September 25, 2022

News

News Network

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

20 min read
Office of Management and Budget The Director of OMB should take steps to promote, through the Federal Privacy Council or other channels, sharing of information and best practices to help agencies address challenges identified in this report, including the application of privacy requirements and risk management to new and emerging technologies and integrating security and privacy controls. (Recommendation 1)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Management and Budget The Director of OMB should take steps to promote, through the Federal Privacy Council or other channels, the sharing of information, best practices, and other resources related to conducting privacy impact assessments. (Recommendation 2)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should document program management controls and common privacy controls in place or planned for meeting applicable requirements and managing risks. (Recommendation 3)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 4)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 5)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should establish a time frame for incorporating privacy into an organization-wide risk management strategy that includes a determination of risk tolerance, and develop and document this strategy. (Recommendation 6)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 7)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Agriculture The Secretary of Agriculture should establish a time frame for fully developing a privacy continuous monitoring strategy, and develop and document this strategy. (Recommendation 8)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Commerce The Secretary of Commerce should ensure that its organization-wide risk management strategy includes key elements, including a determination of privacy risk tolerance. (Recommendation 9)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Defense The Secretary of Defense should establish a time frame for fully defining a process to ensure that the senior agency official for privacy or other designated senior privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy, and document this process. (Recommendation 10)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Defense The Secretary of Defense should establish a time frame for incorporating privacy into an organization-wide risk management strategy that includes a determination of risk tolerance, and develop and document this strategy. (Recommendation 11)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Defense The Secretary of Defense should establish a time frame for fully developing a privacy continuous monitoring strategy, and develop and document this strategy. (Recommendation 12)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Education The Secretary of Education should establish a time frame for updating the department’s policies for creating, reviewing, and publishing system of records notices, and make these updates. (Recommendation 13)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Energy The Secretary of Energy should establish a time frame for fully defining a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy, and document this process. (Recommendation 14)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Energy The Secretary of Energy should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 15)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Energy The Secretary of Energy should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 16)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Health and Human Services The Secretary of Health and Human Services should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 17)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Homeland Security The Secretary of Homeland Security should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 18)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Homeland Security The Secretary of Homeland Security should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages. (Recommendation 19)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Homeland Security The Secretary of Homeland Security should fully develop and document a privacy continuous monitoring strategy. (Recommendation 20)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Housing and Urban Development The Secretary of Housing and Urban Development should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 21)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Housing and Urban Development The Secretary of Housing and Urban Development should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 22)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Housing and Urban Development The Secretary of Housing and Urban Development should establish a time frame for fully developing a privacy continuous monitoring strategy, and develop and document this strategy. (Recommendation 23)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Interior The Secretary of the Interior should establish a time frame for incorporating privacy into an organization-wide risk management strategy that includes a determination of risk tolerance, and develop and document this strategy. (Recommendation 24)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Justice The Attorney General should incorporate privacy into an organizationwide risk management strategy that includes a determination of risk tolerance. (Recommendation 25)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Justice The Attorney General should establish a time frame and fully develop and document a privacy continuous monitoring strategy. (Recommendation 26)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Labor The Secretary of Labor should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 27)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Labor The Secretary of Labor should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 28)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Labor The Secretary of Labor should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages. (Recommendation 29)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of State The Secretary of State should establish a time frame for incorporating privacy into an organization-wide risk management strategy that includes a determination of risk tolerance, and develop and document this strategy. (Recommendation 30)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of State The Secretary of State should establish a time frames for fully defining and the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 31)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of State The Secretary of State should establish a time frame for fully developing a privacy continuous monitoring strategy, and develop and document this strategy. (Recommendation 32)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Transportation The Secretary of Transportation should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 33)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Transportation The Secretary of Transportation should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 34)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Treasury The Secretary of the Treasury should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 35)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Treasury The Secretary of the Treasury should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 36)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Treasury The Secretary of the Treasury should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 37)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Treasury The Secretary of the Treasury should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 38)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of the Treasury The Secretary of the Treasury should fully develop and document a privacy continuous monitoring strategy. (Recommendation 39)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Veterans Affairs The Secretary of Veterans Affairs should establish a time frame for defining a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests, and document this process. (Recommendation 40)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Veterans Affairs The Secretary of Veterans Affairs should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 41)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Veterans Affairs The Secretary of Veterans Affairs should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 42)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Department of Veterans Affairs The Secretary of Veterans Affairs should ensure that its privacy continuous monitoring strategy includes a catalog of privacy controls and defines the frequency at which they are to be assessed. (Recommendation 43)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Environmental Protection Agency The Administrator of EPA should fully develop and document a privacy continuous monitoring strategy. (Recommendation 44)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

General Services Administration The Administrator of GSA should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 45)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

General Services Administration The Administrator of GSA should establish a time frame for fully defining a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy, and document that process. (Recommendation 46)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

General Services Administration The Administrator of GSA should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages. (Recommendation 47)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Aeronautics and Space Administration The Administrator of NASA should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 48)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

National Aeronautics and Space Administration The Administrator of NASA should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages. (Recommendation 49)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Nuclear Regulatory Commission The Chairman of NRC should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 50)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Nuclear Regulatory Commission The Chairman of NRC should fully define and document the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages. (Recommendation 51)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should establish a time frame for updating the agency’s policy for creating, reviewing, and publishing system of records notices, and make these updates. (Recommendation 52)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should define and document procedures for coordination between privacy and information security functions. (Recommendation 53)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should fully define and document a policy and process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 54)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should incorporate privacy into an organizationwide risk management strategy that includes a determination of risk tolerance. (Recommendation 55)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 56)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Office of Personnel Management The Director of OPM should fully develop and document a privacy continuous monitoring strategy. (Recommendation 57)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Small Business Administration The Administrator of SBA should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 58)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Social Security Administration The Commissioner of SSA should define and document procedures for coordination between privacy and information security functions. (Recommendation 59)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Social Security Administration The Commissioner of SSA should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests to ensure privacy requirements and associated controls are explicitly identified and included with respect to any IT resources that will involve PII. (Recommendation 60)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Social Security Administration The Commissioner of SSA should fully define and document a process for ensuring that the senior agency official for privacy or other designated privacy official is involved in assessing and addressing the hiring, training, and professional development needs of the agency with respect to privacy. (Recommendation 61)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Social Security Administration The Commissioner of SSA should establish a time frame for fully defining the role of the senior agency official for privacy or other designated privacy official in reviewing and approving system categorizations, overseeing privacy control assessments, and reviewing authorization packages, and document these roles. (Recommendation 62)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

U.S. Agency for International Development The Administrator of USAID should fully define and document a process for ensuring that the senior agency official for privacy, or other designated privacy official, reviews IT capital investment plans and budgetary requests. (Recommendation 63)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

U.S. Agency for International Development The Administrator of USAID should incorporate privacy into an organization-wide risk management strategy that includes a determination of risk tolerance. (Recommendation 64)

Open

When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

More from:

Crime ACN News Network

Network News © 2005 Area.Control.Network™ All rights reserved.
All Rights Reserved © ACN 2020

ACN Privacy Policies
ACN TOS
Area Control Network (ACN)
Area Control Network
Area Control Network Center