audit Agency (DCAA) PIA program coordinates the PIA process within DCAA, in compliance with the E-Government (E-Gov) Act of 2002, Section 208, OMB M-03-22, and DoDI 5400.16.
A PIA is an analysis of how personally identifiable information (PII) is utilized to ensure data handling conforms to applicable legal, regulatory, and policy requirements regarding privacy. Additionally, a PIA determines the need, privacy risks and effects of collecting, maintaining, using and disseminating PII in electronic form as well as examining and evaluating protections and alternative processes to mitigate potential privacy risks.
The DCAA PIA team assists information system owners and developers who collect, maintain and/or disseminate PII in demonstrating the incorporation of required protections throughout the entire life cycle of a system.
DCAA Privacy Act System Notices - This compilation is designed to offer members of the Agency, as well as members of the general public, a complete summary of DCAA records that are accessed by name, social security number, or other personal identifier. These records, known as "Privacy Act Systems of Records", provide a detailed description of each record system to include instructions for individual access, safeguards, and purpose for the maintenance of the system. The system notices contained in this publication establish limitations and permissible practices in the collection, maintenance, dissemination, use, and disclosure of information concerning individuals by the Agency.
All notices printed herein are covered and mandated by the Privacy Act of 1974, 5 U.S.C. 552a, and have been duly published for public comment in the Federal Register prior to the collection of personal information. The notices are preceded by "Blanket Routine Uses" (See Preamble) and are followed by a listing of DCAA official mailing addresses. These blanket routine uses universally apply to all DCAA systems of records and stand in addition to the routine uses established for individual systems of records.
Government-Wide Privacy Act Systems of Records Notices - Some Federal agencies have responsibility for one or more systems of records which are applicable Government-wide. This negates the need for DCAA to publish a system notice if it maintains a record under a Government-wide system of records notice.