Title Page

  • Created on

  • Project Manager/System Owner

  • Location

Project/System Information

  • Project/System Title

  • Description

  • Purpose

  • What specific legal authorities, arrangements, and/or agreements require the collection of this information?

Data in the System

  • What data is to be collected?

  • What are the sources of the data?

  • Why is the data being collected?

  • What technologies will be used to collect the data?

  • Does a personal identifier retrieve the data?

Attributes of the Data (use and accuracy)

  • Describe the uses of the data.

  • Does the system analyze data to assist users in identifying previously unknown areas of note, concern, or pattern?

  • How will the data collected from individuals or derived by the system be checked for accuracy?

Sharing Practices

  • Will the data be shared with any internal or external organizations?

  • How is the data transmitted or disclosed to the internal or external organization?

  • How is the shared data secured by external recipients?

Notice to Individuals to Decline/Consent Use

  • Was notice provided to the different individuals prior to collection of data?

  • Do individuals have the opportunity and/or right to decline to provide data?

  • Do individuals have the right to consent to particular uses of the data?

Access to Data (administrative and technological controls)

  • Has the retention schedule been established by the Records Officer? If so, what is the retention period for the data in the system?

  • What are the procedures for identification and disposition of the data at the end of the retention period?

  • Describe the privacy training provided to users, either generally or specifically relevant to the program or system?

  • Is the data secured in accordance with Federal Information Security Management Act (FISMA) requirements?

  • Provide date that the Certification & Accreditation was completed

  • Which user group/s will have access to the system?

  • How is access to the data by a user determined? Are procedures documented?

  • How are the actual assignments of roles and rules verified according to established security and auditing procedures?

  • What auditing measures/controls and technical safeguards are in place to prevent misuse (e.g., unauthorized browsing) of data?

Privacy Analysis

  • Given the amount and type of data being collected, discuss what privacy risks were identified and how they were mitigated.

Completion

  • Other Comments and Notes

  • Project Manager/System Owner

  • Chief Privacy Officer

  • Chief Security Officer

  • Chief Information Officer

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.