Home Breadcrumb /  Information Security and Risk Management / Privacy Policy

Privacy Policy

Privacy and Personal Information Program

This manual is for the Virginia Department of Social Services (VDSS) staff, local offices, contractors, interns, volunteers, and partners who use or protect client information.

VDSS collects and uses personal information to help people get benefits and services. We follow federal and state laws to make sure this information is safe, private and used only for the right reasons.

  • If you work for VDSS: Follow these rules, complete training and report any problems
  • If you are a client: Know that your information is used only to help you. You can ask questions, request a correction or file a complaint if something is wrong.

Why we collect information

We may collect personal information to:

  • Decide if someone qualifies for benefits or services
  • Verify information
  • Manage programs and services
  • Meet state and federal requirements

We collect only the information needed to carry out these services. Information may come from the person applying, family members or state and federal agencies, as allowed by law.

How information is protected

The Virginia Department of Social Services works to protect personal information by:

  • Limiting access to authorized users
  • Using safeguards to help prevent misuse, loss or unauthorized access
  • Reviewing systems and processes for risk
  • Responding to privacy or security incidents
  • Safely managing records and disposing of them when no longer needed

Privacy and security work together to help protect the people we serve and support reliable services across Virginia.

Governance and Privacy Program

  • Makes sure privacy is protected
  • Ensures the program is shared with all staff
  • Has final say if rules are unclear
  • Runs the privacy program
  • Updates rules every two years or sooner if laws change
  • Provides staff and funds for privacy work
  • Reviews risks and systems
  • Works with Audit Manager to test data safety
  • Supports all VDSS offices
  • Helps new systems include privacy
  • Reviews complaints
  • Investigates possible breaches
  • Teach staff about privacy rules
  • Help provide training
  • Make sure rules are followed in their teams
  • Appoint local privacy and security officers
  • Report privacy problems to the Privacy Officer
  • Ensure staff get training
  • Require staff training before access
  • Manage risks
  • Stay compliant
  • Appoint system administrators
  • Decide how data is classified
  • Approve requests for data use
  • Set rules for access
  • Protect data in local systems
  • Share local privacy rules with VDSS
  • Create training
  • Prevent one person from full control over sensitive work
  • Follow rules
  • Sign acknowledgments each year
  • Report problems right away
  • Finish training within 30 days of hire and each year after
  • Run systems safely
  • Build privacy controls into daily work
  • Keep data safe
  • Run systems in line with rules
  • Give reports to Data Owners

The VDSS Privacy Program:

  • Follows federal and state laws
  • Protects data from misuse or loss
  • Responds to privacy complaints
  • Reviews and improves privacy controls
  • Trains staff
  • All staff, interns and contractors must finish privacy training.
  • Training must happen within 30 days of hire and every year after.
  • Records of training are kept.
  • VDSS is the owner of all data collected.
  • Data Owners set rules for access and protection.

Data is labeled as:

  • Public – can be shared
  • Private – limited to staff
  • Confidential – very limited, protected by law
  • Data can only be shared if the law allows.
  • Requests must be approved by Data Owners.
  • Records must be kept only as long as needed.
  • Old records must be destroyed safely.
  • Clients can see their own records.
  • Clients can ask for corrections if records are wrong.
  • Clients must give consent before data is shared outside what the law allows.
  • All staff must report privacy breaches right away.
  • Breaches will be reviewed and fixed.
  • Clients will be told if their data was part of a breach.
  • Devices with data must be kept safe.
  • Data on old devices must be erased before reuse or disposal.
  • All new projects must consider privacy.
  • Risks must be reviewed before new systems go live.
  • VDSS Privacy Program must be reviewed every two years.
  • Staff must know where to find privacy policies.
  • Staff with access to data must be screened before hire.
  • Job roles decide what data can be seen.
  • Systems must have tools to protect privacy.
  • Reports will be run to check for risks.
  • Privacy and security go hand in hand.
  • VDSS follows the Information Security Program Guide.

By working together, we protect both privacy and trust. This program helps VDSS give the right services to families across Virginia, while keeping personal information safe.

Everyone has a part to play. When we guard privacy, we build hope, trust and care for the people we serve.

This website uses cookies to enhance your browsing experience. By continuing to use our website, you agree to our use of cookies. Please review our web policy for information regarding the data we collect and how we ensure it remains secure.