An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Privacy Act Laws, Policies and Resources

You may need a PDF reader to view some of the files on this page. See EPA’s About PDF page to learn more.

Laws and Guidance

United States Code

Code of Federal Regulations

FISMA Reporting Guidance

  • M-16-03, Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements (October 30, 2015)
  • M-15-01, Fiscal Year 2014-2015 Guidance on Improving Federal Information Security and Privacy Management Practices (October 3, 2014)
  • M-14-04, Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (November 18, 2013)
  • M-12-20, FY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (September 27, 2012)
  • M-11-33, FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (September 14,2011)
  • M-10-15, FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (April 21, 2010)
  • M-09-29, FY 2009 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (August 20, 2009)
  • M-08-21, FY 2008 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 14, 2008)
  • M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (January 18, 2008)
  • M-07-19, FY 2007 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 25, 2007)
  • Management of Federal Information Resources, OMB Circular No. A-130
  • Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, OMB Memorandum M-01-05
  • OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notifications (September 20, 2006)
  • M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 26, 2003)

Office of Management and Budget Memorandum

  • M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sep 15, 2016)
  • M-15-13, Policy to Require Secure Connections across Federal Websites and Web Services (June 8, 2015)
  • M-14-03, Enhancing the Security of Federal Information and Information Systems (November 18, 2013)
  • M-13-20, Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative (August 16, 2013)
  • M-12-11, Reducing Improper Payments through the "Do Not Pay List" (April 12, 2012)
  • M-11-27, Implementing the Telework Enhancement Act of 2010: Security Guidelines (July 15, 2011)
  • M-11-20, Implementing Telework Enhancement Act of 2010 IT Purchasing Requirements (April 28, 2011)
  • M-11-02, FY 2010 Sharing Data While Protecting Privacy (November 3, 2010)
  • M-10-23, FY 2010 Guidance for Agency Use of Third-Party Websites and Application (June 25, 2010)
  • M-10-22, FY 2010 Guidance for Online Use of Web Measurement and Customization Technologies (June 25, 2010)
  • M-08-01, HSPD-12 Implementation Status (October 23, 2007)
  • M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007)
  • M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (July 12, 2006)
  • M-06-16, Protection of Sensitive Agency Information (June 23, 2006)
  • M-06-15, Safeguarding Personally Identifiable Information (May 22, 2006)
  • M-05-08, Designation of Senior Agency Officials for Privacy (February 11, 2005)
  • M-01-05, Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy (December 20, 2000)
  • M-00-13, Privacy Policies and Data Collection of Federal Web Sites (June 22, 2000)
  • M-99-18, Privacy Policies on Federal Web Sites (June 2, 1999)

Top of Page

You may need a PDF reader to view some of the files on this page. See EPA’s About PDF page to learn more.

EPA Policies, Procedures and Forms

Policies

Procedures

Forms

Top of Page

You may need a PDF reader to view some of the files on this page. See EPA’s About PDF page to learn more.

Related Resources

Office of Management and Budget (OMB) Directives

The directives listed below may be found at https://www.whitehouse.gov/omb/information-for-agencies/memoranda/

  • M-17-12, Preparing for and Responding to a Breach of Personally Identifiable INformation (January 3, 2017)
  • M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sep 15, 2016) (PDF) (5 pp, 288 K)
  • M-15-13, Policy to Require Secure Connections across Federal Websites and Web Services (June 8, 2015) (PDF) (5 pp, 259 K)
  • M-14-03, Enhancing the Security of Federal Information and Information Systems (November 18, 2013) (PDF) (15 pp, 869 K)
  • M-13-20, Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative (August 16, 2013) (PDF) (18 pp, 9 MB)

Federal Acquisition Regulations (FAR) Clauses and EPA Acquisition Regulation (EPAAR)

Other Resources

Other Related Websites

Top of Page