Guidance
Regulations and Guidance
- Privacy Act of 1974, as amended
- Federal Information Security Management Act of 2002 (FISMA), Title III of the E-Government Act of 2002, Pub. L. No. 107-347
- Executive Order 13402, Strengthening Federal Efforts to Protect Against Identity Theft, May 10, 2006
- M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, January 3, 2017
- M-16-24, Role and Designation of Senior Agency Official for Privacy, September 15, 2016
- OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notification, September 20, 2006
- M-06-19, OMB, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments, July 12, 2006
- M-06-16, OMB Protection of Sensitive Agency Information, June 23, 2006
- M-06-15, OMB Safeguarding Personally Identifiable Information, May 22, 2006
- M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 September 26, 2003
- DOD PRIVACY AND CIVIL LIBERTIES PROGRAMS, with Ch 1; January 29, 2019
- DA&M Memorandum, Use of Best Judgment for Individual Personally Identifiable Information (PII) Breach Notification Determinations, August 2, 2012
- DoDI 1000.30, Reduction of Social Security Number (SSN) Use Within DoD, August 1, 2012
- 5200.01, Volume 3, DoD Information Security Program: Protection of Classified Information, February 24, 2012 Incorporating Change 3, Effective July 28, 2020
- DoD Memorandum, Safeguarding Against and Responding to the Breach of Personally Identifiable Information June 05, 2009
- DoD DA&M, Safeguarding Against and Responding to the Breach of Personally Identifiable Information September 25, 2008
- DoD Memorandum, Safeguarding Against and Responding to the Breach of Personally Identifiable Information September 21, 2007
- DoD Memorandum, Department of Defense (DoD) Guidance on Protecting Personally Identifiable Information (PII), August 18,2006
- DoD Memorandum, Protection of Sensitive Department of Defense (DoD) Data at Rest On Portable Computing Devices, April 18,2006
- DoD Memorandum, Notifying Individuals When Personal Information is Lost, Stolen, or Compromised, July 25, 2005
- DoD 5400.11-R, Department of Defense Privacy Program, May 14, 2007
- DoD Manual 6025.18, Implementation of The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs, March 13, 2019
- OSD Memorandum, Personally Identifiable Information, April 27, 2007
- OSD Memorandum, Notifying Individuals When Personal Information is Lost, Stolen, or Compromised, July 15, 2005
- 32 CFR Part 505, Army Privacy Act Program, 2006
- AR 25-2, Army Cybersecurity, April 4, 2019
- AR 380-5, Department of the Army Information Security Program, September 29, 2000
- SAOP Memorandum, Protecting Personally Identifiable Information (PII), March 24, 2015
References
- National Institute of Standards and Technology (NIST) SP 800-88., Rev 1, Guidelines for Media Sanitization, December 2014
- National Institute of Standards and Technology (NIST), SP 800-30, Rev 1, Guide for Conducting Risk Assessments, September 2012
- National Institute of Standards and Technology (NIST), SP 800-61, Rev 2, Computer Security Incident Handling Guide, August 2012
- National Institute of Standards and Technology (NIST), FIPS Pub 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004
- President’s Identity Theft Task Force, Combating Identity Theft: A Strategic Plan, April 11, 2007
- President’s Identity Theft Task Force, Summary of Interim Recommendations: Improving Government Handling of Sensitive Personal Data, September 19, 2006
- The President’s Identity Theft Task Force Report, Combating Identity Theft: A Strategic Plan, September 2008
- GAO-07-657, Privacy: Lessons Learned about Data Breach Notification, April 30, 2007