Privacy Impact Assesment

PRIVACY IMPACT ASSESSMENT (PIA)
PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense
(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,
and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.
military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to
system.
1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:

DAU 02 Data Service Management (DSM)
3. PIA APPROVAL DATE:

2. DOD COMPONENT NAME:

02/28/24

Defense Acquisition University

SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)
a. The PII is: (Check one. Note: foreign nationals are included in general public.)
From members of the general public

From Federal employees and/or Federal contractors

From both members of the general public and Federal employees and/or
Federal contractors

Not Collected (if checked proceed to Section 4)

b. The PII is in a: (Check one)
New DoD Information System

New Electronic Collection

Existing DoD Information System

Existing Electronic Collection

Significantly Modified DoD Information System
c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals
collected in the system.

PURPOSE(S): To manage administrative and academic functions related to students; enables students to interact; share resources, ideas and
experiences to support job performance, and avoid duplication of professional effort; to issue student identification; and create single sign-on
accounts. To provide a professional forum for the Defense Acquisition Workforce to connect with others in their field on acquisition-related
topics, and form professional networks. These social interactions allow for the sharing of resources, ideas, and experiences to enhance job
performance; promote social learning and foster a culture that continuously learns, shares learning, and acts upon that learning. Records are
also used as a management tool for statistical analysis, tracking, and reporting.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: All current, former, and nominated students of the Defense
Acquisition University (DAU). DoD Acquisition Workforce which includes Active Duty Military, Reservists, National Guardsman, and
DoD civilians. Students may also include other Federal Agency Acquisition employees, international military and civilian fellows, members
of supporting defense industries, and program office sponsored contractor employees applying for or attending Defense Acquisition
University courses.
CATEGORIES OF RECORDS IN THE SYSTEM: Name, Social Security Number (SSN), DoD ID Number, DAU student ID, date of birth,
current address, work or personal email address, temporary duty address and telephone number, disability (yes/no only), citizenship type,
designation (Military, civilian, or contractor), organization, employment information (job series; rank; pay grade; service); supervisor
information (name, work email, code and phone number), security clearance, course information (i.e., course name, class or section number,
dates); college transcripts, correspondence, DAU grades, instructor and advisor evaluations, education reports, official orders, individual's
photograph, about me (interests, hobbies, skills and job related experience), and emergency point of contact name and phone number,
acquisition discipline and specialty area (auditing, business, contracting, engineering, facilities engineering, industrial/contract property
management, information technology, life cycle logistics, program management, purchasing, production/quality/manufacturing, science/
technology manager, test/evaluation), student record (active or inactive), information as to whether the student has to file a confidential
financial disclosure form (yes or no).
d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,
administrative use)

The DAU DSM contains limited PII in order to manage administrative and academic functions related to Student registrations and Student
Distance Learning Authentication. The Student Records/Transcripts are also used to verify attendance, grades, tracking, and reporting for
DAWIA Certification purposes. These functions are necessary to support Acquisition Workforce Certifications and graduation data will be
shared with the Services and Corporate Partners of DoD sponsored students.
e. Do individuals have the opportunity to object to the collection of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can object to the collection of PII.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 1 of 9

(2) If "No," state the reason why individuals cannot object to the collection of PII.

Individuals may withhold some PII, such as personal email address and personal phone number. However, certain fields, such as DAU ID
and work email are required data registration elements for the system and interfaces.
f. Do individuals have the opportunity to consent to the specific uses of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.
(2) If "No," state the reason why individuals cannot give or withhold their consent.

Information provided is voluntary. Respondents are Student applicants and instructors who willingly provide personal information to take
courses administered by the Defense Acquisition University or access DAU on-line training.
g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and
provide the actual wording.)
Privacy Act Statement

Privacy Advisory

Not Applicable

PRIVACY ADVISORY
SUBJECT: Cybersecurity and Policy on Use of Department of Defense(DoD) Information Systems Standard Concent Banner and User
Agreement
REFERENCE:DoD Instruction Number 8500.01 (https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/850001_2014.pdf) and
DoD Consent Banner (https://dodcio.defense.gov/Portals/0/Documents/DoDBanner-9May2008-ocr.pdf).
PRIVACY ACT STATEMENT
AUTHORITY:10 U.S.C. 133, Under Secretary of Defense for Acquisition, Technology and Logistics; DoD Instruction 5000.57, Defense
Acquisition University (DAU); and E.O. 9397 (SSN), as amended.
PRINCIPAL PURPOSE:The Defense Acquisition University (DAU) Data Services Management (DSM) support institutional acquisition
training missions for the Department of Defense (DoD). The system is used to manage administrative and academic functions related to
student registration, courses attempted, and completed. The system is also used to verify attendance and grades; and as a management tool
for statistical analysis, tracking, and reporting.
ROUTINE USES: Routine use compatibility: The routine uses are consistent with the purpose for which the information is collected and
have been determined to be necessary and proper.
Routine use (a) is compatible with the purpose of the collection because it allows for DoD DAU to share student’s information with other
Federal, DoD and Industry partners.
Routine uses (b) is compatible with the purpose of the collection to accomplish an agency function related to this system of records
Routine (c) through (f) are standard routine uses commonly listed in DoD and other Federal agency System of Records Notices.
Routine uses (g) and (h) are in response to the Office of Management and Budget (OMB) requirement in OMB M-17-12 to respond
appropriately to a breach of personally identifiable information in this system of records or, as appropriate, to assist another Federal agency
or entity in its response to a breach.

DISCLOSURE:Voluntary. However, failure to provide the requested information may result in denial of access, application submission,
course reservation and record of training.
h. With whom will the PII be shared through data exchange, both within your DoD Component and outside your Component? (Check all that apply)
Within the DoD Component

Specify.

IT, PRM, HR Business Units

Other DoD Components

Specify.

ATRRS, CAPPMIS, DCPDS, ACMS, MIS II, DMDC

Other Federal Agencies

Specify.

State and Local Agencies

Specify.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 2 of 9

Contractor (Name of contractor and describe the language in
the contract that safeguards PII. Include whether FAR privacy
clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,
Privacy Act, and FAR 39.105 are included in the contract.)

Specify.

Other (e.g., commercial providers, colleges).

Specify.

i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)
Individuals

Databases

Existing DoD Information Systems

Commercial Systems

Other Federal Information Systems

Individual, supervisors, employers, instructors, advisors, examinations, official military records, and the Army Training Requirements and
Resources System (ATRRS), Career Acquisition Personnel & Position Management Information System (CAPPMIS), Defense Civilian
Personnel Data System (DCPDS), Acquisition Career Management System (ACMS), Management Information System (MIS II), and
Defense Manpower Data Center (DMDC).
j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)
E-mail

Official Form (Enter Form Number(s) in the box below)

Face-to-Face Contact

Paper

Fax

Telephone Interview

Information Sharing - System to System

Website/E-Form

Other (If Other, enter the information in the box below)

k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that
is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.
Yes

No

If "Yes," enter SORN System Identifier

DoD 0005 Defense Training Records

SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/
Privacy/SORNs/
or
If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency
Division (DPCLTD). Consult the DoD Component Privacy Office for this date
If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.

l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority for
the system or for the records maintained in the system?
(1) NARA Job Number or General Records Schedule Authority.

1901 01

(2) If pending, provide the date the SF-115 was submitted to NARA.

(3) Retention Instructions.

Student registration records are destroyed 50 years after graduation, transfer, withdrawal, or death (GTWD) of student. All other records
are destroyed 5 years after GTWD of student.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 3 of 9

m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of
records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the
requirements of a statue or Executive Order.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.
(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.
(If multiple authorities are cited, provide all that apply).
(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.
(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the
operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.
(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as
the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 10 U.S.C. 113, Secretary of Defense; 10 USC § 136, Under Secretary of
Defense for Personnel and Readiness; 10 U.S.C. 1702, Under Secretary of Defense for Acquisition and Sustainment: Authorities and
Responsibilities; 10 U.S.C. 1746 Defense Acquisition University; 10 U.S.C. 1747, Acquisition Fellowship Program; DoD Directive (DoDD)
5134.01, Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)); and DoD Instruction (DoDI) 5000.57,
Defense Acquisition University (DAU); E.O. 9397 (SSN) as amended.
n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control
Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to
collect data from 10 or more members of the public in a 12-month period regardless of form or format.
Yes

No

Pending

(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.
(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:
Procedures for DoD Public Information Collections.”
(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.

OMB CONTROL NUMBER: 0704-0591, EXPIRATION DATE: 09/30/2024
Pending Renewal from OMB

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 4 of 9