OMB Circular A-130, Appendix II and Information Privacy

00:01

Hello everyone welcome back to the course.

00:03

My name is Chris and I am your instructor for cyber buries us information privacy course.

00:09

In less than 3.1 we're going to look at the Office of Management Budgets

00:14

circular A 1 30 which is entitled Managing Information as a Strategic resource which was last revised in 2016.

00:25

It provides guidance to executive branch agencies

00:30

on how to conduct a thorough and complete

00:33

uh several budgetary and managing activities on the behalf of the president.

00:39

We're gonna look at Appendix two which provides guidance to these same executive branch agencies on how they can best develop and maintain comprehensive privacy programs.

00:51

You know during my time in the executive branch I had to comply with on bs different circular and memoranda.

01:00

But it wasn't until I became a privacy professional that I really understood the importance of on these guidance especially as it applied to privacy and security.

01:11

You know I've used those in assisting

01:15

the U. S. House of Representatives

01:17

and maturing his privacy program and I've also used them. Its guidance in the private sector

01:26

where these guidance documents are mandatory for the executive blanche. There are also used for privacy tools for private sector privacy professionals who are looking to develop

01:37

and maintain effective privacy programs. So I encourage you to review each of those and put them in your privacy tool kit.

01:47

We have several learning objectives. We're gonna talk about A. And B. S. Mission and its five critical processes and then we'll delve right into A and B circular A 1 30 then examine appendix two.

02:00

I wanna be plays an important role within the executive branch.

02:05

It's the office responsible

02:07

for

02:09

ensuring that the executive branch agencies

02:13

understand and execute the will of the president

02:15

and his vision as it applies to the executive branch.

02:20

It's only be that assist the president and achieving his or her when applicable policy, budget management and regulatory objectives

02:30

On B has five critical processes

02:31

that it follows to achieve the president's vision for the executive branch.

02:38

Those include budget development and execution

02:42

management, including the oversight of agency performance, human capital, federal procurement, financial management and information technology.

02:52

They include regulatory policies, including the coordination review of all significant executive branch agency regulations.

03:00

They sir. It serves as a conduit between the executive branch and the legislative branch

03:06

and it's responsible for legislative clearance and coordination.

03:09

And then it's also the office responsible for publishing presidential executive orders,

03:15

presidential circulars and pressure. The presidential memorandum

03:24

one B circular 81 30 is essential

03:29

two executive branch agencies

03:31

that are responsible for acquiring and developing those information systems that house

03:39

federal information

03:42

and that process personally identifiable information.

03:45

You know, I'm being published this circle because it had witnessed the advance was made in information technology and want to ensure that the executive branch agencies were instituting processes that allowed them to successfully process

04:00

personally down five information

04:02

to help them better build, buy and deliver technology

04:09

and be able to adapt to changing technologies that accounted for information security, privacy and the management information resources.

04:18

You know. One of the focus areas is from our perspective, that's important is focusing in on how these organizations protect federal information resources and how they manage personal identifying information collected from various sources.

04:35

Now we've talked about the Fair Information

04:41

Practice principles. We call them fair information practices doing our module

04:47

one discussion

04:50

But its appendix two

04:53

that really helps these organizations understand how to best

04:59

manage

05:00

uh personally identifying information and to protect privacy.

05:03

It requires them to make sure that their current with a current

05:09

privacy of laws, regulations and policies.

05:15

No it updates those federal information practice principles that we talked about

05:19

and module one

05:23

You know and be revised that list in 2016 to account for access and amendment, accountability

05:30

authority, data minimization,

05:33

data quality and data integrity,

05:35

individual participation

05:39

purpose specification and use limitation, security and transparency.

05:46

It's Appendix two that also says that

05:48

every executive branch agency has to designate

05:53

as senior agency official for privacy which is the senior agency official for privacy.

06:00

The same god is responsible for you know making and developing central privacy policies

06:08

assessing privacy risk and impact on the agency's

06:12

as it applies to a person identifiable information.

06:16

It's the position that's responsible for managing person identifiable information throughout all aspects of the information lifecycle

06:26

collection, use, disclosure retention and disposal.

06:31

It is the person responsible also for external reporting to um be

06:38

and to uh other

06:41

applicable agencies on privacy related topics.

06:46

It is

06:47

Circularly 1:30 that also gives these executive branch agencies guidance on how to develop and maintain a comprehensive agency privacy program.

06:57

It's the same top that's responsible for working with the different business functional admission

07:03

activities within those agencies to ensure that we have in the end privacy program management and privacy

07:10

programme protection for uh personal identifiable information.

07:15

Some of the general requirements

07:17

for these programs include establishing and maintaining a conference of privacy program,

07:24

making sure that you have good

07:27

privacy risk management processes in place when applicable. You're conducting those privacy threshold analyses,

07:33

you're conducting those privacy impact assessments that we talked about,

07:38

making sure that agencies are compliant with applicable federal laws regulations and policies

07:45

developing privacy program plans

07:47

privacy plans,

07:49

identifying privacy controls,

07:53

implementing an enterprise

07:55

risk management program that includes privacy risk management,

08:00

designating that senior agency official for privacy. And also, don't forget the chief privacy officer, which is not necessarily the same position within organizations.

08:11

Making sure that you have integration of the agency privacy program with other applicable programs like the Information security program.

08:20

Making sure that you have in the end information lifecycle management in place throughout the collection. Use disclosure retention and disposal of purse identifying information

08:33

engineering in those privacy requirements until your enterprise architecture.

08:39

That's where concepts like privacy engineering were so extremely important.

08:45

Making sure when applicable of compliance with the privacy act,

08:50

constantly balancing the need for to collect this person identified information with the risk associated with processing it.

09:00

Making sure that the privacy program

09:03

is integrated with the data retention,

09:07

data disposal, data disclosure and data dissemination uh strategies for the agencies.

09:13

Making sure from the transparency standpoint that the agency when applicable, is posting his privacy policies and privacy impact assessments

09:24

on us, public facing websites, mobile applications and other digital services.

09:30

And then what's most important to me is

09:33

you don't know what's wrong if you don't measure it. And so again, making sure you've developed

09:37

key risk identifiers,

09:41

making sure that you have developed performance metrics that really demonstrating the show over time how successful your privacy program is and accomplishing his mission.

09:54

No question one asked what are Phipps?

10:00

A. B, C and D. Are the appropriate answers?

10:03

Question to ask what does appendix two's purpose?

10:09

A and C. Are the appropriate answers

10:13

In summary won't be players a key role in assisting the president achieving his this or her vision for the executive branch.

10:24

It has five critical processes that use this, achieve that mission.

10:28

We talked about the importance of circular everyone third and given guys executive branch agencies and the importance of appendix two and providing good guidance on how to develop comprehensive privacy programs.