The purpose of the Privacy Act is to balance the government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from the collection, maintenance, use, and dissemination of their personal information by federal agencies. The Privacy Act permits an individual to gain access to records or any information pertaining to that individual which is contained in a system of records, subject to certain limitations and exemptions.

A systems of records is defined as "a group of records under the control of any agency from which information is retrieved by the individual's name or by some identifying number, symbol, or other identifying particular assigned to the individuals." (i.e., SSN, ID number, etc). A list and description of the systems of record maintained by DTRA can be found by clicking on the link below.

DTRA System of Records Notices


All requests made under the Privacy Act must be in writing and “properly” received. Your request is considered "properly" received when it meets the following criteria. If you request information about yourself and do not follow these procedures, your request cannot be processed.

  1. The request identifies the particular system of records you want to be searched.

Your request will only apply to records maintained in a system of records. A list and description of the systems of records maintained by DTRA can be found by clicking on the link provided above. In addition, DTRA may also maintain records pursuant to any other relevant DoD-wide or government-wide system of records. A list and description of DoD-wide and government-wide SORNs can be found by clicking on the links provided below.

DoD-Wide System of Records Notices

Government-Wide System of Records Notices

  1. The request includes the information listed under the “Notification Procedures” or “Records Access Procedures” of the applicable system of records notice. 
  2. The request includes verification of your identity. 

When submitting a Privacy Act request, you will be required to verify your identity. This verification is required in order to protect your privacy and to ensure that private information about you is not disclosed inappropriately to someone else. Whenever you request information about yourself you will be asked to provide either a notarized statement or a statement signed under penalty of perjury in accordance with 28 U.S.C. 1746. You may provide your full name and current address and either (1) have your signature on your request letter witnessed by a notary, or (2) include one of the following statements immediately above the signature on your request letter:

  1. If executed within the United States, its territories, possessions, or commonwealths: "I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct Executed on (date), (Signature)"
  2. If executed outside the United States, "I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct Executed on (date), (Signature)"
  1. The request adequately explains any requests for expedited processing, if applicable.
  1. The request states whether you agree to pay any fees associated with the processing of your request. 

Only duplication fees may be charged for processing Privacy Act requests. There is no minimum fee for duplication, and there is no automatic charge for processing a request. Fees for duplication of records will be charged in the same manner as requests for records under the Freedom of Information Act. Normally, fees are waived automatically if the direct costs of a given request are less than the cost of processing the fee. Decisions to waive or reduce fees that exceed the waiver threshold are made on a case-by-case basis.

  1. The request contains a written release authority if records are to be released to a third party, such as a law firm, Congressional office, or private entity.


Not all records about an individual must be disclosed under the Privacy Act. Some records may be withheld to protect important government interests such as national security or law enforcement. The Privacy Act exemptions are different than the exemptions under FOIA. Under the FOIA, any record may be withheld from disclosure if it contains exempt information when a request is received. The decision to apply a FOIA exemption is made only after a request has been made. In contrast, Privacy Act exemptions apply not to a record but to a "system of records." Before an agency can apply a Privacy Act exemption, the agency must first publish a rule stating that there may be exempt records in that "system of records." Since most record systems are not exempt, the exemptions are not relevant to most requests. Because Privacy Act exemptions are complex and used infrequently, most requesters need not worry about them. The exemptions are set out in the law. Privacy Act exemptions rules are published in the Federal Register.

DTRA’s Published Privacy Act Exemptions

Privacy Exemption Application Chart


Under the Privacy Act, certain Privacy Act records may be amended upon request. The request should be in writing and identify each particular record in question, state the amendment or correction that is sought, and state why the record is not accurate, relevant, timely, or complete without the correction. The individual will also need to verify identity in the same manner as above. Factual documentation that is helpful to the DTRA privacy officials should be submitted with the request. If it is believed that the same record exists in more than one system of records, this should be stated in the request, and the request should be addressed to each DoD Component that maintains a system of records containing the record as noted in this paragraph. The burden of proof is on the requestor to show that information is not accurate, relevant, timely, or complete. Please note that you may only request correction of factual information, not matters of opinion.

Please note that if you have had a security clearance granted by DoD and are requesting any information from the investigation, you should contact the Defense Security Service .


DTRA provides cross-cutting solutions to enable the Department of Defense, the United States Government, and international partners to deter strategic attack against the United States and its allies; prevent, reduce, and counter WMD and emerging threats; and prevail against WMD-armed adversaries in crisis and conflict.  

DTRA logo


Facebook Twitter YouTube LinkedIn DTRA Webmail

8725 John J. Kingman Rd., Fort Belvoir, Va. 22060-6221

Welcome to the Defense Threat Reduction Agency’s website. If you are looking for the official source of information about the DoD Web Policy, please visit The Defense Threat Reduction Agency is pleased to participate in this open forum in order to increase government transparency, promote public participation, and encourage collaboration. Please note that the Defense Threat Reduction Agency does not endorse the comments or opinions provided by visitors to this site. The protection, control, and legal aspects of any information that you provided to establish your account or information that you may choose to share here is governed by the terms of service or use between you and the website. Visit the Defense Threat Reduction Agency contact page at Contact Us for information on how to send official correspondence.