Skip Over Navigation Links
Privacy Program

Privacy Program – The NIH Privacy Program is responsible for mitigating and managing privacy breaches within NIH, and coordinates with IC Privacy Coordinators across NIH to prevent and manage situations where persons other than authorized users have access, or potential access, to personally identifiable information (PII).

Social Media and Web Management

Federal legislative drivers include the E-Government Act of 2002, the Children’s Online Privacy Protection Act (COPPA) of 1998, and the Privacy Act of 1974. Web privacy compliance is intended to improve efficiency in information flow while maintaining the highest level of individual privacy.
 
The E-Gov Act stipulates multiple privacy requirements for Federal agencies, including mandates designed to protect information where website interfaces are used. In particular, the E-Gov Act requires all agencies to have internal human- and machine-readable privacy policies posted on agency websites used by the public. In addition, agencies with websites directed at children under the age of 13 must take steps to ensure to the greatest extent possible, that they have received consent from parents/guardians as required by COPPA. Finally, agencies must ensure that any information solicited from members of the public via websites is done so in accordance with the Privacy Act.
 
All official uses of social and new media must be approved by program or office management in consultation with the appropriate communications office.  The decision to use a social networking tool must be based on a strategic communications plan.  It must address the resources necessary to manage and maintain the public engagement as well as any privacy or security risk to the agency and individuals.
NIH websites and social networking skills must comply with the NIH Policy referenced in the Social Media and Web Management links section on the bottom right side of this page.
 
To check departmental requirements for the use of social and new media, visit the Digital Communications Division (DCD).  The website discusses requirements for approval, access and IT security, licensing, copyright, branding, accessibility, soliciting information from the public, protecting the public's privacy, use of cookies, recordkeeping, comment moderation, etc.
 
To determine if a federally-friendly Terms of Service (TOS) agreement has been negotiated by GSA, visit the HHS Center for New Media TOS website
 
Section 508 Resources and Checklists

Resources

Jim Thatcher Accessibility Tutorials
Accessibility Testing Results of Web2.0 Tools
Making Content Accessible
HHS Section 508 Compliance Website
GSA Section 508 Website

Checklists

MS Word
PDF
Multimedia
HTML

Federal Law

COPPA
Privacy Act
E-Gov Act

Social Media Links

NIH Policy 1825, Information Collection from the Public
NIH Policy 2804, Public-Facing Web Management
NIH Policy 2805, Web Privacy
NIH Policy 2809, Social and New Media
HHS-OCIO Policy for Social Media Technologies
Guidelines for Secure Use of Social Media by Federal Departments and Agencies (pdf)
Guidance and Resources (New Media Tools)
What’s In a Plan
Social Media Considerations​

Privacy Program

Privacy Program Laws, Policies, and Memoranda
Privacy Act
Privacy Impact Assessments (PIAs)
Privacy Incidents and Breach Response
Social Media and Web Management
Training Resources
Privacy Program FAQs
Privacy Program Glossary
Privacy Program Laws & References
IC Privacy Coordinators​​​
​​​​​​​​​​​​
​​

Contacting DMS

Division of Management Support

Director, Ekaterini 'Katy' Perry

National Institutes of Health,

Office of Management Assessment

6011 Executive Blvd., Suite 601, MSC 7669

Rockville, MD 20852

Phone: (301) 496-2832 or (301) 496-4606

Fax: (301) 402-0169

Want to know more about allegations?

DPI has the authority to conduct reviews using certain rules and acts.

Learn More About Allegations
​​​​​​​​​​​​
​​