Case Study #1: Are Privacy Impact Assessments (PIA) useful as a policy tool?
A client has asked your cybersecurity consulting firm
to provide it with a 2 to 3 page white paper which discusses the usefulness of Privacy Impact Assessments
(PIA) as a policy tool. The purpose of this white paper is to inform
attendees at an inter-agency workshop on writing Privacy Impact Assessments for their IT investments. These
assessments are required by the E-Government
Act of 2002 (See https://www.whitehouse.gov/omb/memoranda_m03-22)
and must be submitted to the Office of Management and Budget (OMB) each year by
agencies as part of their E-Government
Act compliance reports. OMB, in turn, forwards a summary of these reports
to Congress as part of the administration’s E-Government
Act Implementation Report (see https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_e-gov_act_report_02_27_2015.pdf
Read / Review the Week 1 readings.
Research the requirements in federal law to
protect the privacy of individuals. Here are some sources that you may find
Exist for Enhancing Protection of Personally Identifiable Information (GAO-08-536)
Protecting the Confidentiality of Personally Identifiable Information (PII) (NIST
Research how Privacy
Impact Assessments are used by privacy
advocates and other members of the public who lobby lawmakers or otherwise
seek to influence public policy. Here are some sources to get you started:
three or more additional sources which provide information about best practice
recommendations for ensuring the privacy of information processed by or stored
in an organization’s IT systems and databases. These additional sources can
include analyst reports and/or news stories about recent attacks / threats,
data breaches, cybercrime, cyber terrorism, etc. which impacted the privacy of
individuals whose information was stored in federal IT systems and databases.
Write a two to three page
summary of your research. At a minimum, your summary must include the
introduction or overview of privacy which
provides definitions and addresses the laws, regulations, and policies which
require federal IT managers to protect the privacy of individuals whose
information is processed or stored in federal IT systems. This introduction
should be suitable for an executive audience.
separate section which addresses the contents of Privacy Impact Assessments and
how they are currently used by the federal government and members of society.
An analysis of whether or not privacy impact assessments provide
useful information to privacy advocates, lawmakers, and others who develop or
influence privacy policies and laws in the United States. Federal Officials who
participate in the policy making process include: OMB Staff, White House Staff,
Congressional Committees and their staff members, Members of Congress
(Representatives & Senators).
paper should use standard terms and definitions for cybersecurity and privacy.
The following sources are recommended:
NICCS Glossary http://niccs.us-cert.gov/glossary
on Security and Privacy in Public Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
standard APA formatting for the MS Word document that you submit to your
are expected to write grammatically correct English in every assignment that
you submit for grading. Do not turn in any work without (a) using spell check,
(b) using grammar check, (c) verifying that your punctuation is correct and (d)
reviewing your work for correct word usage and correctly structured sentences
and paragraphs. These items are graded under Professionalism and constitute 20%
of the assignment grade.
are expected to credit your sources using in-text citations and reference list
entries. Both your citations and your reference list entries must comply with
APA 6th edition Style requirements. Failure to credit your sources will result
in penalties as provided for under the university’s Academic Integrity policy.