Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

Government Privacy IAPP Privacy Certification
"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
IT Security Policy Framework
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Overview of the Privacy Act
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Are you ready for HIPPO??? Welcome to HIPAA
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Informed Consent and HIPAA Tim Noe Coordinating Center.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.
Complying With The Federal Information Security Act (FISMA)
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Other Laws (Primarily for E-Government) COEN 351.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Confidentiality for Transportation Personnel.  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act.
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Open Government, Social Media, and Information Policy: Constraints and Barriers John Carlo Bertot Professor and Director Center for Library & Information.
Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Working with HIT Systems
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Privacy Act United States Army (Managerial Training)
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Protection of Personal Information Act An Analysis on the impact.
HIPAA Privacy What Every Staff Member Needs to Know.
Understanding Privacy An Overview of our Responsibilities.
Data Security and Privacy Overview: NJDOE’s Approach to Cybersecurity
Data Sharing, Storage, & Consent
Student Confidentiality: The FERPA/HIPAA Facts
FOIA, Privacy & Records Management Conference 2009
Data Sharing, Storage, & Consent
Introduction to GDPR 09/11/2018.
Security Awareness Training: System Owners
State of the privacy union
Overview of Important Changes to the Final Rule
Employee Privacy and Privacy of Employee Information
Overview of Important Changes to the Final Rule
Privacy Requirements and HSPD-12
Enforcement and Policy Challenges in Health Information Privacy
Student Privacy in the age of big data
Evaluation and assessment
Student Confidentiality: The FERPA/HIPAA Facts
Presentation transcript:

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28 Feb 2008

Approved for Public Release. Distribution Unlimited. 2 Purpose & Content Purpose: Provide overview of government privacy as it pertains to the BTF.  Principles for information security and public records management in government  Information privacy laws regarding data quality, public access to records, and other disclosures  Best practices

Approved for Public Release. Distribution Unlimited. 3 Principles  Core value of our society  Potential consequences  Collection Limitation  Data Quality  Purpose Specification  Use Limitation  Security Safeguards  Openness  Individual Participation  Accountability  Misc. (State vs. Private Actors, Expectation of Privacy, Privacy Continuum)

Approved for Public Release. Distribution Unlimited. 4 Information Privacy Laws  Privacy Act (1974)  Freedom of Information Act (1974)  USA Patriot Act (2001)  Data Quality Act (2002)  E-Government Act (2002)  Health Insurance Portability and Accountability Act (HIPAA) (1996)  Fair Credit Reporting Act (1970)  Family Educational Rights and Privacy Act (1974)  Drivers Privacy Protection Act (1994)  Children’s Online Privacy Protection Act (1998)  Financial Services Modernization Act (GLBA) (1999)

Approved for Public Release. Distribution Unlimited. 5 Best Practices  Processes  Enforcement  Privacy Management  Functional Positions  Federal Policies on Websites

Approved for Public Release. Distribution Unlimited. 6 Way Ahead  Internal awareness and training  Cognizance of emerging requirements, trends, and best practices Deny anonymity to evil-doers while protecting privacy of others. Deny anonymity to evil-doers while protecting privacy of others.

Approved for Public Release. Distribution Unlimited. 7 Backup

Approved for Public Release. Distribution Unlimited. 8  The term “system of records” means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual Privacy Act of 1974 System of Records

Approved for Public Release. Distribution Unlimited. 9  A description of the system of records maintained by the agency  The SORN must appear in the Federal Register before the agency begins to operate the system, e.g., collect and use the information Privacy Act of 1974 System of Records Notice (SORN)

Approved for Public Release. Distribution Unlimited. 10  System Name  Security Classification  System Location  Authority for Maintenance of the System  Purpose of the System  Use and Categories of users  Policies & Practices for storing, retrieving, accessing, retaining, & disposing of records  System Manager  Notification Procedures Privacy Act of 1974 System of Records Notice (SORN)

Approved for Public Release. Distribution Unlimited. 11  “…a broad framework of measures that require using Internet-based information technology to enhance citizen access to Government information and services …” (H.R. 2458)  Privacy Provisions (section (208) and OMB guidance require federal agencies –Post Web site privacy policies in both statement and machine- readable form –Conduct Privacy Impact Assessments E-Government Act

Approved for Public Release. Distribution Unlimited. 12  PIA is an assessment process for identifying and mitigating the privacy risks from a system  Section 208 requires agencies to conduct a PIA before developing or procuring IT systems that collect, maintain or disseminate information in identifiable form (IIF) from or about members of the public E-Government Act Privacy Impact Assessments (PIAs )

Approved for Public Release. Distribution Unlimited. 13 OMB M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act What information is to be collected Why the information is being collected Intended use of the information With whom the information will be shared What opportunities individuals have to decline to provide information or consent to particular uses of the information How the information will be secured Whether a system of records is being created under the Privacy Act Analysis of choices agency made regarding an IT system or collection of information Information lifecycle analysis E-Government Act Privacy Impact Assessments (PIAs)

Approved for Public Release. Distribution Unlimited. 14  Exceptions –For national security systems –Previously assessed systems under evaluation similar to PIA –Internal government operations –For government-run websites that do not collect identifiable information about the public –System collecting non-identifiable information E-Government Act Privacy Impact Assessments (PIAs)

Approved for Public Release. Distribution Unlimited. 15  In addition to completing PIAs, agencies also must follow the web site policy in Section 208 of the E-Government Act  The requirements are: –Post privacy policies on agency websites used by the public –Translate privacy policies into a standardized machine-readable format –Report annually to OMB E-Government Act Website Privacy Policy

Approved for Public Release. Distribution Unlimited. 16  Guidelines for Ensuring and Maximizing the Quality, Objectivity, Utility and Integrity of Information  Report annually to OMB the number and nature of complaints received by the agency Data Quality Act of 2002

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.