M-08-21, FY 2008 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 14, 2008) (43 pages)
- “Agencies should also submit their most current documentation related to OMB Memorandum M-07-16, of May 22, 2007, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, This information should be provided in an appendix to your annual report and include the following items for your agency:
- Breach notification policy
- Implementation plan and progress update on eliminating unnecessary use of Social Security Numbers (SSN);
- Implementation plan and progress update on review and reduction of holdings of personally identifiable information (PII); and
- Policy outlining rules of behavior and identifying consequences and corrective actions available for failure to follow these rules.”
Sorry, comments are closed for this post.