Privacy Program

The NIH Office of the Senior Official for Privacy (OSOP) is located within the Privacy Policy Branch (PPB), Division of Compliance Management (DCM) (formerly the Division of Management Support (DMS))​, Office of Management Assessment (OMA) .  ​The OSOP collaborates with the Office of the Chief Information Officer (OCIO) and Office of General​ Counsel (OGC) as well as other key stakeholders (i.e., ISSOs, System Owners/Managers, Record Liaisons, Risk Management Officers, OMB Project Clearance Liaisons, Web Managers, Communication Directors, Training Coordinators).  Institute and Center (IC) Privacy Coordinators serve as the liaison between staff and the OSOP on general privacy issues which affect the IC.  

The Senior Official for Privacy:

• Responds to requests for records submitted under the Privacy Act
• Coordinates privacy-related activities
• Develops privacy policy and procedures
• Develops privacy awareness training
• Communicates evolving Federal privacy requirements to staff
• Reports on privacy compliance
• Oversees privacy incident response efforts and activities​

IC Privacy Coordinators:

• Maintain an awareness of privacy laws and regulations
• Advise IC staff on privacy issues
• Foster the adoption of privacy policy and procedures
• Distribute privacy news blasts
• Ensure websites maintain current privacy policies
• Respond to requests for records under the Privacy Act
• Resolve privacy incidents/breaches
• Respond to quarterly and annual FISMA data calls
• Ensure completion of privacy aw​aren​ess training
• Review Privacy Impact Assessments (PIAs) on IT systems and TPWAs
• Participate in the publication of System of Records Notices (SORNs)
• Attend the Privacy Coordinator group meetings.

Privacy Program