About Privacy Service
The Department of Veterans Affairs (VA) Privacy Service is a division of the Office of Information and Technology (OIT). Founded in 2002 to protect the privacy of Veteran and employee data, VA Privacy Service administers its programs based on the Privacy Act of 1974.
The Privacy Act of 1974 balances the privacy rights of individuals with the necessity of the government’s access to their information. The intent is to allow for the highest level of information accessibility while protecting individuals against unwarranted invasions of their privacy stemming from federal agencies’ collection, maintenance, use and disclosure of personal information about them.
What We Do
VA Privacy Service oversees and directs the development of VA’s privacy programs to help protect the personal information of Veterans, their beneficiaries and VA employees. We also advise and make recommendations to senior officials on privacy priorities.
The mission of VA Privacy Service is to preserve and protect the personally identifiable information (PII) of Veterans, their beneficiaries, and VA employees by promoting a culture of privacy awareness and maintaining the trust of those we serve.
VA Privacy Service ensures VA policies are in compliance with regulatory requirements and legislated mandates governing those programs.
- • Privacy Act of 1974 (as amended 5 U.S.C. § 552a);
- • Health Insurance Portability and Accountability Act (HIPAA);
- • Electronic Communications Privacy Act, Communication Security (COMSEC);
- • Office of Management and Budget (OMB) guidance on computer cookies,
- • OMB Circular A-130;
- • Government Paperwork Reduction Act;
- • E-Government Act of 2002; and
- • Federal Information Modernization Act of 2014 (FISMA).
There are five program operations within VA Privacy Service. They are:
- 1. Compliance
- 2. Policy
- 3. Privacy Consulting
- 4. Incident Management
- 5. Communications, Training and Outreach
We also oversee and direct VA’s privacy program activities within these operational areas, including but not limited to:
- • Integrating with VA business functions to understand VA mission critical systems and where PHI/PII resides;
- • Establishing privacy risk policy and best practices and sharing that information with VA and partners;
- • Training and educating the VA workforce and partners on privacy best practices;
- • Integrating with cybersecurity and VA engineering efforts to ensure appropriate privacy protections are identified, acquired,
- • Partnering with VA acquisitions teams in the selection of trusted vendors and partners;
- • Communicating to and educating Veterans about their role in protecting their PII.