Privacy Impact Assessment

PRIVACY IMPACT ASSESSMENT (PIA)
PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense
(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,
and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.
military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to
system.
1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:

Measurement Assessment and Research System (MARS)
3. PIA APPROVAL DATE:

2. DOD COMPONENT NAME:

02/19/21

United States Army
HQDA DCS-G1, U.S. Army Research Institute for the Behavioral and Social Sciences
SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)
a. The PII is: (Check one. Note: foreign nationals are included in general public.)
From members of the general public

From Federal employees and/or Federal contractors

From both members of the general public and Federal employees and/or
Federal contractors

Not Collected (if checked proceed to Section 4)

b. The PII is in a: (Check one)
New DoD Information System

New Electronic Collection

Existing DoD Information System

Existing Electronic Collection

Significantly Modified DoD Information System
c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals
collected in the system.

The Measurement Assessment and Research System (MARS) application is a platform for Army Research Institute for hosting on-line data
collection tests, measures, and surveys related to the military service. The data collection includes both service members and non-service
members. DoD ID (EDIPI) will be used for identifying the survey respondent to their results, which means the information is not
anonymous. However, due to the safeguards in place, only those authorized (based on credentials and registration to the MARS system) to
the particular survey can access that ID. Other types of data to be collected from survey, test, etc. takers may include names, position, rank,
duty location, employment information and demographic information. EDIPI will also be collected on those using the system for
verification, identification, and authentication.
d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,
administrative use)

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former officer, warrant officer, and enlisted military personnel, including Army Reservists and National Guard; civilian
employees or contractors of Department of Defense.
CATEGORIES OF RECORDS IN THE SYSTEM:
Service member: Individual's name and EDIPI, Army personnel information and questionnaire-type data relating to service member's preservice education, work experience and social environment and culture, learning ability, physical performance, combat readiness, discipline,
motivation, attitude about Army life, and measures of individual and organizational adjustments; personnel test responses.
Non-service member: Individual's name and questionnaire type data relating to non-service member's education, work experience,
motivation, measures of individual and organizational adjustments, knowledge of and attitude about the Army. When records show military
service or marriage to a service member, the appropriate non-service records will be linked to the service record.
MARS SYSTEM ADMIN USERS:
EDIPI will also be collected on those using the system for verification, identification, and authentication; name, and DOD employee or
contractor status.
e. Do individuals have the opportunity to object to the collection of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can object to the collection of PII.
(2) If "No," state the reason why individuals cannot object to the collection of PII.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 1 of 11

A survey taker can object to the collection of their information when the PAS is presented to them, and they will not move forward with the
survey. Respondents may also opt not to answer particular survey questions, and to stop taking the survey at any time. All surveys executed
in the MARS application are voluntary. Each survey will have a tailored version of the ARI SORN Privacy Act Statement, and if considered
research, an informed consent, in addition to the PAS.
f. Do individuals have the opportunity to consent to the specific uses of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.
(2) If "No," state the reason why individuals cannot give or withhold their consent.

A survey taker can consent to the uses of their PII as outlined in the specific survey's PAS and/or research informed consent document. Each
survey will have a tailored version of the ARI SORN Privacy Act Statement, and if considered research, an informed consent, in addition to
the PAS.
g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and
provide the actual wording.)
Privacy Act Statement

Privacy Advisory

Not Applicable

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations;
10 U.S.C. 3013, Secretary of the Army;
10 U.S.C. 2358, Research and Development Projects; and
E.O. 9397 (SSN), as amended.
PURPOSE(S):
To research manpower, personnel, and training dimensions inherent in the recruitment, selection, classification, assignment, evaluation, and
training of military personnel; to enhance readiness effectiveness of the Army by developing personnel management methods, training
devices, and testing of weapons methods and systems aimed at improved group performance. (No decisions affecting an individual's rights
or benefits are made using these research records).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF
SUCH USES:
In addition to the disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, these records may specifically be
disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
The DoD Blanket Routine Uses set forth at the beginning of the Army's compilation of systems of records notices also apply to this system.
h. With whom will the PII be shared through data exchange, both within your DoD Component and outside your Component? (Check all that apply)

Within the DoD Component

Other DoD Components

Army agencies: Army Analytics Group, Assistant
Secretary of the Army for Manpower and Reserve Affairs
(ASA(M&RA)); Other Army agencies that would obtain
access to information in this system, on request in support of
Specify. an authorized investigation or audit, may include Army Staff
Principals in the chain of command, Department of Army
Inspector General, Army Audit Agency, US Army Criminal
Investigative Command, and US Army Intelligence and
Security Command.
Other DoD agencies on request, in support of an authorized
investigation or audit, may include the individual's chain of
Specify.
command, Inspector General, law enforcement and criminal
investigative agencies, and intelligence personnel.

Other Federal Agencies

Specify.

As specified in the routine uses of the SORN.

State and Local Agencies

Specify.

As specified in the routine uses of the SORN.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 2 of 11

Contractor (Name of contractor and describe the language in
the contract that safeguards PII. Include whether FAR privacy
clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,
Privacy Act, and FAR 39.105 are included in the contract.)

All contracts that require access to data in MARS will
contain FAR and DFARS clauses requiring contractors to
maintain required safeguards and will include the statement
"The Contractor shall use appropriate safeguards to prevent
use or disclosure of Personally Identifiable Information and
Specify.
Protected Health Information." In accordance with DoD
regulations on Nondisclosure Agreement and Acceptable
Use Policy, all contractors are required to agree to protect
PII and comply with safeguards required under the related
FAR/DFARS clauses..

Other (e.g., commercial providers, colleges).

Specify.

i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)
Individuals

Databases

Existing DoD Information Systems

Commercial Systems

Other Federal Information Systems

j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)
E-mail

Official Form (Enter Form Number(s) in the box below)

Face-to-Face Contact

Paper

Fax

Telephone Interview

Information Sharing - System to System

Website/E-Form

Other (If Other, enter the information in the box below)

k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that
is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.
Yes

No

If "Yes," enter SORN System Identifier

A0602 AHRC-ARI

SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/
Privacy/SORNs/
or
If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency
Division (DPCLTD). Consult the DoD Component Privacy Office for this date
If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.

l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority for
the system or for the records maintained in the system?
(1) NARA Job Number or General Records Schedule Authority.

Unscheduled - under RMD

(2) If pending, provide the date the SF-115 was submitted to NARA.

(3) Retention Instructions.

Treat records as permanent. Do not destroy until schedule is approved.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 3 of 11

m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of
records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the
requirements of a statue or Executive Order.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.
(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.
(If multiple authorities are cited, provide all that apply).
(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.
(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the
operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.
(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as
the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.

5 U.S.C. 301, Departmental Regulations; 10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 2358, Research and Development Projects; and
E.O. 9397 (SSN), as amended.
n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control
Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to
collect data from 10 or more members of the public in a 12-month period regardless of form or format.
Yes

No

Pending

(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.
(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:
Procedures for DoD Public Information Collections.”
(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.

Information collection from non-service members will obtain OMB approval prior to initiation for each specific collection effort. Information
collection from service members does not require OMB approval.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 4 of 11