7 hours 2 minutes
Welcome back to the course. Everyone.
It's chris again, the privacy Gremlin
and I'm Sybers instructor for its US information privacy
In less than 3.3 we're going to continue our discussion
on a significant on be circular and memoranda
And there's a lesson we're gonna focus on one of the memoranda 16-24
that talks about the role and designation of
a senior agency official for privacy.
We talked about to say uh during our circular a 1-30 discussion
but now we're gonna provide more
death until that discussion because the senior agency official for privacy
plays an important role within the executive branch agencies.
We have to learning objectives. We're gonna talk about the designation
of the senior agency officials for privacy within federal agencies within the executive branch.
We're going to also talk about the role of the senior agency officials for privacy within the
Now we've also talked about Chief privacy officers depending on the size of an organization. You may have one person that serves both as the say op and the CPO.
In large organizations, you may have these two roles managed by two different people.
Let's say. I've been the most senior agency official for privacy supported by the Chief privacy officer who has responsibilities for the day to day operational activities of privacy across the agency. It really depends on the agency's focus
on privacy as it applies to his mission and business activities.
So let's delve into, you know, memorandum 16 days 24
you know, it was on
February 9, 2016 that,
you know, the president issued executive order 13 719 entitled the establishment of the Federal privacy council, which is extremely important interagency forum to wear privacy professionals across the executive branch. Meet periodically to
talk about the implementation of
privacy practices across executive branch,
you know, looking at advances in technology and the way that the federal government
um process and collected this information is stored in its federal systems within the executive branch.
It was important to provide guidance to these agencies on how they were supposed to manage the information lifecycle anytime that they collected and processed purse identifying information to include the creation collection, the use
the processing the storing the maintaining
the dissemination the disclosure and the disposal of personal identifiable information.
As I said, Priebus is there's always some inherent risk associated with processing
purse identified information. And these agencies must have the appropriate privacy controls and security controls in place to ensure that we're protecting them personally identifiable information of the american public
and also other
You know, when in designating the CIA,
you know, that's the opposite is responsible for ensuring that the privacy interests are protected. And then P. Ii has managed in the end within the agency.
You know, we look at three
requirements when we talk about designating that say up
So this step is supposed to be a senior official
at the deputy assistant secretary or equivalent level,
supposed to play be the
most senior agency official for privacy
to where they can work with. The agency, had to make sure that they're implementing uh an effective privacy program and is consistent with no federal government guidance.
You have to have expertise
so that's a up has to have the necessary skills, knowledge and expertise
to lead and direct agencies privacy program and also to carry out privacy related functions.
And then they must have the authority,
you have to have the necessary authority within that organization. That's why they have to be senior
to lead and direct that agencies privacy program
and to comply with O and B. Privacy directed policies circular
When we talk about the role of
uh the and responsibilities of that, say uh they see how is responsible for policy making.
So it's as senior agency officials responsible for developing the agency's legislative, regulatory and other policy proposals that have private implications.
They're responsible for publishing and implementing all agency privacy related regulations and policies
They're the ones that have to be there to drive compliance across the agency
This year that the agency is compliant with the Privacy Act of 1974.
The Paperwork Reduction Act of 1995.
The E Government Act of 2002,
The Health Insurance Portability Accountability Act in 1996,
one B circular a 1:30
and other applicable
They also play a central role in
When we get to the discussion on this, we'll see that integration of privacy risk management throughout all aspects of an executive branch agency.
But that's the op is responsible for consistently and continually conducting privacy risk assessments
by using tools like privacy threshold analyses,
privacy impact assessments.
To assess the risk associated with
the processing of personal identifiable information throughout the information lifecycle.
The agency has have to make sure that the say OP
is sufficiently resourced
to be able to achieve and satisfy those private related functions
that are required by L. And B. And other federal
laws, rules and regulations.
But there are things that you have to consider as an agency head. When you're considering with allocating resources to your privacy programs,
you got to consider the size and structure
including agency geographic presence.
What is the agency's mission and the volume, sensitivity and use of P. Ii. That supports an agency mission
without the privacy risk associated with the creation the collection, the use the processing, the storage, the maintenance, the dissemination, disclosure and the disposal of P. I.
And then finally we have to consider, you know, those information sources used and we talk about budgetary and plan investments and information technologies that ensure that we're doing those privacy reviews of those systems before they began to uh collect use disclose retain dispose of information.
As part of the information lifecycle
question one asked the question what requirements governed the designation and role of PSI OPs within federal agencies?
A C. And D. Are the appropriate answers.
Question to ask what are the responsibilities of PSI OPs within federal agencies
appropriate answers or A C.
B. N. D.
Question three asked what factors should
federal agency has considered when assessing a say UP or privacy programs, resource needs
A B, C. And D. Are there appropriate answers
In summary? I hope you've enjoyed less than 3.3.
I hope you can see the relevance and reviewing Wannabe Memorandum 16 guys, 20 for whether you're supporting an agency within the executive branch or you are supporting
a private sector entity.
Like I said throughout my career as a privacy professional, I've looked internationally, I've looked at the federal government and also at the state level
for those useful tools that I can put my privacy tool kit to assist agencies and being better stewards of privacy
and always showing due diligence and due care every time that they collect, use, disclose, retain and dispose of purse identified information.
Penetration Testing and Ethical Hacking
The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
Privacy Program Management
In this Privacy Program Management training course, students will learn privacy program strategies, applicable laws ...
4 CEU/CPE Hours Available
Certificate of Completion Offered