Privacy Program
Reference Materials
(Privacy Act, E-Government Act, Regulations,
Circulars, Manuals and Memos)
Ø
Subject
Index for Department of the Interior (DOI) Privacy Act Regulations and
the Privacy Act Manaul Sections (see below for links
to the documents).
Ø
DOI regulations for implementing the Privacy Act (43 CFR Part 2
(2.45-2.79): http://www.doi.gov/foia/43cfrsub.html.
Ø
The DOI manual sections on the Privacy Act can be found at 383 DM
Ch. 1-13 http://www.doi.gov/ocio/privacy/manual/index.html
Ø
The DOI Privacy Program Homepage:
http://www.doi.gov/ocio/privacy/index.html
Ø
DOI Privacy Act system of records notices and Government-wide
notices: http://www.doi.gov/ocio/privacy/List_doipa_notices_9.03.htm
Ø
DOI Office of the Chief Information Officer bulletins: http://www.doi.gov/ocio/bulletins/index.html
v
Miscellaneous Bulletins
§
DOI IRM Bulletin on Processing FOIA Requests for Personal and
Personnel-Related Information,
§
DOI IRM Bulletin No. 2001-004, Protecting Sensitive Data When
Transferring, Donating, or Disposing of Computer Equipment,
§
DOI
IRM Bulletin No. 2001-002, Guidance on Inter-Agency Sharing of Personal Data,
and Privacy Protection Measures in System Development and Applications,
February 26, 2001
§
DOI
IRM Bulletin No. 2001-005, System Warning Banner,
i.
The E-Government Act of 2002
Ø Privacy Provisions of the E-government Act of 2002
Ø OMB Memo dated
Ø Department of Justice Guide on
"Legal Considerations in Designing and Implementing Electronic Processes
(implementation of GPEA) (see C. Assessing the Significance of Risk, and II.
Legal Issues to Consider in "Going Paperless" at http://www.cybercrime.gov/eprocess.htm
Ø Congressional Internet
Caucus Advisory Committee Briefing Book on E-Government issues dated
i.
The Privacy Act (5 U.S.C. 552a)
Ø
The
Privacy Act of 1974, as amended (5 U.S.C. 552a): http://www4.law.cornell.edu/uscode/5/552a.html
Ø
Office
of Management and Budget (OMB) regulations on the Privacy Act. Privacy Act Implementation, Guidelines and Responsibilities,
40 FR 28948 (
Ø
M-99-05, Instructions on Complying with President's
Memorandum of May 14, 1998, "Privacy and Personal Information in Federal
Records" (
Ø
OMB Circular A-130:
Management of Federal Information Resources. See Appendix I for implementing the Privacy
Act and transmittal memorandum:
·
(Transmittal) http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
·
Appendix
I, Federal Agency Responsibilities for Maintaining Records About
Individuals
·
Appendix
II, Implementation of the Government Paperwork Elimination Act
·
Appendix
III, Security of Federal Automated Information Resources
· Appendix
IV, Analysis of Key Sections
Ø
OMB Privacy Policy Page: http://www.whitehouse.gov/omb/privacy/index.html
Ø
OMB Privacy Act regulations on personnel records (5 CFR 297): http://www.opm.gov/feddata/cfr297.txt
Ø
Department of Justice Privacy Act Overview http://www.usdoj.gov/04foia/04_7_1.html
Ø
A Citizens Guide to the FOIA and Privacy Act
http://www.fas.org/sgp/foia/citizen.html
Budget Processes and
Privacy Requirements
v
See privacy requirements for Exhibit 300s at Office of Management
and Budget (OMB) Circular A-11, Preparation and Submission of Budget Estimates,
July 2000 (see Sections 31.8, 50.1, 50.2 & 58.3 and 300.1 at http://www.whitehouse.gov/omb/circulars/a11/02toc.html
Contracts and Privacy Requirements
Ø
The Privacy Act, Section (m) addresses accountability for Privacy
Act systems of records maintained by persons other than agency personnel: http://www.doi.gov/cgi-bin/intercept?http://www4.law.cornell.edu/uscode/5/552a.html
Ø
The Federal Acquisition Regulations (FAR) requires that when an
agency contracts for the design, development, or operation of a system of
records on individuals on behalf of the agency to accomplish an agency
function, the agency must apply the requirements of the Privacy Act to the
contractor and its employees working on the contract (FAR 48 CFR 24.102(a) http://www.arnet.gov/far/). FAR Contracting Officer and System Manager responsibilities (See FAR at 48 CFR 24.103
http://www.arnet.gov/far/). Privacy clauses at 52.224-1 & 2 (http://www.arnet.gov/far/farqueryframe.html).
Ø
DOI Acquisition Regulations (DIAR) 1452.224-1: http://www.doi.gov/pam/1452-3.html#244-1%20
Ø
DOI Privacy Act regulations on contracts (43 CFR 2.53): http://www.doi.gov/foia/43cfrsub.html
GAO Reports on Government Privacy
v [GAO-03-304 ]
Privacy Act: OMB Leadership Needed to Improve Agency Compliance dated June 2003
at http://frwebgate.access.gpo.gov/cgi-bin/useftp.cgi?IPaddress=162.140.64.88&filename=d03304.pdf&directory=/diskb/wais/data/gao
v [GGD-00-191]
Internet Privacy: Agencies' Efforts to Implement OMB's Privacy Policy at http://frwebgate.access.gpo.gov/cgi-bin/useftp.cgi?IPaddress=162.140.64.21&filename=gg00191.pdf&directory=/diskb/wais/data/gao
v
List
of GAO reports on E-Government: http://www.gao.gov/index.htm
Geographic Information Systems (GIS) and Privacy Policy
Ø
Federal Geographic Data Committee Privacy Policy established in
1999 at http://www.fgdc.gov/fgdc/policies/privacypolicy.pdf
Ø
Urban Regional Information Systems Association “Code of
Ethics” (see section IV on Privacy) at http://www.doi.gov/cgi-bin/intercept?http://www.urisa.org/ethics/code_of_ethics.htm
Ø
OMB memo on Interagency Sharing of Personal Data,
Ø
General Accounting Office (GAO) Report of April 2001 (GAO-01-12SP)
on Data Linkage and Privacy: http://www.gao.gov/new.items/d01126sp.pdf.
Privacy Act System of Records Notices
and Preparing Notices
v
DOI Privacy Act system of records notices and Government-wide
notices: http://www.doi.gov/ocio/privacy/List_doipa_notices_9.03.htm
v
Government Printing Office Drafting Handbook (see Ch. 3 on
guidelines for Privacy Act System of Records Notices): http://www.nara.gov/fedreg/ddhhome.html
v
Chapter 5 on “Privacy Act System of Records Notices”
of the Department of the Interior Manual Section on the Privacy Act (see 383 DM
5 at http://www.doi.gov/ocio/privacy/manual/383DM5.htm)
Ø
DOI “Privacy Impact Assessment and Guide”
at http://www.doi.gov/ocio/privacy/DOI PIA_03.01.04.doc
Ø
OMB Memo dated
September 26, 2003 (M-03-22) on implementation of the section 208 privacy
provisions of the E-Government Act of 2002 (see Appendix A) http://www.whitehouse.gov/omb/memoranda/m03-22.html
Ø
Privacy Provisions of the E-government Act of 2002
Ø
Federal Chief
Information Officer Council Model Information Technology Privacy Impact
Assessment (PIA) (see Section. V. Checklist) at
http://www.cio.gov/Documents/pia_for_it_irs_model.pdf.
v
Sec. 3 of OMB Circular A-130: “Assignment of
Responsibilities” for Federal Offices.
(See required cyclical program reviews at http://www.whitehouse.gov/omb/circulars/a130/a130appendix_i.html)
v
DOI Bureau Program Responsibilities (383 DM 3) http://www.doi.gov/ocio/privacy/manual/383DM3.htm
Ø Federal Trade Commission (FTC) Website on Privacy Safeguards http://www.ftc.gov/privacy/privacyinitiatives/promises_educ.html
Ø What to do if your identity is stolen.
(See FTC website at http://www.consumer.gov/idtheft/)
Safeguarding and Disposing of Privacy
Act Records
v
See DOI Manual Section on the Privacy Act at 383 DM 8 http://www.doi.gov/ocio/privacy/manual/383DM8.htm
v See DOI Records
Disposal guidelines at 384 DM 1 at http://elips.doi.gov/elips/release/3431.htm
v Federal Trade Commission (FTC) Website on Privacy Safeguards http://www.ftc.gov/privacy/privacyinitiatives/promises_educ.html
1.
DOI Online Training and PowerPoints
2. Privacy Act Training Classes
·
·
American Society of Access Professionals FOIA/Privacy Conferences http://www.accesspro.org
·
Department of Justice Office of Legal Education (See Privacy and
FOIA training in catalog) http://www.usdoj.gov/usao/eousa/ole/index.html
1. Interior Web Privacy Policy Notices
Ø
The official Departmental web privacy policy statement: http://www.doi.gov/footer/privacy.html
Ø
For websites directed at children 13 years or under: http://www.doi.gov/kids/childprivacy.htm
Ø For websites that
collect information from the public a specific notice must address the reason
for the information collection, etc. See
sample notices at: https://www.volunteer.gov/gov/privacy.cfm
and http://training.fws.gov/Documents/privacyactstmnt.htm
Ø
The official Departmental web disclaimer statement: http://www.doi.gov/footer/disclaim.html
Ø
DOI Webmaster/Pagemaster Checklist: http://www.doi.gov/ocio/privacy/Webmaster_Checklist_12.03.doc
2. Children’s Online Privacy
Protection Act Requirements
Ø
For pages directed at Children 13 years or under see the Federal
Trade Commission guidance on complying with the Children's On-Line Privacy
Protection Act at http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm
3.
Government Web Privacy
Ø OMB Memo dated
Ø See OMB Privacy Guidance on
Government web pages at: http://www.whitehouse.gov/omb/inforeg/infopoltech.html#pg
Ø Letter from John Spotila to Roger
Baker, clarification of OMB Cookies Policy (
Ø Letter from Roger Baker to John Spotila
on Federal agency use of Web cookies (
Ø M-00-13, Privacy Policies and Data Collection on Federal
Web Sites (June 22, 2000)
Ø M-99-18, Privacy Policies on Federal Web Sites
(June 2, 1999)
v
OMB Webpage for Information Privacy, IT, and E-Government http://www.whitehouse.gov/omb/inforeg/infopoltech.html
v
OMB Privacy Page: http://www.whitehouse.gov/omb/privacy/index.html
v
DOI Information Technology Security Homepage: http://www.doi.gov/ocio/security/
v
DOI Capital Planning Homepage (see tips on preparing privacy
sections of the Exhibit 300) http://www.doi.gov/ocio/cp/index.html
v
DOI Freedom of Information Act Homepage: http://www.doi.gov/foia/
v
Federal Trade Commission privacy initiatives: http://www.ftc.gov/privacy/index.html