Week 1 Discussion
Panel Presentation: Privacy Impact Assessments (PIA)
For this discussion you must:
• Create an MS Word document containing your “short paper” (response) for the discussion topic.
• Coordinators of an upcoming conference, attended by federal government IT managers and staff, invited you to participate in a panel presentation about privacy. For this activity, prepare a 5 to 7 paragraph briefing statement which answers the four questions below.
Included the following (See end for briefing formats):
• Introduction
• Analysis (supported by readings / research and citations)
• Summary or Conclusion
Definitions:
Privacy has many definitions. When examining data protection and privacy laws and practices, it can be helpful to focus on four categories or classes of privacy.
Information privacy is concerned with establishing rules that govern the collection and handling of personal information. Examples include financial information, medical information, government records and records of a person’s activities on the Internet.
Bodily privacy focuses on a person’s physical being and any invasion thereof. Such an invasion can take the form of genetic testing, drug testing or body cavity searches. It also encompasses issues such as birth control, abortion, and adoption.
Territorial privacy is concerned with placing limits on the ability to intrude into another individual’s environment. “Environment” can include the home, workplace, or public space. Invasion into an individual’s territorial privacy typically takes the form of monitoring such as video surveillance, ID checks, and use of similar technology and procedures.
Communications privacy encompasses protection of the means of correspondence, including postal mail, telephone conversations, email, and other forms of communicative behavior and apparatus.
Privacy Impact Assessment (PIA): A PIA is both a process and a document. It is a process that focuses upon identifying and assessing risks related to privacy of data handled by a specific IT system or database. It is a process that communicates the results of the PIA process to stakeholders. Released PIAs are either fully available to the public, while redaction removes sensitive/non-public information in other PIAs.
When responding to this discussion, prepare a 5 to 7 paragraph briefing statement which answers the following four questions:
1. What is privacy? Is it a right? An expectation? Discuss differing definitions, e.g. “the average person” definition vs. a legal definition, and how these differences impact risk assessments for privacy protections (or the lack thereof).
2. What are some important best practices for protecting privacy for information collected, stored, used, and transferred by the US federal government? Identify and discuss three or more best practice recommendations for reducing risk by improving or ensuring the privacy of information processed by or stored in an organization’s IT systems and databases.
3. Explain why federal government agencies and departments required to complete PIA’s. Should every federal IT system have a PIA? Why or why not?
4. Name and briefly describe 3 benefits to citizens which result from the use of PIA’s. (Considering citizen’s needs for privacy and the protection of the privacy of individuals whose information is collected, processed, transmitted, and stored in federal government IT systems and databases.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Resources:
Sections 1 & 4-11: https://www.ushistory.org/gov/
https://csrc.nist.gov/projects/risk-management/fisma-background
https://csrc.nist.gov/CSRC/media/Presentations/1045-FY-2018-FISMA-Metrics-Chase/FISMA%20METRICS%20FCSM%20Presentation_15May2018%20-%20Craig%20Chase.pdf
https://www.natlawreview.com/article/fisma-updated-and-modernized-federal-information-security-management-act
Sections I and II: https://www.archives.gov/foia/foia-guide
https://www.justice.gov/sites/default/files/oip/legacy/2014/07/23/exemption6.pdf
https://www.law.cornell.edu/wex/personal_Information
https://www.whitehouse.gov/omb/information-regulatory-affairs/privacy/
https://www.gao.gov/products/gao-12-961t
https://www.opm.gov/information-management/privacy-policy/privacy-references/piaguide.pdf
https://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_guidance_may2007.pdf
https://www.gao.gov/products/oig-15-1
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
Briefing Statements Instructions
Briefing statements are a way to keep leadership/management/decision-makers informed of current issues influencing the organization. A successful briefing statement should be clear, concise, and easy to read. While there is not a standard format/template for a briefing statement, all statements include at a minimum the purpose of the statement, a summary of the facts needed to address the question(s), and a conclusion. Your conclusion could include a recommendation(s) if required.
Briefing statements are short (your discussion instructions give you the requirement paragraph parameters). Briefing statements are concise, but short does not always equal concise. Concise means every word is necessary. Briefing statements should be clear, but clear is not the same as concise. Clear should focus you on the reader/audience (your discussion instructions tell you the audience) and the briefing statement should only include what the reader/audience needs to know about the topic. Finally, your briefing statement should be reliable, meaning you have authoritative sources to support your facts/declarative statements (your discussion instructions include source requirements).
While your briefing statements are short, you should still consider the following (think of below as a checklist):
1. Why are you writing the briefing statement (i.e., what is the statement’s purpose)
2. Who will read your briefing statement (i.e., who is your audience)
3. What are the facts the reader/audience needs to know most
4. What points must you address in your statement (see assignment details).