Subject: Release of Purchase Card Data to the Public Domain

OFFICE OF THE UNDER SECRETARY OF DEFENSE

3000 DEFENSE PENTAGON

WASHINGTON, D.C. 20301-3000

JUN 15 2005

MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS (ATTN: ACQUISITION EXECUTIVES)

DIRECTORS, DEFENSE AGENCIES

SUBJECT: Release of Purchase Card Data to the Public Domain

In response to the terrorist attacks on the United States in the Fall of 2001, the Department revised its policies which implement the Freedom of Information Act. At that time, the decision was made to withhold lists of names and other personally identifying information of Department personnel in response to requests under the FOIA. In terms of the Department's purchase card program, this policy revision meant that the names of all program officials (to include cardholders, billing officials, and agency program coordinators) would not be released under a FOIA request.

However, this policy revision did not address the potential exposure of classified programs and organizations within the Department through non-name-specific FOIA requests. In May of 2003, I requested a review by the Office of the Under Secretary of Defense for Intelligence to determine if the public availability of the organizational names and telephone numbers of all Departmental cardholders could pose a security risk to classified operations. The August 7, 2003, response provided by the Deputy Assistant Secretary of Defense (Security and Information Operations), attached, makes a persuasive case regarding the Operational Security risk posed by the release of detailed aggregated purchase card information provided by the Office of the Secretary of Defense.

Notwithstanding this guidance, the Department has a legal responsibility to provide a limited amount of publicly accessible information associated with each Departmental purchase card account. To this end, this memorandum authorizes the release of a limited amount of purchase card transactional detail to the public domain. Effective immediately, the Purchase Card Program Office is authorized to release the following transactional data at the installation, base, or activity level for non-classified card accounts:

* merchant category code

* transaction amount

* merchant name

* merchant city, state, zip, and phone

* transaction date (releasable 90 days after date)

The transaction date is not to be released until 90 days have passed from this date. This mirrors identical Department policy governing the release of DD350 data to FPDS.

Additionally, base commanders are reminded of the security risk created if unnecessary personnel information (e.g., cardholder's names) is publicly available. If you have any questions, my point of contact for this matter is Mr. Dennis Hudner and he can be reached at dennis.hudner@hqda.army.mil or (703) 681-3315.

Deidre A. Lee

Director, Defense Procurement and Acquisition Policy

Attachment

As Stated

Editor's note: View the attachment to this memorandum at <http://www.acq.osd.mil/dpap/policy/policyvault/pcard_1.htm>.

COPYRIGHT 2005 Defense Acquisition University Press
COPYRIGHT 2005 Gale Group