OMA Privacy Information

Quicklinks	Quicklinks
IC Privacy Coordinators	Eye on Privacy News
PMC Meetings	Privacy Brochure
PCG Meetings	OCIO Website
Privacy Training	FAQs
PIA Training	Glossary
Privacy Act SORNs	References
SORN Checklist

References

Privacy Act
Privacy Impact Assessments
Web Privacy
Homeland Security Presidential Directive (HSPD) - 12
Federal Information Security Management Act and Agency Privacy Management (FISMA)
Incident Reporting
Training Resources

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended)

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/foia/privstat.htm

OMB Instructions for Complying with the President’s Memorandum "Privacy and Personal Information in Federal Records":
http://www.whitehouse.gov/omb/memoranda/m99-05-b.html

HHS Secure One Privacy Website:
http://intranet.hhs.gov/infosec/privacy.html

HHS Privacy Act Regulations:
http://www.access.gpo.gov/nara/cfr/waisidx_99/45cfr5b_99.html

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

NIH Privacy Act Notification - Criteria and Sample Statements to be considered for posting on NIH websites as well as paper and electronic forms used to collect information:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc

NIH Website Privacy Policy Statement:
http://www.nih.gov/about/privacy.htm

Privacy Impact Assessments (PIAs)

The Privacy Act of 1974:
http://www.usdoj.gov/oip/privstat.htm

About the E-Government Act:
www.whitehouse.gov/omb/egov/g-4-act.html (please see bottom of linked page for full text option)

Section 208 of the E-Government Act 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf

Computer Matching and Privacy Act of 1988:
http://www.usdoj.gov/oip/1974compmatch.htm

Freedom of Information Act:
http://www.usdoj.gov/oip/foiastat.htm

Paperwork Reduction Act:
http://www.archives.gov/federal-register/laws/paperwork-reduction/

Circular No. A-130:
http://63.161.169.137/omb/circulars/a130/a130.html

Memorandum M-03-22 issued by OMB in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html

Memorandum M-04-24 issued by OMB in August 2004:
http://www.whitehouse.gov/omb/memoranda/fy04/m04-24.html

Memorandum M-05-15 issued by OMB in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html

Memorandum M-07-16 issued by OMB in May 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf

Memorandum M-07-19 issued by OMB in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

Memorandum M-08-09 issued by OMB in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs)
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.doc

Information Security Program Privacy Policy (Memorandum):
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPPM/Infosec_Program_Privacy_Policy_memo.doc

Plan of Action and Milestones (POA&M) Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/POAM/POAMGuide.doc

The HHS PIA Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/PIA/PIA_TOC.htm

NIH PIA Guide:
http://oma.od.nih.gov/ms/privacy/NIHPIAGuide.doc

NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt

NIH Manual 1745-1 - NIH Privacy Impact Assessments:
http://www3.od.nih.gov/oma/manualchapters/management/1745-1/

SPORT Tool Information and Links:
http://ocio.nih.gov/nihonly/ProSight-FISMA-info.htm

Web Privacy

Section 208 of the E-Government Act 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf

Children’s Online Privacy Protection Act (COPPA) of 1998:
http://www.ftc.gov/ogc/coppa1.htm

NIH Manual Chapter 2805 – NIH Web Page Privacy Policy:
http://www3.od.nih.gov/oma/manualchapters/management/2805/

NIH Manual Chapter 1825 – Information Collection From the Public:
http://www.1.od.nih.gov/oma/manualchapters/management/1825

NIH Privacy Act Notification - Criteria and Sample Statements:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc

NIH Information Technology General Rules of Behavior:
http://irm.cit.nih.gov/security/nihitrob.html

NIH Office of the Chief Information Officer:
http://ocio.nih.gov/

Homeland Security Presidential Directive (HSPD) - 12

Homeland Security Presidential Directive-12:
http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html

Federal Information Processing Standards Publication 201-1 (FIPS 201):
http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf

NIH HSPD-12 Website:
http://enterprisearchitecture.nih.gov/About/Approach/HSPD12TechnicalCoordination.htm http://enterprisearchitecture.nih.gov/About/NewsEvents/News/HSPD12April07.htm

Office of Research Services - Division of Personnel Security and Access Control:
http://ser.ors.od.nih.gov/div_personnelAccess.htm

Office of Research Services - Division of Physical Security Management:
http://ser.ors.od.nih.gov/physical_security.htm

Personal Identification Verification Process:
http://www.idbadge.nih.gov/

Federal Information Security Management Act and Agency Privacy Management (FISMA)

White House E-Government Act Website:
http://www.whitehouse.gov/omb/egov/

About the E-Government Act:
http://www.whitehouse.gov/omb/egov/g-4-act.html
(please see bottom of linked page for full text option)

Section 208 of the E-Government Act of 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf

Federal Information Security Management Act 2002, Title III, the full text:
http://csrc.nist.gov/policies/FISMA-final.pdf

Report to Congress on the Benefits of the E-Government Initiatives:
http://www.whitehouse.gov/omb/egov/g-10-Section_841.html

OMB Memorandum M-03-22 issued by OMB in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html

OMB Memorandum M-05-15 issued by OMB in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html

OMB Memorandum M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf

OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

NIH Manual 1745 - Information Technology (IT) Privacy Program:
https://www3.od.nih.gov/oma/manualchapters/management/1745/

Breach Response

Privacy Act of 1974 as amended, 5 U.S.C. § 552a:
http://www.usdoj.gov/foia/privstat.htm

OMB Memorandum M-05-08, "Designation of Senior Agency Officials for Privacy,":
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-08.pdf

OMB M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf

OMB M-06-16 issued in June 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

OMB Memorandum, "Recommendations for Identity Theft Related Data Breach Notification,":
http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf

OMB M-06-19 issued in July 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf

OMB M-07-16 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf

OMB M-08-09 issued in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf

US-CERT:
http://www.us-cert.gov/

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, "Risk Management Guide for Information Technology Systems,":
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, "Recommended Security Controls for Federal Information Systems,":
http://csrc.nist.gov/publications/nistpubs/800-53-Rev1/800-53-rev1-final-clean-sz.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, "Computer Security Incident Handling Guide,":
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf

HHS Incident Management and Response Website:
http://www.hhs.gov/ocio/securityprivacy/incidentmanagement/incidentresp.html

HHS Secure One Incident Management Website:
http://intranet.hhs.gov/infosec/incident_management.html

HHS Policy for Responding to Breaches of Personally Identifiable Information (PII):
http://www.hhs.gov/ocio/policy/2008-0001.003.html

HHS: Breach Response Team Charter:
http://intranet.hhs.gov/infosec/docs/incident_mgmt/Breach_Response_Team_Charter/Breach_Response_Team_Charter_toc.htm

HHS IRM Policy for Establishing an Incident Response Capability:
http://www.hhs.gov/ocio/policy/2000-0006.html

HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/isp_toc.htm

HHS Response to OMB M-07-16:
http://www.hhs.gov/ocio/securityprivacy/hhs_response_plan_to_m0716_070919_new.pdf

HHS Memorandum ISP-2007-005, “Departmental Standard for the Definition of Sensitive Information,”:
http://intranet.hhs.gov/infosec/policies_memos.html

NIH ISSO Corner:
http://irm.cit.nih.gov/security/security-isso.htm#Contact_Information

NIH IT Incident Response and Prevention:
http://ocio.nih.gov/security/security-isso.htm

NIH OMA Privacy Website:
http://oma.od.nih.gov/ms/privacy/

Training Resources

OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

HHS Security Education and Awareness Website:
http://intranet.hhs.gov/infosec/education.html

Federal Trade Commission Identity Theft Website:
http://www.ftc.gov/idtheft

Return to the top

Last updated on:
December 9, 2008

National Institutes of Health
OMA Disclaimer & Privacy Notice