4.2.10: Privacy
Avoid collecting PII except as necessary to achieve program purposes and do not publicly display PII Other Information:
In the context of privacy, two primary areas are the Privacy Act and Personally identifiable information (PII). Redaction
software can be used to remove sensitive information, but only with appropriate controls to ensure the redactions are “locked.”
Any Web page must avoid collecting PII except as necessary to achieve program purposes and must not publicly display PII.
A Privacy Impact Assessment (PIA) is required for any IT system that will contain PII. A System of Records Notice (SORN) is
required for any paper-based or IT system of records that will contain PII if the record will be regularly retrieved by name
or personal identifier.
Indicator(s):
|
