FOIA, Privacy & Records Management Conference 2009

Slides:



Advertisements
Similar presentations
WHAT TO EXPECT IN AN EXTERNAL AUDIT OR INVESTIGATION An Overview of External Audit and Investigative Processes Performed by Outside Entities at UCSD.
Advertisements

Overview of the Privacy Act
Washington Headquarters Services Executive Services Directorate Information Management Division OMB Collection Number Paperwork Reduction Act – DoD Public.
Transforming the Department of Defense Legislative Program.
From Cutting Red Tape to Maximizing Net Benefits Alexander T. Hunt U.S. Office of Management and Budget Challenges on Cutting Red Tape Rotterdam, The Netherlands.
HIPAA Privacy Rule Training
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Prepared by the Office of Grants and Contracts1 COST SHARING.
STUDENT ORGANIZATION Returning Organization Recognition Packet Please review these guidelines to assist organization officers in completing the requirements.
Office of the Administrative Assistant to the Secretary of the Army Social Security Number Reduction Plan 11 February 2009 Office of the Administrative.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
Verification SY Objectives Identify the steps required for Verification. Calculate an accurate sample size and verify the correct number of applications.
Cash Management: Revenue Deposits Financial Affairs Office of the Bursar.
OVERSIGHT & COMPLIANCE BRANCH (OCB) INVOICE PAYMENTS February 16,
Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.
IS Audit Function Knowledge
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Chief Executive Office Risk Management Return To Work Unit.
1 Army Policy and Procedures for Proper Use of Non-DoD Contracts Ed Cornett Procurement Policy and Support July 13 & 19, 2005 Presented to: Army Requiring.
FERPA Family Educational Rights and Privacy Act and Rebecca Macon Registrar University of Georgia Presentation for GASFAA October.
Electronic Records Management: What Management Needs to Know May 2009.
Davis-Bacon, Related Acts, and Your Project Where you can locate the information needed to comply with Davis-Bacon and Related Acts 1.
I-9, Immigration, E-Verify Compliance Matters. Immigration Compliance Policy  The purpose of this policy is to comply with the U.S. Immigration Law by.
ASA (FM&C) 1 Department of the Army Mass Transportation Benefit Program (MTBP) Outside the National Capital Region (NCR) Guidance for Program Points of.
Immigration and Hiring
Agency Drafts Statement of Scope Governor Approves Statement of Scope (2) No Agency Drafts: Special Report for rules impacting housing
 Sana Riaz  Registration No  Saira Khalid  Registration No
BACKNEXT Georgia State University --- Expenditure Review Executive Summary -- Online Training Online Training for Georgia State University Expenditure.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
(Compliance Training)
MARCH 9, 2006 Boating Safety and Enforcement Grant Program Regulations Stakeholder Workshop Proposed Conceptual Regulations Department of Boating and Waterways.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
2 You Will Know The laws that protect your rights as a banking consumer Ways to avoid scams Ways to protect your identity How to resolve complaints regarding.
CIVIL RIGHTS IMPACT ANALYSIS Animal and Plant Health Inspection Service Civil Rights Enforcement and Compliance.
Verification SY Objectives Identify the steps required for Verification. Calculate an accurate sample size and verify the correct number of applications.
Privacy Act United States Army (Managerial Training)
Job Corps Equal Opportunity Officers Orientation Presenter: Kevin Malone U.S. Department of Labor Civil Rights Center.
Rulemaking by APHIS. What is a rule and when must APHIS conduct rulemaking? Under U.S. law, a rule is any requirement of general applicability and future.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
INTERGOVERNMENTAL PERSONNEL ACT (IPA) Presented by: Ireti Akinola, HR Specialist, PPAG, OHR May 2015.
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
The Georgia Open Records Act and ferpa
1 BSO Welcome. 2 General Login Attestation 3 BSO Login.
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
HR Policy Updates: Executive Summary
Policies and Procedures
Understanding Your Paycheck and Tax Forms
South Carolina AHEC Health Careers Academy
Privacy principles Individual written policies
Equipment Management Chris Crutcher | Branch Director, Internal Operations | September 19, 2017.
Limited English Proficiency (LEP)
FOIA, Privacy & Records Management Conference 2009
Understanding Your Paycheck and Tax Forms
FOIA, Privacy & Records Management Conference 2009
Red Flags Rule An Introduction County College of Morris
Understanding Your Paycheck and Tax Forms
Disability Services Agencies Briefing On HIPAA
Identity Theft Prevention Program Training
FOIA, Privacy & Records Management Conference 2009
What is OAL? The Office of Administrative Law (OAL) ensures that agency regulations are clear, necessary, legally valid, and available to the public. OAL.
Review of the Incident Command System
Government Data Practices & Open Meeting Law Overview
DCIPS Performance Evaluation Administrative Reconsideration Guidance Overview These slides should be used in conjunction with the “Army DCIPS Performance.
TALA Annual Conference Surveyor Perspective related to the Licensing Standards for Assisted Living Facilities Galveston, TX April 1, 2019.
Garrison Okinawa Incoming Soldiers and Civilians Records Management Brief Lawrence L. Brown.
Presentation transcript:

FOIA, Privacy & Records Management Conference 2009 Office of the Administrative Assistant to the Secretary of the Army Records Management and Declassification Agency & Army Publishing Directorate Privacy Act Statement/Advisory and SSN Reduction Requirements & Development Ms. Cris Carpi Chief, Forms Mgmt Branch (703) 325-6297 cris.carpi@hqda.army.mil Ms. Evlyn Hearne Army Privacy Office (703) 428-7497 evlyn.hearne@us.army.mil Mr. Chris Kaloudis Army Privacy Office (703) 428-7499 chris.kaloudis@us.army.mil

Privacy Act Statement When do you need a Privacy Act Statement? Whenever the government collects Personally Identifiable Information (PII) from an individual, regardless of the method used to collect the information (forms, personal or telephonic interview, Internet or system access), the Privacy Act of 1974 (5 USC 552a) requires the government to advise individuals why the information is being collected from them, which affords individuals an opportunity make an informed decision as to whether to furnish the information for the intended purpose. -- As awareness and training spread more and more complaints are received when Privacy Act Statements are not furnished -- The information will be used for a system of records which informs the general public of what data is being collected, the purpose of the collection, and the authority for doing so. The System Notice also sets the rules that the Army will follow in collecting and maintaining personal data. -- All Federal Agencies -- All information is furnished voluntarily, however, failure to provide the required data could result in an individual not being able to be considered for a job

What’s Included in a Privacy Act Statement Privacy Act Statement (cont) What’s Included in a Privacy Act Statement AUTHORITY: Must be statutory or Executive Order. Ensures that personal information collected is limited to that which is legally authorized and necessary. Lists the Federal Law and/or Executive Order that appears in the systems notice for the system of records into which this data will be placed. Can also include any regulatory authority. Title 10 USC Section 3013 is the overall authority for the Secretary of the Army. Executive Order 9397 is the authority for use of SSNs. Under AUTHORITY, list the Federal Law or Executive Order that appears in the systems notice, i.e., 10 U.S.C. Section 3013, Departmental Regulations and Executive Order 9397. Under PURPOSE, use the same information that contains in the systems notice.

Privacy Act Statement (cont) What’s Included in a Privacy Act Statement (con’t) PRINCIPAL PURPOSE(s): The purpose(s) for which the information is to be used. This varies and should be written from the individual record subject perspective. For example, simply stating the data will be used for management statistical analysis is not sufficient when another purpose might be to determine assignment qualification.

Privacy Act Statement (Cont) What’s Included in a Privacy Act Statement (cont) ROUTINE USE(s): Indicates which agencies outside the Department of Defense will have access to the data or to which the data will be shared. The “Blanket Routine Uses” for the Department of Defense almost always apply and are usually indicated here. MANDATORY OR VOLUNTARY: In almost every instance, furnishing the information is Voluntary. If failure to provide the information will result in deprivation of a service, benefit, or function the individual should be informed. Furnishing the information is mandatory only if the statutory or Executive Order provide for a penalty for not providing the information.  

Sample Privacy Act Statement AUTHORITY: 10 U.S.C. Section 3013, Secretary of the Army; AR 600-20, Army Command Policy and E.O. 9397 (SSN). PRINCIPAL PURPOSE(s): To provide a means for filing a complaint based on discrimination due to race, color religion, gender, or national origin. ROUTINE USE(S): None. The "Blanket Routine Uses" set forth at the beginning of the Army's Compilation of Systems of Record Notices also applies to this system. DISCLOSURE: Voluntary. However, failure to provide all the requested information could lead to rejection of complaint for inadequate data.

SSN Reduction Plan Authority Scope Roles & Responsibilities Basic Procedural Requirements Justification Analysis Lessons Learned Questions

SSN Reduction Plan Authority President's Task Force on Identity Theft Strategic Plan, April 2007 DoD Senior Privacy Official Memorandum, "Personally Identifiable Information," April 27, 2007 Directive-Type Memorandum 07-015-USD(P&R) ─ “DoD Social Security Number (SSN) Reduction Plan” dated 28 Mar 08 DoD 5400.11-R, "DoD Privacy Program," May 14,2007

SSN Reduction Plan Scope All DA Forms that collect Social Security Numbers (SSNs) Approximately 500 must be reviewed Goal is to eliminate SSN’s if at all possible DA Forms with continued need for collection of SSN’s: Must have an approved continued use justification based on DTM acceptable use cases GO/SES must sign justification Army Forms Manager is approving Official cosigned by Army Privacy Office DoD to direct reviews of Army proponent DD & SD Forms Command/installation forms must be reviewed with similar process

Roles & Responsibilities APD Forms Management Branch & Army Privacy Office Are charged with reducing SSN usage throughout the Army Must be convinced that continued use is appropriate Review and approve/disapprove SSN use justifications Ensure compliance with DTM and basis for acceptable uses Periodically review new forms (3 year reporting)

Roles & Responsibilities (con’t) Forms Managers, Proponents & Privacy Officials at the Headquarters level will Perform a one-time initial review of all existing forms (July 09) Review all new and revised forms Review will validate continued SSN use or identify SSN elimination Include Privacy Officials in review (block 15 e of DD Form 67) Revise forms, draft and submit SSN justification along with DD Form 67 Justifications must be signed by SES/GO Must correlate with one or more DTM acceptable uses Must provide convincing rationale for continued use DoD Forms Management Officer Review SSN use justifications on DD and SD forms and report annually

coordinates review with Privacy Official, signs DD 67, submits to APD Basic Procedural Requirements FMO coordinates review with Privacy Official, signs DD 67, submits to APD Proponent drafts initial justification, changes forms, submits form package to FMO Privacy Official ensures SSN justification meets DTM requirement, signs DD 67, returns to FMO APD receives and tracks justifications, coordinates with Army Privacy Office, approve/disapprove justifications Army Privacy Office review justifications, assist APD with approval/disapproval

Basic Procedural Requirements (cont) Acceptable SSN uses Provided for by law Require interoperability with organizations beyond DoD Required by operational necessities result of the inability to alter systems, processes, or forms due to cost unacceptable levels of risk Forms that claim “operational necessity” Will be closely scrutinized Ease of use or unwillingness are not acceptable justifications

Basic Procedural Requirements (cont) It is unacceptable to collect, use, retain, or transfer SSN along with any other Personally Identifiable Information (PII) without approved justification Explore alternatives to SSNs such as biometrics, electronic data interchange, system-generated identifiers, net-centric environments, email address If disapproved, proponents must submit a plan for elimination with timeline

Justification Analysis Geneva Conventions Serial Number SSN is necessary to fulfill Geneva Convention requirements to identify authorized combatants Law Enforcement, National Security, Credentialing SSN is needed to perform background checks and verify criminal history of persons involved in criminal activities and employees working in law enforcement Security Clearance Investigation or Verification SSN necessary to conduct background checks on employees

Justification Analysis (Con‘t) Interactions With Financial Institutions SSN is needed in order deposit funds and open accounts Confirmation of Employment Eligibility SSN is necessary to prove eligibility to work or with the U.S. government Administration of Federal Worker’s Compensation SSN is needed to facilitate payments and benefits

Justification Analysis (Cont) (7) Federal Taxpayer Identification Number SSN is needed to report earnings and other information to state and federal taxation authorities (8) Computer Matching SSN is necessary to compare data on individuals with other federal agencies (9) Foreign Travel – SSN is needed to obtain passport (10) Noncombatant Evacuation Operations (NEOs) SSN required by the State Department as persons are repatriated to the U.S.

Justification Analysis (Cont) (11) Legacy System Interface SSN is needed to report and verify data with other DoD systems Use only if no other Acceptable Use applies Transition to another identifier cost prohibitive Only valid for limited period to time Plan for elimination with timeframe must accompany justification (12) Other Cases Sufficient grounds and documentation must be submitted to prove SSN use is required by law

Lessons Learned APD and Army Privacy Office cannot draft your justification Our role is to eliminate SSNs Workload scope prohibits special considerations and priorities Justification preparation and staffing can be time-consuming – plan accordingly based on your organizational needs Consider related publications and system requirements as you prioritize justification submissions Incremental submission of justifications will allow timely action

Lessons Learned (con’t) Ensure you closely adhere to the Acceptable Use cases Be brief and do not include unnecessary information in your justifications Ensure justifications are complete, accurate, and non-contradictory Be thorough and accurate: we cannot review duplicative justifications Justifications are not permanent and will be reinitiated in the future

Questions?