Skip to main content

Federal Privacy Programs


In order to manage Federal information resources that involve personally identifiable information (PII), agencies are required to develop, implement, document, maintain, and oversee agency-wide privacy programs that include people, processes, and technologies. To ensure that agencies effectively carry out the privacy-related functions described in law and OMB policies, Executive Order 13719 requires the head of each agency to designate or re-designate a Senior Agency Official for Privacy (SAOP) who has agency-wide responsibility and accountability for the agency’s privacy program.

The SAOP has agency-wide responsibility and accountability for developing, implementing, and maintaining an agency-wide privacy program to manage privacy risks, develop and evaluate privacy policy, and ensure compliance with all applicable statutes, regulations, and policies regarding the creation, collection, use, processing, storage, maintenance, dissemination, disclosure, and disposal of PII by programs and information systems.

Among other things, where PII is involved, agencies’ privacy programs play a key role in information security, records management, strategic planning, budget and acquisition, contractors and third parties, workforce, training, incident response, and implementing the Risk Management Framework.

Moreover, agencies may consider establishing privacy programs and privacy officials at sub-agencies, components, or programs where there is a need for privacy leadership in support of the SAOP. In all cases, however, the SAOP retains responsibility and accountability for the agency’s privacy program, including privacy functions performed by officials at sub-agencies, components, or programs.

Federal Laws

Privacy Act of 1974 E-Government Act of 2002 Federal Information Security Modernization Act of 2014 (FISMA)

For a list of Federal laws related to privacy, visit the Law Library page

Executive Orders, Memoranda, and Directives

OMB M-17-06, Policies for Federal Agency Public Websites and Digital Services (Nov. 2016)

Tip: Section 6 requires that “[e]ach agency must maintain a central resource page dedicated to its privacy program on the agency’s principal website. The agency’s Privacy Program Page must serve as a central source for information about the agency’s practices with respect to PII. The agency’s Privacy Program Page must be located at [http://www.[agency].gov/privacy] and must be accessible through the agency’s “About” page.

OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016)

OMB Circular No. A-130, Managing Information as a Strategic Resource (July 2016)

Tip: See Appendix II, Section 5, Agency Privacy Program

NIST SP 800-53 (Rev. 4), Security and Privacy Controls for Federal Information Systems and Organizations

Tip: See Appendix J, AR-1, Governance and Privacy Program (Apr. 2013)