Privacy

U.S. Africa Command (AFRICOM) oversees and directs the protection of the personal information of military and civilian command staff, their dependents, and the public at large.

Privacy Program information

The command's privacy program serves to advise and make recommendations to command leadership for the establishment of privacy priorities. The Privacy Office is also responsible for the development of privacy policies, procedures, and guidance essential to safeguarding the collection, access, use, dissemination, and storage of personally identifiable information (PII), business identifiable information (BII), and Privacy Act information. The mission of the AFRICOM Privacy Office is to ensure that the personal data of everyone who is assigned to or who interacts with the command is appropriately managed and protected.

 The U.S. Africa Command Privacy Office ensures command compliance with regulatory requirements and legislated mandates governing those programs.

•     Privacy Act of 1974 (as amended 5 U.S.C. § 552a) ;

  • Office of Management and Budget (OMB) guidance for information systems
  • OMB Circulars A-108 and A-130
  • Government Paperwork Reduction Act
  • E-Government Act of 2002
  • Federal Information Modernization Act of 2014 (FISMA)
  • National Institute of Standards and Technology (NIST) Privacy Standards


AFRICOM also ensures that activities within the functional areas of:

  • Integrating with leadership, command directorates and staff to understand VA mission critical systems and where PHI/PII resides
  • Establishing privacy risk policy and best practices for information management and sharing information within DoD and partners
  • Training and educating the command staff on the implementation of privacy best practices
  • Integrating with cybersecurity and VA engineering efforts to ensure appropriate privacy protections are identified, acquired, and implemented
  • Ensuring that acquisitions instruments adhere to privacy best practices

U.S. Africa Command Staff: to report a privacy incident, call DSN 119

U.S. Africa Command internal documents (link coming soon)

System of Records Notices (link coming soon)

Privacy Impact Assessments:

Privacy Policies:


Privacy Resources

Privacy-related Legislation

All linked documents are in PDF.

  • The Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501-06) (COPPA) regulates the online collection and use of personal information provided by and relating to children under the age of 13.
  • The Clinger-Cohen Act of 1996 (40 U.S.C. 1401, et. seq.) (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is designed to improve the way the federal government acquires, uses and disposes information technology (IT).
  • The E-Government Act of 2002 (44 U.S.C. 3601 et. seq.) establishes procedures to ensure the privacy of personal information in electronic records.
  • The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA). The CIPSEA protects the confidentiality of identifiable information acquired by federal agencies. It applies to data supplied by individuals and organizations to federal agencies under a pledge of confidentiality for statistical purposes. CIPSEA provides that data or information acquired by an agency under a pledge of confidentiality for exclusively statistical purposes shall not be disclosed by an agency in identifiable form, for any use other than an exclusively statistical purpose, except with the informed consent of the respondent.
  • The Federal Information Security Management Act of 2002, (44 U.S.C. § 3541)(FISMA), requires agencies to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of an agency. FISMA requires federal government information systems to have security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction. FISMA requires a mandatory set of IT system security processes that must be followed for all federal information systems. Compliance is monitored through yearly audits. The annual reports must include: 1) by agency, the number of each type of privacy review conducted that year; 2) information about the privacy advice provided by the Senior Agency Official for Privacy; 3) the number of written complaints for each type of privacy issue allegation received, and 4) the number of complaints the agency referred to another agency.
  • Freedom of Information Act (5 U.S.C. 552, as amended) (FOIA) generally provides that any person, including a business, to obtain access to federal agency records, except to the extent that such records (or portions of them) are protected from public disclosure by one of nine exemptions or by one of three special law enforcement record exclusions. The FOIA is a disclosure statute and applies to records that are: (1) either created or obtained by an agency, and (2) under agency control at the time of the FOIA request. When an agency receives a proper FOIA request for records, it must make the records "promptly available" unless the records or portions of the records are exempt from mandatory disclosure under subsection (b), or excluded under subsection (c). Subsection (c) permits an agency to respond to a request for excluded records as if the records do not exist.
  • The Privacy Act of 1974, (5 U.S.C. § 552a), is a withholding statute that applies when the federal government maintains a “system of records” (a grouping of items or records) in which information about individuals is retrieved by use of the individuals’ personal identifiers (e.g., names, social security numbers, or any other codes or identifiers that are assigned to the individual). The Privacy Act of 1974 and its implementing regulations: 1) Prohibit the disclosure of personally identifiable information maintained by agencies in a system of records without the consent of the subject individual, subject to twelve codified exceptions; (2) Grant individuals increased rights of access to agency records maintained on them; (3) Grant individuals the right to seek amendment of agency records maintained on them upon a showing that the records are not accurate, relevant, timely, or complete; and (4) Establish a code of "fair information practices," requiring agencies to comply with statutory norms for collection, maintenance, and dissemination of records.
  • Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3501, et seq.) is designed to reduce the public’s burden of answering unnecessary, duplicative, and burdensome government surveys.
  • Records Management by Federal Agencies (44 U.S.C. ch. 31), as amended, establishes the framework for records management programs in Federal agencies. As the primary agency for records management oversight, the National Archives and Records Administration (NARA) is responsible for assisting Federal agencies in maintaining adequate and proper documentation of policies and transactions of the Federal government. See General Records Schedule 4.2: Information Access and Protection Records.

Office of Management and Budget (OMB) Guidance


OMB Circulars

  • OMB Circular A-108 (Dec. 23, 2016). The reissuance of Circular A-108 describes agency responsibilities for implementing the review, reporting, and publication requirements of the Privacy Act of 1974 and related OMB policies. It supplements and clarifies existing OMB guidance, including OMB Circular No. A-130, “Managing Information as a Strategic Resource,” “Privacy Act Implementation: Guidelines and Responsibilities,” “Implementation of the Privacy Act of 1974: Supplementary Guidance,” and “Final Guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988.”
  • OMB Circular A-130 (July 28,2016), Management of Federal Information Resources, provides uniform government-wide information resources management policies as required by the Paperwork Reduction Act of 1980, as amended by the Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35. This Circular establishes policy for the management of Federal information resources and rescinds OMB Memoranda M-10-28, “Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS).”

Process for Access to and Amendment of Privacy Act Records

Individuals seeking access to information about themselves contained in this system of records should address inquiries to: 

Freedom of Information/Privacy Act Office

US Africa Command

Unit #29951

APO AE 09751

Email

Signed, written requests should include the individual’s full name, evidence of the requester's identity, such as a copy of a photo ID or passport or similar document bearing the requester's signature, current address, and telephone number and this System of Records Notice number.  In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States:  “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct.   Executed on (date).  (Signature).”

If executed within the United States, its territories, possessions, or commonwealths:  “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct.  Executed on (date).  (Signature).”

The Department of Defense rules for accessing records, contesting contents, and appealing initial agency determinations are contained in 32 CFR Part 310, Subpart D, of the DoD Privacy Program.


Contact us

To submit a privacy-related question or complaint, reach us by email or phone: +49 (0)711.7081.0066, and +49 (0)711.7081.0339