OMB Circular A-130, Appendix II and Information Privacy

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:01
Hello everyone welcome back to the course.
00:03
My name is Chris and I am your instructor for cyber buries us information privacy course.
00:09
In less than 3.1 we're going to look at the Office of Management Budgets
00:14
circular A 1 30 which is entitled Managing Information as a Strategic resource which was last revised in 2016.
00:25
It provides guidance to executive branch agencies
00:30
on how to conduct a thorough and complete
00:33
uh several budgetary and managing activities on the behalf of the president.
00:39
We're gonna look at Appendix two which provides guidance to these same executive branch agencies on how they can best develop and maintain comprehensive privacy programs.
00:51
You know during my time in the executive branch I had to comply with on bs different circular and memoranda.
01:00
But it wasn't until I became a privacy professional that I really understood the importance of on these guidance especially as it applied to privacy and security.
01:11
You know I've used those in assisting
01:15
the U. S. House of Representatives
01:17
and maturing his privacy program and I've also used them. Its guidance in the private sector
01:26
where these guidance documents are mandatory for the executive blanche. There are also used for privacy tools for private sector privacy professionals who are looking to develop
01:37
and maintain effective privacy programs. So I encourage you to review each of those and put them in your privacy tool kit.
01:47
We have several learning objectives. We're gonna talk about A. And B. S. Mission and its five critical processes and then we'll delve right into A and B circular A 1 30 then examine appendix two.
02:00
I wanna be plays an important role within the executive branch.
02:05
It's the office responsible
02:07
for
02:09
ensuring that the executive branch agencies
02:13
understand and execute the will of the president
02:15
and his vision as it applies to the executive branch.
02:20
It's only be that assist the president and achieving his or her when applicable policy, budget management and regulatory objectives
02:30
On B has five critical processes
02:31
that it follows to achieve the president's vision for the executive branch.
02:38
Those include budget development and execution
02:42
management, including the oversight of agency performance, human capital, federal procurement, financial management and information technology.
02:52
They include regulatory policies, including the coordination review of all significant executive branch agency regulations.
03:00
They sir. It serves as a conduit between the executive branch and the legislative branch
03:06
and it's responsible for legislative clearance and coordination.
03:09
And then it's also the office responsible for publishing presidential executive orders,
03:15
presidential circulars and pressure. The presidential memorandum
03:24
one B circular 81 30 is essential
03:29
two executive branch agencies
03:31
that are responsible for acquiring and developing those information systems that house
03:39
federal information
03:42
and that process personally identifiable information.
03:45
You know, I'm being published this circle because it had witnessed the advance was made in information technology and want to ensure that the executive branch agencies were instituting processes that allowed them to successfully process
04:00
personally down five information
04:02
to help them better build, buy and deliver technology
04:09
and be able to adapt to changing technologies that accounted for information security, privacy and the management information resources.
04:18
You know. One of the focus areas is from our perspective, that's important is focusing in on how these organizations protect federal information resources and how they manage personal identifying information collected from various sources.
04:35
Now we've talked about the Fair Information
04:41
Practice principles. We call them fair information practices doing our module
04:47
one discussion
04:50
But its appendix two
04:53
that really helps these organizations understand how to best
04:59
manage
05:00
uh personally identifying information and to protect privacy.
05:03
It requires them to make sure that their current with a current
05:09
privacy of laws, regulations and policies.
05:15
No it updates those federal information practice principles that we talked about
05:19
and module one
05:23
You know and be revised that list in 2016 to account for access and amendment, accountability
05:30
authority, data minimization,
05:33
data quality and data integrity,
05:35
individual participation
05:39
purpose specification and use limitation, security and transparency.
05:46
It's Appendix two that also says that
05:48
every executive branch agency has to designate
05:53
as senior agency official for privacy which is the senior agency official for privacy.
06:00
The same god is responsible for you know making and developing central privacy policies
06:08
assessing privacy risk and impact on the agency's
06:12
as it applies to a person identifiable information.
06:16
It's the position that's responsible for managing person identifiable information throughout all aspects of the information lifecycle
06:26
collection, use, disclosure retention and disposal.
06:31
It is the person responsible also for external reporting to um be
06:38
and to uh other
06:41
applicable agencies on privacy related topics.
06:46
It is
06:47
Circularly 1:30 that also gives these executive branch agencies guidance on how to develop and maintain a comprehensive agency privacy program.
06:57
It's the same top that's responsible for working with the different business functional admission
07:03
activities within those agencies to ensure that we have in the end privacy program management and privacy
07:10
programme protection for uh personal identifiable information.
07:15
Some of the general requirements
07:17
for these programs include establishing and maintaining a conference of privacy program,
07:24
making sure that you have good
07:27
privacy risk management processes in place when applicable. You're conducting those privacy threshold analyses,
07:33
you're conducting those privacy impact assessments that we talked about,
07:38
making sure that agencies are compliant with applicable federal laws regulations and policies
07:45
developing privacy program plans
07:47
privacy plans,
07:49
identifying privacy controls,
07:53
implementing an enterprise
07:55
risk management program that includes privacy risk management,
08:00
designating that senior agency official for privacy. And also, don't forget the chief privacy officer, which is not necessarily the same position within organizations.
08:11
Making sure that you have integration of the agency privacy program with other applicable programs like the Information security program.
08:20
Making sure that you have in the end information lifecycle management in place throughout the collection. Use disclosure retention and disposal of purse identifying information
08:33
engineering in those privacy requirements until your enterprise architecture.
08:39
That's where concepts like privacy engineering were so extremely important.
08:45
Making sure when applicable of compliance with the privacy act,
08:50
constantly balancing the need for to collect this person identified information with the risk associated with processing it.
09:00
Making sure that the privacy program
09:03
is integrated with the data retention,
09:07
data disposal, data disclosure and data dissemination uh strategies for the agencies.
09:13
Making sure from the transparency standpoint that the agency when applicable, is posting his privacy policies and privacy impact assessments
09:24
on us, public facing websites, mobile applications and other digital services.
09:30
And then what's most important to me is
09:33
you don't know what's wrong if you don't measure it. And so again, making sure you've developed
09:37
key risk identifiers,
09:41
making sure that you have developed performance metrics that really demonstrating the show over time how successful your privacy program is and accomplishing his mission.
09:54
No question one asked what are Phipps?
10:00
A. B, C and D. Are the appropriate answers?
10:03
Question to ask what does appendix two's purpose?
10:09
A and C. Are the appropriate answers
10:13
In summary won't be players a key role in assisting the president achieving his this or her vision for the executive branch.
10:24
It has five critical processes that use this, achieve that mission.
10:28
We talked about the importance of circular everyone third and given guys executive branch agencies and the importance of appendix two and providing good guidance on how to develop comprehensive privacy programs.
10:41
We talked about the requirements of the privacy program and we talked about the role responsibility of the Sahara.
Up Next