Are Privacy Impact Assessments (PIA) useful as a policy tool?
Are Privacy Impact Assessments (PIA) useful as a policy tool?
A client has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the usefulness of Privacy Impact Assessments (PIA) as a policy tool. The purpose of this white paper is to inform attendees at an inter-agency workshop on writing Privacy Impact Assessments for their IT investments. These assessments are required by the E-Government Act of 2002 (See https://www.whitehouse.gov/omb/memoranda_m03-22) and must be submitted to the Office of Management and Budget (OMB) each year by agencies as part of their E-Government Act compliance reports. OMB, in turn, forwards a summary of these reports to Congress as part of the administration’s E-Government Act Implementation Report (see https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_e-gov_act_report_02_27_2015.pdf ).
Research:
1. Read / Review the Week 1 readings.
2. Research the requirements in federal law to protect the privacy of individuals. Here are some sources that you may find useful:
a. Alternatives Exist for Enhancing Protection of Personally Identifiable Information (GAO-08-536) http://www.gao.gov/new.items/d08536.pdf
b. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (NIST SP-800-122) http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
3. Research how Privacy Impact Assessments are used by privacy advocates and other members of the public who lobby lawmakers or otherwise seek to influence public policy. Here are some sources to get you started:
b. https://epic.org/privacy/surveillance/spotlight/1006/
c. https://www.aclu.org/aclu-opposition-hr-3523-cyber-intelligence-sharing-and-protection-act-2011
4. Find three or more additional sources which provide information about best practice recommendations for ensuring the privacy of information processed by or stored in an organization’s IT systems and databases. These additional sources can include analyst reports and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc. which impacted the privacy of individuals whose information was stored in federal IT systems and databases.
Write:
Write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of privacy which provides definitions and addresses the laws, regulations, and policies which require federal IT managers to protect the privacy of individuals whose information is processed or stored in federal IT systems. This introduction should be suitable for an executive audience.
2. A separate section which addresses the contents of Privacy Impact Assessments and how they are currently used by the federal government and members of society.
3. An analysis of whether or not privacy impact assessments provide useful information to privacy advocates, lawmakers, and others who develop or influence privacy policies and laws in the United States. Federal Officials who participate in the policy making process include: OMB Staff, White House Staff, Congressional Committees and their staff members, Members of Congress (Representatives & Senators).
4. A discussion of best practice recommendations for ensuring the privacy of information processed by or stored in an organization’s IT systems and databases. These recommendations should be well supported by information from your research.
Your white paper should use standard terms and definitions for cybersecurity and privacy. The following sources are recommended:
· NICCS Glossary http://niccs.us-cert.gov/glossary
Guidelines on Security and Privacy in Public Cloud Computing
http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
Formatting Instructions
Use APA 6th edition style (formatting) for the organization and appearance of the MS Word document that you submit to your assignment folder. This includes margins, section headings, and consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch), and line spacing (double)
