Privacy Flashcards
Personally Identifiable Information (PII)
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
Examples of PII include: Name for purposes other than contacting federal employees Social Security Number Photographic identifiers Biometric Identifiers Driver’s license number Vehicle identifiers
Privacy is
The ability to control who has access to information and to whom that information is communicated.
The Fair Information Practice Principles, or FIPPs, are:
A collection of widely accepted principles, rooted in the tenets of the Privacy Act of 1974, that agencies should use when evaluating information systems, processes, programs, and activities that affect individual privacy. These principles are widely accepted in the United States and internationally as a general framework for privacy
Privacy Act of 1974
Limit the collection of personal information to what is necessary.
Publish a System of Records Notice prior to storing information in a record system designed to be retrieved by a personal identifier.
Comply with the law or face civil remedies and criminal penalties.
E-Gov Act 2002 requires agencies to:
Conduct Privacy Impact Assessments (PIAs).
Translate privacy policies into standardized machine-readable format.
Post privacy notices on public-facing agency websites.
FISMA requires agencies to:
Provide a comprehensive framework for IT standards and programs.
Ensure integrity, confidentiality and availability of personal information.
Perform program management, evaluation, and OMB reporting activities.
Privacy Policy
Is a brief description of the IC’s general privacy-related practices.
Privacy Notice
Is a brief description of how the IC’s Privacy Policy will apply in a specific situation.
Privacy Impact Assessment (PIAs)
A PIA form creates an opportunity for organizations to anticipate and address the likely impacts of new initiatives, to foresee problems and identify what needs to be done to design features that minimize any impact on privacy and/or to find less privacy intrusive alternatives.
