OMB wants privacy review details in FISMA reports

Beginning this year, agencies will have to provide more details about the privacy reviews they conduct as part of annual reporting in compliance with the Federal Information Security Management Act.

The Office of Management and Budget is adding the requirement starting with the fiscal 2008 FISMA submission “to maintain a comprehensive context for security and privacy of federal information across government,” said Clay Johnson, OMB’s deputy director for management, in a memo released Jan. 18.

Agencies will report the number of each type of privacy review performed along with information about the advice the senior agency privacy official provided during the year, whether is was formal written policies, procedures, guidance or interpretations of privacy requirements issued by the agency.

Agencies also will account for the number of written complaints for each type of privacy issue allegation that the privacy official received, including process and procedural issues, such as consent, collection and appropriate notice; redress issues, such as non-Privacy Act inquiries seeking resolution of difficulties or concerns about privacy matters; and operational issues, such as inquiries regarding Privacy Act matters not including requests for access and/or corrections. OMB also wants to know the number of complaints agencies referred to another agency with jurisdiction for each type of privacy issue received for alleged privacy violations.

In the past two years, OMB has issued several memos directing agencies to implement privacy and security requirements, such as reducing the unnecessary collection of Social Security numbers and other personally identifiable information and implementing data breach notification response teams. Agencies also conduct privacy impact assessments on new and revised systems that collect personally identifiable information to assure privacy and security of the data.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.