The DHRA Headquarters Privacy Office provides support to the field activity regarding the collection, safeguarding, handling, and maintenance of Personally Identifiable Information (PII). An overview of the program, including Component responsibilities, are codified in the DHRA Privacy Program document. DHRA Component Privacy Officials and Program Managers are encouraged to review the DHRA Privacy Program document and the DoD Privacy Requirements Checklist.
The Privacy Act requires all Executive Branch Agencies to have a completed SORN for any electronic system or application that retrieves information using the individual's name, or by an identifying number, symbol, or other identifying element assigned to the individual. The SORN sets the rules for collecting, using, storing, sharing, and safeguarding personal data when records are retrievable by a personal identifier. A list of current SORNs is available on the Department of Defense Privacy and Civil Liberties Office (DPCLO) SORN Page.
Section 208 of Public Law 107-347, "E-Government Act of 2002," requires all federal government agencies to conduct a PIA for all new or substantially changed information technology (IT) systems that collect, maintain, or disseminate PII from the public. A PIA allows for the evaluation and mitigation of possible privacy risks throughout the lifecycle of a program or system. A copy of Sections 1 and 2 of All DHRA Component PIAs can be found at the DHRA Privacy Impact Assessment Page .