Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Act United States Army (Managerial Training)

Published byRolf Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Act United States Army (Managerial Training)"— Presentation transcript:

1 Privacy Act United States Army (Managerial Training)

2 Overview After completing this training managers should be familiar with the following: Managerial Responsibilities Breach Prevention and Mitigation Best Practices

3 Privacy Officers: Are appointed at Headquarters Department of the Army (HQDA) and Command levels throughout the Army. Execute the privacy program in functional areas and activities under their responsibility. Ensure that Privacy Act records collected and maintained within the Command or activity are properly described in a Privacy Act system of records. Process reports of suspected Privacy Act Violations. Prepare a new, altered, amended, deleted or closed SORNs and submit them to the Army Privacy Office for review. Managerial Responsibilities

4 Privacy Officers must ensure: No undeclared systems of records are being maintained. A Privacy Act Statement is provided to individuals when information is collected. Each Privacy Act system of records notice within their purview is reviewed biennially. Managerial Responsibilities

5 A System Manager provides oversight and development of a system of records notice. A System Manager must: Comply with AR 340-21, Army Privacy Program. Follow rules published in each system of records notice. Respond to First-Party Access and Amendment Requests. Determine if Third-Party Disclosures are authorized. Maintain an accounting of all Third-Party Disclosures. Managerial Responsibilities

6 System Managers must ensure: Appropriate procedures and safeguards are developed, implemented, and maintained. All personnel with access to each system are aware of their responsibilities for protecting personal information being collected and maintained under the Privacy Act. Each Privacy Act system of records notice within their purview is reviewed biennially. Information systems managed by a government contractor must contain the Federal Acquisitions Regulation (FAR) clause in the contract. Managerial Responsibilities

7 Contractor Managed Systems: The Federal Acquisitions Regulation (FAR) sets forth guidance that must be inserted in contracts when PII is managed by a government contractor. Information regarding the FAR clauses can be found in the Acquisition Guide at http://www.archives.gov/records- mgmt/toolkit/pdf/ID189.pdf. http://www.archives.gov/records- mgmt/toolkit/pdf/ID189.pdf Managerial Responsibilities

8 Information Assurance Official: Provides a unified approach to protect information stored, processed, accessed, or transmitted by information systems. Consolidates and focuses Army efforts in securing information. Risk management approach for implementing security safeguards. Managerial Responsibilities

9 The Army has a responsibility to safeguard PII in its possession and to prevent its theft, loss, or compromise. Breach Prevention and Mitigation It is essential that all Army personnel, to include contractors, ensure their actions do not contribute to a compromise occurring if the agency is to retain the trust of those individuals on whom information is maintained.

10 Managers should ensure their staff applies the appropriate breach prevention and mitigation safeguards: Breach Prevention and Mitigation Training Contract language Awareness campaigns Administrative Safeguards PII holdings inventory Policies and Procedures System of Records Notice Forms Privacy Act Statements

11 Locked cabinets Door and building access control systems Installation physical access control systems User physical control of mobile devices Breach Prevention and Mitigation Managers should ensure their staff applies the appropriate breach prevention and mitigation safeguards: Physical Safeguards Coversheets for documents containing PII Laptop locks

12 Inventory of equipment CAC enabled laptops Email encryption Permission and access settings Breach Prevention and Mitigation Managers should ensure their staff applies the appropriate breach prevention and mitigation safeguards: Technical Safeguards Automatic timeout screens System lockout

13 Managers will ensure the appropriate remedial action(s) are taken when PII is lost or compromised. At a minimum, if PII is lost as a result of negligence or failure to follow established procedures, the individual(s) responsible will receive counseling and additional training reminding them of the importance of safeguarding PII. Breach Prevention and Mitigation

14 Additional remedial actions may include prompt removal of authority to access information or systems from individuals who demonstrate a pattern for error in safeguarding PII as well as other administrative or disciplinary actions. Breach Prevention and Mitigation

15 Best Practices Voice your commitment to protecting individual privacy. Applaud workers who practice good privacy principles! Remind staff to use caution when posting data to shared drives and or multi-access calendars. Periodically review shared devices for compliance. Use Staff Meetings to stress good privacy practices:

16 Best Practices Personal matters should never be discussed with anyone without a strict need to know. When discussing a person’s health, financial affairs, personnel actions, criminal history, family affairs, or other personal aspects of his or her life, it is important to remember that details should not be brought up in staff meetings or discussed in common areas.

17 Defense Privacy and Civil Liberties Office – http://dpclo.defense.gov http://dpclo.defense.gov Army Regulation 340-21, “The Army Privacy Program” DoD Directive 5400.11, “DoD Privacy Program” DoD Regulation 5400.11-R, “Department of Defense Privacy Program” DA&M Memorandum, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information”

18

Download ppt "Privacy Act United States Army (Managerial Training)"

Similar presentations

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Cellular Telephone Use Guidelines AA Roundup June 27, 2007.

Cellular Telephone Use Guidelines AA Roundup June 27, 2007.
PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING

PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Overview of the Privacy Act

Overview of the Privacy Act
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
PII Breach Management and Risk Assessment

PII Breach Management and Risk Assessment
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.

ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Inventory Overview Inventory Services The University of Texas at Austin.

Inventory Overview Inventory Services The University of Texas at Austin.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google