1 / 30

Privacy Impact Assessment Future Directions

TRICARE Management Activity. HEALTH AFFAIRS. Privacy Impact Assessment Future Directions. 2009 Data Protection Seminar TMA Privacy Office. TRICARE Management Activity. HEALTH AFFAIRS. Privacy Impact Assessment Future Directions. Privacy in the News.

dalton
Download Presentation

Privacy Impact Assessment Future Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TRICARE Management Activity HEALTH AFFAIRS Privacy Impact Assessment Future Directions 2009 Data Protection Seminar TMA Privacy Office

  2. TRICARE Management Activity HEALTH AFFAIRS Privacy Impact Assessment Future Directions Privacy in the News

  3. Privacy Impact Assessment Future Directions Purpose The purpose of this presentation is to provide information on the new efforts to improve the Privacy Impact Assessment (PIA) process, to include a synopsis of the new DoD PIA guidance and form

  4. Privacy Impact Assessment Future Directions Objectives • Upon completion of this presentation, you should be able to: • Identify the key points outlined in the new PIA guidance • Recognize the new features of the PIA template • Describe the new efforts established to improve the PIA process

  5. Privacy Impact Assessment Future Directions Privacy and the Protection of PII • DoD takes its responsibility seriously to safeguard personally identifiable information (PII) in its possession and to prevent its theft, loss, or compromise • DoD is addressing privacy and security challenges through many initiatives including Privacy Impact Assessments (PIAs), Data-at-Rest (DAR), and ensuring that DoD employees are aware of their privacy responsibilities

  6. Privacy Impact Assessment Future DirectionsPIA Requirements • Federal Agency PIA Requirements • Section 208 of the E-Government Act of 2002 requires all agencies to conduct PIAs for all new or substantially changed information systems that collect, maintain, or disseminate PII on the public • New DoD PIA Requirements • DoD Instruction 5400.16 expands the coverage to include Federal personnel, contractors, and foreign nationals employed at U.S. military facilities internationally

  7. Privacy Impact Assessment Future DirectionsHighlights of DoDI 5400.16 PIA Guidance • Formalizes E-Gov Act PIA requirement in DoD for greater visibility and clarity • Enhances responsibilities and accountability • DoD Program Manager (PM) or designee starts the assessment • Requires coordination with PM, Information Assurance, and Component Privacy • Expands signature requirements

  8. Privacy Impact Assessment Future DirectionsHighlights of DoDI 5400.16 PIA Guidance • Better coordination with other processes • Privacy Act SORNs • Information Collection • Certification and Accreditation • Budget • Establishes review cycle • Structures privacy risk identification and assessment with new DoD PIA Form (DD 2930)

  9. Privacy Impact Assessment Future DirectionsHighlights of the New PIA Template • DD Form 2930 • More comprehensive tool • Detailed risk analysis questions • In-depth PII table for selection • Technical, physical, and administrative control list provided • Interactive forms with check boxes, radio buttons, and tables • Digital signatures for the PDF form • MS Word version also available Privacy Risk Analysis

  10. Privacy Impact Assessment Future DirectionsNew PIA Template

  11. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  12. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  13. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  14. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  15. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  16. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  17. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  18. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  19. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  20. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  21. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  22. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  23. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  24. Privacy Impact Assessment Future DirectionsNew PIA Template (continued)

  25. PIA Data Privacy Impact Assessment Future DirectionsFY 09 and FY 10 New Efforts • DoD IT Portfolio Repository (DITPR) data review and analysis of privacy reporting elements • PIA required elements • Relationship to SSN and PII data elements • Analysis of Component PIA information reported • Privacy Threshold Analysis Tool • Develop PIA spot audit process

  26. Privacy Impact Assessment Future DirectionsPIA Data Quality Analysis Actions • Phase one actions • Identify PIA DITPR element changes • Modify PIA reporting structures • Phase 2 actions focus on analyzing Component data • Privacy reporting discrepancies • Records in non-compliance • Records needing adequate explanations • Records requiring PIA based on corresponding PII and SSN answers

  27. Privacy Impact Assessment Future DirectionsPrivacy Threshold Analysis • Develop a PTA tool that would be the initial determination point for whether privacy documents (SORN and/or PIA) need to be completed • Incorporate questions related to: • PIA • SORN • SSN collection • Serve as documentation for each new system • Target FY 10 completion and implementation

  28. Privacy Impact Assessment Future DirectionsPrivacy Spot Audit Process • Process for privacy personnel to conduct self-assessments focusing on: • Completeness of PIAs • Measuring general understanding of PIA process in compliance with DoDI 5400.16 • Target FY 10 completion and implementation

  29. Privacy Impact Assessment Future DirectionsMoving Forward in DoD PIA Process • Increase awareness of PII and the need for adequate protection • Increase policy compliancy • Better reporting to OMB • Identification of areas for enhanced communication and collaboration to enhance privacy throughout DoD

  30. Privacy Impact Assessment Future DirectionsSummary • You should now be able to: • Identify the key points outlined in the new PIA guidance • Recognize the new features of the PIA template • Describe the new efforts established to improve the PIA process

More Related