Reporting Requirements
Per PM-18 of NIST SP 800-53, organizations are to “...Develop and disseminate an organization-wide privacy program plan that provides an overview of the…privacy program…”. And per the Defense Health Agency, “...contractors [are] to protect from unauthorized exposure the PII entrusted to their care, to complete privacy compliance activities, to report breaches of PII, and to reduce the volume and types of PII to only that needed for program functions…”
As a federal contractor supporting the DoD, or any other government agency, if you work with PII that is owned or maintained by a federal agency, you need a Privacy Program Plan.
As a federal contractor supporting the DoD, or any other government agency, if you work with PII that is owned or maintained by a federal agency, you need a Privacy Program Plan.
Key Elements of a Successful Privacy Program Plan
A well-written Privacy Program Plan must include a description of the structure of the program and the resources dedicated to the program, an overview of the requirements for the program and a description of program management controls and common controls in place or planned for meeting those requirements, and so much more.
How to Get Started
Start by downloading our Privacy Program Plan toolkit at the Arlington Security Portal (ASP).
