DCIPS_Privacy Impact Assessment

PRIVACY IMPACT ASSESSMENT (PIA)
For the
Defense Casualty Information Processing System (DCIPS)
US Army Deputy Chief of Staff for Personnel / Human Resources Command (HRC)

SECTION 1: IS A PIA REQUIRED?
a. Will this Department of Defense (DoD) information system or electronic collection of
information (referred to as an "electronic collection" for the purpose of this form) collect,
maintain, use, and/or disseminate PII about members of the public, Federal personnel,
contractors or foreign nationals employed at U.S. military facilities internationally? Choose
one option from the choices below. (Choose (3) for foreign nationals).
(1) Yes, from members of the general public.
(2) Yes, from Federal personnel* and/or Federal contractors.
(3) Yes, from both members of the general public and Federal personnel and/or Federal contractors.
(4) No
* "Federal personnel" are referred to in the DoD IT Portfolio Repository (DITPR) as "Federal employees."

b. If "No," ensure that DITPR or the authoritative database that updates DITPR is annotated
for the reason(s) why a PIA is not required. If the DoD information system or electronic
collection is not in DITPR, ensure that the reason(s) are recorded in appropriate
documentation.
c. If "Yes," then a PIA is required. Proceed to Section 2.

SECTION 2: PIA SUMMARY INFORMATION
a. Why is this PIA being created or updated? Choose one:
New DoD Information System

New Electronic Collection

Existing DoD Information System

Existing Electronic Collection

Significantly Modified DoD Information
System

b. Is this DoD information system registered in the DITPR or the DoD Secret Internet Protocol
Router Network (SIPRNET) IT Registry?
Yes, DITPR

Enter DITPR System Identification Number

Yes, SIPRNET

Enter SIPRNET Identification Number

No

c. Does this DoD information system have an IT investment Unique Project Identifier (UPI), required
by section 53 of Office of Management and Budget (OMB) Circular A-11?
No

Yes
If "Yes," enter UPI

If unsure, consult the Component IT Budget Point of Contact to obtain the UPI.

d. Does this DoD information system or electronic collection require a Privacy Act System of
Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens
or lawful permanent U.S. residents that is retrieved by name or other unique identifier. PIA and Privacy Act SORN
information should be consistent.

Yes

No

If "Yes," enter Privacy Act SORN Identifier
DoD Component-assigned designator, not the Federal Register number.
Consult the Component Privacy Office for additional information or
access DoD Privacy Act SORNs at: http://www.defenselink.mil/privacy/notices/

or
Date of submission for approval to Defense Privacy Office
Consult the Component Privacy Office for this date.

e. Does this DoD information system or electronic collection have an OMB Control Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information.
This number indicates OMB approval to collect data from 10 or more members of the public in a 12-month period
regardless of form or format.

Yes
Enter OMB Control Number

Paperwork for OMB Control Number submitted and
waiting approval.

Enter Expiration Date
No
f. Authority to collect information. A Federal law, Executive Order of the President (EO), or DoD
requirement must authorize the collection and maintenance of a system of records.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act
SORN should be the same.
(2) Cite the authority for this DoD information system or electronic collection to collect, use, maintain
and/or disseminate PII. (If multiple authorities are cited, provide all that apply.)
(a) Whenever possible, cite the specific provisions of the statute and/or EO that authorizes
the operation of the system and the collection of PII.
(b) If a specific statute or EO does not exist, determine if an indirect statutory authority can
be cited. An indirect authority may be cited if the authority requires the operation or administration of
a program, the execution of which will require the collection and maintenance of a system of records.
(c) DoD Components can use their general statutory grants of authority (“internal
housekeeping”) as the primary authority. The requirement, directive, or instruction implementing the
statute within the DoD Component should be identified.
10 U.S.C 3013, Secretary of the Army, 10 U.S.C. 5013, Secretary of the Navy, 10 U.S.C. 5043,
Commandant of the Marine Corps, 10 U.S.C. 8013, Secretary of the Air Force; 44 U.S.C. 3101, Records
Management by Federal Agencies; DoDD 1300.15, Military Funeral Support; DoDD 1300.22, Mortuary
Affairs Policy; DoDI 1300.18, Personnel Casualty Matters, Policies, and Procedures; Office of the
Assistant Secretary of Defense Memorandum, Subject: Defense Casualty Information Processing
System, dated Oct 22, 1999; and E.O. 9397 (SSN), as amended.

g. Summary of DoD information system or electronic collection. Answers to these questions
should be consistent with security guidelines for release of information to the public.
(1) Describe the purpose of this DoD information system or electronic collection and briefly
describe the types of personal information about individuals collected in the system.
The Defense Casualty Information Processing System processes casualty reports and mortuary affairs
processing reports, provides cross-functional case management of casualties to include casualty incident,
disposition of remains, mortuary affairs, personal effects, and remains tracking for current operations and
past conflicts. DCIPS permits interactive update and data exchange with casualty assistance centers,
mortuaries, service casualty offices, and medical surveillance organizations. The system also provides DOD
with official casualty statistics.
PII collected includes personal, contact, dependent, emergency contact, medical, disability, casualty, law
enforcement, employment, and military record data.

(2) Briefly describe the privacy risks associated with the PII collected and how these risks are
addressed to safeguard privacy.

h. With whom will the PII be shared through data exchange, both within your DoD Component and
outside your Component (e.g., other DoD Components, Federal Agencies)? Indicate all that apply.
Within the DoD Component.
Specify.

Staff principals in the chain of command, the Department of the Army
Inspector General, the Army Audit Agency, the US Army Criminal
Investigation Command, the US Army Intelligence and Security Command,
the Provost Marshall General, and the Assistant Secretary of the Army for
Financial Management and Comptroller.

Other DoD Components.

Specify.

Office of the Under Secretary of Defense for Personnel and Readiness,
Personnel and Readiness Information Management; Defense Finance and
Accounting Service; US Air Force; US Marine Corps; US Navy; Defense
Intelligence Agency; Joint Services Records Research Center; DoD Inspector
General; Defense Criminal Investigative Service; U.S. Military Medical
Commands.

Other Federal Agencies.

Specify.

Department of Veterans Affairs

State and Local Agencies.

State and local law enforcement agencies, child protection services and family

Specify.

support agencies, state and local courts, and medical examiners. Information
may also be disclosed to local and state Government agencies for compliance
with their laws and regulations.

Contractor (Enter name and describe the language in the contract that safeguards PII.)

Specify.

Science Applications International Corporation contractual language acknowledges
the sensitivity of PII and describes the importance of protecting and maintaining the
confidentiality and security of a Soldier’s PII. The contractual language keys on
training as a fundamental element in creating awareness and understanding of PII
and why it is important to control and safeguard. The language also stresses
securing PII material and equipment housing PII at the end of a work day.
Contractual language directs and requires each SAIC employee in support of the
database to have a valid Secret clearance prior to working on the program. The
contract specifically states that contractor personnel will adhere to the Privacy Act,
Title 5 of U.S. Code Section 522a, and all applicable agency rules and regulations.

Other (e.g., commercial providers, colleges).

Specify.

Family members and other interested persons with a need to know of
deceased, injured, ill, or missing DoD personnel to aid in the settlement of the
member's estate or other affairs. Civilian funeral homes and cemeteries, but
only to the extent necessary to assist families with funeral arrangements and
for the US Government to provide reimbursement for authorized travel, funeral
and interment expenses.

i. Do individuals have the opportunity to object to the collection of their PII?
Yes

No

(1) If "Yes," describe method by which individuals can object to the collection of PII.
Service Members and civilian personnel voluntarily may object to the collection of their information when
completing DD Form 93 and other forms or requests for information.

(2) If "No," state the reason why individuals cannot object.
Some persons do not have the opportunity to object at the time of the collection since the information is
provided by other parties, e. g., Service Members provide beneficiary information on persons other than
themselves. In certain cases the urgency of collecting information may prohibit the ability to fully inform
people when Family Members are under extreme emotional anguish upon notification of the death, injury/
illness or missing status of a loved one. Further, DoD policies direct that certain actions take place within
certain time lines making it impractical to provide the Family with a timely means to object at the time of
collection. Casualties may be deceased or mentally incapacitated. Some Service Members and civilian
personnel voluntarily give consent to the specific uses of their information when completing DD Form 93.
However, this information can change between the time a DD Form 93 is collected and an individual
becomes a casualty.
j. Do individuals have the opportunity to consent to the specific uses of their PII?
Yes

No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.
Individuals voluntarily give consent to the specific uses of their information when completing DD Form 93 or
when collected by casualty notification officers, casualty assistance officers and other casualty and mortuary
affairs personnel. When possible, individuals are furnished a Privacy Act Statement or verbal Advisory at the
time PII is collected describing the agency’s specific uses, collection and maintenance of their information in
accordance with Service regulations.

(2) If "No," state the reason why individuals cannot give or withhold their consent.
Some persons do not have the opportunity to object at the time of the collection since the information is
provided by other parties, e. g., Service Members provide beneficiary information on persons other than
themselves. In certain cases the urgency of collecting information may prohibit the ability to request consent
when Family Members are under extreme emotional anguish upon notification of the death, injury/illness or
missing status of a loved one. Further, DoD policies direct that certain actions take place within certain time
lines making it impractical or impossible to provide the Family with a timely means to object at the time of
collection. Casualties may be deceased or mentally incapacitated. Other individuals voluntarily give
consent to the specific uses of their information when completing form DD 93 or when collected by casualty
notification officers, casualty assistance officers and other casualty and mortuary affairs personnel. When
possible, individuals are furnished a Privacy Act Statement or verbal Advisory at the time PII is collected
describing the agency’s specific uses, collection and maintenance of their information in accordance with
Service regulations.

k. What information is provided to an individual when asked to provide PII data? Indicate all that
apply.
Privacy Act Statement

Privacy Advisory

Other

None

Describe Service Members and certain other individuals are furnished the following Privacy Act Statement in
each
written form when completing DD Form 93:
applicable
format.
"This form is used by military personnel and Department of Defense civilian and contractor personnel,
collectively referred to as civilians, when applicable. For military personnel, it is used to designate
beneficiaries for certain benefits in the event of the Service member's death. It is also a guide for
disposition of that member's pay and allowances if captured, missing or interned. It also shows
names and addresses of the person(s) the Service member desires to be notified in case of
emergency or death. For civilian personnel, it is used to expedite the notification process in the event
of an emergency and/or the death of the member. The purpose of soliciting the SSN is to provide
positive identification. All items may not be applicable. Disclosure is voluntary; however, failure to
provide accurate personal identifier information and other solicited information will delay notification
and the processing of benefits to designated beneficiaries if applicable."
Service Members and certain other personnel implicitly consent to capture and use of their
information at the time of employment or enlistment in the Armed Forces, at which time they are
provided a Privacy Advisory. Non-military persons implicitly consent to capture and use of their
personal information during the process of providing casualty and mortuary affairs services,
entitlements, benefits and other support activities.
DCIPS extracts data from other DoD information systems, and since individuals are not involved in
the process they are not provided either a Privacy Act Statement or Privacy Advisory. In addition,
DoD is not able to provide Privacy Act Statement or Privacy Advisory information to persons when
their information is provided by other parties as described in Section 2i(2) above.

NOTE:
Sections 1 and 2 above are to be posted to the Component's Web site. Posting of these
Sections indicates that the PIA has been reviewed to ensure that appropriate safeguards are in
place to protect privacy.
A Component may restrict the publication of Sections 1 and/or 2 if they contain information that
would reveal sensitive information or raise security concerns.