M-08-09 New FISMA Privacy Reporting Requirements for FY 2008

M-08-09

MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES

To maintain a comprehensive context for security and privacy of Federal information across government, the Office of Management and Budget is planning to add the requirement below to agencies’ existing annual reporting mechanisms. This memorandum provides advance notice to agencies about information which will be incorporated into the annual reporting requirements for fiscal year 2008 under the Federal Information Security Management Act (FISMA) to be issued next summer.

As part of the FY 2008 FISMA reports, OMB will require agencies to submit the following information:

• By agency, the number of each type of privacy review conducted during the last fiscal year;
• Information about the advice – formal written policies, procedures, guidance, or interpretations of privacy requirements issued by the agency – provided by the Senior Agency Official for Privacy during the last fiscal year;
• The number of written complaints for each type of privacy issue allegation received by the Senior Agency Official for Privacy during the last fiscal year to include: (1) process and procedural issues (consent, collection, and appropriate notice); (2) redress issues (non-Privacy Act inquiries seeking resolution of difficulties or concerns about privacy matters); or (3) operational issues (inquiries regarding Privacy Act matters not including Privacy Act requests for access and/or corrections);
• For each type of privacy issue received by the Senior Agency Official for Privacy for alleged privacy violations during the last fiscal year, the number of complaints the agency referred to another agency with jurisdiction.

Questions about this Memorandum should be directed to John Lee at john_lee@omb.eop.gov.

Source

• M-08-09 New FISMA Privacy Reporting Requirements for FY 2008 (PDF)