This guidance focuses especially on the Computer Matching and Privacy Protection Amendments of
1990, which alter the due process provisions of the Computer Matching and Privacy Protection Act of 1988. The guidance also addresses another issue suggested by agencies in reporting to OMB their activities in implementing the Computer Matching and Privacy Protection Act. Dated April 23, 1991.
These guidelines implement the provisions of the Computer Matching and Privacy Protection Act of 1988. This Act amends the Privacy Act of 1974 to establish procedural safeguards affecting agencies' use of Privacy Act records in performing certain types of computerized matching programs. Dated June 19, 1989.
Pursuant to its responsibilities under section 6 of the Privacy Act of 1974, OMB developed guidance on how the recordkeeping provisions of that Act affect agencies' programs (so-called "call detail programs") to collect and use information relating to their employees use of long distance telephone systems. Dated April 20, 1987.
This material is provided to address comments and questions of general interest raised in response to OMB's guidelines for implementing of section 3 of the Privacy Act of 1974. Dated November 21, 1975.
Provides a model Privacy Impact Assessment (PIA) for agencies to use when preparing an adapted PIA
before engaging the public through third-party websites and applications. The introduction to the model PIA provides additional context for agencies completing an adapted PIA. Dated December 29, 2011.
This Office of Management and Budget (OMB) Circular describes agency responsibilities for
implementing the review, reporting, and publication requirements of the Privacy Act of 1974
(“the Privacy Act”), and related OMB policies. Dated December 2016.
This Circular defines management’s responsibilities for enterprise risk management
(ERM) and internal control. The Circular provides updated implementation guidance to Federal
managers to improve accountability and effectiveness of Federal programs as well as mission support operations through implementation of ERM practices and by establishing, maintaining,
and assessing internal control effectiveness. Dated July 15, 2016.
The goal of this revised version of OMB Circular A-123 's Appendix C is to transform the
improper payment compliance framework to create a more unified, comprehensive, and less
burdensome set of requirements. Updated June 26, 2018.
Office of Management and Budget circular that establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services. Dated July 28, 2016.
Issues guidance to remind agencies of several privacy-related legal requirements that apply to computer matching and to clarify how agencies should conduct computer matching activities. Dated December 20, 2000.
This Memorandum establishes new procedures and provides updated guidance and requirements for agency use of web measurement and customization technologies. The central goal is to respect and safeguard the privacy of the American public while also increasing the Federal Government’s ability to serve the public by improving and modernizing its activities online. Dated June 25, 2010.
Office of Management and Budget memo that encourages Federal agencies to engage in coordinated, collaborated data-sharing in a manner that complies with applicable privacy laws, regulations, and polices. Dated November 3, 2010.
Office of Management and Budget memo that establishes a framework to help institutionalize the principles of effective information management at each stage of the information's life cycle to promote interoperability and openness. Dated May 9, 2013.
The goal of this Memorandum is to help both program and statistical agencies and components (including evaluation and analysis units) use administrative data more fully in a manner that respects privacy and protects confidentiality. Specifically, this guidance will help program agencies manage their administrative data with statistical purposes in mind. Dated February 14, 2014.
Federal websites and digital services should always meet and maintain high standards of effectiveness and usability and provide quality information that is readily accessible to all. The requirements in this Memorandum support building effective and user-centric digital services. Dated November 8, 2016.
This Memorandum contains general guidance for the planning, identification, categorization, prioritization, reporting, assessment, and remediation of Federal High Value Assets (HVAs), as well as the handling of information related to HVAs by the Federal Government. Dated December 2016.
This Memorandum sets forth the policy for Federal agencies to prepare for and respond to a breach of personally identifiable information (PII). It includes a framework for assessing and mitigating the risk of harm to individuals potentially affected by a breach, as well as guidance on whether and how to provide notification and services to those individuals. Dated January 3, 2017.
This memorandum provides guidance on the enhancement of the High Value Asset (HVA)
program operated by the Department ofHomeland Security (DHS), in coordination with the
Office ofManagement and Budget (OMB). Dated December 10, 2018.
This memorandum provides instructions to agencies on how to comply with the President's Memorandum of May 14, 1998 on "Privacy and Personal Information in Federal Records." In this Memorandum, the President directed Federal agencies to review their current information practices and ensure that they are being conducted in accordance with privacy law and policy. Dated January 7, 1999.
Every two years the President is required to submit a report describing the exercise of individual rights of access and amendment under the Privacy Act and consolidating information regarding computer matching activities of federal agencies. OMB Circular A-130 directs agencies to submit information necessary to these reports by June 30 in even numbered years. This memorandum is a reminder and provides instructions as to how to report. Dated June 1998.
This memorandum provides additional guidance to Executive Departments and Agencies on responding to congressional inquiries which involve access to personal information subject to the Privacy Act of 1974. Dated October 3, 1975.
This memorandum calls attention to three areas and suggests specific remedial steps for agencies: (1) Agencies' disclosures of personal information from systems of records during the course of litigation; (2) the disclosure of personal information from Privacy Act files pursuant to Section (b)(2), which allows agencies to make non-consensual disclosures if the disclosure would be "required" under the Freedom of Information Act; (3) the relationship between the exemption provisions of the Privacy Act and those of the Freedom of Information Act. Dated May 24, 1985.
The Personal Responsibility and Work Opportunity Reconciliation Act (PRWORA) requires Federal agencies to transmit information about employees newly hired and quarterly earnings to a National Directory of New Hires. This memorandum provides a model notice to help agencies comply with the requirement to publish a notice in the Federal Register announcing that a new "routine use" will be added to the agency's Privacy Act system of records covering payroll information. Dated November 3, 1997.
This Circular defines responsibilities for Implementing the Privacy Act of 1974 to assure that personal
information about individuals collected by Federal agencies is limited to that which is legally authorized and necessary and is maintained in a manner which precludes unwarranted intrusions upon individual privacy. Dated July 9, 1975.