Office of Management and Budget Directives about the Privacy Act and Federal Agency Privacy Policies
The Office of Management and Budget's Memorandum M-07-16 (22 pp, 227 K, About PDF), requires agencies to:
"review their current holdings of all personally identifiable information and ensure, to the maximum extent practicable, such holdings are accurate, relevant, timely, and complete, and reduce them to the minimum necessary for the proper performance of a documented agency function. Agency-specific implementation plans and progress updates regarding this review will be incorporated as requirements in agencies' annual report under FISMA."
OMB further directed federal agencies, once they had completed their initial review, to develop and make public a schedule by which they would periodically update that review.
OMB Directives
- Plan for Reducing Unnecessary use of Social Security Numbers (2016)
- Plan for Reducing Personally Identifiable Information (2016)
- Privacy Training Program
- Privacy Act Rules of Conduct
The Office of Management and Budget's Memorandum M-17-06, requires agencies to post the following:
Matching Agreements
The term "matching agreement" means a written agreement between a recipient agency and a source agency (or a non-Federal agency) that is required by the Privacy Act for parties engaging in a matching program. 5 U.S.C. § 552 a(o)
EPA does not have any Matching Agreements.
Implementation Rules
Publicly Available Reports
OMB Guidance Documents and Budget Circulars
The circulars listed below can be found at: https://www.whitehouse.gov/omb/information-regulatory-affairs/privacy/
- Management of Federal Information Resources, OMB Circular No. A-130
- Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, OMB Memorandum M-01-05
- Privacy Policies and Data Collection on Federal Web Sites, OMB Memorandum M-00-13
- Privacy Policies on Federal Web Sites, OMB Memorandum M-99-18
- Privacy Guidance and Reference Materials
- Privacy Act Implemention: Guidelines and Responsibilities (PDF)(32 pp, 4.6 MB), 40 FR 28948
- Final Guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988 (PDF)(12 pp, 1.4 MB), 54 FR 25818
- OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notifications (September 20, 2006)(12 pp, 1.8 MB)
- M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 26, 2003)
- A-130 Appendix I to OMB Circular No. A-130 Federal Agency Responsibilities for Maintaining Records About Individuals