Presentation is loading. Please wait.

Presentation is loading. Please wait.

FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)-628-5658.

Published byShawn Allen Modified over 8 years ago

Similar presentations

Presentation on theme: "FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)-628-5658."— Presentation transcript:

1 FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD mark.graff@noaa.govmark.graff@noaa.gov; (301)-628-5658

2 2 Freedom of Information Act (5 USC 552) Enacted in 1966. FOIA provides that any person has a right to obtain access to federal agency records, except to the extent that such records (or portions of them) are protected from public disclosure by one of nine FOIA exemptions or by one of three special law enforcement record exclusions. This right is enforceable in court.

3 3 What About State Records? The Federal FOIA does not provide access to records held by state or local government agencies, or by businesses or individuals. States have their own statutes governing public access to state and local records and they should be consulted for further information about them.

4 4 What is a Record Under FOIA? Any agency records are those created or obtained by NOAA and are, when the request is filed, in NOAA's possession and control Includes off-site storage Agency records can be in any format like print documents, photographs, videos, maps, e- mail and electronic records

5 5 Your Role in FOIA Keep records according to the schedule Attend FOIA Training Follow your office procedures Search for records when requested Provide copies of records when requested Review records for potentially protected information when requested Consult with General Counsel, as appropriate

6 6 Why is FOIA Processing Important? It’s the law FOIA is how the public gets copies of government records (Internet reducing number of requests) Reduces risk of appeals/related costs by complying with the regulations

7 7 What if I have to process a FOIA request? First, consult with your FOIA Liaison or Action Office Coordinator http://www.corporateservices.noaa.gov/~foia/foia _contacts.html Second, review your organization’s FOIA SOPs Third, check out the NOAA Administrative Order (NAO for short) for FOIA http://www.corporateservices.noaa.gov/ames/ad ministrative_orders/chapter_205/205-14.html

8 8 The Flow of a FOIA Request The request goes through intake before you see it The appropriate office(s) are tasked with conducting a search Records found are reviewed and redacted as appropriate The case is reviewed, approved, and records are released

9 Privacy Program Overview NOAA’s Privacy Program –All Federal Privacy Programs are receiving scrutiny, including OMB-driven data calls, and heightened attention to FISMA Systems processing PII, following the OPM Data Breach. –The Program ensures compliance with the Privacy Act of 1974 and ensures the collection and use of Personally Identifiable Information (PII) is in accordance with governing OMB guidance, DOC Policy, and NOAA Privacy Policy including the obligation to safeguard PIIPrivacy Act of 1974 OMB guidanceDOC PolicyNOAA Privacy Policy 9For Official Use Only

10 What is PII and BII? OMB M-7-16 Defines Personally Identifiable Information (PII) as information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. DOC IT Policy defines Business Identifiable Information (BII) as (a) information that is defined in the Freedom of Information Act (FOIA) as “trade secrets and commercial or financial information obtained from a person [that is] privileged or confidential.” (5 U.S.C.552(b)(4)). This information is exempt from automatic release under the (b)(4) FOIA exemption. “Commercial” is not confined to records that reveal “basic commercial operations” but includes any records [or information] in which the submitter has a “commercial interest” and can include information submitted by a nonprofit entity.5 U.S.C.552(b)(4)) 10

11 Privacy Obligations –Oversees the requirements of proper collection of PII within bureau Federal Information Security Modernization Act (FISMA) systems, including the completion of Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and System of Records Notices (SORNs)Privacy Impact Assessments (PIAsSystem of Records Notices (SORNs) –Serve in cooperation with the Cyber Incident Response Team (N-CIRT) in ensuring compliance with OMB M-07-16 and the Department of Commerce (DOC) Breach Response and Notification Plan following Privacy Incidents.OMB M-07-16 Department of Commerce (DOC) Breach Response and Notification Plan 11For Official Use Only

12 Privacy Threshold Analysis and Privacy Impact Assessment –Privacy Threshold Analyses (PTA’s) are required prior to the issuance of any Authorization to Operate for any FISMA system within the Bureau. They provide a high level indication of whether or not PII/BII is being collected on FISMA systems, either at creation, or at the time of changes within the system –Privacy Impact Assessments (PIA’s) are required when the PTA indicates that PII/BII is being collected on FISMA systems. Following that determination, an assessment of the impact, scope, use, and nature of PII/BII being collected must be completed, as well as an analysis of the controls in place to safeguard the PII/BII. A determination is made if the PII/BII collection warrants notice to the public in the form of a published System of Records Notice (SORN), or whether the collection and use is covered by an existing SORN. 12For Official Use Only

13 13 What resources are available? Department of Commerce: –General FOIA training on demand –Regulations: http://www.access.gpo.gov/nara/cfr/waisidx_02/15cfr4_02.htm DOJ: http://www.justice.gov/oip/blog/foia-update-web-site-watch- noaa-develops-user-friendly-web-site-foia NOAA: –http://www.corporateservices.noaa.gov/~foia/training_tutorials/ –http://www.osec.doc.gov/omo/FOIA/foiarequest.htm#feeshttp://www.osec.doc.gov/omo/FOIA/foiarequest.htm#fees –http://www.cio.noaa.gov/services_programs/privacy.html ASAP: http://www.accesspro.org/programs/index.cfm

Download ppt "FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)-628-5658."

Similar presentations

Department of Commerce Privacy Awareness

Department of Commerce Privacy Awareness
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Overview of the Privacy Act

Overview of the Privacy Act
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
FAR P ART 24. This part prescribes policies and procedures that apply requirements of the Privacy Act of 1974 (5 U.S.C. 552a) (the Act) and OMB Circular.

FAR P ART 24. This part prescribes policies and procedures that apply requirements of the Privacy Act of 1974 (5 U.S.C. 552a) (the Act) and OMB Circular.
PA/FOIA INTERFACE OSD/JS Privacy Office (703) 696-4689

PA/FOIA INTERFACE OSD/JS Privacy Office (703)
 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.

 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.
The Freedom of Information Act Overview

The Freedom of Information Act Overview
JO807: Advanced Journalism Research JO807: Week 13 “Freedom of Information Act” and the WWW.

JO807: Advanced Journalism Research JO807: Week 13 “Freedom of Information Act” and the WWW.
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.

1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
8/28/2015 The Family Educational Rights and Privacy Act (FERPA)  Also known as the Buckley Amendment.  Statute: 20 U.S.C. 1232g; Regulations: 34 CFR.

8/28/2015 The Family Educational Rights and Privacy Act (FERPA)  Also known as the Buckley Amendment.  Statute: 20 U.S.C. 1232g; Regulations: 34 CFR.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.

PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.

Similar presentations

Ads by Google