Click link for more description
CSIA 360 CASE STUDY #1 ARE PRIVACY IMPACT ASSESSMENTS (PIA) USEFUL AS A POLICY TOOL?
CASE STUDY #1: ARE PRIVACY IMPACT ASSESSMENTS (PIA) USEFUL AS A POLICY TOOL?
A client has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the usefulness of Privacy Impact Assessments (PIA) as a policy tool. The purpose of this white paper is to inform attendees at an inter-agency workshop on writing Privacy Impact Assessments for their IT investments. These assessments are required by the E-Government Act of 2002(See https://www.whitehouse.gov/omb/memoranda_m03-22) and must be submitted to the Office of Management and Budget (OMB) each year by agencies as part of their E-Government Actcompliance reports. OMB, in turn, forwards a summary of these reports to Congress as part of the administration’s E-Government Act Implementation Report (see https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_e-gov_act_report_02_27_2015.pdf ).
1. Read / Review the Week 1 readings.
2. Research the requirements in federal law to protect the privacy of individuals. Here are some sources that you may find useful:a. Alternatives Exist for Enhancing Protection of Personally Identifiable Information (GAO-08-536) http://www.gao.gov/new.items/d08536.pdf
b. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (NIST SP-800-122) http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
3. Research how Privacy Impact Assessments are used by privacy advocates and other members of the public who lobby lawmakers or otherwise seek to influence public policy. Here are some sources to get you started:4. Find three or more additional sources which provide information about best practice recommendations for ensuring the privacy of information processed by or stored in an organization’s IT systems and databases. These additional sources can include analyst reports and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc. which impacted the privacy of individuals whose information was stored in federal IT systems and databases.a. http://www.constitutionproject.org/documents/privacy-advocates-say-fbi-facial-recognition-system-could-threaten-civil-liberties/