e-CFR banner


e-CFR Navigation Aids


Simple Search

Advanced Search

 — Boolean

 — Proximity


Search History

Search Tips


Latest Updates

User Info


Agency List

Incorporation By Reference

eCFR logo

Related Resources


Electronic Code of Federal Regulations

e-CFR data is current as of February 26, 2020

Title 28Chapter IPart 94Subpart B → §94.115

Title 28: Judicial Administration
Subpart B—VOCA Victim Assistance Program

§94.115   Non-disclosure of confidential or private information.

(a) Confidentiality. SAAs and sub-recipients of VOCA funds shall, to the extent permitted by law, reasonably protect the confidentiality and privacy of persons receiving services under this program and shall not disclose, reveal, or release, except pursuant to paragraphs (b) and (c) of this section—

(1) Any personally identifying information or individual information collected in connection with VOCA-funded services requested, utilized, or denied, regardless of whether such information has been encoded, encrypted, hashed, or otherwise protected; or

(2) Individual client information, without the informed, written, reasonably time-limited consent of the person about whom information is sought, except that consent for release may not be given by the abuser of a minor, incapacitated person, or the abuser of the other parent of the minor. If a minor or a person with a legally appointed guardian is permitted by law to receive services without a parent's (or the guardian's) consent, the minor or person with a guardian may consent to release of information without additional consent from the parent or guardian.

(b) Release. If release of information described in paragraph (a)(2) of this section is compelled by statutory or court mandate, SAAs or sub-recipients of VOCA funds shall make reasonable attempts to provide notice to victims affected by the disclosure of the information, and take reasonable steps necessary to protect the privacy and safety of the persons affected by the release of the information.

(c) Information sharing. SAAs and sub-recipients may share—

(1) Non-personally identifying data in the aggregate regarding services to their clients and non-personally identifying demographic information in order to comply with reporting, evaluation, or data collection requirements;

(2) Court-generated information and law-enforcement-generated information contained in secure governmental registries for protection order enforcement purposes; and

(3) Law enforcement- and prosecution-generated information necessary for law enforcement and prosecution purposes.

(d) Personally identifying information. In no circumstances may—

(1) A crime victim be required to provide a consent to release personally identifying information as a condition of eligibility for VOCA-funded services;

(2) Any personally identifying information be shared in order to comply with reporting, evaluation, or data-collection requirements of any program;

(e) Mandatory reporting. Nothing in this section prohibits compliance with legally mandated reporting of abuse or neglect.

Need assistance?