Presentation is loading. Please wait.

Presentation is loading. Please wait.

FOIA, Privacy & Records Management Conference 2009

Published byPercival Patterson Modified over 5 years ago

Similar presentations

Presentation on theme: "FOIA, Privacy & Records Management Conference 2009"— Presentation transcript:

1 FOIA, Privacy & Records Management Conference 2009
Office of the Administrative Assistant to the Secretary of the Army Records Management and Declassification Agency & Army Publishing Directorate Privacy Act Statement/Advisory and SSN Reduction Requirements & Development Ms. Cris Carpi Chief, Forms Mgmt Branch (703) Ms. Evlyn Hearne Army Privacy Office (703) Mr. Chris Kaloudis Army Privacy Office (703)

2 Privacy Act Statement When do you need a Privacy Act Statement? Whenever the government collects Personally Identifiable Information (PII) from an individual, regardless of the method used to collect the information (forms, personal or telephonic interview, Internet or system access), the Privacy Act of 1974 (5 USC 552a) requires the government to advise individuals why the information is being collected from them, which affords individuals an opportunity make an informed decision as to whether to furnish the information for the intended purpose. -- As awareness and training spread more and more complaints are received when Privacy Act Statements are not furnished -- The information will be used for a system of records which informs the general public of what data is being collected, the purpose of the collection, and the authority for doing so. The System Notice also sets the rules that the Army will follow in collecting and maintaining personal data. -- All Federal Agencies -- All information is furnished voluntarily, however, failure to provide the required data could result in an individual not being able to be considered for a job

3 What’s Included in a Privacy Act Statement
Privacy Act Statement (cont) What’s Included in a Privacy Act Statement AUTHORITY: Must be statutory or Executive Order. Ensures that personal information collected is limited to that which is legally authorized and necessary. Lists the Federal Law and/or Executive Order that appears in the systems notice for the system of records into which this data will be placed. Can also include any regulatory authority. Title 10 USC Section 3013 is the overall authority for the Secretary of the Army. Executive Order 9397 is the authority for use of SSNs. Under AUTHORITY, list the Federal Law or Executive Order that appears in the systems notice, i.e., 10 U.S.C. Section 3013, Departmental Regulations and Executive Order 9397. Under PURPOSE, use the same information that contains in the systems notice.

4 Privacy Act Statement (cont)
What’s Included in a Privacy Act Statement (con’t) PRINCIPAL PURPOSE(s): The purpose(s) for which the information is to be used. This varies and should be written from the individual record subject perspective. For example, simply stating the data will be used for management statistical analysis is not sufficient when another purpose might be to determine assignment qualification.

5 Privacy Act Statement (Cont)
What’s Included in a Privacy Act Statement (cont) ROUTINE USE(s): Indicates which agencies outside the Department of Defense will have access to the data or to which the data will be shared. The “Blanket Routine Uses” for the Department of Defense almost always apply and are usually indicated here. MANDATORY OR VOLUNTARY: In almost every instance, furnishing the information is Voluntary. If failure to provide the information will result in deprivation of a service, benefit, or function the individual should be informed. Furnishing the information is mandatory only if the statutory or Executive Order provide for a penalty for not providing the information.

6 Sample Privacy Act Statement
AUTHORITY: 10 U.S.C. Section 3013, Secretary of the Army; AR , Army Command Policy and E.O (SSN). PRINCIPAL PURPOSE(s): To provide a means for filing a complaint based on discrimination due to race, color religion, gender, or national origin. ROUTINE USE(S): None. The "Blanket Routine Uses" set forth at the beginning of the Army's Compilation of Systems of Record Notices also applies to this system. DISCLOSURE: Voluntary. However, failure to provide all the requested information could lead to rejection of complaint for inadequate data.

7 SSN Reduction Plan Authority Scope Roles & Responsibilities
Basic Procedural Requirements Justification Analysis Lessons Learned Questions

8 SSN Reduction Plan Authority
President's Task Force on Identity Theft Strategic Plan, April 2007 DoD Senior Privacy Official Memorandum, "Personally Identifiable Information," April 27, 2007 Directive-Type Memorandum USD(P&R) ─ “DoD Social Security Number (SSN) Reduction Plan” dated 28 Mar 08 DoD R, "DoD Privacy Program," May 14,2007

9 SSN Reduction Plan Scope
All DA Forms that collect Social Security Numbers (SSNs) Approximately 500 must be reviewed Goal is to eliminate SSN’s if at all possible DA Forms with continued need for collection of SSN’s: Must have an approved continued use justification based on DTM acceptable use cases GO/SES must sign justification Army Forms Manager is approving Official cosigned by Army Privacy Office DoD to direct reviews of Army proponent DD & SD Forms Command/installation forms must be reviewed with similar process

10 Roles & Responsibilities
APD Forms Management Branch & Army Privacy Office Are charged with reducing SSN usage throughout the Army Must be convinced that continued use is appropriate Review and approve/disapprove SSN use justifications Ensure compliance with DTM and basis for acceptable uses Periodically review new forms (3 year reporting)

11 Roles & Responsibilities (con’t)
Forms Managers, Proponents & Privacy Officials at the Headquarters level will Perform a one-time initial review of all existing forms (July 09) Review all new and revised forms Review will validate continued SSN use or identify SSN elimination Include Privacy Officials in review (block 15 e of DD Form 67) Revise forms, draft and submit SSN justification along with DD Form 67 Justifications must be signed by SES/GO Must correlate with one or more DTM acceptable uses Must provide convincing rationale for continued use DoD Forms Management Officer Review SSN use justifications on DD and SD forms and report annually

12 coordinates review with Privacy Official, signs DD 67, submits to APD
Basic Procedural Requirements FMO coordinates review with Privacy Official, signs DD 67, submits to APD Proponent drafts initial justification, changes forms, submits form package to FMO Privacy Official ensures SSN justification meets DTM requirement, signs DD 67, returns to FMO APD receives and tracks justifications, coordinates with Army Privacy Office, approve/disapprove justifications Army Privacy Office review justifications, assist APD with approval/disapproval

13 Basic Procedural Requirements (cont)
Acceptable SSN uses Provided for by law Require interoperability with organizations beyond DoD Required by operational necessities result of the inability to alter systems, processes, or forms due to cost unacceptable levels of risk Forms that claim “operational necessity” Will be closely scrutinized Ease of use or unwillingness are not acceptable justifications

14 Basic Procedural Requirements (cont)
It is unacceptable to collect, use, retain, or transfer SSN along with any other Personally Identifiable Information (PII) without approved justification Explore alternatives to SSNs such as biometrics, electronic data interchange, system-generated identifiers, net-centric environments, address If disapproved, proponents must submit a plan for elimination with timeline

15 Justification Analysis
Geneva Conventions Serial Number SSN is necessary to fulfill Geneva Convention requirements to identify authorized combatants Law Enforcement, National Security, Credentialing SSN is needed to perform background checks and verify criminal history of persons involved in criminal activities and employees working in law enforcement Security Clearance Investigation or Verification SSN necessary to conduct background checks on employees

16 Justification Analysis (Con‘t)
Interactions With Financial Institutions SSN is needed in order deposit funds and open accounts Confirmation of Employment Eligibility SSN is necessary to prove eligibility to work or with the U.S. government Administration of Federal Worker’s Compensation SSN is needed to facilitate payments and benefits

17 Justification Analysis (Cont)
(7) Federal Taxpayer Identification Number SSN is needed to report earnings and other information to state and federal taxation authorities (8) Computer Matching SSN is necessary to compare data on individuals with other federal agencies (9) Foreign Travel – SSN is needed to obtain passport (10) Noncombatant Evacuation Operations (NEOs) SSN required by the State Department as persons are repatriated to the U.S.

18 Justification Analysis (Cont)
(11) Legacy System Interface SSN is needed to report and verify data with other DoD systems Use only if no other Acceptable Use applies Transition to another identifier cost prohibitive Only valid for limited period to time Plan for elimination with timeframe must accompany justification (12) Other Cases Sufficient grounds and documentation must be submitted to prove SSN use is required by law

19 Lessons Learned APD and Army Privacy Office cannot draft your justification Our role is to eliminate SSNs Workload scope prohibits special considerations and priorities Justification preparation and staffing can be time-consuming – plan accordingly based on your organizational needs Consider related publications and system requirements as you prioritize justification submissions Incremental submission of justifications will allow timely action

20 Lessons Learned (con’t)
Ensure you closely adhere to the Acceptable Use cases Be brief and do not include unnecessary information in your justifications Ensure justifications are complete, accurate, and non-contradictory Be thorough and accurate: we cannot review duplicative justifications Justifications are not permanent and will be reinitiated in the future

21 Questions?

Download ppt "FOIA, Privacy & Records Management Conference 2009"

Similar presentations

WHAT TO EXPECT IN AN EXTERNAL AUDIT OR INVESTIGATION An Overview of External Audit and Investigative Processes Performed by Outside Entities at UCSD.

WHAT TO EXPECT IN AN EXTERNAL AUDIT OR INVESTIGATION An Overview of External Audit and Investigative Processes Performed by Outside Entities at UCSD.
Overview of the Privacy Act

Overview of the Privacy Act
Washington Headquarters Services Executive Services Directorate Information Management Division OMB Collection Number Paperwork Reduction Act – DoD Public.

Washington Headquarters Services Executive Services Directorate Information Management Division OMB Collection Number Paperwork Reduction Act – DoD Public.
Transforming the Department of Defense Legislative Program.

Transforming the Department of Defense Legislative Program.
From Cutting Red Tape to Maximizing Net Benefits Alexander T. Hunt U.S. Office of Management and Budget Challenges on Cutting Red Tape Rotterdam, The Netherlands.

From Cutting Red Tape to Maximizing Net Benefits Alexander T. Hunt U.S. Office of Management and Budget Challenges on Cutting Red Tape Rotterdam, The Netherlands.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Prepared by the Office of Grants and Contracts1 COST SHARING.

Prepared by the Office of Grants and Contracts1 COST SHARING.
STUDENT ORGANIZATION Returning Organization Recognition Packet Please review these guidelines to assist organization officers in completing the requirements.

STUDENT ORGANIZATION Returning Organization Recognition Packet Please review these guidelines to assist organization officers in completing the requirements.
Office of the Administrative Assistant to the Secretary of the Army Social Security Number Reduction Plan 11 February 2009 Office of the Administrative.

Office of the Administrative Assistant to the Secretary of the Army Social Security Number Reduction Plan 11 February 2009 Office of the Administrative.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
Verification SY 2014-15. Objectives Identify the steps required for Verification. Calculate an accurate sample size and verify the correct number of applications.

Verification SY Objectives Identify the steps required for Verification. Calculate an accurate sample size and verify the correct number of applications.
Cash Management: Revenue Deposits Financial Affairs Office of the Bursar.

Cash Management: Revenue Deposits Financial Affairs Office of the Bursar.
OVERSIGHT & COMPLIANCE BRANCH (OCB) INVOICE PAYMENTS February 16, 2011 1.

OVERSIGHT & COMPLIANCE BRANCH (OCB) INVOICE PAYMENTS February 16,
Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.

Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.
IS Audit Function Knowledge

IS Audit Function Knowledge
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Chief Executive Office Risk Management Return To Work Unit.

Chief Executive Office Risk Management Return To Work Unit.
1 Army Policy and Procedures for Proper Use of Non-DoD Contracts Ed Cornett Procurement Policy and Support July 13 & 19, 2005 Presented to: Army Requiring.

1 Army Policy and Procedures for Proper Use of Non-DoD Contracts Ed Cornett Procurement Policy and Support July 13 & 19, 2005 Presented to: Army Requiring.

Similar presentations

Ads by Google