| Circular A-130 was first issued by the Office of Management and Budget (OMB) in 1985, in order to establish policy for the management of US federal government information resources. The circular provides uniform policies, as required by the Paperwork Reduction Act of 1980. Main Policy Points The body of Circular A-130 discusses the policy for managing information resources. The information management policy is briefly outlined below: Agencies are required to plan in an integrated manner for managing information throughout its lifecycle.
Agencies should provide for public access to records where required/appropriate.
Agencies should collect or create only the information that is necessary for the proper [...] The US Department of Homeland Security (DHS) is often criticized for its privacy policies and practices, as it handles a vast amount of sensitive personal information. However, it is important to note how the DHS does attempt to protect personal privacy, in policy as well as practice. In addition to compliance with federal privacy legislation, such as the FOIA (Freedom of Information Act) and the Privacy Act, the Department consults with privacy professionals in order to evaluate new or potential programs, systems, technologies and certain rule-making procedures in order to appropriately handle personal information. This article takes a look at exactly how the Department of Homeland Security approaches privacy [...] This article takes a look at security double standards, which allow executives, managers and department heads certain exemptions from standard security controls. Despite the increased risk of targeted attacks, this double standard is unfortunately common practice in many enterprises and organizations. it’s important to remember that such exemptions and double standards (termed “executive risk”) destabilize even the strongest security frameworks. The article also looks at some industry-recommended practices for reducing risks to targeted [...] There are two main approaches to engineering privacy protection: privacy-by-policy and privacy-by-architecture. Privacy-by-policy relies on the Fair Information Practices and notice and choice. Privacy-by-architecture leverages privacy protective technologies. While they are normally considered dichotomous, privacy experts recommend a hybrid approach that integrates these two [...] Enterprise privacy policies and privacy programs are essential. While policies alone cannot prevent data breaches or misuse of personal information, they are a good step in ensuring transparency and privacy-friendly practices. A privacy policy should contain the following key components: notice; consumer choice; access and correction; security; and [...] In April 2011, Google was at the center of public scrutiny, after security experts, researchers and hackers revealed that its Android mobile devices were continuously collecting user’s location data. Contrary to Google’s claims, it was discovered that this information was tied to a numerical identifier. This article looks at numerous responses to this discovery, in the US and [...] On Tuesday, January 18 2011, Facebook announced its decision to suspend the controversial feature allowing developers to access users’ home addresses and mobile numbers. The announcement comes just days after the social networking website decided to share users’ contact information with third party app developers. Privacy watchdogs have long decried Facebook’s privacy and security failings, which have affected its over 500 million users [...] The Safe Harbor framework deals with privacy protection around the transfer of personal data between organizations in European Union (EU) member states to organizations located in the United States. This article explores the purposes and requirements of the Safe Harbor framework. It also provides information for US-based organizations who may participate in the Safe Harbor framework. What is Safe Harbor?
In October 1998, the European Commission Directive on Data Protection went into effect. The Directive prohibited the transfer of personal data from EU member states to non-EU nations that did not meet the adequacy standard of privacy protection. There are significant differences [...] This article looks at the processes of de-identification, or anonymization of personal information. It also examines how developments in re-identification can use anonymous information to identify individuals, underscoring the shortcomings of anonymization [...] Executive Order 13402 commanded the creation of a Presidential Identity Theft Task Force to examine how the Federal Government could better respond to and protect against data breaches resulting in identity theft. Under Federal regulations, such as the Privacy Act of 1974 and the Federal Information Security Management Act, individuals are guaranteed the security of their data, making adequate protection of data a matter of [...] | |
