Control Oversight and Safeguard Assurance, Information Security Risk Management, Security Compliance and Regulatory Requirements
NOT SELECTED
NA
No
Privacy laws and regulations cannot be enforced due to ill-defined policy.
The organization develops, disseminates, and updates reports to the Office of Management and Budget (OMB), Congress, and other oversight bodies, as appropriate, to demonstrate accountability with specific statutory and regulatory privacy program mandates, and to senior management and other personnel with responsibility for monitoring privacy program progress and compliance.
Reporting mechanism and responsibilities to regulatory bodies are defined.
No statewide control
Obtain privacy reporting policy and procedures; other relevant documents or records and ascertain if the type of privacy reports include:
(i) annual Senior Agency Official for Privacy (SAOP) reports to OMB;
(ii) reports to Congress required by the Implementing Regulations of the 9/11 Commission Act; or
(iii) other public reports required by specific statutory mandates or internal policies of organizations.
(iv) the organization Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) consults with legal counsel, where appropriate, to ensure that organizations meet all applicable privacy reporting requirements.