E-Government Act of 2002, Section 208 and the Consolidated Appropriations Act of 2005, Title V

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey there everyone.
00:02
It's chris again and I'm cyber is instructor for its US information probably C course. I want to welcome you back to the course.
00:10
Hopefully you've enjoyed our dialogue up to this point.
00:14
You know, it's uh in less than 2.4 we're gonna talk about the E Government Act in 2002
00:21
Specifically looking at its privacy provisions that are captured in section 208.
00:28
And when we talk about these privacy impact assessments in two away being
00:32
and then we're also going to talk about the Consolidated appropriations Act
00:36
2005, really focusing on title five is general provision section 5-2, which statutorily requires
00:44
all agencies, federal agencies and the executive branch
00:48
to have a chief privacy officer.
00:53
We have several learning objectives.
00:55
We're going to have a overview of the Government Act of 2002.
00:59
We're going to drill down into section 20 a B because it is important to us as privacy professionals,
01:06
whether you're working in the private sector
01:08
or the public sector to where implementation is mandatory,
01:12
but if you are private sector privacy officer privacy professional, again, there are good best practices that you might learn
01:23
and adopted by just reviewing the government Act of 2000 and two, Section 20 A B.
01:29
And then we're gonna have a brief discussion on the consolidated appropriations act of 2005. Title five
01:36
General Provision Section 5- two, which statutorily requires federal government agencies and the executive branch to have a chief privacy officer.
01:49
So let's talk about the E Government Act in 2002. We know it amends
01:53
The Privacy Act in 1974, as we stated earlier.
01:57
You know, the passage of the Privacy Act in 1974 was done when the federal government had less transparency.
02:06
American citizens had less incise until the inner workings of the federal government.
02:12
We were in a paper based environment.
02:15
It was at the turn of the 21st century that the US government decided that it had to
02:22
Amend The Privacy Act of 1974 to maintain pace with advances that have been made in computer technology, information technology to provide more
02:34
efficient and effective functions and services to the american public.
02:38
And so what they hope to do us to ensure that in making use and incorporating these technologies into the way they interact with the american public,
02:47
that again, they could provide these information and services in a manner consistent with those laws regarding the protection of personal privacy,
02:58
national security records, retention and access to persons with disabilities and other relevant laws.
03:06
Now,
03:07
you know, the
03:08
E Government Act in 2002 requires
03:12
all federal government agencies to be implement these requirements
03:17
to be more transparent and open in the way they engage with the american public.
03:24
You know when we get to
03:27
Section two A weight, which is extremely important to us as privacy officers, especially if you're supporting activities within the executive branch
03:36
into a section to await that gives us the requirements for
03:39
these agencies conduct privacy impact assessments.
03:44
And I can remember in 2000
03:46
and seven when I'd inherited a program in the Department of Homeland Security that was failing. And so I was asked to take it over being a mission oriented guy. I focused on the mission aspects of the program and not considering the compliance aspects.
04:02
It wasn't until the U. S. Congress sent
04:05
and an audit team from the General Accounting Office to audit the program that I learned about the importance of privacy impact assessments.
04:15
You know the senior auditor and his team sat across the table from me
04:19
and they asked me if I just said the purpose in which I smile be mingling at them and told them that I had everything under control.
04:27
It wasn't until the senior auditor asked me why I hadn't done a privacy impact assessments since there was potential that would be would be collecting personal information. American citizens that I learned that I had missed an important
04:43
component and restoring this program to viability
04:47
because it was them. When I responded to him,
04:49
you know and ask the question whether it's a pia
04:53
and from there the audit went downhill,
04:55
pia is especially important to me.
04:58
Section two Weight highlights at any time
05:01
that an agency is considering to include pilots
05:04
acquiring or developing a system that's going to
05:09
uh process personal identifiable information.
05:13
If there is a new definition of person identified information and rulemaking.
05:17
If you're considering transport, porting data across borders,
05:23
data centers abroad,
05:25
if you have modify a system that's processing person identified information, then you should do a privacy impact assessment
05:33
which is a sort of privacy risk assessment that allows us to identify risk associated with the processing of personal identifying information so we can mitigate those risks.
05:46
You know, we we do these piuze
05:49
to ensure that we know what we're collecting using, disclosing, retaining
05:55
and disposing. Uh
05:57
There is a requirement for these agencies to annually
06:00
report their PIAs and to make them available
06:03
on their public websites
06:06
so that individuals can see, you know these systems that are processing uh P. A. And have some insights just like we talked about with scorns.
06:16
These agencies have to
06:17
publicly announced these systems before they place an operation for a period of 30 days in the Federal Register as well as they have to submit a letter to the Office of Management and Budget and to the Congress
06:31
For within over a period of 10 days or so to which they have to review the um the letter.
06:40
And that's what happened to me.
06:43
You know, it's important that, you know, you you use these P. A. S. Conform with, you know, legal regulatory and policy requirements for privacy,
06:53
determine the risk and effects and then evaluate protections and alternative processes for mitigating potential privacy risks.
07:06
You know, it's the
07:09
Consolidated appropriations Act in 5 2025. General provision, Section 5 to 2
07:15
that states the requirement that every federal agency and executive branch must have a chief privacy officer
07:23
and that chief privacy officer is responsible for all aspects of privacy and data protection within those agencies.
07:31
It requires those agencies to establish and implement a comprehensive price and data protection procedure
07:39
every time that agency collects uses shares, discloses, transfers, stores
07:45
or disposes of personal identifying information
07:48
as it pertains to employees and the american public.
07:55
And they're supposed to conduct periodic third part reviews of their processing of P. Ii. Procedures
08:01
and policies.
08:05
You know I include it in your reference section to give you some greater insights in this section 5-2 and its impact.
08:11
A letter that was written to the director of the Office of Management budget.
08:16
And in that letter it was the information security
08:20
Uh and probably was the advisory board that had examined section 5-2
08:26
and its importance for executive branch agencies
08:30
that had privacy programs.
08:33
You know, the board realized the importance of having these prey chief privacy officers.
08:39
They wanted federal government agencies to really focus on having effective and efficient privacy programs
08:46
uh that govern how they would process personally identifiable information.
08:52
They highlighted the importance of conducting P. A. S.
08:56
They talked about the establishment of the chief privacy officer
09:01
and it also made sure that there was a distinction between information privacy and information security
09:07
while complimentary.
09:09
Again they have different privacy control, security controls and in some aspects different focuses on protecting and agencies uh information in this case
09:20
personally identifiable information.
09:24
You know it was the I the I. S. Uh P. A. B. That also said that you know the chief privacy officers know had to play an important role within agencies and helping them manage their privacy programs.
09:39
I wanted to make sure that
09:41
they were well integrated with you know an agency, see IOS chief information officers and other key senior leaders.
09:52
No question line asked the question, What is the E Government Act in 2002 years purpose?
09:58
The answers are A B and C.
10:03
Question to ask, What are the E. Government act in 2000 and two. Section two. Away bees privacy requirements.
10:11
The answers are
10:13
B.
10:16
Question three asked about the private impact assessment. Why what is it?
10:24
The answers are A B and C.
10:28
Question four asked about the Consolidated Appropriations Act, 2005.
10:33
What does it require?
10:35
The answers are A. B. And D.
10:41
In summary, the E. Government Act of 2002 transitions the federal government at the beginning of the 21st century to be able to achieve digital transformation.
10:54
It's the E. Government Act in 2002 sections to await that requires agencies conduct
11:00
P. I. A. S. And opposes p. I. A. S to um their public facing websites in most cases and together appropriate notification to the public, to Congress and to the o. M. B.
11:13
And it's the consolidated appropriations act in 2005 that requires federal agencies statutorily to have chief privacy officer.
Up Next