The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Ensure the privacy program is staffed with experienced personnel (such as a Chief Privacy Officer) to manage the operational aspects of the program.

Issue a notice at the Secretary level delegating and clarifying the authority and responsibilities of the SAOP and Privacy Office

A. Document the roles and specific responsibilities of all positions assigned privacy responsibilities. B. Communicate these responsibilities on a recurring basis, at least annually, to individuals holding these positions.

Implement thorough human capital processes to ensure execution of the HUD privacy program and all its requirements

Finalize and approve the draft privacy program strategic plan

Ensure the privacy program is integrated with the enterprise risk program and that privacy risks are incorporated into the agency risk management process

Establish an executive leadership dashboard to communicate continuous monitoring of key program risks and issues

A. Develop an internal privacy program communication plan to describe how privacy issues will be disseminated and best practices will be shared. B. Implement the communication plan