Skip Over Navigation Links
​​​​​​Privacy Program

Privacy Program – The NIH Privacy Program is responsible for mitigating and managing privacy breaches within NIH, and coordinates with IC Privacy Coordinators across NIH to prevent and manage situations where persons other than authorized users have access, or potential access, to personally identifiable information (PII).

Social Media and Web Management

Federal legislative drivers include the E-Government Act of 2002, the Children’s Online Privacy Protection Act (COPPA) of 1998, and the Privacy Act of 1974. Web privacy compliance is intended to improve efficiency in information flow while maintaining the highest level of individual privacy.
The E-Gov Act stipulates multiple privacy requirements for Federal agencies, including mandates designed to protect information where website interfaces are used. In particular, the E-Gov Act requires all agencies to have internal human- and machine-readable privacy policies posted on agency websites used by the public. In addition, agencies with websites directed at children under the age of 13 must take steps to ensure to the greatest extent possible, that they have received consent from parents/guardians as required by COPPA. Finally, agencies must ensure that any information solicited from members of the public via websites is done so in accordance with the Privacy Act.
All official uses of social and new media must be approved by program or office management in consultation with the appropriate communications office.  The decision to use a social networking tool must be based on a strategic communications plan.  It must address the resources necessary to manage and maintain the public engagement as well as any privacy or security risk to the agency and individuals.

NIH websites and social networking skills must comply with the NIH Policy referenced in the Social Media and Web Management links section on the bottom right side of this page.
To check departmental requirements for the use of social and new media, visit the Digital Communications Division (DCD).  The website discusses requirements for approval, access and IT security, licensing, copyright, branding, accessibility, soliciting information from the public, protecting the public's privacy, use of cookies, recordkeeping, comment moderation, etc.
To determine if a federally-friendly Terms of Service (TOS) agreement has been negotiated by GSA, visit the HHS Center for New Media TOS website
Section 508 Resources and Checklists


Jim Thatcher Accessibility Tutorials
Accessibility Testing Results of Web2.0 Tools
HHS Section 508 Compliance Website
GSA Section 508 Website


MS Word

Federal Law

Privacy Act
E-Gov Act

Social Media Links

NIH Policy 1825, Information Collection from the Public
NIH Policy 2804, Public-Facing Web Management
NIH Policy 2805, Web Privacy
NIH Policy 2809, Social and New Media
HHS-OCIO Policy for Social Media Technologies
Guidelines for Secure Use of Social Media by Federal Departments and Agencies (pdf)
Guidance and Resources (New Media Tools)
Social Media Considerations​

Privacy Program

Privacy Program Laws, Policies, and Memoranda
Privacy Act
Privacy Impact Assessments (PIAs)
Privacy Incidents and Breach Response
Social Media and Web Management
Training Resources
Privacy Program FAQs
Privacy Program Glossary
Privacy Program Laws & References
IC Privacy Coordinators​​​
​​​​​​​​​​​​ ​​

Contacting DCM

Division of Compliance Management

Director, Anna Amar

Administrative Assistant, Raisa Sarwar

Office of Management Assessment (OMA)

Office of Management (OM)

Office of the Director (OD)

6705 Rockledge Dr, Suite 601

Bethesda, MD 20892

Phone: (301) 496-4606

MSC = 7901

Last modified: 3/4/2022 2:06 PM