Panel Presentation: Privacy Impact Assessments (PIA)
Coordinators of an upcoming conference, attended by federal government IT managers and staff, invited you to participate in a panel presentation about privacy. For this activity, prepare a 5 to 7 paragraph briefing statement which answers the following four questions. Use information from the weekly readings as your research material. Go to Content >> Course Resources >> Expanded Explanation for Discussion Question Responses to learn more about the format requirements for a “briefing statement.”
Definitions:
Privacy has many definitions. When examining data protection and privacy laws and practices, it can be helpful to focus on four categories or classes of privacy.
Information privacy is concerned with establishing rules that govern the collection and handling of personal information. Examples include financial information, medical information, government records and records of a person’s activities on the Internet.
Bodily privacy focuses on a person’s physical being and any invasion thereof. Such an invasion can take the form of genetic testing, drug testing or body cavity searches. It also encompasses issues such as birth control, abortion, and adoption.
Territorial privacy is concerned with placing limits on the ability to intrude into another individual’s environment. “Environment” can include the home, workplace, or public space. Invasion into an individual’s territorial privacy typically takes the form of monitoring such as video surveillance, ID checks, and use of similar technology and procedures.
Communications privacy encompasses protection of the means of correspondence, including postal mail, telephone conversations, email, and other forms of communicative behavior and apparatus.
Privacy Impact Assessment (PIA): A PIA is both a process and a document. It is a process that focuses upon identifying and assessing risks related to privacy of data handled by a specific IT system or database. It is a process that communicates the results of the PIA process to stakeholders. Released PIAs are either fully available to the public, while redaction removes sensitive/non-public information in other PIAs.
When responding to this discussion, prepare a 5 to 7 paragraph briefing statement which answers the following four questions:
1. What is privacy? Is it a right? An expectation? Discuss differing definitions, e.g. “the average person” definition vs. a legal definition, and how these differences impact risk assessments for privacy protections (or the lack thereof).
2. What are some important best practices for protecting privacy for information collected, stored, used, and transferred by the US federal government? Identify and discuss three or more best practice recommendations for reducing risk by improving or ensuring the privacy of information processed by or stored in an organization’s IT systems and databases.
3. Explain why federal government agencies and departments required to complete PIA’s. Should every federal IT system have a PIA? Why or why not?
4. Name and briefly describe 3 benefits to citizens which result from the use of PIA’s. (Considering citizen’s needs for privacy and the protection of the privacy of individuals whose information is collected, processed, transmitted, and stored in federal government IT systems and databases.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
To ensure you include all required elements, be sure to use the Discussion Rubric when creating your initial response, critiques, and replies.
https://www.opm.gov/information-management/privacy-policy/privacy-references/piaguide.pdf
https://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_guidance_may2007.pdf
https://www.gao.gov/new.items/d08536.pdf
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
https://www.law.cornell.edu/wex/Privacy
https://www.law.cornell.edu/wex/personal_Information
