Privacy Protection: Best Practices, PIAs, and Citizen Benefits

Verified

Added on 2022/08/24

AI Summary

This report examines privacy in the context of the US federal government, addressing key questions related to privacy definitions, best practices, and the role of Privacy Impact Assessments (PIAs). It begins by defining privacy from both "average person" and legal perspectives, highlighting how these differing definitions impact risk assessments. The report then outlines important best practices for protecting privacy within federal IT systems, including data usage policies, data encryption, and the use of RAID on servers. It emphasizes the necessity of PIAs for federal agencies and departments, explaining how they mitigate privacy risks and contribute to effective governance. Finally, the report details three significant benefits of PIAs for citizens, such as addressing privacy risks, improving governance structures, and managing personal information effectively. The content is based on research from the weekly readings, providing a comprehensive overview of privacy protection within the federal government.

Running head: PROTECTING PRIVACY
Protecting privacy
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1PROTECTING PRIVACY
1. What is privacy? Is it a right? An expectation? Discuss differing definitions, e.g. "the
average person" definition vs. a legal definition, and how these differences impact risk
assessments for privacy protections (or the lack thereof).
Privacy is defined as the ability of group or an individual to secure themselves from
diverse categories of threats or risks. Most of the time the sensitive data and assets are
comprised if necessary steps are not taken to deal with the privacy issues.
It is defined as the fundamental right and is very much significant for the protection of
human dignity.
There are lots of expectations related with privacy and each of them are very much
useful to define the scope of applicability of the privacy protection laws. The expectations of
privacy can be categorized into subjective expectation of privacy and objective expectation of
privacy (Merrick & Ryan, 2019). The subjective expectations deals with the individual
opinion whereas the objective expectations deals with the expectations from the society.
Considering the average person definition of privacy it can be said that it is one of
the individual legal rights and is helpful to deal with issues like unwanted publicity and it is
also considered as one of the most significant fundamental rights of human beings.
Considering the legal definition of privacy it can be said that it is the individual lethal
rights and the term privacy changes according to its legal context (Morgan, 2016). It is one
of the most significant fundamental decisions which are related with the personal matter and
it is very much significant due to the interventions coming from different regulations,
government coercion, and intimidation.

2PROTECTING PRIVACY
The notable difference between these two definitions is that the average person
definition is very much useful to deal with factors like commitment and communication
whereas the legal definition is important to deal with factors like organizational structure.
2. What are some important best practices for protecting privacy for information
collected, stored, used, and transferred by the US federal government? Identify and
discuss three or more best practice recommendations for reducing risk by improving or
ensuring the privacy of information processed by or stored in an organization’s IT
systems and databases.
The best practices of the US federal government in order to deal with the privacy
issues related with the essential information are the US Privacy Act of 1974, HIPPA
(Health Insurance Portability and Accountability Act) and COPPA (Children’s Online
Privacy Protection Act) (Reuben et al., 2016).
The three diverse categories of best practices for reducing risks related with
information are discussed as followings:
 Data usage policy: Guidelines are regulations are shared with the users of each
computer systems so that the equipment, internet access and network are secured from
the privacy issues.
 Use of data encryption: The deployment of symmetric and asymmetric encryption
can be very much useful to reduce the data security risks coming from the social
engineers.
 Use of RAID on the server: RAID disk drives is very much useful to enhance the
performance of the data storage devices.

3PROTECTING PRIVACY
3. Explain why federal government agencies and departments required to complete
PIA's. Should every federal IT system have a PIA? Why or why not?
There are diverse categories of data which comes in and out from both the
government agencies as well as from its department. At the same time, it can also be said that
the success as well as the failure of the government depends upon the protection of those
data. Any sort of privacy issues with the data can have a huge impact on the productivity of
the government and the national economy (Edemekong & Haydel, 2019). Thus, it can be said
that the Privacy Impact Assessments (PIA) must be completed as it not only help to deal
with the privacy issues but is also very much useful to manage the business strategies,
policies and business relationships with the other subsidiary organizations.
Every federal IT system must be having PIA. There are numerous privacy issues
related with the IT systems in terms of the computer viruses and Trojan horse, each of
these issues can be successfully resolved or reduced with the help of PIA.
4. Name and briefly describe 3 benefits to citizens which result from the use of PIA's.
(Considering citizen's needs for privacy and the protection of the privacy of individuals
whose information is collected, processed, transmitted, and stored in federal
government IT systems and databases.)
The three different benefits to citizens as a result of using Privacy Impact
Assessments (PIA) are as followings:
 Deal with the privacy risks: There are diverse categories of computer systems which
are used by the citizens and there were privacy issues in each of those systems
(Alshammari & Simpson, 2018). The use of PIA can be very much useful to deal with
these privacy issues from the point of view of the security consultants.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4PROTECTING PRIVACY
 Governance structure: There are numerous issues related with the involvement of
the contractors in most of the government projects in terms of addressing the
expectations of the consumers. The incorporation of PIA can be very much useful to
maintain a good relation with the third party contractors of the government projects.
 Managing personal information: There are data security threats coming from the
employees of a commercial organization as well (Ahmadian et al., 2018). The
incorporation of PIA can be very much useful for the strategic planners of commercial
business organizations to maintain the security of the organizational data and the
employee data. Any change in the business process of a commercial organization can
be supported with the help of PIA.

5PROTECTING PRIVACY
References
Ahmadian, A. S., Strüber, D., Riediger, V., & Jürjens, J. (2018, April). Supporting privacy
impact assessment by model-based privacy analysis. In Proceedings of the 33rd
Annual ACM Symposium on Applied Computing (pp. 1467-1474). ACM.
Alshammari, M., & Simpson, A. (2018, September). Towards an Effective Privacy Impact
and Risk Assessment Methodology: Risk Assessment. In International Conference on
Trust and Privacy in Digital Business (pp. 85-99). Springer, Cham.
Edemekong, P. F., & Haydel, M. J. (2019). Health Insurance Portability and Accountability
Act (HIPAA). In StatPearls [Internet]. StatPearls Publishing.
Merrick, R., & Ryan, S. (2019). DATA PRIVACY GOVERNANCE IN THE AGE OF
GDPR. Risk Management, 66(3), 38-43.
Morgan, M. (2016). Reconsidering the Legal Definition of Privacy. Brigham Young
University Prelaw Review, 30(1), 8.
Reuben, J., Martucci, L. A., Fischer-Hübner, S., Packer, H. S., Hedbom, H., & Moreau, L.
(2016, August). Privacy Impact Assessment Template for Provenance. In 2016 11th
International Conference on Availability, Reliability and Security (ARES) (pp. 653-
660). IEEE.