OMB Circular A-130, Appendix II and Information Privacy
7 hours 2 minutes
Hello everyone welcome back to the course.
My name is Chris and I am your instructor for cyber buries us information privacy course.
In less than 3.1 we're going to look at the Office of Management Budgets
circular A 1 30 which is entitled Managing Information as a Strategic resource which was last revised in 2016.
It provides guidance to executive branch agencies
on how to conduct a thorough and complete
uh several budgetary and managing activities on the behalf of the president.
We're gonna look at Appendix two which provides guidance to these same executive branch agencies on how they can best develop and maintain comprehensive privacy programs.
You know during my time in the executive branch I had to comply with on bs different circular and memoranda.
But it wasn't until I became a privacy professional that I really understood the importance of on these guidance especially as it applied to privacy and security.
You know I've used those in assisting
the U. S. House of Representatives
and maturing his privacy program and I've also used them. Its guidance in the private sector
where these guidance documents are mandatory for the executive blanche. There are also used for privacy tools for private sector privacy professionals who are looking to develop
and maintain effective privacy programs. So I encourage you to review each of those and put them in your privacy tool kit.
We have several learning objectives. We're gonna talk about A. And B. S. Mission and its five critical processes and then we'll delve right into A and B circular A 1 30 then examine appendix two.
I wanna be plays an important role within the executive branch.
It's the office responsible
ensuring that the executive branch agencies
understand and execute the will of the president
and his vision as it applies to the executive branch.
It's only be that assist the president and achieving his or her when applicable policy, budget management and regulatory objectives
On B has five critical processes
that it follows to achieve the president's vision for the executive branch.
Those include budget development and execution
management, including the oversight of agency performance, human capital, federal procurement, financial management and information technology.
They include regulatory policies, including the coordination review of all significant executive branch agency regulations.
They sir. It serves as a conduit between the executive branch and the legislative branch
and it's responsible for legislative clearance and coordination.
And then it's also the office responsible for publishing presidential executive orders,
presidential circulars and pressure. The presidential memorandum
one B circular 81 30 is essential
two executive branch agencies
that are responsible for acquiring and developing those information systems that house
and that process personally identifiable information.
You know, I'm being published this circle because it had witnessed the advance was made in information technology and want to ensure that the executive branch agencies were instituting processes that allowed them to successfully process
personally down five information
to help them better build, buy and deliver technology
and be able to adapt to changing technologies that accounted for information security, privacy and the management information resources.
You know. One of the focus areas is from our perspective, that's important is focusing in on how these organizations protect federal information resources and how they manage personal identifying information collected from various sources.
Now we've talked about the Fair Information
Practice principles. We call them fair information practices doing our module
But its appendix two
that really helps these organizations understand how to best
uh personally identifying information and to protect privacy.
It requires them to make sure that their current with a current
privacy of laws, regulations and policies.
No it updates those federal information practice principles that we talked about
and module one
You know and be revised that list in 2016 to account for access and amendment, accountability
authority, data minimization,
data quality and data integrity,
purpose specification and use limitation, security and transparency.
It's Appendix two that also says that
every executive branch agency has to designate
as senior agency official for privacy which is the senior agency official for privacy.
The same god is responsible for you know making and developing central privacy policies
assessing privacy risk and impact on the agency's
as it applies to a person identifiable information.
It's the position that's responsible for managing person identifiable information throughout all aspects of the information lifecycle
collection, use, disclosure retention and disposal.
It is the person responsible also for external reporting to um be
and to uh other
applicable agencies on privacy related topics.
Circularly 1:30 that also gives these executive branch agencies guidance on how to develop and maintain a comprehensive agency privacy program.
It's the same top that's responsible for working with the different business functional admission
activities within those agencies to ensure that we have in the end privacy program management and privacy
programme protection for uh personal identifiable information.
Some of the general requirements
for these programs include establishing and maintaining a conference of privacy program,
making sure that you have good
privacy risk management processes in place when applicable. You're conducting those privacy threshold analyses,
you're conducting those privacy impact assessments that we talked about,
making sure that agencies are compliant with applicable federal laws regulations and policies
developing privacy program plans
identifying privacy controls,
implementing an enterprise
risk management program that includes privacy risk management,
designating that senior agency official for privacy. And also, don't forget the chief privacy officer, which is not necessarily the same position within organizations.
Making sure that you have integration of the agency privacy program with other applicable programs like the Information security program.
Making sure that you have in the end information lifecycle management in place throughout the collection. Use disclosure retention and disposal of purse identifying information
engineering in those privacy requirements until your enterprise architecture.
That's where concepts like privacy engineering were so extremely important.
Making sure when applicable of compliance with the privacy act,
constantly balancing the need for to collect this person identified information with the risk associated with processing it.
Making sure that the privacy program
is integrated with the data retention,
data disposal, data disclosure and data dissemination uh strategies for the agencies.
Making sure from the transparency standpoint that the agency when applicable, is posting his privacy policies and privacy impact assessments
on us, public facing websites, mobile applications and other digital services.
And then what's most important to me is
you don't know what's wrong if you don't measure it. And so again, making sure you've developed
key risk identifiers,
making sure that you have developed performance metrics that really demonstrating the show over time how successful your privacy program is and accomplishing his mission.
No question one asked what are Phipps?
A. B, C and D. Are the appropriate answers?
Question to ask what does appendix two's purpose?
A and C. Are the appropriate answers
In summary won't be players a key role in assisting the president achieving his this or her vision for the executive branch.
It has five critical processes that use this, achieve that mission.
We talked about the importance of circular everyone third and given guys executive branch agencies and the importance of appendix two and providing good guidance on how to develop comprehensive privacy programs.
We talked about the requirements of the privacy program and we talked about the role responsibility of the Sahara.