Privacy Program Laws, Policies, and Memoranda

• Was created in response to concerns about how the creation and use of computerized databases might impact individual privacy rights; 
• Protects the privacy of personal information held by the Federal government; and,
• Safeguards privacy by creating four procedural and substantive rights in personal data. First, it requires government agencies to show an individual any records kept on him or her. Second, it requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. Third, it places restrictions on how agencies can share an individual's data with other people and agencies. Fourth, it allows individuals to sue the government for violating its provisions.

• Ensures sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government:
• Emphasizes the importance of the "development of a comprehensive framework to protect the government’s information, operations, and assets"; and
• Requires agencies to conduct privacy impact assessments (PIAs) for information technology (IT) systems.

• Referred to as the Federal Information Security Management Act (FISMA), Title III of the E-Gov Act provides a framework for protecting personal information and information systems from unauthorized access, use, disclosure, modification or destruction;
• Seeks to ensure integrity, confidentiality and availability of personal ​information and add valuable government-wide management of risks to information security; and
• Requires agencies to perform program management, evaluation, and reporting activities, such as conducting annual self-assessments and independent assessments by the agency’s Inspector General (IG). 

• Provides individuals with the right to access personal records that are collected, maintained, disseminate, and/or shared by the Federal government;
• Allows the government to withhold information provided that the information falls under one or more of the nine exceptions included in the Act;
• Requires government agencies to respond to information requests within 20 days; and
• Requires government agencies to list their major information systems, record locator systems, and reference guides via electronic means in an effort to make records available in formats desired by requesters.

• Includes a series of “administrative simplification" provisions that require HHS to implement national standards for electronic healthcare transactions;
• Makes it easier for health plans, doctors, hospitals and other healthcare providers to process claims and other transactions electronically; and 
• Requires the adoption of security and privacy standards in order to protect personal health information.

Privacy Program