FHFA-OIG Privacy Program

FHFA-OIG Office of Counsel
Senior Privacy Official

400 7th Street, SW
3rd Floor
Washington, D.C. 20219
Email: Privacy@fhfaoig.gov (for questions or to submit a request)

The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of personal information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying particular assigned to the individual. The Act balances the government’s need to maintain information about individuals with the right of individuals to be protected against unwarranted invasions of their privacy by the Federal government.

FHFA and FHFA-OIG Privacy Act Regulations

FHFA-OIG’s implementing regulations can be found at 12 CFR Part 1204. These regulations provide information on, among other things, how to make a request under the Privacy Act, how we will verify your identity, what FHFA-OIG will do when responding to your request, and some of the controls in place to prevent unauthorized access to FHFA-OIG records.

How to Request Records Under the Privacy Act

Pursuant to the Privacy Act, U.S. citizens or aliens lawfully admitted for permanent U.S. residence status can seek information about themselves which is maintained in an FHFA-OIG system of records and retrievable by name or other personal identifier.  These requests are often made under both the Privacy Act and Freedom of Information Act.  For detailed assistance on making a Privacy Act request, please see the instructions located on our FOIA webpage.

FHFA-OIG System of Records Notices (SORN)

The Privacy Act establishes safeguards for the protection of certain records that the federal government collects and maintains on United States citizens and aliens lawfully admitted for permanent residence.  The Privacy Act only pertains to information that is maintained in a system of records.  The Privacy Act requires each federal agency that maintains a system of records to publish a SORN in the Federal Register.

A SORN is intended to inform the public of:

  1. what kinds of personal information a federal agency maintains;
  2. how the agency limit the uses and disclosures of the information to only those compatible with the purpose for which the information was collected; and
  3. how an individual can request access to his or her information or seek redress.

FHFA-OIG's SORNs are available here: March 2021 FHFA-OIG SORN (contains systems FHFA-OIG-1 through FHFA-OIG-7) and November 2021 FHFA-OIG SORN (contains system FHFA-OIG-8).

Privacy Impact Assessments (PIAs)

A PIA is a decision-making tool used to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system. It helps the public understand what PII is being collected, why it is being collected, and how it will be used, shared, accessed, secured, and stored.  

FHFA-OIG uses PIAs to identify and address information privacy when planning, developing, and implementing information technology systems that collect and maintain information. The goals in completing a PIA are to:

  • Make informed policy and system design or procurement decisions regarding the collection of information;
  • Ensure accountability for privacy issues;
  • Analyze both technical and legal compliance with applicable privacy laws and regulations; and
  • Provide documentation on the flow of personal information and information requirements within FHFA systems.

FHFA-OIG has issued three PIAs:

FHFA-OIG Case Management System (CMS)

Office of Inspector General GSS PIA

Cyber Investigations Unit (CIU) Lab PIA

Computer Matching Notices and Agreements

FHFA-OIG does not have any computer matching notices or agreements.

Privacy Act Exemptions

FHFA-OIG has asserted a number of exemptions to the Privacy Act, as permitted under 5 USC 552a(d)(5), (j), and (k). Rules exempting systems of records from certain Privacy Act requirements are in FHFA/FHFA-OIG Privacy Act regulations (see 12 CFR 1204.7) and in the current FHFA-OIG SORNs (see above; exemptions are listed after each system of records).

FHFA-OIG’s Privacy Policy

Our Privacy Policy, which describes the types of information we collect from visitors to our website as well as how we use that and other information provided directly to us by the public, is available here.

Privacy Contact Information

We welcome feedback. Should you have any questions or comments regarding our Privacy Policy or the use of PII, please contact us at privacy@fhfaoig.gov, or mail us at:

FHFA-OIG Office of Counsel
Senior Privacy Official
400 7th Street, SW
3rd floor
Washington, D.C. 20219


Last reviewed/updated November 2021