Office of Management and Budget Directives about the Privacy Act and Federal Agency Privacy Policies

The Office of Management and Budget's Memorandum M-07-16 (pdf) (22 pp, 227 K, About PDF), requires agencies to:

"review their current holdings of all personally identifiable information and ensure, to the maximum extent practicable, such holdings are accurate, relevant, timely, and complete, and reduce them to the minimum necessary for the proper performance of a documented agency function. Agency-specific implementation plans and progress updates regarding this review will be incorporated as requirements in agencies' annual report under FISMA."
 

OMB further directed federal agencies, once they had completed their initial review, to develop and make public a schedule by which they would periodically update that review.

OMB Directives

  • Plan for Reducing Unnecessary use of Social Security Numbers (2016)
  • Plan for Reducing Personally Identifiable Information (2016)
  • Privacy Training Program: Recognizing that training and awareness are critical to protecting agency PII, EPA is developing online training for privacy contacts in its programs and regions. The training will be launched in Ql FY14. Mandatory general awareness privacy training will be available to all employees later in FY 2014. The annual mandatory security awareness training taken by all employees and others with access to EPA's systems also has a privacy training component. The Agency Privacy Officer conducts face to face and web-in-r trainings as needed and when requested by an organization. 
  • Privacy Act Rules of Conduct

The Office of Management and Budget's Memorandum M-17-06 (pdf), requires agencies to post the following:

Matching Agreements

The term "matching agreement" means a written agreement between a recipient agency and a source agency (or a non-Federal agency) that is required by the Privacy Act for parties engaging in a matching program. 5 U.S.C.  § 552 a(o)

EPA does not have any Matching Agreements.

Implementation Rules

Publicly Available Reports

OMB Guidance Documents and Budget Circulars

The circulars listed below can be found at the OMB Information Regulatory Affairs - Privacy site

  • Management of Federal Information Resources, OMB Circular No. A-130
  • Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, OMB Memorandum M-01-05
  • Privacy Policies and Data Collection on Federal Web Sites, OMB Memorandum M-00-13
  • Privacy Policies on Federal Web Sites, OMB Memorandum M-99-18
  • Privacy Guidance and Reference Materials
    • Privacy Act Implementation: Guidelines and Responsibilities (PDF)(32 pp, 4.6 MB), 40 FR 28948
    • Final Guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988 (PDF)(12 pp, 1.4 MB), 54 FR 25818
  • OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notifications (September 20, 2006)(12 pp, 1.8 MB)
  • M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 26, 2003)
  • A-130 Appendix I to OMB Circular No. A-130 Federal Agency Responsibilities for Maintaining Records About Individuals

Privacy Act

Contact Us about the Privacy Act
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on September 3, 2024