Defense Dept. Finalizes Uniform Privacy Regulation, Responds to EPIC Comments
April 22, 2019
As part of an effort to promote uniformity in privacy regulations, the Department of Defense has finalized a regulation regarding the Personnel Vetting Records System. EPIC submitted detailed comments to the agency "criticizing the breadth of exemptions and expressing concerns about accountability for DoD's information collection activities." The Department of Defense responded in detail to EPIC stating, "The Department appreciates these concerns….Notwithstanding the potential availability of exemptions that DoD may need to assert for certain records in the system when circumstances warrant, exemption rules do not require the assertion of exemptions in every instance. In fact, DoD anticipates asserting exemptions in limited circumstances on a case-by-case basis….With respect to access rights in particular, the DoD anticipates generally providing access rights and exercising exemptions as the exception rather than the norm." EPIC routinely comments on the obligations of federal agencies to comply with the federal Privacy Act. EPIC recently commented on the privacy issues raised by the Department's "Insider Threat" Program, noting that the extensive collection of personal data could create new vulnerabilities.