OSD Records and Declassification Programs
Mission Statement
The WHS Privacy Program provides guidance and direction to the WHS Directorates, Programs and Personnel, as it relates to the Privacy Act of 1974, as amended.
Basic Privacy Principles
Privacy issues are implicated in a wide range of activities in both our personal and public lives.
Our concept of Privacy includes:
- Control of information concerning our personal life.
- Freedom from intrusion upon one's seclusion.
- Limits on publicity that places one in a false light.
- Prevention of identity theft, and the theft of one's name or likeness.
- Right to keep personal information confidential.
General Privacy Principles for Public and Private Sectors:
- Personal information should be acquired, disclosed, and used only in ways that respect an individual's privacy.
- Personal information should not be improperly altered or destroyed.
- Personal information should be accurate, timely, complete, and relevant to the purpose for which it is provided and used.
Please select a topic below to find further information:
1. Log into:
- eCasePortal
- and follow the step-by-step instructions below:
If you have questions, please reach out to the WHS/RDD Privacy Office at: whs.mc-alex.rsrcmgmt.list.esd-osd-js-privacy-office-mbx@mail.mil or jeanette.s.whiten.civ@mail.mil
2. Report the Breach to your Senior Component Official for Privacy and OSD/JS Privacy Program.
If there is a suspected or confirmed Privacy breach, report it immediately, fill out the Form DD 2959, Breach of Personally Identifiable Information (PII) Report.
After you complete the form, submit it to the DoD Privacy Office within 24 hours after discovery. NOTE: This form should also be used to report updates to previous submissions.
3. Conduct and document an assessment of the risk of harm to individuals potentially affected. If determined and approved by your senior leadership, notify the affected individuals of the breach.
Notification must be made within 10 days of the discovery of the incident. You will need to have the mailing address for each affected individual and be able to address the unique issue(s) pertaining to each breach. See DoD 5400.11-R, Appendix 2 for a sample notification letter.
4. Notify the appropriate Congressional Committee pursuant to FISMA no later than seven days after the date on which there is reasonable basis to conclude that a breach that constitutes a “major incident” has occurred.
A "major incident" is defined as “any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”
The impacted agency is ultimately responsible for determining if an incident should be designated as major and may consult with US-CERT to make this determination. (See OMB Memorandum M-17-05, dated Nov. 4, 2016).
Contact Us With Any Questions, Comments, or Concerns
General Privacy Act Questions
Please send your general privacy question, along with your name, phone number and email address to the DoD Privacy Office at the below email address.NOTE: This email is NOT for privacy act requests.
DoD Privacy Office
WHS Privacy Office email at: whs.mc-alex.rsrcmgmt.list.esd-osd-js-privacy-office-mbx@mail.mil or jeanette.s.whiten.civ@mail.mil
WHS Senior Component Official for Privacy (SCOP), can be reached at: 703-692-5473 or whs.mc-alex.esd.mbx.records-and-declassification@mail.mil
Privacy Act Requests
NOTE: Privacy Act requests (e.g. records about you and retrieved by your name or identifier) must be submitted IN WRITING; must be signed by you; and include the name and number of the system of records notice which can be found at SYSTEM OF RECORDS NOTICES (SORNS). Privacy Act requests cannot be submitted electronically; please use the below mailing address or fax.
Office of the Secretary of Defense/Joint Staff
FOIA Requester Service Center
1155 Defense Pentagon
Washington, DC 20301-1155
Alexandria, VA 22350
Facsimile: 571-372-0454
DoD Privacy Act Training
If you have privacy related questions or would like to schedule an agency live training session, please email the DoD Privacy Office with your request and we will contact you for additional details and scheduling. Mandatory Privacy Training in iCompass at: https://whs.sp.pentagon.mil/lms/Pages/default.aspx