Title Page
-
Created on
-
Project Manager/System Owner
-
Location
Project/System Information
-
Project/System Title
-
Description
-
Purpose
-
What specific legal authorities, arrangements, and/or agreements require the collection of this information?
Data in the System
-
What data is to be collected?
-
What are the sources of the data?
-
Why is the data being collected?
-
What technologies will be used to collect the data?
-
Does a personal identifier retrieve the data?
Attributes of the Data (use and accuracy)
-
Describe the uses of the data.
-
Does the system analyze data to assist users in identifying previously unknown areas of note, concern, or pattern?
-
How will the data collected from individuals or derived by the system be checked for accuracy?
Sharing Practices
-
Will the data be shared with any internal or external organizations?
-
How is the data transmitted or disclosed to the internal or external organization?
-
How is the shared data secured by external recipients?
Notice to Individuals to Decline/Consent Use
-
Was notice provided to the different individuals prior to collection of data?
-
Do individuals have the opportunity and/or right to decline to provide data?
-
Do individuals have the right to consent to particular uses of the data?
Access to Data (administrative and technological controls)
-
Has the retention schedule been established by the Records Officer? If so, what is the retention period for the data in the system?
-
What are the procedures for identification and disposition of the data at the end of the retention period?
-
Describe the privacy training provided to users, either generally or specifically relevant to the program or system?
-
Is the data secured in accordance with Federal Information Security Management Act (FISMA) requirements?
-
Provide date that the Certification & Accreditation was completed
-
Which user group/s will have access to the system?
-
How is access to the data by a user determined? Are procedures documented?
-
How are the actual assignments of roles and rules verified according to established security and auditing procedures?
-
What auditing measures/controls and technical safeguards are in place to prevent misuse (e.g., unauthorized browsing) of data?
Privacy Analysis
-
Given the amount and type of data being collected, discuss what privacy risks were identified and how they were mitigated.
Completion
-
Other Comments and Notes
-
Project Manager/System Owner
-
Chief Privacy Officer
-
Chief Security Officer
-
Chief Information Officer