Privacy

U.S. Africa Command oversees and directs the protection of the personal information of military and civilian command staff, their dependents, and the public at large.

Privacy Program information

The command's privacy program serves to advise and make recommendations to command leadership for the establishment of privacy priorities. The Privacy Office is also responsible for the development of privacy policies, procedures, and guidance essential to safeguarding the collection, access, use, dissemination, and storage of personally identifiable information (PII), business identifiable information (BII), and Privacy Act information. The mission of the AFRICOM Privacy Office is to ensure that the personal data of everyone who is assigned to or who interacts with the command is appropriately managed and protected.

 The U.S. Africa Command Privacy Office ensures command compliance with regulatory requirements and legislated mandates governing those programs.

•     Privacy Act of 1974 (as amended 5 U.S.C. § 552a) ;

  • Office of Management and Budget (OMB) guidance for information systems
  • OMB Circulars A-108 and A-130
  • Government Paperwork Reduction Act
  • E-Government Act of 2002
  • Federal Information Modernization Act of 2014 (FISMA)
  • National Institute of Standards and Technology (NIST) Privacy Standards


AFRICOM also ensures that activities within the functional areas of:

  • Integrating with leadership, command directorates and staff to understand VA mission critical systems and where PHI/PII resides
  • Establishing privacy risk policy and best practices for information management and sharing information within DoD and partners
  • Training and educating the command staff on the implementation of privacy best practices
  • Integrating with cybersecurity and systems management efforts to ensure appropriate privacy protections are identified, acquired, and implemented
  • Ensuring that acquisitions instruments adhere to privacy best practices

U.S. Africa Command Staff: to report a privacy incident, call DSN 119

U.S. Africa Command internal documents (link coming soon)

System of Records Notices (link coming soon)

Privacy Impact Assessments:

Privacy Policies:


Privacy Resources

Privacy-related Legislation

All linked documents are in PDF.

  • The Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501-06) (COPPA) regulates the online collection and use of personal information provided by and relating to children under the age of 13.
  • The Clinger-Cohen Act of 1996 (40 U.S.C. 1401, et. seq.) (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is designed to improve the way the federal government acquires, uses and disposes information technology (IT).
  • The E-Government Act of 2002 (44 U.S.C. 3601 et. seq.) establishes procedures to ensure the privacy of personal information in electronic records.
  • The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA). The CIPSEA protects the confidentiality of identifiable information acquired by federal agencies. It applies to data supplied by individuals and organizations to federal agencies under a pledge of confidentiality for statistical purposes. CIPSEA provides that data or information acquired by an agency under a pledge of confidentiality for exclusively statistical purposes shall not be disclosed by an agency in identifiable form, for any use other than an exclusively statistical purpose, except with the informed consent of the respondent.
  • The Federal Information Security Management Act of 2002, (44 U.S.C. § 3541)(FISMA), requires agencies to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of an agency. FISMA requires federal government information systems to have security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction. FISMA requires a mandatory set of IT system security processes that must be followed for all federal information systems. Compliance is monitored through yearly audits. The annual reports must include: 1) by agency, the number of each type of privacy review conducted that year; 2) information about the privacy advice provided by the Senior Agency Official for Privacy; 3) the number of written complaints for each type of privacy issue allegation received, and 4) the number of complaints the agency referred to another agency.
  • Freedom of Information Act (5 U.S.C. 552, as amended) (FOIA) generally provides that any person, including a business, to obtain access to federal agency records, except to the extent that such records (or portions of them) are protected from public disclosure by one of nine exemptions or by one of three special law enforcement record exclusions. The FOIA is a disclosure statute and applies to records that are: (1) either created or obtained by an agency, and (2) under agency control at the time of the FOIA request. When an agency receives a proper FOIA request for records, it must make the records "promptly available" unless the records or portions of the records are exempt from mandatory disclosure under subsection (b), or excluded under subsection (c). Subsection (c) permits an agency to respond to a request for excluded records as if the records do not exist.
  • The Privacy Act of 1974, (5 U.S.C. § 552a), is a withholding statute that applies when the federal government maintains a “system of records” (a grouping of items or records) in which information about individuals is retrieved by use of the individuals’ personal identifiers (e.g., names, social security numbers, or any other codes or identifiers that are assigned to the individual). The Privacy Act of 1974 and its implementing regulations: 1) Prohibit the disclosure of personally identifiable information maintained by agencies in a system of records without the consent of the subject individual, subject to twelve codified exceptions; (2) Grant individuals increased rights of access to agency records maintained on them; (3) Grant individuals the right to seek amendment of agency records maintained on them upon a showing that the records are not accurate, relevant, timely, or complete; and (4) Establish a code of "fair information practices," requiring agencies to comply with statutory norms for collection, maintenance, and dissemination of records.
  • Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3501, et seq.) is designed to reduce the public’s burden of answering unnecessary, duplicative, and burdensome government surveys.
  • Records Management by Federal Agencies (44 U.S.C. ch. 31), as amended, establishes the framework for records management programs in Federal agencies. As the primary agency for records management oversight, the National Archives and Records Administration (NARA) is responsible for assisting Federal agencies in maintaining adequate and proper documentation of policies and transactions of the Federal government. See General Records Schedule 4.2: Information Access and Protection Records.

Office of Management and Budget guidance


OMB Circulars

  • OMB Circular A-108 (Dec. 23, 2016) the reissuance of Circular A-108 describes agency responsibilities for implementing the review, reporting and publication requirements of the Privacy Act of 1974 and related OMB policies. It supplements and clarifies existing OMB guidance, including OMB Circular No. A-130, “Managing Information as a Strategic Resource,” “Privacy Act Implementation: Guidelines and Responsibilities,” “Implementation of the Privacy Act of 1974: Supplementary Guidance,” and “Final Guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988.”
  • OMB Circular A-130 (July 28, 2016) Management of Federal Information Resources, provides uniform government-wide information resources management policies as required by the Paperwork Reduction Act of 1980, as amended by the Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35. This Circular establishes policy for the management of Federal information resources and rescinds OMB Memoranda M-10-28, “Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security.”

DoD Privacy Issuances

  • DoDI 5400.11 "DoD Privacy and Civil Liberties Programs", Jan. 29, 2019

  • DoD 5400.11-R "Department of Defense Privacy Program" May 14, 2007

  • DoDI 1000.30 "Reduction of Social Security Number Use Within DoD" Aug. 1, 2012

  • DoDD 5400.11 "DoD Privacy Program"


Consent for disclosure of records protected under the Privacy Act

If you are providing consent and authorizing the agency to disclose your records to another person or entity, please provide the information below. A parent seeking access to the records of a minor, or a legal guardian seeking access to the records of a person adjudged by a court of competent jurisdiction to be incompetent due to a physical or mental incapacity may also use this form.

Information required for identity-proving and authentication

This information is required for the agency to verify your identity. 

  • Full Name
  • Current address
  • Copy of Military ID, U.S. state-issued identification card, or country-issued passport

If applicable, information for request by parent or legal guardian

This information is being requested as defined in 5 U.S.C. § 552a(h) and in accordance with Department of Defense policy and regulations implementing 5 § 552a(h).

  • Name of record subject 
  • Copy of Legal Guardianship Court Order (if applicable)
  • Date of Birth (if requesting records for individual below the age of majority)

Information required to locate the record(s)

This information is required for the agency to be able to match the individual's information provided in this request with the records that pertain to that individual. 

  • Description of Records Being Requested
    1. Information being sought
    2. Name of office where believed to be maintained
    3. Name of form or document on which the information is found

Other information to identify the record subject

  • Electronic Data Interchange Personal Identifier (EDIPI) a.k.a. DOD ID 
  • Date of Birth
  • The address where you would like to receive the records 

Declaration of identity

All requests for records must be submitted with the following statement or they will not be processed:

“I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct, and that I am the person named above and requesting access to my records or records that I am entitled to request as the parent of a minor or the legal guardian of person adjudged by a court of competent jurisdiction to be incompetent due to a physical or mental incapacity, and I understand that any falsification of this statement is punishable under the provisions of 18 U.S.C. § 1001 by a fine, imprisonment of not more than five years, or both, and that requesting or obtaining any record(s) under false pretenses is punishable under the provisions of 5 U.S.C. § 552a(i)(3) by a fine of not more than $5,000.” 

Privacy Act statement

In accordance with DoD 5400.11-R,Department of Defense Privacy Program, personal information sufficient to identify the individuals requesting access to records under the Privacy Act of  1974, 5 U.S.C. § 552a, is required. The purpose of this solicitation is to ensure that the records of individuals who are the subject of systems of records are not wrongfully disclosed by U.S. Africa Command [Information about published routine uses to which the information is subject.] Requests will not be processed if this information is not furnished. False information on this form may subject the requester to criminal penalties under 18 U.S.C. § 1001 and/or 5 U.S.C. § 552a(i)(3). 


Contact us

To submit a privacy-related question or complaint, reach us by email or phone: +49 (0)711.7081.0066, and +49 (0)711.7081.0339