Skip to main content
SpringerLink
Log in
Book cover

Modern Data Strategy pp 143–163Cite as

Data Privacy

  • Chapter
  • First Online:

  • 4552 Accesses

Abstract

This chapter on data privacy focuses primarily on the public sector. Although data privacy is critical and evolving in both the private and public sectors, the perspectives, mandates, and drivers differ somewhat between these sectors. This is in contrast to many other areas of data management, which are addressed in similar ways in both the public and private sectors. That said, the chapter offers the lay-reader a respectable overview of data privacy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Organization for Economic Cooperation and Development (OECD), The OECD Privacy Framework, 2013.

  2. 2.

    U.S. Department of Homeland Security, Privacy Policy Guidance Memorandum, Memorandum 2008-01, 2008. The OMB sets forth a U.S. governmentwide version of the FIPPs in its July 2016 updates to OMB Circular A-130. The OMB version includes the same notions as the DHS FIPPs and draws out other common notions, such as Authority and Access and Amendment.

  3. 3.

    U.S. Office of Management and Budget (OMB), OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, Memorandum M-03-22, 2003.

  4. 4.

    U.S. Office of Management and Budget (OMB), Circular A-130, Managing Information as a Strategic Resource, 2016.

  5. 5.

    Ibid.

  6. 6.

    For example, the Homeland Security Act of 2002 mandated a privacy officer for the Department of Homeland Security and Consolidated Appropriations Act of 2005 mandated a privacy officer for the Department of Justice and other agencies subject to the act.

  7. 7.

    See U.S. Office of Management and Budget (OMB), Role and Designation of Senior Agency Officials for Privacy, Memorandum M-16-24, 2016.

  8. 8.

    The SAOP role was originally discussed in OMB M-05-08, Designation of Senior Agency Officials for Privacy, 2005, which was later rescinded and replaced by M-16-24, Role and Designation of Senior Agency Officials for Privacy, 2016.

  9. 9.

    OMB Circular A-130 (2016), Appendix II, 5.a.

  10. 10.

    OMB Circular A-130 (2016), Appendix II, 5.b.

  11. 11.

    OMB Circular A-130 (2016), Appendix II, 5.c.

  12. 12.

    OMB Circular A-130 (2016), Appendix II, 5.d.

  13. 13.

    OMB Circular A-130 (2016), Appendix II, 5.e.

  14. 14.

    OMB Circular A-130 (2016), Appendix II, 5.h.

  15. 15.

    OMB Circular A-130 (2016), Appendix II, 5.i.

  16. 16.

    OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, 2016.

  17. 17.

    It is important to differentiate between SORNs and architectural systems of record (SOR). The concept of SORN dates to the 1974 Privacy Act, which mandates the publishing in the Federal Register of any IT or paper file system “that contains information on individuals and retrieves the information by a personal identifier.” An architectural system of record, on the other hand, denotes an authoritative IT system in which data originates.

  18. 18.

    Although OMB uses the term “information in identifiable form” here, PII as defined in OMB M-07-16 and clarified in OMB M-10-23 are more widely used. OMB Circular A-130 further updated and streamlined the definition of PII in 2016 and will likely become the more widely used definition.

  19. 19.

    OMB Circular A-130 (2016), Appendix II, 5.e.

  20. 20.

    NIST SP 800-53, Rev. 4, Appendix J, page J-1.

  21. 21.

    The overlay concept is described in NIST SP 800-53, Rev. 4, Appendix I. The Committee on National Security Systems (CNSS) has developed the Privacy Overlays, which are Attachment 6 to Appendix F of CNSS Instruction No. 1253. The Privacy Overlays provide a consistent approach for identifying whether information is PII, determining how sensitive that PII is, and using a pre-defined set of security and privacy controls as your starting point for protecting that information. Although it is only required for National Security Systems (NSS), it is based on requirements that are applicable to all government systems that maintain PII and is therefore also usable by any agency for any non-NSS.

  22. 22.

    Duhigg, C., “How Companies Learn Your Secrets,” New York Times, February 16, 2012.

Author information

Authors and Affiliations

  1. MITRE, McLean, VA, USA

    Mike Fleckenstein & Lorraine Fellows

Authors
  1. Mike Fleckenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lorraine Fellows
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Fleckenstein, M., Fellows, L. (2018). Data Privacy. In: Modern Data Strategy. Springer, Cham. https://doi.org/10.1007/978-3-319-68993-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68993-7_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68992-0

  • Online ISBN: 978-3-319-68993-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation