Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of.

Slides:



Advertisements
Similar presentations
June 27, 2005 Preparing your Implementation Plan.
Advertisements

Procedural Safeguards
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Checking & Corrective Action
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Planning for Certification in Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.
PAGE Agency ATO Quick Guide 1 December 23,
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Priority 1: Service Tools Mapping/ Information Sharing PROCESS FLOW CHART 8/05/2015.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
PAGE Agency ATO Quick Guide 1 May 1,
QMS Documentation Click the mouse to advance slides and animations in this slide show…
First Practice - Information Security Management System Implementation and ISO Certification.
Risk Management.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
MTN-016 Source Documentation, Resources, Additional Tips, and Reporting.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
The NAPHSIS/NCHS Collaboration Past Successes and Future Challenges Salt Lake City, UT June 3 rd – 7 th, 2007 The Regulation Process and Beyond: Commenting.
Basics of OHSAS Occupational Health & Safety Management System
What is SMEcollaborate Primarily developed for Small and Medium Companies who wish to collaborate together. It is a:- A resource center for collaborating.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
7 th Continual Improvement & Innovation Symposium 2015 CASE STUDY COMPETITION: INNOVATION TEMPLATE [ Name of the Organization ] [ Innovation Title ]
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Evidence Preservation and Sampling
1 This Presentation is printed on recycled materials.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon.
Presentation at HSPD-12 Workshop Ms. Jeanette Thornton May 4, 2005.
Compliance Monitoring and Enforcement Audit Program - The Audit Process.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
11 Proposed A-16 Portfolio Metrics Lifecycle Management Workgroup Geospatial Line of Business For Preliminary Discussion FGDC Coordination Group (09/21/10)
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Checking and Corrective Action EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
GTP Scenario # 6 September 17,2005. Scenario # 6 The Institute of America collects, processes and transplants PBPC. The Institute of America collects,
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
Documenting NASA Forms in PCAT. 2 What is an IPTA?  An Initial Privacy Threshold Analysis records general information about a collection and determines.
Scientific data storage: How are computers involved in the following?
Contemporary Business Issues Change Management Theory Module Tutor: Nigel Bryant Session th February 2016.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
How Can the Federal Electronics Challenge (FEC) Help You? Federal Environmental Symposium June 5, 2007 Cate Berard U.S. Environmental Protection Agency.
Central American Certificate Course: HIV Monitoring and Evaluation for HIV/AIDS Policy and Program Management BZ ES GT NI PA CR February 3 rd to 9 th.
João Paulo F. A. Carvalho The 5 step model on Risk Assessment How to assess the risks (5 steps model) and Completion of the 5 steps.
I&S Meeting 26 September 2011 Draft PIA Tool. © 2011 GS1 Agenda Introduction PIA Requirements Background RFID PIA Tool demonstration Next steps for PIA.
External Provider Control
Electronic Records Management Program
JTAMS PRE-MILESTONE B ANALYSIS
JTAMS PRE-MILESTONE B ANALYSIS
FOIA, Privacy & Records Management Conference 2009
Matrix Template and Example
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
How we’ll prepare for the General Data Protection Regulation (GDPR)
Privacy Requirements and HSPD-12
Making Your IRBs and Clinical Investigators HIPAA-Ready
Privacy Impact Assessment (PIA) Process
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of information on individuals: - Are evaluated for privacy risks. - Are designed with Privacy Act life cycle management requirements (collection, maintenance, use, safeguards and records scheduling). - Ensure that appropriate privacy protection measures are in place.

Understanding the Privacy Impact Assessment (PIA) When do you Complete a PIA?  At different stages of a project’s life cycle - each phase may have new privacy risks.  When collecting information from websites (eforms, surveys, etc)

Understanding the Privacy Impact Assessment (PIA) When Do You Submit Copies?  DOI IT Security Asset-Valuations  DOI IT Security Certification and Accredidations  OMB Exhibit 300s  Identify on websites collecting information from the public  Identify in Privacy Act system of records notice in the Federal Register  Identify in OMB Information Collection Clearance packages

Understanding the Privacy Impact Assessment (PIA) DOI Requirements  DOI’s PIA requirements extend to all systems that contain information on individuals (includes systems with information on BOTH employees and members of the public) (OMB’s provides option in (OMB - M-03-22)).  DOI requires that all systems perform a “preliminary review” for information on individuals - DON’T CONFUSE THIS WITH DOING A COMPLETE PIA

Understanding the Privacy Impact Assessment (PIA) DOI Requirements  The “preliminary review” is documentation to verify that we’ve looked at all systems to determine if they maintain information on individuals (keep it with the metadata).  Doing this “preliminary review” (completing The PIA template questions up to B.1.a.) will help you to determine if you need to continue on and complete the PIA.

Understanding the Privacy Impact Assessment (PIA) DOI Requirements  If you determine that there is no information on individuals in the system then there is no point in completing the rest of the PIA document.

Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB’s requirement for Exhibit 300s is narrower than DOI’s.  OMB only requires a PIA for systems that maintain information on individuals WHO ARE MEMBERS OF THE PUBLIC.

Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB has explained that General Support Systems would require a PIA when it “maintains” information on individuals (i.e., collects, stores, uses, disposes of the information).  In regard to networks, if these are just conduits of information and not “maintained” in regard to the above – a PIA is not required.

Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB is NOT interested in the DOI “preliminary reviews” or PIAs done for systems that maintain information on employees (optional)  Mark “No PIA” when there is found to be no information on individuals in the system (Remember – the “preliminary review” is NOT a PIA)

Understanding the Privacy Impact Assessment (PIA) References  OMB Memo of 9/26/03 (M-03-22) on implementing the Privacy Provisions of the E-Government Act  OCIO Directive of 10/18/02 on implementing PIAs  Privacy reference material on the DOI Privacy Program Webpage –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.