1. Privacy Laws Governing the Public Sector

• The Privacy Act of 1974
• The Computer Matching and Privacy Protection Act
• The eGovernment Act of 2002
• The Freedom of Information Act
• The Paperwork Reduction Act
• The Right to Financial Privacy Act
• The Privacy Protection Act of 1980
• Health Insurance Portability And Accountability Act Of 1996
• The Family Educational Rights and Privacy Act
• The Electronic Communications Privacy Act
• The Driver's Privacy Protection Act

2. U.S. Federal Government Policies

• OMB Circular A-130
• OMB Memorandum 03-22
• OMB Memorandum 99-18
• OMB “Cookie” Policy
• OMB Memorandum 05-08, Designation of Senior Agency Officials for Privacy
• OMB Memorandum 06-15, Safeguarding Personally Identifiable Information
• OMB Memorandum 06-16, Protection of Sensitive Agency Information
• OMB Memorandum 06-19, Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments
• OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information
• OMB Memorandum 08-09, New FISMA Privacy Reporting Requirements for FY 2008
• Other OMB Guidelines

• VA Directives and Handbooks
• VA Directive 6066, Protected Health Information (PHI)
• VA Directive 6361, Ensuring the Quality of Information Disseminated by VA
• VA Directive 6371, Destruction of Temporary Paper Records
• VA Directive 6500, Information Security Program
• VA Directive 6502, VA Enterprise Privacy Program
• VA Directive 6502.3, Web Page Privacy Policy
• VA Directive 6609, Mailing of Personally Identifiable and Sensitive Information
• VA Handbook 6300.4, Procedures for Processing Requests for Records Subject to the Privacy Act
• VA Handbook 6300.5, Procedures for Establishing and Managing Privacy Act System of Records
• VA Handbook 6300.6/1, Procedures for Releasing Lists of Veterans' and Dependents' Names and Addresses
• VA Handbook 6310.2, Collections of Information Procedures
• VA Handbook 6502.1, Privacy Violation Tracking System (PVTS)
• VA Handbook 6502.2, Privacy Impact Assessments (PIA)
• VA Handbook 6502.3 Web Page Privacy Policy
• VHA Directive 1605, VHA Privacy Program
• VHA Directive 2004-050, Mandated Utilization of ROI Records Management Software
• VHA Directive 2003-024, Facility Directory Opt-Out
• VHA Directive 2003-025, Confidential Communications
• VHA Directive 2007-040, Appointment of Facility Information Security Officer (ISO) and Privacy Officer to the Institutional Review Board (IRB) or the Research and Development (R&D) Committee
• VHA Handbook 1600.01, Business Associate Agreements
• VHA Handbook 1605.1, Privacy and Release of Information - Issued May 2006
• VHA Handbook 1605.2, Minimum Necessary Standard for Protected Health Information

4. Veterans Confidentiality Statutes

• Title 38 United States Code -Section 5701, Confidential Nature of Claims
• Title 38 United States Code -Section 5705, Confidentiality of Medical Quality-Assurance Records
• Title 38 United States Code -Section 7332, Confidentiality of Certain Medical Records