Case Study #1: Are Privacy Impact Assessments (PIA) useful as a risk management tool?
A client has asked your cybersecurity consulting firm to provide it with a white paper which discusses the usefulness of Privacy Impact Assessments (PIA) as a risk management tool. The purpose of this white paper is to inform attendees at an inter-agency workshop on writing Privacy Impact Assessments for their IT investments. PIA’s are required by the E-Government Act of 2002 and must be submitted to the Office of Management and Budget (OMB) each year by agencies as part of their E-Government Act compliance reports. OMB, in turn, forwards a summary of these reports to Congress as part of the administration’s E-Government Act Implementation Report. See the Week 1 readings for copies of the legislation and a recent implementation report.
- Read / Review the Week 1 readings.
- Review the requirements in federal law to protect the privacy of individuals (see week 1 readings plus research additional sources).
- Research how Privacy Impact Assessments are used by Chief Privacy Officers at the federal agency level and in the Executive Office of the President (Whitehouse) to manage risk by ensuring that personally identifiable information is handled in accordance with the requirements of federal law.
- Find three or more additional sources which provide information about best practice recommendations for managing risks related to privacy and/or ensuring the privacy of information processed by or stored in an organization’s IT systems and databases. These additional sources can include analyst reports and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc. which impacted the privacy of individuals whose information was stored in federal IT systems and databases.
Write a two to three page summary of your research. At a minimum, your summary must include the following:
- An introduction or overview of privacy which provides definitions and addresses the laws, regulations, and policies which require federal IT managers to protect the privacy of individuals whose information is processed or stored in federal IT systems. This introduction should be suitable for an executive audience.
- A separate section which addresses the contents of Privacy Impact Assessments and how they are used to assess and monitor risks associated with personally identifiable information.
- An analysis of whether or not privacy impact assessments provide useful information to Chief Privacy Officers, agency heads, OMB Staff, White House Staff, Congressional Committees and their staff members, and Members of Congress (Representatives & Senators).
- A discussion of best practice recommendations for reducing risk by improving or ensuring the privacy of information processed by or stored in an organization’s IT systems and databases. These recommendations should be well supported by information from your research.
- A closing section in which you summarize your research and your best practice recommendations.
Your white paper should use standard terms and definitions for cybersecurity and privacy. The following sources are recommended:
- ISACA Glossary http://www.isaca.org/pages/glossary.aspx
- Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Submit For Grading
Submit your case study in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder. (Attach the file.)
Use standard APA formatting for the MS Word document that you submit to your assignment folder. Formatting requirements and examples are found under Course Resources > APA Resources.
- You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
- You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy.