Federal agencies are required by law to protect information about individuals (members of the public, Federal employees and contractors) which they may collect, disseminate and/or store.
- DOC Office of Privacy and Open Government Privacy Laws and Regulations Page
- NOAA Data Loss Prevention Plan, signed by Zach Goldstein on August 30, 2016. The related DOC memorandum is here.
- Commerce PA/PII/BII Breach Notification Plan
Privacy Threshold Analysis
First, ensure that a system description is included; the recommendation is to use the one in CSAM (short system/purpose description).
Then, follow the instructions to determine if a PIA is needed. NOTE: the current PTA template states that not all questions need to be answered, if the answer to Question 1 indicates a PIA is not needed. However, we request that you answer all questions, to have a clear record of whether the system has PII or BII and from whom it is collected. Also, BEFORE collecting the required signatures on the PTA, please send to Adrienne.Thomas@noaa.gov the Word version for review. Signatures: as with the PIA, no co-AO signature is needed.
Privacy Impact Assessments
Privacy Impact Assessments (PIAs) are required by Section 208 of the E-Government Act for all Federal government agencies that develop or procure new technology(e.g. an electronic database) involving the collection, maintenance or dissemination of personally identifiable information or that make substantial changes to existing technology for managing information in identifiable form. The Office of Management and Budget (OMB) ensures that PIAs necessitated under the E-Government Act are completed by requiring them as part of the annual budget process.
A PIA is an analysis of how personally identifiable information is collected, stored, protected, shared and managed. “Personally identifiable information” (PII) is defined as information in a system or online collection that directly or indirectly identifies an individual whether the individual is a U.S. Citizen, Legal Permanent Resident, or a visitor to the U.S. Please refer to the NOAA PIA Guidance and template for basic instructions, as well as additional DOC guidance for new questions in the 2015 PIA template. Please contact Mark Graff, NOAA OCIO Privacy Coordinator, (301) 628-5658, or Mark.Graff@noaa.gov foradditional guidance. OMB's Guidance for Implementing Section 208 also provides background information. NOTE: Please do not convert the PIA document to pdf, so that reviewers may edit and comment easily.
Privacy Act System of Record Notices (SORNs)
NOAA Privacy Team
- Tony LaVoi, Acting Chief Data Officer, firstname.lastname@example.org
- Mark Graff, email@example.com, NOAA Privacy Officer, FOIA Officer/Bureau Chief Privacy Officer (BCPO)
- Chi Y. Kang, Chi.Y.Kang@noaa.gov, Deputy Director for Operations of Cyber Security Division
- Rebecca Hall-Herndon, Rebecca.Hall-Herndon@noaa.gov, Security Operations Manager of Cyber Security Division
- Jeffery Bowmar, Jeffery.Bowmar@noaa.gov, Federal Watch Floor Officer of Cyber Security Division, 304-367-2830
- Adrienne Thomas, Adrienne.Thomas@noaa.gov, Privacy Act Officer/PRA Officer, 828-257-3148
- NCIRT@noaa.gov, NOAA Computer Incident Response Team