U.S. Government Privacy Certification - International Association of ...
U.S. Government Privacy Certification - International Association of ...
U.S. Government Privacy Certification - International Association of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
copyright © 2011, IAPPiii. Key Office <strong>of</strong> Management and Budget (“OMB”) Memoranda1. OMB M-03-22: Guidance for Implementing the <strong>Privacy</strong> Provisions<strong>of</strong> the E-<strong>Government</strong> Act2. Modifications under M-03-022a. OMB M-99-05: <strong>Privacy</strong> Responsibilitiesb. OMB M-99-18: <strong>Privacy</strong> Policies on Federal Web sitesc. OMB M-00-13: <strong>Privacy</strong> Policies and Data Collection onFederal Web sitesiv. <strong>Privacy</strong> Impact Assessments (“PIA”)1. When required2. Timing3. Content4. Exceptionsa. National security systemsb. Systems previously assessed under a PIAc. Internal government operationsd. Systems collecting non-PIIi. <strong>Government</strong> Websites5. PIAs versus SORNs6. Publication requirements7. Reporting requirements8. Relationship to The <strong>Privacy</strong> Act <strong>of</strong> 1974d. Consolidated Appropriations Act <strong>of</strong> 2005i. Chief <strong>Privacy</strong> Officer and Audit provisionse. The Data Quality Act <strong>of</strong> 2002i. OMB guidanceii. Agency requirementsiii. Administrative mechanismsiv. Periodic reportingf. The Federal Information Security Management Act <strong>of</strong> 2002 (“FISMA”)i. Federal agency responsibilities1. Agency program2. Agency reporting3. Performance programii. System vs. Enterprise compliance1. PIA versus security certification and accreditation (“C&A”)2. National Institute <strong>of</strong> Standards and Technology (“NIST”) riskmanagement frameworka. SP 800-122: Guide to Protecting the Confidentiality <strong>of</strong>Personally Identifiable Information (PII)iii. OMB reporting instructions for FISMAg. Requirements under Section 803 <strong>of</strong> the Implementing Recommendations <strong>of</strong> the9/11 Commission Act <strong>of</strong> 2007h. The Federal Agency Data Mining Reporting Act <strong>of</strong> 2007i. Federal open meetings lawsi. Federal Advisory Committee Act (“FACA”)ii. <strong>Government</strong> in the Sunshine Actj. Open <strong>Government</strong> Directivei. OMB M-10-06Pease <strong>International</strong> Tradeport ∙ 75 Rochester Avenue. Suite 4 ∙ Portsmouth, NH 03801 USA ∙+1 603.427.9200 ∙ certification@privacyassociation.org6