Federal Privacy Laws, Regulations, and Policies
Federal Privacy Laws, Regulations, and Policies
- The Privacy Act of 1974 (5 U.S.C. 552a)
- The Freedom of Information Act (5 U.S.C. 552)
- Department of Justice guidance on the Privacy Act
- E-Government Act of 2002 (E-GOV) & Section 208
- Social Security Numbers, Executive Order 9397 (SSN), as amended by E.O. 13478
- Clinger-Cohen Act of 1996, also known as the Information Technology Management Reform Act)
- Computer Matching and Privacy Protection Act of 1988
- Electronic Communications Privacy Act (ECPA), Pub.L. 99-508
- Wiretap Act, the Stored Communications Act
- Pen Register Act
- Computer Fraud and Abuse Act (CFAA)
- Gramm-Leach-Bliley Act (GLB)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Children’s Online Privacy Protection Act (COPPA)
- Driver’s Privacy Protection Act of 1994 (DPPA)
- Video Privacy Protection Act (VPPA)
- OMB Circular No. A-130, Managing Federal Information as a Strategic Resource
- M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information
- M-17-09, Management of Federal High Value Assets
- M-17-06, Policies for Federal Agency Public Websites and Digital Services
- M-17-05, Fiscal Year 2016-2017 Guidance on Federal Information Security and Privacy Management Requirements
- M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors
- M-11-02, Sharing Data While Protecting Privacy
- M-14-06, Guidance for Providing and Using Administrative Data for Statistical Purposes
- M-14-03, Enhancing the Security of Federal Information and Information Systems
- M-03-22 - Memorandum for Heads of Executive Departments and Agencies, OMB Guidance for Implementing the Privacy Provisions of E-Government Act of 2002.
- NIST Special Publication 800-53, Revision 4, Privacy Controls
- Recommendations for Identity Theft Related Data Breach Notification, September 20, 2006
- Treasury Directive 25-04, The Privacy Act of 1974, as amended, January 27, 2014
- Treasury Directive 25-08, Safeguarding Against and Responding to the Breach of PII, December 22, 2009
- Treasury Directive 25-09, Privacy and Civil Liberties Activities Pursuant to Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, P.L. 110-53, December 14, 2015.
- Treasury Directive 25-10, Information Sharing Environment Privacy and Civil Liberties Policy
- Title 31, Code of Federal Regulations (CFR), Subtitle A, Part 1, Subpart A, “Freedom of Information Act” and Subpart C, “Privacy Act.”
- Department of the Treasury SORNS, 81 Fed. Reg. No. 215, 78266, November 7, 2016.
- BEP SORNS, 78 Fed. Reg. No. 73, 22604, April 16, 2013
Specific OMB Circulars & Memoranda:
Treasury/BEP Regulations/Policies:
Additional Laws that Impact Privacy Documentation or Activities
Executive Order 13164, July 26, 2000, Reasonable Accommodation