The USCG has made progress in developing a culture of privacy. Separately, the USCG Privacy Office and Health Insurance Portability and Accountability Act (HIPAA) Office are working to meet requirements of pertinent legislation, regulations, directives, and guidance. These offices ensure their staff annually receive mandatory privacy training, which helps embed shared attitudes, values, goals, and practices for complying with requirements to properly handle sensitive personally identifiable information and protected health information (privacy data). Also, USCG has completed required privacy and security documentation for managing its information technology systems containing privacy data. However, USCG faces challenges in protecting privacy data effectively because it lacks a strong organizational approach to resolving privacy issues.