Who We Are

The VA Privacy Service is responsible for overseeing, directing and establishing the long and short-term goals for VA’s Enterprise Privacy Program. As the impact of privacy issues increase, the Privacy Service identifies privacy needs and implements strategies to meet those needs. We advise senior officials concerning data management and the feasibility of the Department’s privacy priorities and implementation plans. We work to ensure compliance with Federal and VA-specific privacy requirements. Also, we ensure the attainment of Department-wide privacy objectives in the overall VA planning, programming, and budgeting process.

What We Do

VA has over 230,000 employees and maintains extensive records on over 26,000,000 veterans. Ensuring compliance with sound privacy practices is critical as the volume of personal information that VA handles continues to grow. The VA Privacy Service:

• Develops and regularly updates general privacy training for all VA staff and contractors and specialized role-based privacy training for senior executives, privacy officers, and program managers;
• Develops and provides outreach to instill a culture of privacy and respect for fair information principles across VA;
• Reviews all VA Privacy Impact Assessments (PIAs) to ensure they are completed for relevant Information Technology initiatives;
• Works to bring privacy issues to the table within the Department’s information-management offices;
• Directs the full range of Department-wide privacy programs;
• Ensures VA policies comply with federal regulatory requirements and legislative mandates governing those programs;
• Develops tracking tools to assess privacy violations;
• Promulgates Department-level privacy policy, procedures, and guidelines that implement federal laws and regulations;
• Provides guidance on policy implementation and reviews proposed privacy policies in its areas of responsibility to ensure issues are adequately addressed; and
• Works closely with VA’s Office of Enterprise Architecture to ensure privacy is integrated in new VA systems, processes, and products as well as throughout the investment lifecycle.

Over the past four years, the VA Privacy Service has successfully achieved the following:

• Implemented the HIPAA Privacy Rule (April 2003) and HIPAA Security Rule (April 2005);
• Solidified its position and cemented the importance of privacy within VA and the Office of Information and Technology;
• Implemented privacy complaint and violation tracking and remediation efforts;
• Ensured that all VA employees, contractors, and volunteers complete privacy training annually;
• Implemented the Privacy Impact Assessment provisions of the E-Government Act of 2002; and
• Ensured compliance with the Federal Information Security Management Act (FISMA) privacy reporting requirements.

Future Privacy Initiatives

The VA Privacy Service is now focusing its attention on reducing the use of Social Security numbers in VA systems and programs, where feasible, to professionalize VA privacy officers, and to develop an integrated, comprehensive, and enterprise-wide management of privacy-relevant data, processes, and business operations.

SSN Reduction Effort

In July 2007, the Office of Management and Budget (OMB) directed each Federal agency to prepare and submit two documents. The first was the SSN Reduction Plan. The second was a plan on how each agency is reviewing and updating its holdings of personally identifiable information (PII). VA submitted its initial drafts of these two plans to OMB on September 25, 2007. The initial drafts of both plans are listed below. The SSN Reduction Plan was updated in April 2008 and the April 2008 Revised SSN Reduction Plan is also listed below.  Both plans were updated and submitted to OMB on September 29, 2008 and are listed below.

1. Evaluating Holding of Personally Identifiable Information (PII) and Eliminating Unnecessary Collections at the Department of Veterans Affairs - September 2008. (.pdf)
2. Eliminate Unnecessary Collection and Use of Social Security Numbers at the Department of Veterans Affairs - August 2008. (.pdf)
3. Eliminate Unnecessary Collection and Use of Social Security Numbers at the Department of Veterans Affairs - April 2008. (.pdf)
   
4. Eliminate Unnecessary Collection and Use of Social Security Numbers at the Department of Veterans Affairs - September 2007. (.pdf)
   
5. Evaluating Holdings of Personally Identifiable Information (PII) and Eliminating Unnecessary Collections at the Department of Veterans Affairs - September 2007.  (.pdf)

General Contacts

For more information about VA's privacy programs, contact the VA Privacy Service at 202.273.5070 or privacyservice@va.gov.

[back to top]