AR-07-727 Privacy-Enhanced System Design and Development

Privacy-Enhanced System Design and Development

AR-07-727
Privacy-Enhanced System Design and Development
Accountability, Audit and Risk Management
Identify, Protect
Privacy and Confidentiality, Secure System Services, Acquisition and Development
NOT SELECTED
NA
No
Laws and regulations are violated as a result of poor integration of privacy controls into system design and development.
The organization designs information systems to support privacy by automating privacy controls.
Privacy controls are made automated, where possible.
No statewide control
Obtain privacy system development and design documentation and ascertain if: (I) the organization employ technologies that automate privacy controls on the collection, use, and disclosure of personally identifiable information (PII) to reduce the likelihood of information system breaches and other privacy-related incidents. (ii) the organizations conducts periodic reviews of systems’ collection, use, and disclosure of PII to assess compliance with the Privacy Act and the organization’s privacy policy. (iii) the organization regularly monitor information system use and sharing of PII to ensure that the use / sharing is consistent with the authorized purposes identified in the Privacy Act and / or in the public notice of organizations, or in a manner compatible with those purposes.