You will need Adobe Reader to view some of the files on this page. See EPA’s About PDF page to learn more.

Laws and Guidances

United States Code

• The Privacy Act of 1974, 5 U.S.C. § 552a, as amended
• The Freedom of Information Act, 5 U.S.C. § 552, as amended
• Children's Online Privacy Protection Act of 1998 (PDF)(2 pp, 125 K), 15 U.S.C. § 6501, et seq.
• Computer Matching and Privacy Protection Act of 1988, 11.3.39, as amended
• E-Government Act of 2002
• Federal Information Security Management Act (FISMA) (PDF)(16 pp, 62 K)
• Department of Justice - Overview of the Privacy Act of 1974

Code of Federal Regulations

• EPA Implementation of Privacy Act of 1974, 40 CFR Part 16
• EPA Privacy Act Regulations (PDF)(10 pp, 207 K), Federal Register: January 4, 2006 (Volume 71, Number 2)

Office of Management and Budget (OMB) Guidance

• Directives from the Office of Management and Budget

FISMA Reporting Guidance

• M-14-04, Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (November 18, 2013) (PDF)(33 pp, 1.8 MB)
• M-12-20, FY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (September 27, 2012) (PDF)(30 pp, 6.7 MB)
• M-11-33, FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (September 14,2011) (PDF)(29 pp, 5.7 MB)
• M-10-15, FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (April 21, 2010) (PDF)(27 pp, 274 K)
• M-09-29, FY 2009 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (August 20, 2009) (PDF)(25 pp, 177 K)
• M-08-21, FY 2008 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 14, 2008) (PDF)(43 pp, 210 K)
• M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (January 18, 2008) (PDF)(1 pg, 34 K)
• M-07-19, FY 2007 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 25, 2007) (PDF)(43 pp, 250 K)

Other Guidance Documents

• M-13-20, Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative (August 16, 2013) (PDF)(18 pp, 9 MB)
• M-12-11, Reducing Improper Payments through the "Do Not Pay List" (April 12, 2012) (PDF)(5 pp, 285 K)
• M-11-27, Implementing the Telework Enhancement Act of 2010: Security Guidelines (July 15, 2011)(2 pp, 114 K)
• M-11-20, Implementing Telework Enhancement Act of 2010 IT Purchasing Requirements (April 28, 2011) (PDF)(2 pp, 58 K)
• M-11-02, FY 2010 Sharing Data While Protecting Privacy (November 3, 2010) (PDF)(4 pp, 68 K)
• M-10-23, FY 2010 Guidance for Agency Use of Third-Party Websites and Application (June 25, 2010) (PDF)(9 pp, 103 K)
• M-10-22, FY 2010 Guidance for Online Use of Web Measurement and Customization Technologies (June 25, 2010) (PDF)(9 pp, 102 K)
• M-08-01, HSPD-12 Implementation Status (October 23, 2007)(2 pp, 38 K)
• M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007)(2 pp, 49 K)
• M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (July 12, 2006)(2 pp, 40 K)
• M-06-16, Protection of Sensitive Agency Information (June 23, 2006) (PDF)(10 pp, 118 K)
• M-06-15, Safeguarding Personally Identifiable Information (May 22, 2006) (PDF)(2 pp, 49 K)
• M-05-08, Designation of Senior Agency Officials for Privacy (February 11, 2005) (PDF)(2 pp, 30 K)
• M-01-05, Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy (December 20, 2000)
• M-00-13, Privacy Policies and Data Collection of Federal Web Sites (June 22, 2000)
• M-99-18, Privacy Policies on Federal Web Sites (June 2, 1999)

Top of Page

You will need Adobe Reader to view some of the files on this page. See EPA’s About PDF page to learn more.

EPA Policies and Procedures

Policies

• Social Media Policy CIO 2184.0 (PDF)(6 pp, 68 K), June 2011
• Mobile Computing Policy CIO 2150.4 (PDF)(5 pp, 192 K), December 2013
• General Routine Uses of EPA Systems of Records

Procedures

• Privacy Policy CIO 2151.0, September 2007
• Records Management Manual, February 2007
• Cookies and Other Tracking Methods CIO 2180-P-01.0, October 2007
• Children's Privacy and Copyright Issues CIO 2182.0, October 2007

Top of Page

You will need Adobe Reader to view some of the files on this page. See EPA’s About PDF page to learn more.

Related Resources

Federal Acquisition Regulations (FAR)

• Protection of Individual Privacy, Federal Acquisition Regulation - Subpart 24.1
• Protection of Individual Privacy, EPA Acquisition Regulation - 48 CFR Subpart 1524.1

Other Resources

• Federal Trade Commission: Information about Consumer Privacy
• Federal Register Privacy Act Issuances for Systems of Records Notice (National Archives and Records Administration)
• A Citizen's Guide on Using the Freedom of Information Act and Privacy Act of 1974 to Request Government Records (PDF)(81 pp, 251 K) U.S. House of Representatives Committee on Government Reform Report
• Frequently Asked Questions about the Children's Online Privacy Protection Act (from FTC Bureau of Consumer Protection)

Top of Page