Army Updates Privacy Rules for Security Clearance Records System
Published Date: 1/23/2026
Notice
Summary
The Department of the Army is updating its records system that tracks security clearances and sensitive info access. This change combines old systems, adds new sharing rules beyond the military, and modernizes how data is managed. The update takes effect now, but the public can comment on the new sharing rules until February 23, 2026.
Analyzed Economic Effects
5 provisions identified: 1 benefits, 4 costs, 0 mixed.
Very Sensitive Personal Data Collected
If you are included in these Army security records, the system may hold highly sensitive data about you, including names and aliases, Social Security number (SSN), DoD/ID number, biometrics (fingerprints, images, voice), medical and mental health history, IRS tax information, financial and real estate data, polygraph records, user activity monitoring (keystrokes, screen captures), travel and foreign contact details, and prior security investigative information.
Expanded Data Sharing Outside DoD
If you are affiliated with the U.S. Army (employee, contractor, family member, visitor, or other affiliate), your security and vetting records may be disclosed beyond the Department of Defense. The SORN explicitly lists routine uses allowing disclosures to contractors, grantees, Federal/State/local/tribal/foreign/international law enforcement, other Federal agencies, the U.S. Intelligence Community, multinational task forces, and other non-DoD entities; routine uses become effective at the close of the comment period on February 23, 2026 unless changed.
Privacy Act Exemptions Limit Access
The Department of Defense has exempted records in this system from many Privacy Act protections. The notice states records are exempt from subsections 5 U.S.C. 552a(c)(3); (d)(1), (2), (3), and (4); C(1), C(4)(G), (H), and (I); and (f), which limits some rights to see or contest certain records and is implemented under 32 CFR part 310.
Long Retention Periods for Security Records
The Army will retain different security records for long periods: retired routine personnel security records are kept in the AISRR and retained for 15 years after last action; files with derogatory information or that resulted in adverse action are destroyed after 25 years; polygraph records retention ranges (e.g., 90 days for favorably resolved counterintelligence-scope polygraphs, 15 years for other than favorably resolved, 35 years for polygraphs incident to counterintelligence investigations), and original signed Sensitive Compartmented Information Agreements are destroyed when 70 years old.
Cloud Storage and Technical Safeguards Used
Your Army security records may be stored electronically in a government-certified cloud or FedRAMP-certified vendor cloud, but the Department says it uses safeguards such as multifactor authentication (including a Common Access Card and password), encryption (network and disk), key management, data masking where practicable, detection/alert systems, and access controls to protect records.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in