Privacy

The Office of Information and Regulatory Affairs (OIRA), has a fundamental role in Executive Branch privacy policy. Among other things, OIRA is responsible for providing assistance to Federal agencies on privacy matters, developing Federal privacy policy, and overseeing implementation of privacy policy by Federal agencies. OMB’s privacy authority is established in Federal laws, including the Privacy Act of 1974 (5 U.S.C. § 552a), the Paperwork Reduction Act of 1995 (44 U.S.C. chapter 35), and the E-Government Act of 2002 (44 U.S.C. § 3501 note).

Privacy Guidance

2020s

• OMB Memorandum M-21-04, Modernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act (November 12, 2020)
• OMB Memorandum M-20-32, Improving Vulnerability Identification, Management, and Remediation (September 2, 2020)
• OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (July 10, 2020)

2010s

• OMB Memorandum M-18-20, Transmittal of Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement (June 26, 2018)
• OMB Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (Jan. 2017)
• OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act (Dec. 2016)
• OMB Memorandum M-17-09, Management of Federal High Value Assets (Dec. 2016)
• OMB Memorandum M-17-06, Policies for Federal Agency Public Websites and Digital Services (Nov. 2016)
• OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 15, 2016)
• OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016)
• OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control (July 15, 2016)
• OMB Memorandum M-14-06, Guidance for Providing and Using Administrative Data for Statistical Purposes (Feb. 14, 2014)
• OMB Memorandum M-13-20, Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative (Aug. 16, 2013)
• OMB Memorandum M-13-13, Open Data Policy – Managing Information as an Asset (May 9, 2013)
• Model Privacy Impact Assessment for Agency Use of Third-Party Websites and Applications (Dec. 29, 2011)
• OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications (June 25, 2010)
• OMB Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (June 25, 2010)

2000s

• OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (Sept. 26, 2003)

• OMB memorandum M-01-05, Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy (Dec. 20, 2000)
• OMB Memorandum for Privacy Act Officers of Departments and Agencies, Status of Biennial Reporting Requirements under the Privacy Act and the Computer Matching and Privacy Protection Act (June 21, 2000)

1990s

• OMB Memorandum M-99-18, Privacy Policies on Federal Web Sites (June 2, 1999)
• OMB Memorandum M-99-05, Instructions on complying with President’s Memorandum of May 14, 1998, “Privacy and Personal Information in Federal Records” (Jan. 7, 1999)
• OMB Memorandum for Agency Chief Information Officers, Biennial Privacy Act and Computer Matching Reports (June 1998)
• OMB Memorandum for the Chief Information Officers, Privacy Act Responsibilities for Implementing the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (Nov. 3, 1997)
• Computer Matching and Privacy Protection Amendments of 1990 and the Privacy Act of 1974, 56 Fed. Reg. 18,599 (Apr. 23, 1991)

1980s

• Final guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988, 54 Fed. Reg. 25,818 (June 19, 1989)
• Guidance on Privacy Act Implications of “Call Detail” Programs, 52 Fed. Reg. 12,290 (Apr. 20, 1987)
• OMB Memorandum for the Senior Agency Officials for Information Resources Management, Privacy Act Guidance — Update (May 24, 1985)
• OMB Memorandum M-83-11, Guidelines on the Relationship Between the Privacy Act of 1974 and the Debt Collection Act of 1982, 48 Fed. Reg. 15,556 (Apr. 11, 1983)

1970s

• Implementation of the Privacy Act of 1974, Supplementary Guidance, 40 Fed. Reg. 5,674 (Nov. 21, 1975)
• OMB Memorandum to the Heads of Executive Departments and Establishments, Congressional Inquiries which Entail Access to Personal Information Subject to the Privacy Act (Oct. 3, 1975)
• Privacy Act Implementation: Guidelines and Responsibilities, 40 Fed. Reg. 28,948 (July 9, 1975)