1
 So in original.
internal controls, and other relevant matters;
2
 So in original. Probably should be “Department’s”.
established privacy and data protection policies.
3
 So in original. No par. (2) has been enacted.
In general
4
 See References in Text note below.
of title 44, the Federal Information Security Management Act of 2002. The Inspector General may contract with an independent, third party organization to conduct the review.
Editorial Notes
References in Text

The Privacy Act of 1974, referred to in subsecs. (a)(3) and (b)(1), is Pub. L. 93–579, Dec. 31, 1974, 88 Stat. 1896, which enacted section 552a of Title 5, Government Organization and Employees, and provisions set out as notes under section 552a of Title 5. For complete classification of this Act to the Code, see Short Title of 1974 Amendment note set out under section 552a of Title 5 and Tables.

Section 3545 of title 44, referred to in subsec. (d), was repealed by Pub. L. 113–283, § 2(a), Dec. 18, 2014, 128 Stat. 3073. Provisions similar to section 3545 of title 44 are now contained in section 3555 of title 44, as enacted by Pub. L. 113–283.

The Federal Information Security Management Act of 2002, referred to in subsec. (d), is the statutory short title for title III of Pub. L. 107–347, Dec. 17, 2002, 116 Stat. 2946, and for title X of Pub. L. 107–296, Nov. 25, 116 Stat. 2259. For complete classification of these Acts to the Code, see Short Title of 2002 Amendments note set out under section 101 of Title 44, Public Printing and Documents, Short Title note set out under section 101 of Title 6, Domestic Security, and Tables.

The E-Government Act of 2002, referred to in subsec. (f), is Pub. L. 107–347, Dec. 17, 2002, 116 Stat. 2899. Section 208 of the Act is set out as a note under section 3501 of Title 44, Public Printing and Documents. For complete classification of this Act to the Code, see Short Title of 2002 Amendments note set out under section 101 of Title 44 and Tables.

Codification

Section was formerly set out as a note under section 552a of Title 5, Government Organization and Employees.

Amendments

2007—Subsec. (d). Pub. L. 110–161 added subsec. (d) and struck out former subsec. (d) which related to independent, third-party reviews.

Statutory Notes and Related Subsidiaries
Change of Name

Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019. Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.

Executive Documents
Ex. Ord. No. 13719. Establishment of the Federal Privacy Council

Ex. Ord. No. 13719, Feb. 9, 2016, 81 F.R. 7961, provided:

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The mission of the United States Government is to serve its people. In order to accomplish its mission, the Government lawfully collects, maintains, and uses large amounts of information about people in a wide range of contexts. Protecting privacy in the collection and handling of this information is fundamental to the successful accomplishment of the Government’s mission. The proper functioning of Government requires the public’s trust, and to maintain that trust the Government must strive to uphold the highest standards for collecting, maintaining, and using personal data. Privacy has been at the heart of our democracy from its inception, and we need it now more than ever.

Executive departments and agencies (agencies) already take seriously their mission to protect privacy and have been working diligently to advance that mission through existing interagency mechanisms. Today’s challenges, however, require that we find even more effective and innovative ways to improve the Government’s efforts. Our efforts to meet these new challenges and preserve our core value of privacy, while delivering better and more effective Government services for the American people, demand leadership and enhanced coordination and collaboration among a diverse group of stakeholders and experts.

Therefore, it shall be the policy of the United States Government that agencies shall establish an interagency support structure that: builds on existing interagency efforts to protect privacy and provides expertise and assistance to agencies; expands the skill and career development opportunities of agency privacy professionals; improves the management of agency privacy programs by identifying and sharing lessons learned and best practices; and promotes collaboration between and among agency privacy professionals to reduce unnecessary duplication of efforts and to ensure the effective, efficient, and consistent implementation of privacy policy Government-wide.

Sec. 2. Policy on Senior Agency Officials for Privacy. Within 120 days of the date of this order, the Director of the Office of Management and Budget (Director) shall issue a revised policy on the role and designation of the Senior Agency Officials for Privacy. The policy shall provide guidance on the Senior Agency Official for Privacy’s responsibilities at their agencies, required level of expertise, adequate level of resources, and other matters as determined by the Director. Agencies shall implement the requirements of the policy within a reasonable time frame as prescribed by the Director and consistent with applicable law.

Sec. 3. Responsibilities of Agency Heads. The head of each agency, consistent with guidance to be issued by the Director as required in section 2 of this order, shall designate or re-designate a Senior Agency Official for Privacy with the experience and skills necessary to manage an agency-wide privacy program. In addition, the head of each agency, to the extent permitted by law and consistent with ongoing activities, shall work with the Federal Privacy Council, established in section 4 of this order.

Sec. 4. The Federal Privacy Council.

(a) Establishment. There is hereby established the Federal Privacy Council (Privacy Council) as the principal interagency forum to improve the Government privacy practices of agencies and entities acting on their behalf. The establishment of the Privacy Council will help Senior Agency Officials for Privacy at agencies better coordinate and collaborate, educate the Federal workforce, and exchange best practices. The activities of the Privacy Council will reinforce the essential work that agency privacy officials undertake every day to protect privacy.

(b) Membership. The Chair of the Privacy Council shall be the Deputy Director for Management of the Office of Management and Budget. The Chair may designate a Vice Chair, establish working groups, and assign responsibilities for operations of the Privacy Council as he or she deems necessary. In addition to the Chair, the Privacy Council shall be composed of the Senior Agency Officials for Privacy at the following agencies:

(i) Department of State;

(ii) Department of the Treasury;

(iii) Department of Defense;

(iv) Department of Justice;

(v) Department of the Interior;

(vi) Department of Agriculture;

(vii) Department of Commerce;

(viii) Department of Labor;

(ix) Department of Health and Human Services;

(x) Department of Homeland Security;

(xi) Department of Housing and Urban Development;

(xii) Department of Transportation;

(xiii) Department of Energy;

(xiv) Department of Education;

(xv) Department of Veterans Affairs;

(xvi) Environmental Protection Agency;

(xvii) Office of the Director of National Intelligence;

(xviii) Small Business Administration;

(xix) National Aeronautics and Space Administration;

(xx) Agency for International Development;

(xxi) General Services Administration;

(xxii) National Science Foundation;

(xxiii) Office of Personnel Management; and

(xxiv) National Archives and Records Administration.

The Privacy Council may also include other officials from agencies and offices, as the Chair may designate, and the Chair may invite the participation of officials from such independent agencies as he or she deems appropriate.

(c) Functions. The Privacy Council shall:

(i) develop recommendations for the Office of Management and Budget on Federal Government privacy policies and requirements;

(ii) coordinate and share ideas, best practices, and approaches for protecting privacy and implementing appropriate privacy safeguards;

(iii) assess and recommend how best to address the hiring, training, and professional development needs of the Federal Government with respect to privacy matters; and

(iv) perform other privacy-related functions, consistent with law, as designated by the Chair.

(d) Coordination.

(i) The Chair and the Privacy Council shall coordinate with the Federal Chief Information Officers Council (CIO Council) to promote consistency and efficiency across the executive branch when addressing privacy and information security issues. In addition, the Chairs of the Privacy Council and the CIO Council shall coordinate to ensure that the work of the two councils is complementary and not duplicative.

(ii) The Chair and the Privacy Council should coordinate, as appropriate, with such other interagency councils and councils and offices within the Executive Office of the President, as appropriate, including the President’s Management Council, the Chief Financial Officers Council, the President’s Council on Integrity and Efficiency, the National Science and Technology Council, the National Economic Council, the Domestic Policy Council, the National Security Council staff, the Office of Science and Technology Policy, the Interagency Council on Statistical Policy, the Federal Acquisition Regulatory Council, and the Small Agency Council.

Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to a department, agency, or the head thereof; or

(ii) the functions of the Director relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) Independent agencies are encouraged to comply with the requirements of this order.

(d) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

Barack Obama.

[Ex. Ord. No. 13719 was originally published at 81 F.R. 7687 and was republished as set out above to correct an error appearing in the original publication.]