Congress passed the
Privacy Act of 1974, as amended
(Privacy Act), to safeguard records about an individual when their records are maintained by a Federal
agency, such as the Department of Defense (DoD), or component. The Privacy Act provides individuals the right
to access records about themselves, and allows them to amend or correct information that
is inaccurate, irrelevant, untimely, or incomplete. By passing the Privacy Act, Congress
intended to balance the privacy rights of individuals with the Government’s need to
collect and maintain information about them. The Privacy Act also provides both civil and criminal
remedies for violations of the Privacy Act by a Federal agency or component.
The Privacy Act is codified at
5 U.S.C. 552(a),
and implemented within DoD and the Military Health System through
DoD Privacy Program, May 8, 2007, incorporating Change 1, September 1, 2011, and
DoD 5400.11-R, Department of Defense Privacy Program, May 14, 2007.
The Privacy Act regulates how DoD Components solicit and collect personally identifiable
information (PII) from individuals,
and also sets forth requirements for the maintenance, use, and disclosure of
The Privacy Act applies when a group of records maintained by a DoD Component
contains PII, and that PII is retrieved by information unique to the individual whose PII is being
retrieved. That same group of records, when maintained by a contractor on behalf of a DoD
Component, is also subject to the Privacy Act.
Key Definitions (as found in DoD 5400.11-R, DL1., Definitions):
- Record: One or more items of information maintained by a DoD Component that is
about an individual and contains some identifying particular assigned to that individual, such as
a name or photograph.
- Personally identifiable information (PII): Information that can be linked to a specific
individual and may include the following:
- - Social Security Number;
- - DoD Identification Number;
- - Home Address;
- - Home Telephone;
- - Date of Birth (year included);
- - Personal Medical Information; or
- - Personal/Private Information (e.g., an individual’s financial data).
- System of records: A group of records, under the control of a DoD Component and
containing PII, which is retrieved by information unique to that individual, such as a name or
The TRICARE Management Activity (TMA) Privacy Act Program:
- Provides guidance on the development of procedures that support
TMA compliance with the Privacy Act, DoD 5400.11-R, and other guidelines.
- Implements Privacy Act requirements throughout TMA, including the oversight of the
development and use of
the Privacy Act Statement required on forms (both paper and electronic) when PII is solicited
and collected for a system of records.
- Reviews TMA systems of records and coordinates the review and publication of required
systems of records notices (SORNs) and SORN updates in the