An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Office of Management and Budget Directives about the Privacy Act and Federal Agency Privacy Policies

The Office of Management and Budget's Memorandum M-07-16 (22 pp, 227 K, About PDF), requires agencies to:

"review their current holdings of all personally identifiable information and ensure, to the maximum extent practicable, such holdings are accurate, relevant, timely, and complete, and reduce them to the minimum necessary for the proper performance of a documented agency function. Agency-specific implementation plans and progress updates regarding this review will be incorporated as requirements in agencies' annual report under FISMA."

OMB further directed federal agencies, once they had completed their initial review, to develop and make public a schedule by which they would periodically update that review.

OMB Directives

The Office of Management and Budget's Memorandum M-17-06, requires agencies to post the following:

Matching Agreements

The term "matching agreement" means a written agreement between a recipient agency and a source agency (or a non-Federal agency) that is required by the Privacy Act for parties engaging in a matching program. 5 U.S.C.  § 552 a(o)

EPA does not have any Matching Agreements.

Implementation Rules

Publicly Available Reports

OMB Guidance Documents and Budget Circulars

The circulars listed below can be found at:

  • Management of Federal Information Resources, OMB Circular No. A-130
  • Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, OMB Memorandum M-01-05
  • Privacy Policies and Data Collection on Federal Web Sites, OMB Memorandum M-00-13
  • Privacy Policies on Federal Web Sites, OMB Memorandum M-99-18
  • Privacy Guidance and Reference Materials
    • Privacy Act Implemention: Guidelines and Responsibilities (PDF)(32 pp, 4.6 MB), 40 FR 28948
    • Final Guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988 (PDF)(12 pp, 1.4 MB), 54 FR 25818
  • OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notifications (September 20, 2006)(12 pp, 1.8 MB)
  • M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 26, 2003)
  • A-130 Appendix I to OMB Circular No. A-130 Federal Agency Responsibilities for Maintaining Records About Individuals