U.S. Government Privacy Certification - International Association of ...

More documents

Recommendations

Info

copyright © 2011, IAPPiii. Key Office of Management and Budget (“OMB”) Memoranda1. OMB M-03-22: Guidance for Implementing the Privacy Provisionsof the E-Government Act2. Modifications under M-03-022a. OMB M-99-05: Privacy Responsibilitiesb. OMB M-99-18: Privacy Policies on Federal Web sitesc. OMB M-00-13: Privacy Policies and Data Collection onFederal Web sitesiv. Privacy Impact Assessments (“PIA”)1. When required2. Timing3. Content4. Exceptionsa. National security systemsb. Systems previously assessed under a PIAc. Internal government operationsd. Systems collecting non-PIIi. Government Websites5. PIAs versus SORNs6. Publication requirements7. Reporting requirements8. Relationship to The Privacy Act of 1974d. Consolidated Appropriations Act of 2005i. Chief Privacy Officer and Audit provisionse. The Data Quality Act of 2002i. OMB guidanceii. Agency requirementsiii. Administrative mechanismsiv. Periodic reportingf. The Federal Information Security Management Act of 2002 (“FISMA”)i. Federal agency responsibilities1. Agency program2. Agency reporting3. Performance programii. System vs. Enterprise compliance1. PIA versus security certification and accreditation (“C&A”)2. National Institute of Standards and Technology (“NIST”) riskmanagement frameworka. SP 800-122: Guide to Protecting the Confidentiality ofPersonally Identifiable Information (PII)iii. OMB reporting instructions for FISMAg. Requirements under Section 803 of the Implementing Recommendations of the9/11 Commission Act of 2007h. The Federal Agency Data Mining Reporting Act of 2007i. Federal open meetings lawsi. Federal Advisory Committee Act (“FACA”)ii. Government in the Sunshine Actj. Open Government Directivei. OMB M-10-06Pease International Tradeport ∙ 75 Rochester Avenue. Suite 4 ∙ Portsmouth, NH 03801 USA ∙+1 603.427.9200 ∙ certification@privacyassociation.org6
II.U.S. Government Privacy Practicescopyright © 2011, IAPPA. Privacy Program Management and Organizationa. Program developmenti. Program elementsb. Program managementi. FISMA modelc. Federal agency responsibilitiesi. Office of Management and Budget (“OMB”)1. OMB Circular A-130a. Assignment of responsibilities (Appendix 1)2. Reporting requirementsa. Biennial Matching Activity Reportb. New and Altered Systems of Records Reportc. New or Altered Matching Program Report3. Publication requirementsa. Publishing New or Altered Systems of Records Noticesand Exemption Rulesb. Publishing Matching Notices4. OMB Memoranda on protection of personally identifiableinformation (“PII”)a. M-07-16: Safeguarding Against and Responding To theBreach of Personally Identifiable Informationb. M-06-15: Safeguarding Personally IdentifiableInformationc. M-06-16: Protection of Sensitive Agency Information5. OMB Memoranda on data sharinga. M-11-02: Sharing Data while Protecting Privacyb. M-01-05: Guidance on Inter-agency Sharing of PersonalData – Protecting Personal Privacyc. M-04-26: Personal Use Policies and File SharingTechnologyd. U.S. Department of Homeland Security white papere. The President’s identity theft task force report6. OMB Memoranda on incident responsea. M-09-07: Recommendations for Identity Theft RelatedData Breach Notification Guidanceb. M-06-19: Reporting Incidents Involving PersonallyIdentifiable Information and Incorporating the Cost forSecurity in Agency Information Technology Investmentsc. M-07-16: Safeguarding Against and Responding To theBreach of Personally Identifiable Information7. OMB Memoranda on functional positions for privacya. M-05-08: Designation of Senior Agency Officials forPrivacy8. OMB Memoranda on Websites & Website Measurement, SocialMediaa. M-10-22: Guidance for Online Use of Web Measurementand Customization Technologiesb. M-10-23: Guidance for Agency Use of Third-partyWebsites and ApplicationsPease International Tradeport ∙ 75 Rochester Avenue. Suite 4 ∙ Portsmouth, NH 03801 USA ∙+1 603.427.9200 ∙ certification@privacyassociation.org7
Page 1 and 2: copyright © 2011, IAPPU.S. Governm
Page 3 and 4: copyright © 2011, IAPPUpon success
Page 5: copyright © 2011, IAPPb. Laws comp

U.S. Government Privacy Certification - International Association of ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?