Abstract
This chapter on data privacy focuses primarily on the public sector. Although data privacy is critical and evolving in both the private and public sectors, the perspectives, mandates, and drivers differ somewhat between these sectors. This is in contrast to many other areas of data management, which are addressed in similar ways in both the public and private sectors. That said, the chapter offers the lay-reader a respectable overview of data privacy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Organization for Economic Cooperation and Development (OECD), The OECD Privacy Framework, 2013.
- 2.
U.S. Department of Homeland Security, Privacy Policy Guidance Memorandum, Memorandum 2008-01, 2008. The OMB sets forth a U.S. governmentwide version of the FIPPs in its July 2016 updates to OMB Circular A-130. The OMB version includes the same notions as the DHS FIPPs and draws out other common notions, such as Authority and Access and Amendment.
- 3.
U.S. Office of Management and Budget (OMB), OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, Memorandum M-03-22, 2003.
- 4.
U.S. Office of Management and Budget (OMB), Circular A-130, Managing Information as a Strategic Resource, 2016.
- 5.
Ibid.
- 6.
For example, the Homeland Security Act of 2002 mandated a privacy officer for the Department of Homeland Security and Consolidated Appropriations Act of 2005 mandated a privacy officer for the Department of Justice and other agencies subject to the act.
- 7.
See U.S. Office of Management and Budget (OMB), Role and Designation of Senior Agency Officials for Privacy, Memorandum M-16-24, 2016.
- 8.
The SAOP role was originally discussed in OMB M-05-08, Designation of Senior Agency Officials for Privacy, 2005, which was later rescinded and replaced by M-16-24, Role and Designation of Senior Agency Officials for Privacy, 2016.
- 9.
OMB Circular A-130 (2016), Appendix II, 5.a.
- 10.
OMB Circular A-130 (2016), Appendix II, 5.b.
- 11.
OMB Circular A-130 (2016), Appendix II, 5.c.
- 12.
OMB Circular A-130 (2016), Appendix II, 5.d.
- 13.
OMB Circular A-130 (2016), Appendix II, 5.e.
- 14.
OMB Circular A-130 (2016), Appendix II, 5.h.
- 15.
OMB Circular A-130 (2016), Appendix II, 5.i.
- 16.
OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, 2016.
- 17.
It is important to differentiate between SORNs and architectural systems of record (SOR). The concept of SORN dates to the 1974 Privacy Act, which mandates the publishing in the Federal Register of any IT or paper file system “that contains information on individuals and retrieves the information by a personal identifier.” An architectural system of record, on the other hand, denotes an authoritative IT system in which data originates.
- 18.
Although OMB uses the term “information in identifiable form” here, PII as defined in OMB M-07-16 and clarified in OMB M-10-23 are more widely used. OMB Circular A-130 further updated and streamlined the definition of PII in 2016 and will likely become the more widely used definition.
- 19.
OMB Circular A-130 (2016), Appendix II, 5.e.
- 20.
NIST SP 800-53, Rev. 4, Appendix J, page J-1.
- 21.
The overlay concept is described in NIST SP 800-53, Rev. 4, Appendix I. The Committee on National Security Systems (CNSS) has developed the Privacy Overlays, which are Attachment 6 to Appendix F of CNSS Instruction No. 1253. The Privacy Overlays provide a consistent approach for identifying whether information is PII, determining how sensitive that PII is, and using a pre-defined set of security and privacy controls as your starting point for protecting that information. Although it is only required for National Security Systems (NSS), it is based on requirements that are applicable to all government systems that maintain PII and is therefore also usable by any agency for any non-NSS.
- 22.
Duhigg, C., “How Companies Learn Your Secrets,” New York Times, February 16, 2012.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Fleckenstein, M., Fellows, L. (2018). Data Privacy. In: Modern Data Strategy. Springer, Cham. https://doi.org/10.1007/978-3-319-68993-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-68993-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68992-0
Online ISBN: 978-3-319-68993-7
eBook Packages: Computer ScienceComputer Science (R0)