FOIA, Privacy & Records Management Conference 2009

Slides:

Advertisements

Similar presentations

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Advertisements

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

Overview of the Privacy Act

Conservation District Supervisor Accreditation Module 6: Responsibilities and Duties of A Supervisor.

Legal and Institutional Framework for Statistical Agencies in the United States Nancy M. Gordon Associate Director for Strategic Planning and Innovation.

IT Security Law for Federal Agencies As of: 30 December 2002.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Procurement Integrity Act (PIA) Overview

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Agenda COBIT 5 Product Family Information Security COBIT 5 content

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.

BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.

6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.

Data Classification & Privacy Inventory Workshop

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.

Fraud, Waste & Abuse DEFICIT REDUCTION ACT OF 2005 Presented by: MARCH Vision Care, 2013.

Peer Information Security Policies: A Sampling Summer 2015.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

HIPAA PRIVACY AND SECURITY AWARENESS.

FISMA Privacy Reporting Requirements United States Pacific Command (USPACOM) FOIA & Privacy Act Conference Presented by Samuel P. Jenkins, Director for.

CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom &

Other Laws (Primarily for E-Government) COEN 351.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Presented by Raaj Kurapati and Charlene Hart. Introduction  The Single Audit Act Amendments of 1996 was enacted to streamline and improve the effectiveness.

Agency Risk Management & Internal Control Standards (ARMICS)

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting.

Privacy Act United States Army (Managerial Training)

1 The Public Interest Disclosure (Whistleblower Protection) Act.

FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Nassau Association of School Technologists

Chapter 3 Administrative Law Chapter 3: Administrative Law.

COMPUTER SECURITY CONCEPTS

Obligations of Educational Agencies: Parents’ Bill of Rights

Lesson 24: How Are National Laws Administered in the American Constitutional System?

FOIA, Privacy & Records Management Conference 2009

Protecting Student Data/ Financial Aid Data Sharing

Journal #1 Your parents have made decisions about your schooling, friends, or work, name 3 decisions have they made you that you have promised to never.

Samuel P. Jenkins, Director Defense Privacy Office

Journal #1 Your parents have made decisions about your schooling, friends, or work, name 3 decisions have they made you that you have promised to never.

The Privacy Act of 1974: An Introduction September 2010

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Government Data Practices & Open Meeting Law Overview

Student Data Privacy: National Trends and Wyoming’s Role

Security Policies and Implementation Issues

Protecting Student Data

Presentation transcript:

FOIA, Privacy & Records Management Conference 2009 Office of the Administrative Assistant to the Secretary of the Army Records Management and Declassification Agency Privacy FISMA and Public Law 110-53 Reporting Leroy Jones, Jr. Evlyn Hearne Army Privacy Office Army Privacy Office (703) 428-6185 (703) 428-7497 leroy.jonesjr1@us.army.mil evlyn.hearne@us.army.mil

Federal Information Security Management Act Part of the Electronic Government Act of 2002 https://www.rmda.army.mil/ Fundamental reasons for the Act: Technology & automation throughout the government caused concerns about protection, use & disclosure of information maintained on individuals Protect information & information systems from unauthorized access, use, disclosure, disruption, modification or destruction to ensure integrity, confidentiality and availability of data At this link you will find ONE REASON FOR THE ACT talks about IMPROVEMENT OF THE METHODS BY WHICH GOVERNMENT INFORMATION, INCLUDING INFO ON THE INTERNET, IS ORGANIZED, PRESERVED, AND MADE ACCESSABLE TO THE PUBLIC. ***** -Integrity, which means guarding against improper information modification or destruction Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and Availability, which means ensuring timely and reliable access to and use of information.

Federal Information Security Management Act (con’t) Key Principles: Agency funding for automation contingent upon assurances of security and authorized collection & use Privacy Impact Assessments (PIAs) Analysis of automated systems containing Personally Identifiable Information (PII) Annual and Quarterly Reporting Statistics on a wide range of agency Privacy practices Narrative descriptions and responses to directed questions

Federal Information Security Management Act (con’t) Report Requirements Numbers and Narrative Explanations Systems of Records and Privacy Impact Assessments Number required/reviewed and number published/completed Scored under the President’s Management Agenda Green 90% & above; Amber 80-90%; Red below 80%

Federal Information Security Management Act (con’t) Training for all personnel (ALARACT 051-2009) Numbers of Reviews of: Section M Contracts Routine Uses Exemptions Matching Programs Violations: Civil and Remedial Action Statements

PUBLIC LAW 110-53 Implementing Recommendations of the 9/11 Commission Act of 2007 Purpose: Review development & implementation of laws, regulations, procedures, policies, and guidelines relating to protecting the Nation against terrorism to ensure they balance with the need to protect individual’s Privacy Delegations: A senior officer to serve as the principal advisor to the department head & other officials in appropriately considering privacy concerns DAASA appointed as the Army’s Senior Agency Official for Privacy Agency Privacy Office to implement requirements, oversee & report Army Privacy Office accomplishes

PUBLIC LAW 110-53 Implementing Recommendations of the 9/11 Commission Act of 2007 Key requirements: Review development and implementation of: Pending and enacted legislation Agency Regulations Policies and procedures Establish procedures to redress privacy complaints Provide advice on governmental powers and privacy Submit quarterly reports to Congress & Privacy Board

PUBLIC LAW 110-53 Implementing Recommendations of the 9/11 Commission Act of 2007 Report composition Number and types of reviews Privacy Act System of Records Notices & Exemptions Privacy Act Statements Computer Matching Agreements Types of Advice and Responses Privacy Program Overview/Principles/Policy SORNs and PIAs SSN and PII Reduction Actions PII Breach Reporting/Notification Privacy Act Violations Number of written complaints, description & disposition

Army Challenges Lack of awareness or understanding Although information has been disseminated numerous times, a significant number of activities still don’t know about this requirement Incomplete Reporting Less than 1/3 of Army activities report Personnel working with FOIA & Privacy (to include attorneys) are most likely giving occasional advice Becoming difficult to ignore glaring omission from key activities Track your numbers and report! Make a sheet with the categories and record (tick mark) each instance Report the numbers to your servicing FOIA/Privacy Office quarterly 8

Questions???