DOD MANUAL 5400.11, VOLUME 2
D
OD PRIVACY AND CIVIL LIBERTIES PROGRAMS: BREACH
PREPAREDNESS AND RESPONSE PLAN
Originating Component: Office of the Director of Administration and Management
Effective: May 6, 2021
Releasability: Cleared for public release. Available on the Directives Division Website
at https://www.esd.whs.mil/DD/.
Incorporates and Cancels: Chapter 10, Section C10.6 and Appendix 2 of DoD 5400.11-R
“Department of Defense Privacy Program,” May 14, 2007
Director of Administration and Management Memorandum, “Use of Best
Judgment for Individual Personally Identifiable Information (PII) Breach
Notification Determinations,” August 2, 2012
Part I, III, IV, and Appendix A of Director of Administration and
Management Memorandum, “Safeguarding Against and Responding to the
Breach of PII,” June 5, 2009
Office of the Deputy Chief Management Officer Memorandum, “DoD
Breach Response Plan,” September 28, 2017
Approved by: Thomas M. Muir, Interim Director of Administration and Management
Purpose: This manual is composed of two volumes, each containing its own purpose. In accordance
with the authority in DoD Directive 5105.53, the January 11, 2021 Deputy Secretary of Defense
Memorandum, and DoD Instruction (DoDI) 5400.11:
• This manual implements policy, assigns responsibilities, and provides procedures for compliance
with Section 552a of Title 5, United States Code (U.S.C.), also known and referred to in this volume as
the “Privacy Act of 1974,” as amended, and the Office of Management and Budget (OMB) Circular No.
A-130.
• This volume assigns responsibilities and provides procedures for preparing for and responding to
known or suspected breaches of personally identifiable information (PII). In accordance with OMB
Memorandum M-17-12, this volume serves as the DoD Breach Preparedness and Response Plan,
sometimes referred to as the “Plan” in this volume.
