Develop a dedicated budget to address Privacy Office training needs and initiatives

Update all privacy guidance to reflect current Federal requirements and processes.

Implement a formal process for the Privacy Office to issue and communicate privacy guidance, requirements, and deadlines.

Update and continue to maintain a central collaboration area to include all current privacy program policies, procedures, and guidance

Establish standard processes to ensure consistent work flow and communications between program office and Privacy Office personnel

Ensure role-based privacy training is provided to all personnel with privacy responsibilities

Ensure privacy awareness training is provided to all contractor and third party personnel

Provide personnel tasked with handling Privacy Act requests with recurring training on Privacy Act exceptions

Establish documentation procedures for accounting of disclosures made under the Privacy Act, as required by 5 USC 552a(c)

Establish an annual computer matching activity reporting process to meet the requirements of OMB Circular A-108

Determine if general support system privacy threshold assessments or privacy impact assessments should be completed; if not, document the rationale

Develop the technical capability to identify, inventory, and monitor the existence of PII within the HUD environment

Develop and implement a process to inventory all agency PII holdings not less than annually.

Renew the PII minimization effort, to include a prioritization by the SAOP of specific minimization initiatives

Require all system owners to review the records retention practices for each information system and take any corrective actions necessary to ensure adherence to the applicable records retention schedule

A. Issue a clean desk policy prohibiting unattended and unsecured sensitive data in workplaces. B. Implement procedures to enforce the clean desk policy.

Direct PIH and OCIO to develop a comprehensive project plan, documenting the milestones and dates for addressing the gaps in ONAP-LOS capabilities (functionality and reports) and the 25 recommendations made during HUD OCIO's project health assessment

Direct all stakeholders to identify all viable options to securely resolve the ONAP-LOS access issues, so authorized Section 184 lenders can access the system. The best solution should not impose unacceptable risk to business processes or sensitive data. Current program offices involved are OCIO, PIH, and FHA, while others may also be identified

Direct PIH and OCIO to ensure that the Section 184 program transitions away from dependency on CHUMS.

Continue to develop required ONAP-LOS capabilities using cloud environments as appropriate