Marine Corps Base Camp Pendleton, located in Southern California, is the largest Marine
Corps installation on the West Coast. Camp Pendleton has an active duty military population of more than 46,000 inhabitants and a daytime population of more than 70,000, which includes the 1,150 Marines, 3,500 civilian Marines and supporting government contractors employed to accomplish its assigned mission.
To comply with Department of Defense (DoD) and Department of the Navy (DON) policies,
Camp Pendleton began the revitalization of its privacy program in 2008. Using such references
as Directive-Type Memorandum 07-15-USD (P&R), DoD Social Security Number (SSN) Reduction
Plan; DoD Directive 5400.11, DoD Privacy Program; Combating Identify Theft: A Strategic Plan
from the President’s Identity Theft Task Force; and other guidance issued by the DON and
Headquarters Marine Corps, Camp Pendleton began its efforts to reduce the usage of Social
Security numbers for identification by consolidating reference materials, analyzing current
procedures and identifying key stakeholders.
The consolidation and validation process was not an easy task during the 2008 and early
2009 time period. Some of the contributing factors making the process difficult were: changing
requirements, lack of a primary reference, compliance ownership, and personnel availability
and/or opportunities for training and idea sharing which were further constrained by budget
limitations. Additionally, the use of the Social Security number for identification was and still
is ubiquitous. Too many of our processes, many that are beyond Marine Corps control, rely on
the use of the SSN. But by 2009, dramatic, positive change began in Camp Pendleton’s privacy
The tipping point was the issuance of the Marine Corps Enterprise Information Assurance
Directive (EIAD) 011, Personally Identifiable Information (PII), of April 9, 2009. This document
consolidated various directives into a single source reference and detailed requirements. EIAD
011 outlined cross-functional (Privacy Act and information technology) action items and melded
together requirements from previously bifurcated functions.
Implementation of EIAD 011 laid the foundation of a manageable Privacy Act Program that
includes the requirements of both electronic and manual systems of records. Action taken for
Phase One of the DON’s SSN Reduction Plan was an easy fit into the oversight structure developed
as a result of EIAD 011. A good fit for action officers, compliance for Phase One was substantial.
The following actions were completed as a result of Phase One.
• All locally generated forms for Camp Pendleton were thoroughly reviewed.
• SSN use was validated, eliminated when possible, or justified for continued use.
• Privacy Act statements and systems of record numbers were assigned to each form
• Purchased and distributed the DON PII training class on compact disc and distributed
CDs to all special staff sections for internal training.
• Local form numbers and local stock numbers were assigned to each form.
• Forms not submitted for review and approval were no longer authorized.
• Electronic versions of all forms were entered into the Marine Corps forms processes link.
• Of 200 local forms, only 17 required the continued use of the SSN. This number will be
further reduced when a substitute unique identifier is authorized for DON use.
• A PII training class based on the required annual PII training syllabus was developed. This
class is given quarterly at the base theater and is open to anyone on the base who does
not have access to online training.
• Developed and instituted self-inspections for PII compliance.
• Field assist visits are offered and occur on a regular basis. Best practices are discussed and
Camp Pendleton’s privacy program significantly reduces the risk of loss or compromise of
warfighters’ personal information by eliminating, masking or truncating the SSN wherever possible. Reducing exposure of this sensitive privacy element reduces the likelihood that the Marines and civilian workforce will fall victim to identity theft.
Even though Camp Pendleton has a revitalized Privacy Act Program, there is always the risk
of compromise or loss. The best case scenario is to mitigate that risk to the extent possible. The
following suggestions may further enhance efficiencies and mitigation.
• Mandate that Privacy Act responsibilities are a primary duty for assigned personnel. Currently, Privacy Act duties are collateral duties at the major command level.
• Require professional training prior to assignment of Privacy Act duties and semiannual refresher training thereafter. Currently, training is not required and learning occurs on the job.
• Establish one agency office with responsibility for compliance with all phases of the Privacy Act. Currently, several offices may be issuing directives that have an impact on the Privacy Act Program.
• Establish a venue for privacy professionals to meet semiannually and discuss best practices, challenges and accomplishments.
Camp Pendleton is very proud of the collaborative efforts of its team members and looks forward to the continual improvement of its privacy processes.
Jim Hoskins is the MCB Camp Pendleton adjutant.