Block 2 Flashcards
What are the 3 FOIA Program Objectives?
Compliance, Openness with the Public, and Avoidance of Procedural Obstacles
Which Program Objective is necessary to provide uniformity in implementation of the program and create conditions that will promote public trust?
Compliance
Which Program Objective conducts activities in an open manner consistent with need for security and adherence to law/regulation?
Openness with the Public
Which Program Objective must not unnecessarily impede a requester from obtaining DoD records promptly?
Avoidance of Procedural Obstacles
Who is able to submit a FOIA request?
Any person, excluding fugitives and Federal Agencies
Where can FOIA records be requested from?
Executive department, military department, government corporations, government controlled corporation, and other establishments in the executive branch
What type of records are the most frequently requested?
Military records
What are the 2 types of FOIA requests?
Simple and Complex
Which type of FOIA request can be processed quickly with limited impact on the responding unit?
Simple
Which type of FOIA request may be classified, originated from non-government source, privileged or part of AF decision-making process?
Complex
Who is the person who submits the request in writing to the FOIA agency?
The Requester
Who is appointed in writing by each Installation Commander and receives, tracks, and coordinates all request for the base using eFOIA software?
FOIA Manager
Who is the organization that prepared or is responsible for the record(s) requested and provides requested records and indicates withheld parts annotated with FOIA exemptions?
Office of Primary Responsibility (OPR)
Who is the point of contact with an OPR and is tasked within the OPR to locate the record(s)?
The FOIA Monitor
Who ensures FOIA representatives follow all law & instructions and performs thorough review of the request before releasing/denying?
The Legal Office
Who receives all content after OPR and Legal Office concur on a request denial and has the authority to withhold records requested under FOIA for one or more of the nine exemptions?
Initial Denial Authority (IDA)
How many FOIA exemptions are there?
9
What was established to prevent the release of information that could be harmful to the government or private interest?
FOIA Exemptions
Upon receipt of a FOIA request, what is sent to the requester along with a tracking number?
A letter of acknowledgement
How many working days does it take to process a FOIA request?
20
What system is used to document all communications with requesters?
eFOIA
What are the steps for reviewing End of Year Reports?
Step 1. Access http://www.foia.af.mil
Step 2. Select Annual Reports
Step 3. Select the applicable report
What would be defined as a dissemination control applied by the Department of Defense (DoD) to unclassified information when disclosure to the public of that particular record would reasonably be expected to cause harm to an interest protected by one or more FOIA Exemptions 2 through 9?
For Official Use Only (FOUO)
Who determines whether information qualifies as FOUO and applies markings?
The document originator
What must the subject begin with if the email contains FOUO information?
FOUO\
What must the body begin with if the email contains FOUO information?
This e-mail contains FOR OFFICIAL USE ONLY (FOUO)
What type of information is contained in a document labeled SF 706?
Top Secret
What type of information is contained in a document labeled SF 707?
Secret
What type of information is contained in a document labeled SF 708?
Confidential
What type of information is contained in a document labeled SF 710?
Unclassified
What protective measures must you take during the duty day to secure FOUO information?
Cover and place out of sight and use privacy screens on monitors if available
What protective measures must you take after the duty day in an unsecured building to secure FOUO information?
Store in locked desks, file cabinets, book cases, locked rooms, etc.
What is the act of releasing all relevant information that may influence a decision?
Disclosure
What must you do when an individual gains access to any information without permission?
Take immediate action to secure the information and correct the process that led to the unauthorized disclosure
What are methods of disposal for information labeled FOUO?
Shredding, burning, pulping, macerating, etc.
How are records on magnetic media destroyed?
Degaussing or overwriting
What established a code of fair information practices that governs their collection, maintenance, use and dissemination of information about individuals that is maintained in systems of records by federal agencies?
The Privacy Act (PA) of 1974
What is the sole purpose of the Privacy Act?
To protect individuals from unwarranted invasion of their privacy
What are the objectives of the Privacy Act?
Restrict disclosure, increased rights of access to agency records, amendment of agency records, and establish basic requirements
What is designated at each organizational level to manage and implement the Air Force PA Program?
Privacy Act Office of Primary Responsibility (PA OPR)
What informs individuals of why information is being collected and how it is going to be used and assures information is accurate, relevant, complete, and up-to-date before disclosing to others?
Privacy Act Mandates
Who is the liaison between unit and Base Privacy Manager?
Unit Privacy Monitor
Which two forms can you use to cover documents containing PA information when not in storage?
AF Form 3227, Privacy Act Cover Sheet or DD form 2923, Privacy Act Data Cover Sheet
What is a legal document that describes the kinds of personal data collected and maintained in a System of Record (SOR) and describes what the records are used for and how individuals may access or contest the records in the system?
System of Record Notice (SORN)
What is the official journal of the federal government of the United States that contains government agency rules, proposed rules, and public notices?
The Federal Register (FR)
What is an allegation that an agency or its employee violated a provision of the PA?
Privacy Act Complaint
What is an agency or individual knowingly or willfully fails to comply with the provisions of the PA?
Privacy Act Violation
How many Privacy Act exemptions are there?
8
How many steps are there to process a Privacy Act request?
5
How can verification of a Privacy Act request be accomplished?
Visually, by having personal knowledge of the requester, by signed letter, notarized statement, or unsworn statement
How many days do you have to acknowledge a Privacy Act request?
10 work days upon receipt
How often must Privacy Impact Assessments (PIA) be reviewed?
Annually
Which Office of Management Budget (OMB) states that PII is defined as information which can be used to distinguish or trace an individual’s identify?
OMB 07-16
Which Office of Management Budget (OMB) states that the definition of PII is not anchored to any single category of information or technology and that it’s a case-by-case assessment of the specific risk that an individual can be identified?
OMB 10-22
What is used to assist in identifying PII that is maintained in a SOR and stored on removable electronic media?
The Air Force Visual Aid (AFVA) 33-276
What must you do when using e-mail to send PII?
Digitally sign and encrypt the e-mail, ensure all attachments are password protected, and ensure all recipients have an official need to receive the information
What is an AF systems of record for Information Technology Compliance management data?
Enterprise Information Technology Data Repository (EITDR)
What is an application used to securely exchange files and is designed as an alternative file sharing method to e-mail?
Safe Access File Exchange (SAFE)
What is defined as an actual or possible loss of control, compromise or any unauthorized disclosure of PII whether electronic or physical?
A PII breach
Incidents and/or breaches that affect government information systems are reported to whom?
United States Computer Emergency Readiness Team (US-CERT)
How long do System Owners have to notify US-CERT of a confirmed Federal Government system compromise?
60 minutes
The AF Privacy Officer shall upload the report into the Defense Privacy and Civil Liberties Office (DPCLO) Reporting Management Tool within how many hours of a PII breach notification?
48 hours
The Privacy Official where the incident occurred shall notify the senior official in the chain of command by official unencrypted e-mail within how many hours of the incident/breach?
24 hours
The appropriate level Privacy Official shall notify the AF Privacy Office by official unencrypted email attaching the preliminary report within how many hours of being notified?
24 hours
The Commanders/Directors will ensure individuals impacted are notified within how many working days after a breach is confirmed and identities are ascertained?
10 working days
What consequence does the individual(s) responsible for cause of the breach receive?
DISA Identifying and Safeguarding Personally Identifiable Information refresher training
Which IG tool is used to capture IG investigative and administrative activity AF-wide?
Automated Case Tracking System (ACTS)
