The Office of Management and Budget has called on agency privacy officials to conduct a review of their agencies’ policies and processes to prevent the intentional or negligent misuse of, or unauthorized access to, personally identifiable information.
According to OMB memo M-06-15, reviews should address all administrative, technical, and physical means used by agencies to control such information, including but not limited to procedures and restrictions on the use or removal of personally identifiable information beyond agency premises or control.
Reviews should be included in reports on compliance with the Federal Information Security Management Act, and include any weaknesses in security plans of action and milestones already required by FISMA.
The memo also said agencies should ensure employees are reminded within the next month of their specific responsibilities for safeguarding personally identifiable information, the rules for acquiring and using such information, and the penalties for violating those rules.
