A. Issue a clean desk policy prohibiting unattended and unsecured sensitive data in workplaces. B. Implement procedures to enforce the clean desk policy.
Publication Report
2018-OE-0001 | Septiembre 13, 2018
HUD Privacy Program Evaluation Report
We conducted this evaluation to determine the effectiveness of the U.S. Department of Housing and Urban Development’s (HUD) privacy program We assessed the adequacy of agency strategies, plans, controls and practices at the enterprise and... másRelated Recommendations
Office of Administration
- Summary
Ensure the privacy program is staffed with experienced personnel (such as a Chief Privacy Officer) to manage the operational aspects of the program.
- Summary
Issue a notice at the Secretary level delegating and clarifying the authority and responsibilities of the SAOP and Privacy Office
- Summary
A. Document the roles and specific responsibilities of all positions assigned privacy responsibilities. B. Communicate these responsibilities on a recurring basis, at least annually, to individuals holding these positions.
- Summary
Implement thorough human capital processes to ensure execution of the HUD privacy program and all its requirements
- Summary
Finalize and approve the draft privacy program strategic plan
- Summary
Ensure the privacy program is integrated with the enterprise risk program and that privacy risks are incorporated into the agency risk management process
- Summary
Establish an executive leadership dashboard to communicate continuous monitoring of key program risks and issues
- Summary
A. Develop an internal privacy program communication plan to describe how privacy issues will be disseminated and best practices will be shared. B. Implement the communication plan
- Summary
Develop a dedicated budget to address Privacy Office training needs and initiatives
- Summary
Update all privacy guidance to reflect current Federal requirements and processes.
- Summary
Implement a formal process for the Privacy Office to issue and communicate privacy guidance, requirements, and deadlines.
- Summary
Update and continue to maintain a central collaboration area to include all current privacy program policies, procedures, and guidance
- Summary
Establish standard processes to ensure consistent work flow and communications between program office and Privacy Office personnel
- Summary
Ensure role-based privacy training is provided to all personnel with privacy responsibilities
- Summary
Ensure privacy awareness training is provided to all contractor and third party personnel
- Summary
Provide personnel tasked with handling Privacy Act requests with recurring training on Privacy Act exceptions
- Summary
Establish documentation procedures for accounting of disclosures made under the Privacy Act, as required by 5 USC 552a(c)
- Summary
Establish an annual computer matching activity reporting process to meet the requirements of OMB Circular A-108
- Summary
Determine if general support system privacy threshold assessments or privacy impact assessments should be completed; if not, document the rationale
- Status2018-OE-0001-20OpenClosedSummary
Develop the technical capability to identify, inventory, and monitor the existence of PII within the HUD environment
- Status2018-OE-0001-21OpenClosedSummary
Develop and implement a process to inventory all agency PII holdings not less than annually.
- Summary
Renew the PII minimization effort, to include a prioritization by the SAOP of specific minimization initiatives
- Summary
Require all system owners to review the records retention practices for each information system and take any corrective actions necessary to ensure adherence to the applicable records retention schedule