7 hours 2 minutes
Hey there everyone.
It's chris again and I'm cyber is instructor for its US information probably C course. I want to welcome you back to the course.
Hopefully you've enjoyed our dialogue up to this point.
You know, it's uh in less than 2.4 we're gonna talk about the E Government Act in 2002
Specifically looking at its privacy provisions that are captured in section 208.
And when we talk about these privacy impact assessments in two away being
and then we're also going to talk about the Consolidated appropriations Act
2005, really focusing on title five is general provision section 5-2, which statutorily requires
all agencies, federal agencies and the executive branch
to have a chief privacy officer.
We have several learning objectives.
We're going to have a overview of the Government Act of 2002.
We're going to drill down into section 20 a B because it is important to us as privacy professionals,
whether you're working in the private sector
or the public sector to where implementation is mandatory,
but if you are private sector privacy officer privacy professional, again, there are good best practices that you might learn
and adopted by just reviewing the government Act of 2000 and two, Section 20 A B.
And then we're gonna have a brief discussion on the consolidated appropriations act of 2005. Title five
General Provision Section 5- two, which statutorily requires federal government agencies and the executive branch to have a chief privacy officer.
So let's talk about the E Government Act in 2002. We know it amends
The Privacy Act in 1974, as we stated earlier.
You know, the passage of the Privacy Act in 1974 was done when the federal government had less transparency.
American citizens had less incise until the inner workings of the federal government.
We were in a paper based environment.
It was at the turn of the 21st century that the US government decided that it had to
Amend The Privacy Act of 1974 to maintain pace with advances that have been made in computer technology, information technology to provide more
efficient and effective functions and services to the american public.
And so what they hope to do us to ensure that in making use and incorporating these technologies into the way they interact with the american public,
that again, they could provide these information and services in a manner consistent with those laws regarding the protection of personal privacy,
national security records, retention and access to persons with disabilities and other relevant laws.
you know, the
E Government Act in 2002 requires
all federal government agencies to be implement these requirements
to be more transparent and open in the way they engage with the american public.
You know when we get to
Section two A weight, which is extremely important to us as privacy officers, especially if you're supporting activities within the executive branch
into a section to await that gives us the requirements for
these agencies conduct privacy impact assessments.
And I can remember in 2000
and seven when I'd inherited a program in the Department of Homeland Security that was failing. And so I was asked to take it over being a mission oriented guy. I focused on the mission aspects of the program and not considering the compliance aspects.
It wasn't until the U. S. Congress sent
and an audit team from the General Accounting Office to audit the program that I learned about the importance of privacy impact assessments.
You know the senior auditor and his team sat across the table from me
and they asked me if I just said the purpose in which I smile be mingling at them and told them that I had everything under control.
It wasn't until the senior auditor asked me why I hadn't done a privacy impact assessments since there was potential that would be would be collecting personal information. American citizens that I learned that I had missed an important
component and restoring this program to viability
because it was them. When I responded to him,
you know and ask the question whether it's a pia
and from there the audit went downhill,
pia is especially important to me.
Section two Weight highlights at any time
that an agency is considering to include pilots
acquiring or developing a system that's going to
uh process personal identifiable information.
If there is a new definition of person identified information and rulemaking.
If you're considering transport, porting data across borders,
data centers abroad,
if you have modify a system that's processing person identified information, then you should do a privacy impact assessment
which is a sort of privacy risk assessment that allows us to identify risk associated with the processing of personal identifying information so we can mitigate those risks.
You know, we we do these piuze
to ensure that we know what we're collecting using, disclosing, retaining
and disposing. Uh
There is a requirement for these agencies to annually
report their PIAs and to make them available
on their public websites
so that individuals can see, you know these systems that are processing uh P. A. And have some insights just like we talked about with scorns.
These agencies have to
publicly announced these systems before they place an operation for a period of 30 days in the Federal Register as well as they have to submit a letter to the Office of Management and Budget and to the Congress
For within over a period of 10 days or so to which they have to review the um the letter.
And that's what happened to me.
You know, it's important that, you know, you you use these P. A. S. Conform with, you know, legal regulatory and policy requirements for privacy,
determine the risk and effects and then evaluate protections and alternative processes for mitigating potential privacy risks.
You know, it's the
Consolidated appropriations Act in 5 2025. General provision, Section 5 to 2
that states the requirement that every federal agency and executive branch must have a chief privacy officer
and that chief privacy officer is responsible for all aspects of privacy and data protection within those agencies.
It requires those agencies to establish and implement a comprehensive price and data protection procedure
every time that agency collects uses shares, discloses, transfers, stores
or disposes of personal identifying information
as it pertains to employees and the american public.
And they're supposed to conduct periodic third part reviews of their processing of P. Ii. Procedures
You know I include it in your reference section to give you some greater insights in this section 5-2 and its impact.
A letter that was written to the director of the Office of Management budget.
And in that letter it was the information security
Uh and probably was the advisory board that had examined section 5-2
and its importance for executive branch agencies
that had privacy programs.
You know, the board realized the importance of having these prey chief privacy officers.
They wanted federal government agencies to really focus on having effective and efficient privacy programs
uh that govern how they would process personally identifiable information.
They highlighted the importance of conducting P. A. S.
They talked about the establishment of the chief privacy officer
and it also made sure that there was a distinction between information privacy and information security
Again they have different privacy control, security controls and in some aspects different focuses on protecting and agencies uh information in this case
personally identifiable information.
You know it was the I the I. S. Uh P. A. B. That also said that you know the chief privacy officers know had to play an important role within agencies and helping them manage their privacy programs.
I wanted to make sure that
they were well integrated with you know an agency, see IOS chief information officers and other key senior leaders.
No question line asked the question, What is the E Government Act in 2002 years purpose?
The answers are A B and C.
Question to ask, What are the E. Government act in 2000 and two. Section two. Away bees privacy requirements.
The answers are
Question three asked about the private impact assessment. Why what is it?
The answers are A B and C.
Question four asked about the Consolidated Appropriations Act, 2005.
What does it require?
The answers are A. B. And D.
In summary, the E. Government Act of 2002 transitions the federal government at the beginning of the 21st century to be able to achieve digital transformation.
It's the E. Government Act in 2002 sections to await that requires agencies conduct
P. I. A. S. And opposes p. I. A. S to um their public facing websites in most cases and together appropriate notification to the public, to Congress and to the o. M. B.
And it's the consolidated appropriations act in 2005 that requires federal agencies statutorily to have chief privacy officer.
Penetration Testing and Ethical Hacking
The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
Privacy Program Management
In this Privacy Program Management training course, students will learn privacy program strategies, applicable laws ...
4 CEU/CPE Hours Available
Certificate of Completion Offered