PricingBlogAbout Us

Legal Regulation Compliance and Investigation Report - OMB Guidelines

Verified

Added on  2021/04/21

|5
|748
|40
Report
AI Summary
This report provides an analysis of legal regulation compliance and investigation, focusing on the Office of Management and Budget (OMB) breach notification plan requirements. It begins by referencing the Obama administration's memorandum M-17-12, which established guidelines for managing breaches of Personally Identifiable Information (PII). The report then reviews the OMB breach notification plan, outlining the responsibilities of contractors, including encoding PII, providing regular training, and reporting breaches promptly. A detailed checklist is presented, which includes identifying the Breach Response Team, determining who should be notified in case of a breach, establishing a breach incident response protocol, preparing an audit checklist, and outlining the breach response actions. The report concludes by emphasizing the importance of developing appropriate breach response plans to comply with federal regulations and providing examples of actions such as credit monitoring and fraud alerts. References include sources like Inside Privacy, the White House archives, and MNT services.
Document Page
Running head: Legal regulation compliance and investigation
Legal regulation compliance and investigation
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Legal regulation compliance and investigation
Introduction
According to Workplace Privacy, Data Management and Security Report (2017) the
Obama administration issued a memorandum M-17-12 for setting a detailed policy for
managing the breaches of personally identifiable information (PII).
As an Inspector General, I would be reviewing the Office of Management and Budget
(OMB) breach notification plan requirements and submitting a checklist regarding the
necessary steps of compliance to the senior management.
Discussion
Reviewing of the Office of Management and Budget (OMB) breach notification
plan requirements
The contractors subject to the applicable provisions would be required to:
1. Encode the personally identifiable information (PII) according to the OMB
guidelines and agency specific requirements (Inside Privacy, 2017).
2. Conduct the training on regular basis for contractor employees regarding the
identification and reporting of a breach.
3. Reporting of breaches including the breaches of hard copy data at the earliest.
Also a framework should track the time and details of the party accessing the
information.
4. The contractors should cooperate with the agency regarding the exchange of
information in order to report or deal with a doubtful breach.
Document Page
Legal regulation compliance and investigation
5. The contractors should identify their accountabilities which are consistent with
the policy along with the agency’s breach response plan (Memorandum for
Heads of Executive Departments and Agencies, 2017).
Checklist regarding the necessary compliance regarding the breach notification
plan requirements
The checklist for the necessary compliance regarding the breach notification plan
requirements are:
1. Identification of the Breach Response Team: The first and foremost thing should
be to identify the ‘Breach Response Team’. The ’Incident Lead ‘should be the leader in
case of data breach. He should be selected from the legal or privacy office.
The other members include the In-house counsel or the Attorney General’s Office, the
Executive Team member, MN.IT CIO, Human Resource members, Compliance /
Privacy officer, Marketing/ Communications Member and Customer Relations team
member.
2. Who shall be notified about the breach: The Office of the Legislative Auditor and
the Governor’s office should be notified in case of improper access or utilization of
personal data.
3. Breach Incident Response: When a breach is detected, the Internal Response
Team is assembled which examines it and determines if the notification is needed. The
team is required to respond to the inquires related to the breach.
4. Preparing the audit checklist: The contacts of the Data Breach Respond Team
should be updated and the breach response plan should be examined thoroughly.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Legal regulation compliance and investigation
Also, the staff security awareness should be revised and the methods regarding the
management of the data by the third parties should be reviewed.
5. Breach Response: The details of the occurrence of the breach should be
recorded. The legal obligations which arise as a result of the breach should be
identified. Also, the conflicting initiatives should be identified and upper management
should be reported regarding the response efforts (MNT services, n.d.).
Conclusion/ Recommendations
Hence, to conclude the federal contractors and the grant recipients need to develop
appropriate breach response plan and ensure that it complies with the memorandum as
well as requirements of the appropriate federal agency.
The examples of the actions taken to comply with the requirements of the agency are
credit monitoring, fraud alert, cyber hygiene and theft insurance.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Legal regulation compliance and investigation
References
Inside Privacy (2017, January 9). Updated OMB Breach Response Policy Includes
Required Breach-Related Provisions for Federal Agency Contracts. Retrieved
March 3, 2018 from
https://www.insideprivacy.com/data-security/data-breaches/updated-omb-breach-
response-policy-includes-required-breach-related-provisions-for-federal-agency-
contracts/
Memorandum for Heads of Executive Departments and Agencies (2017, January 3).
Breach Response Plan. Retrieved March 3, 2018 from
https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/
2017/m-17-12_0.pdf
MNT services (n.d.).Data Breach Preparation and Notification for Electronic Data.
Retrieved March 3, 2018 from https://mn.gov/mnit/assets/Data%20Breach
%20Preparation%20and%20Notification_tcm38-245447.pdf
Workplace Privacy, Data Management and Security Report (2017, January 15). The
White House’s Revisions to its Breach Response Policy for Federal Agencies
and Departments Also Affect Contractors. Retrieved March 3, 2018 from
https://www.workplaceprivacyreport.com/2017/01/articles/data-security/the-white-
houses-revisions-to-breach-response-policy-for-federal-agencies-and-
departments-also-affect-contractors/
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon