This policy describes how VA applies these principles to the handling of personal information you provide to us via a VA Web page and online forms.
Personal information may include your name; email, home, and/or business address; phone numbers; Social Security Number; or other information that identifies you personally.
We will not disclose your personal information to third parties outside VA without your consent, except to facilitate required business activity to act on your behalf at your request, or as authorized by law.
VA follows the requirements of the Privacy Act of 1974 (5 U.S.C. § 552a), which requires VA to protect your personal information that VA maintains in Systems of Records. The Computer Matching and Privacy Protection Act of 1988 (P.L. 100-503), amended the Privacy Act of 1974 by adding certain protections for the subjects of Privacy Act records whose records are used in automated Matching Programs. Notices of Systems of Records and Matching Programs must be published in the Federal Register at www.federalregister.gov .
A System of Records is a file, database, or program from which personal information is retrieved by name or other personal identifier. The Privacy Act provides a number of protections for your personal information. These typically include how information is collected, used, disclosed, stored, and disposed. Our System of Record Notices with links to the Federal Register are available at: : https://www.oprm.va.gov/privacy/systems_of_records.aspx . The Systems of Records that claim certain exemptions from the Privacy Act are identified in the Federal Register and are available at: https://www.gpo.gov/fdsys/pkg/CFR-2016-title38-vol1/pdf/CFR-2016-title38-vol1-sec1-582.pdf
Privacy Impact Assessments (PIA) is an assessment of how information in identifiable form is collected, stored, protected,
shared, and managed. The purpose of a PIA is to demonstrate that system owners and developers have incorporated privacy
protections throughout the entire life cycle of a system.
A listing of VA PIAs is available at: https://www.oprm.va.gov/privacy/pia.aspx
Computer Matching Programs allow matching of data from two or more information systems in order to detect or prevent fraud, waste and abuse in government programs. You can view the VA's Computer Matching Agreements and Federal Register Notices https://www.oprm.va.gov/privacy/cma.aspx .
The VA Privacy Act implementation rules are 38 CFR 1.575 - 38 CFR 1.580, and can be found at
Instructions for submitting a Privacy Act request:
We automatically collect certain information about your visit to VA Web sites. We limit the data collected to meet specific business needs and to protect your privacy. We may know what path(s) you took on our Web sites, but we don’t know who you are. We do not use this information to identify you personally without your express consent and an authorized purpose.
We automatically collect and store the following information about your visit to a VA Web site:
We use the general log information to help us make our Web sites more useful to visitors. We use it to learn about how locations on our site are being used, what information is of most and least interest, and how we can enhance ease of use by ensuring our sites can interface with the types of technology our visitors use. We also use such statistics to tell us of any possible site performance problems. Except for oversight, law enforcement investigations, or protection of the VA information technology infrastructure as authorized by law, no other attempts are made to identify you or your usage habits.
General logs are used for no other purposes than the purposes described above, and are scheduled for regular destruction in accordance with General Records Schedules published by the National Archives and Records Administration (NARA) and agency record control schedule requirements.
When you visit certain Web sites, they send a small piece of information called a “cookie” to your computer along with the Web page.
There are two kinds of cookies.
Log-on and log-off process — you do not have to log-on and register to browse our site. If you decide to register with our site to use one of our online services, session cookies help with the log-on and log-off process. The cookies enable us to recognize your log-on ID when you log on so that we do not create a duplicate registration record for you.
Transactions and site usability — we use Session Cookies to improve how you navigate through our Web site and conduct transactions. Session Cookies are used to maintain your online session as you browse over several pages, or to store and enter information on a Web page so that you do not have to reenter the same information, repetitively. Session Cookies may also be used to collect referral statistics when you click on a link to or from a VA Web page.
Many of our programs and Web sites allow you to use online forms. We will use the information you provide to respond to you or process a request.
In those instances where we secure your personal information in transit to us over the Internet, and upon our receipt, VA uses industry-standard encryption, including Secure Socket Layer (SSL). The connection icon area on your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked. Your browser may also display a lock symbol on the task bar at the bottom of your screen to indicate this secure transmission is in place. You should refer to the instructions for your particular Internet browser software to determine how to examine the security certificate from our Web site to verify the security of the connection.
For site security purposes and to ensure that VA Web sites remain available to all users, VA employs software programs to monitor network traffic in order to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for oversight or authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy.
Unauthorized attempts or acts to either (1) access, upload, change, or delete information on this system, (2) modify this system, (3) deny access to this system, or (4) accrue resources for unauthorized use on this system, are strictly prohibited and may be considered violations subject to criminal, civil, or administrative penalties.
VA takes the security of all personally identifiable information we maintain very seriously. We implement various measures to protect the security and confidentiality of personally identifiable information. Such measures include access controls designed to limit access to personally identifiable information to the extent necessary to accomplish our mission. We also employ various security technologies to protect personally identifiable information stored on our systems. We test our security measures periodically to ensure that they remain operational.
VA may, from time to time, collect information from children under 13 years of age. In instances where we collect personal information from children under 13 years old, we will do so only with parental notice and consent. We will take all reasonable steps necessary to protect the privacy and safety of any child from whom information is collected, in accordance with the Children’s Online Privacy Protection Act (COPPA).
Your inquiry will be treated confidentially and will not be shared with third parties, except as necessary to respond to your inquiry and for other purposes as authorized by the Privacy Act and other relevant legal authority.
The VA Privacy Service works to minimize the impact on veteran's privacy, particularly veteran's personal information and dignity, while achieving the mission of the Department of Veteran Affairs.