OMB Memorandum 16-24 and Privacy

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:01
Welcome back to the course. Everyone.
00:04
It's chris again, the privacy Gremlin
00:07
and I'm Sybers instructor for its US information privacy
00:11
course
00:14
In less than 3.3 we're going to continue our discussion
00:19
on a significant on be circular and memoranda
00:25
And there's a lesson we're gonna focus on one of the memoranda 16-24
00:30
that talks about the role and designation of
00:34
a senior agency official for privacy.
00:36
We talked about to say uh during our circular a 1-30 discussion
00:42
but now we're gonna provide more
00:45
death until that discussion because the senior agency official for privacy
00:49
plays an important role within the executive branch agencies.
00:56
We have to learning objectives. We're gonna talk about the designation
01:00
of the senior agency officials for privacy within federal agencies within the executive branch.
01:04
We're going to also talk about the role of the senior agency officials for privacy within the
01:11
executive branch.
01:14
Now we've also talked about Chief privacy officers depending on the size of an organization. You may have one person that serves both as the say op and the CPO.
01:26
In large organizations, you may have these two roles managed by two different people.
01:34
Let's say. I've been the most senior agency official for privacy supported by the Chief privacy officer who has responsibilities for the day to day operational activities of privacy across the agency. It really depends on the agency's focus
01:53
on privacy as it applies to his mission and business activities.
02:00
So let's delve into, you know, memorandum 16 days 24
02:04
you know, it was on
02:06
February 9, 2016 that,
02:08
you know, the president issued executive order 13 719 entitled the establishment of the Federal privacy council, which is extremely important interagency forum to wear privacy professionals across the executive branch. Meet periodically to
02:25
talk about the implementation of
02:29
privacy practices across executive branch,
02:35
you know, looking at advances in technology and the way that the federal government
02:39
um process and collected this information is stored in its federal systems within the executive branch.
02:46
It was important to provide guidance to these agencies on how they were supposed to manage the information lifecycle anytime that they collected and processed purse identifying information to include the creation collection, the use
03:02
the processing the storing the maintaining
03:07
the dissemination the disclosure and the disposal of personal identifiable information.
03:13
As I said, Priebus is there's always some inherent risk associated with processing
03:19
purse identified information. And these agencies must have the appropriate privacy controls and security controls in place to ensure that we're protecting them personally identifiable information of the american public
03:30
and also other
03:32
individuals like
03:35
agency employees.
03:38
You know, when in designating the CIA,
03:43
you know, that's the opposite is responsible for ensuring that the privacy interests are protected. And then P. Ii has managed in the end within the agency.
03:53
You know, we look at three
03:57
requirements when we talk about designating that say up
04:00
position.
04:02
So this step is supposed to be a senior official
04:06
at the deputy assistant secretary or equivalent level,
04:10
supposed to play be the
04:12
most senior agency official for privacy
04:16
to where they can work with. The agency, had to make sure that they're implementing uh an effective privacy program and is consistent with no federal government guidance.
04:28
You have to have expertise
04:30
so that's a up has to have the necessary skills, knowledge and expertise
04:38
to lead and direct agencies privacy program and also to carry out privacy related functions.
04:44
And then they must have the authority,
04:46
you have to have the necessary authority within that organization. That's why they have to be senior
04:51
to lead and direct that agencies privacy program
04:57
and to comply with O and B. Privacy directed policies circular
05:01
memoranda.
05:05
When we talk about the role of
05:09
uh the and responsibilities of that, say uh they see how is responsible for policy making.
05:15
So it's as senior agency officials responsible for developing the agency's legislative, regulatory and other policy proposals that have private implications.
05:28
They're responsible for publishing and implementing all agency privacy related regulations and policies
05:39
compliance.
05:40
They're the ones that have to be there to drive compliance across the agency
05:45
This year that the agency is compliant with the Privacy Act of 1974.
05:48
The Paperwork Reduction Act of 1995.
05:51
The E Government Act of 2002,
05:55
hipper,
05:56
The Health Insurance Portability Accountability Act in 1996,
06:00
one B circular a 1:30
06:03
and other applicable
06:06
uh
06:08
requirements.
06:11
They also play a central role in
06:15
risk management.
06:17
When we get to the discussion on this, we'll see that integration of privacy risk management throughout all aspects of an executive branch agency.
06:28
But that's the op is responsible for consistently and continually conducting privacy risk assessments
06:34
by using tools like privacy threshold analyses,
06:40
privacy impact assessments.
06:43
To assess the risk associated with
06:45
the processing of personal identifiable information throughout the information lifecycle.
06:54
The agency has have to make sure that the say OP
06:57
is sufficiently resourced
06:59
to be able to achieve and satisfy those private related functions
07:03
that are required by L. And B. And other federal
07:08
laws, rules and regulations.
07:11
But there are things that you have to consider as an agency head. When you're considering with allocating resources to your privacy programs,
07:19
you got to consider the size and structure
07:23
including agency geographic presence.
07:26
What is the agency's mission and the volume, sensitivity and use of P. Ii. That supports an agency mission
07:32
without the privacy risk associated with the creation the collection, the use the processing, the storage, the maintenance, the dissemination, disclosure and the disposal of P. I.
07:46
And then finally we have to consider, you know, those information sources used and we talk about budgetary and plan investments and information technologies that ensure that we're doing those privacy reviews of those systems before they began to uh collect use disclose retain dispose of information.
08:05
As part of the information lifecycle
08:11
question one asked the question what requirements governed the designation and role of PSI OPs within federal agencies?
08:20
A C. And D. Are the appropriate answers.
08:24
Question to ask what are the responsibilities of PSI OPs within federal agencies
08:33
appropriate answers or A C.
08:35
B. N. D.
08:41
Question three asked what factors should
08:45
federal agency has considered when assessing a say UP or privacy programs, resource needs
08:54
A B, C. And D. Are there appropriate answers
09:03
In summary? I hope you've enjoyed less than 3.3.
09:07
I hope you can see the relevance and reviewing Wannabe Memorandum 16 guys, 20 for whether you're supporting an agency within the executive branch or you are supporting
09:18
a private sector entity.
09:22
Like I said throughout my career as a privacy professional, I've looked internationally, I've looked at the federal government and also at the state level
09:31
for those useful tools that I can put my privacy tool kit to assist agencies and being better stewards of privacy
09:39
and always showing due diligence and due care every time that they collect, use, disclose, retain and dispose of purse identified information.
Up Next