Contact the TRADOC Records Management Office for information about privacy and privacy-related requirements to include Privacy Act system of record notices; DD Form 2930, Privacy Act Assessment; Office of Management and Budget control numbers required by the Paperwork Reduction Act of 1995; Privacy Act statements, social security number justification/elimination plans, and more.
Phone: (757) 501-6537/6538
32 CFR Part 505
Army Regulation 25-22
Records Management and Declassification Agency Privacy
Army G-6/CIO Privacy Impact Assessment (.pdf file)
Leader's Guide to Personally Identifiable Information (.pdf file)
System Owner's Guide to Accreditation and Data Protection (.pub file)
DOD ID Number and PII Policy
Report possible and confirmed breaches of PII IAW TRADOC Regulation 1-8.
- Personal information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her, for example, a social security number (SSN); age; military rank; civilian grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel; medical; and financial information, etc. Such information is also known as PII (that is, information which can be used to distinguish or trace and individual’s identify such their name, SSN, date and place of birth, mother’s maiden name, and biometric records including any other personal information which is linked or linkable to a specified individual). This information can be in hard copy (paper copy files) or electronic format, stored on personal computers, laptops, and personal electronic devices such as blackberries and found within databases. This includes but is not limited to, education records, financial transactions, medical files, criminal records, or employment history.
- PII breach. A loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic. This includes, but it not limited to, posting PII on public-facing websites; sending via e-mail to unauthorized recipients; providing hard copies to individuals without a need to know; loss of electronic devices or media storing PII (for example, laptops, thumb drives, compact discs, etc.); use by employees for unofficial business; and all other unauthorized access to PII.