Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Published byProsper Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28."— Presentation transcript:

1 Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch Richard.Newbold@hqda.army.mil 28 Feb 2008

2 Approved for Public Release. Distribution Unlimited. 2 Purpose & Content Purpose: Provide overview of government privacy as it pertains to the BTF.  Principles for information security and public records management in government  Information privacy laws regarding data quality, public access to records, and other disclosures  Best practices

3 Approved for Public Release. Distribution Unlimited. 3 Principles  Core value of our society  Potential consequences  Collection Limitation  Data Quality  Purpose Specification  Use Limitation  Security Safeguards  Openness  Individual Participation  Accountability  Misc. (State vs. Private Actors, Expectation of Privacy, Privacy Continuum)

4 Approved for Public Release. Distribution Unlimited. 4 Information Privacy Laws  Privacy Act (1974)  Freedom of Information Act (1974)  USA Patriot Act (2001)  Data Quality Act (2002)  E-Government Act (2002)  Health Insurance Portability and Accountability Act (HIPAA) (1996)  Fair Credit Reporting Act (1970)  Family Educational Rights and Privacy Act (1974)  Drivers Privacy Protection Act (1994)  Children’s Online Privacy Protection Act (1998)  Financial Services Modernization Act (GLBA) (1999)

5 Approved for Public Release. Distribution Unlimited. 5 Best Practices  Processes  Enforcement  Privacy Management  Functional Positions  Federal Policies on Websites

6 Approved for Public Release. Distribution Unlimited. 6 Way Ahead  Internal awareness and training  Cognizance of emerging requirements, trends, and best practices Deny anonymity to evil-doers while protecting privacy of others. Deny anonymity to evil-doers while protecting privacy of others.

7 Approved for Public Release. Distribution Unlimited. 7 Backup

8 Approved for Public Release. Distribution Unlimited. 8  The term “system of records” means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual Privacy Act of 1974 System of Records

9 Approved for Public Release. Distribution Unlimited. 9  A description of the system of records maintained by the agency  The SORN must appear in the Federal Register before the agency begins to operate the system, e.g., collect and use the information Privacy Act of 1974 System of Records Notice (SORN)

10 Approved for Public Release. Distribution Unlimited. 10  System Name  Security Classification  System Location  Authority for Maintenance of the System  Purpose of the System  Use and Categories of users  Policies & Practices for storing, retrieving, accessing, retaining, & disposing of records  System Manager  Notification Procedures Privacy Act of 1974 System of Records Notice (SORN)

11 Approved for Public Release. Distribution Unlimited. 11  “…a broad framework of measures that require using Internet-based information technology to enhance citizen access to Government information and services …” (H.R. 2458)  Privacy Provisions (section (208) and OMB guidance require federal agencies –Post Web site privacy policies in both statement and machine- readable form –Conduct Privacy Impact Assessments E-Government Act

12 Approved for Public Release. Distribution Unlimited. 12  PIA is an assessment process for identifying and mitigating the privacy risks from a system  Section 208 requires agencies to conduct a PIA before developing or procuring IT systems that collect, maintain or disseminate information in identifiable form (IIF) from or about members of the public E-Government Act Privacy Impact Assessments (PIAs )

13 Approved for Public Release. Distribution Unlimited. 13 OMB M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act What information is to be collected Why the information is being collected Intended use of the information With whom the information will be shared What opportunities individuals have to decline to provide information or consent to particular uses of the information How the information will be secured Whether a system of records is being created under the Privacy Act Analysis of choices agency made regarding an IT system or collection of information Information lifecycle analysis E-Government Act Privacy Impact Assessments (PIAs)

14 Approved for Public Release. Distribution Unlimited. 14  Exceptions –For national security systems –Previously assessed systems under evaluation similar to PIA –Internal government operations –For government-run websites that do not collect identifiable information about the public –System collecting non-identifiable information E-Government Act Privacy Impact Assessments (PIAs)

15 Approved for Public Release. Distribution Unlimited. 15  In addition to completing PIAs, agencies also must follow the web site policy in Section 208 of the E-Government Act  The requirements are: –Post privacy policies on agency websites used by the public –Translate privacy policies into a standardized machine-readable format –Report annually to OMB E-Government Act Website Privacy Policy

16 Approved for Public Release. Distribution Unlimited. 16  Guidelines for Ensuring and Maximizing the Quality, Objectivity, Utility and Integrity of Information  Report annually to OMB the number and nature of complaints received by the agency Data Quality Act of 2002

Download ppt "Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28."

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Government Privacy IAPP Privacy Certification

Government Privacy IAPP Privacy Certification
Embedding Privacy in Federal Information Systems Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
IT Security Policy Framework

IT Security Policy Framework
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Overview of the Privacy Act

Overview of the Privacy Act
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

Similar presentations

Ads by Google