Marine Corps Base Camp Pendleton, located in Southern California, is the largest Marine
Corps installation on the West Coast. Camp Pendleton has an active duty military population of more than 46,000 inhabitants and a daytime population of more than 70,000, which includes the 1,150 Marines, 3,500 civilian Marines and supporting government contractors employed to accomplish its assigned mission.
To comply with Department of Defense (DoD) and Department of the Navy (DON) policies,
Camp Pendleton began the revitalization of its privacy program in 2008. Using such references
as Directive-Type Memorandum 07-15-USD (P&R), DoD Social Security Number (SSN) Reduction
Plan; DoD Directive 5400.11, DoD Privacy Program; Combating Identify Theft: A Strategic Plan
from the President’s Identity Theft Task Force; and other guidance issued by the DON and
Headquarters Marine Corps, Camp Pendleton began its efforts to reduce the usage of Social
Security numbers for identification by consolidating reference materials, analyzing current
procedures and identifying key stakeholders.
The consolidation and validation process was not an easy task during the 2008 and early
2009 time period. Some of the contributing factors making the process difficult were: changing
requirements, lack of a primary reference, compliance ownership, and personnel availability
and/or opportunities for training and idea sharing which were further constrained by budget
limitations. Additionally, the use of the Social Security number for identification was and still
is ubiquitous. Too many of our processes, many that are beyond Marine Corps control, rely on
the use of the SSN. But by 2009, dramatic, positive change began in Camp Pendleton’s privacy
program.
The tipping point was the issuance of the Marine Corps Enterprise Information Assurance
Directive (EIAD) 011, Personally Identifiable Information (PII), of April 9, 2009. This document
consolidated various directives into a single source reference and detailed requirements. EIAD
011 outlined cross-functional (Privacy Act and information technology) action items and melded
together requirements from previously bifurcated functions.
Implementation of EIAD 011 laid the foundation of a manageable Privacy Act Program that
includes the requirements of both electronic and manual systems of records. Action taken for
Phase One of the DON’s SSN Reduction Plan was an easy fit into the oversight structure developed
as a result of EIAD 011. A good fit for action officers, compliance for Phase One was substantial.
The following actions were completed as a result of Phase One.
• All locally generated forms for Camp Pendleton were thoroughly reviewed.
• SSN use was validated, eliminated when possible, or justified for continued use.
• Privacy Act statements and systems of record numbers were assigned to each form
where required.
• Purchased and distributed the DON PII training class on compact disc and distributed
CDs to all special staff sections for internal training.
• Local form numbers and local stock numbers were assigned to each form.
• Forms not submitted for review and approval were no longer authorized.
• Electronic versions of all forms were entered into the Marine Corps forms processes link.
• Of 200 local forms, only 17 required the continued use of the SSN. This number will be
further reduced when a substitute unique identifier is authorized for DON use.
• A PII training class based on the required annual PII training syllabus was developed. This
class is given quarterly at the base theater and is open to anyone on the base who does
not have access to online training.
• Developed and instituted self-inspections for PII compliance.
• Field assist visits are offered and occur on a regular basis. Best practices are discussed and
shared.