Privacy Principles
The Principle of Openness
When VA collects personal data from an individual, VA will inform him or her of the intended uses of the data, the disclosures that will be made, the authorities for the data’s collection, and whether the collection is mandatory or voluntary. VA will collect no data subject to the Privacy Act unless a Privacy Act system notice has been published in the Federal Register and posted on the VA Systems of Records website
The Principle of Individual Participation
Unless VA has claimed an exemption from the Privacy Act, everyone will be granted access to his or her records, upon request; provided a list of disclosures made outside VA; and provided the opportunity to make corrections to his or her file if it is shown to be in error.
The Principle of Limited Collection
VA will collect only those personal data elements required to fulfill an official function or mission grounded in law. Those collections will be conducted by lawful and fair means.
The Principle of Limited Retention
VA will retain personal information only for as long as necessary to fulfill the purposes for which it is collected. Records will be destroyed in accordance with established VA records management principles.
The Principle of Data Quality
VA will make every effort to maintain only accurate, relevant, timely, and complete data about individuals.
The Principle of Limited Internal Use
VA will use personal data for lawful purposes only. Access to any personal data will be limited to those individuals within VA with an official need for the data.
The Principle of Disclosure
VA personnel will zealously guard all personal data to ensure that all disclosures are made with written permission or in strict accordance with privacy laws.
The Principle of Security
All personal data shall be protected by safeguards appropriate to ensure security and confidentiality. Electronic systems will be periodically reviewed for compliance with the security principles of the Privacy Act, the Computer Security Act, Heath Insurance Portability and Accountability Act (HIPAA), and related statutes. Electronic collection of information will only be conducted in a safe and secure manner.
The Principle of Accountability
VA, its employees, and contractors are subject to civil and criminal penalties for certain breaches of privacy. VA shall be diligent in sanctioning individuals who violate privacy rules.
The Principle of Challenging Compliance
An individual may challenge VA if he or she believes that VA has failed to comply with these principles, privacy laws, or the rules in a system of records notice. Challenges may be addressed to the VA Privacy Service.
