IMC M&A Overview. IMC – The pluses make the difference 2 IMC Business Lines.
Department of Energy 2012 IMC Conference
Transcript of Department of Energy 2012 IMC Conference
![Page 1: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/1.jpg)
Jerry Hanley
Chief Privacy Officer
Department of Energy
2012 IMC Conference
![Page 2: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/2.jpg)
Agenda
• The Privacy Office: Objectives
• Privacy Order DOE Order 206.1, Department of
Energy Privacy Program
• The Department’s Plan for Eliminating the
Unnecessary Use of SSNs
• The PIA Process
• FISMA Reporting
• What’s in the Future
• Questions
Privacy Office
Privacy Order
SSN Plan
New PIA Process
FISMA Reporting
Future
![Page 3: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/3.jpg)
The Privacy Office
About the
Privacy Office
2
Privacy Office
|
The Department of
Energy Privacy Office
is Charged with
Overseeing and
Implementing the
Department's Privacy
Program
Senior Agency
Official for Privacy
|
Chief Privacy Officer
About Us
![Page 4: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/4.jpg)
Objectives
Preserve and Protect the Privacy of
Personal Information
Strengthen Privacy Protections by Building
a Full Lifecycle, Integrated and Auditable
Privacy Program that Preserves the Trust
of the American People
Privacy Office
Objectives
![Page 5: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/5.jpg)
Overview of Department’s
Privacy Programs
![Page 6: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/6.jpg)
CPO Responsibilities
Privacy Office
Privacy
Steering
Committee
Privacy Incident
Response Team
CPO
![Page 7: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/7.jpg)
DOE Elements Responsibilities
Privacy Office
Privacy
Steering
Committee
Privacy Incident
Response Team
DOE Element
![Page 8: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/8.jpg)
Goal: A Fully Auditable Program
Privacy Office Alignment Lifecycle
Approach
Teamwork &
Partnership
Process
Maturity
Program Focus Areas
Compliance
& Assistance
Policy &
Governance
Training &
Awareness
Fully Integrated &
Auditable Privacy Program
Process
Improvement
Program Goal
![Page 9: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/9.jpg)
Policy Relationship
Privacy & Security
Privacy relies on Good Security.
Security is a Partner.
Policies are complementary.
Privacy Office
Partnership
![Page 10: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/10.jpg)
DOE O206.1, Department of
Energy Privacy Program
Ensure Implementation of
Privacy Act
E-Government Act
OMB directives
Establish a Departmental
Training and Awareness
program to ensure DOE
personnel are cognizant of
their responsibilities for—
1. Safeguarding PII
2. Reporting breaches of PII
3. Complying with the Privacy
Act.
Provide Departmental Privacy
Guidance & Assistance
Privacy Order
Privacy Office
![Page 11: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/11.jpg)
DOE Plan for Eliminating the
Unnecessary Use of SSNs
Baseline Inventory
Site Assistance
Assess Alternatives
Review Technology
Solutions
Privacy Steering Committee
SSN Plan
Privacy Office
![Page 12: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/12.jpg)
Privacy Impact Assessment
Process
New PIA Process
Privacy Needs
Assessment
4 Threshold
Questions
Tiered Approach
Expanded
Guidance
O 206.1,
Appendix A
Privacy Office
![Page 13: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/13.jpg)
What’s In the Future?
• Increased Risk & Media Attention
• Privacy Advocates Stepping Up the
Pressure
• Administration & Congress
• OMB
Future
Privacy Office
![Page 14: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/14.jpg)
Privacy Office Contact
Information
Jerry Hanley
Chief Privacy Officer
U.S. Department of Energy
(202) 586-0483
DOE Privacy Website:
From energy.gov, click on Privacy Program at the bottom of the
DOE homepage.
![Page 15: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/15.jpg)
Scenario:
An Incident Has Occurred
You are the program manager at one of the Department’s field sites. One of your team reports to you that several laptops are missing. This person suspects the laptops may have had personnel information.
What do you do?
?
![Page 16: Department of Energy 2012 IMC Conference](https://reader030.fdocuments.us/reader030/viewer/2022012020/6168899bd394e9041f705b6e/html5/thumbnails/16.jpg)
How Should You Respond?
Report the Breach Immediately
Management
DOE-CIRC/US-CERT
Did the Laptop Contain PII? Type?
Was the Laptop Encrypted?
How Many Affected?
Notification?
Keep a Log of Everything
Follow Up / Corrective Action
Order 206.1, Appendix B
?