About Privacy Service
The Department of Veterans Affairs (VA) Privacy Service is a division of the Office of Information and Technology (OIT). Founded in 2002 in an effort to protect privacy of Veteran and employee data, VA Privacy Service administers its programs based on the Privacy Act of 1974.
The Privacy Act balances the government’s need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from federal agencies’ collection, maintenance, use, and disclosure of personal information about them.
VA Privacy Service oversees and directs the development of VA’s privacy programs to help protect the personal information of Veterans, their beneficiaries, and VA employees. VA Privacy Service advises and makes recommendations to senior officials on privacy priorities.
The mission of VA Privacy Service is to preserve and protect the personally identifiable information (PII) of Veterans, their beneficiaries, and VA employees by promoting a culture of privacy awareness and maintaining the trust of those we serve.
There are five program operations within VA Privacy Service. They are:
- Privacy Consulting
- Incident Management
- Communications, Training and Outreach
VA Privacy Service ensures VA policies are in compliance with regulatory requirements and legislated mandates governing those programs. VA Privacy Service reviews proposed privacy policies in its areas of responsibility to make sure issues are adequately addressed.
Under the Privacy Act, disclosures of personally identifiable information (PII) maintained by the Federal Government are restricted. The Privacy Act also creates the basis for a code of “fair information practices” that requires agencies to comply with statutory norms for collection, maintenance, and dissemination of records.
VA Privacy Service provides privacy training and resources to all VA employees and implements outreach and marketing program to raise awareness about privacy issues.
VA Privacy Service conformance includes but is not limited to the Health Insurance Portability and Accountability Act (HIPAA) and the Electronic Communications Privacy Act, COMSEC regulations, non-disclosure statutes, Office of Management and Budget (OMB) Guidance on computer cookies, OMB Circular A-130, Government Paperwork Elimination Act, user authentication, insider threat, and identity theft.