Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
InformationPrivacyandSecurityCouncil|PIAForm(rev. 2017) Page1of9
ANNUALPERSONALINFORMATIONSYSTEMREPORTPrivacyImpactAssessment(PIA)
DeadlineforSubmission:September30
EffectiveJanuary1,2009,anygovernmentagencythatmaintainsoneormorepersonalinformationsystemshallsubmittotheStateofHawai‘iInformation Privacy and Security Council an annual report on the existence and character of each personal information system added oreliminatedsincetheagency'spreviousannualreport.ThereportshallbesubmittednolaterthanSeptember30ofeachyear.(HRS§487N-7)
“Personal information system”means any manual or automated recordkeeping process that contains personal information and the name,personalnumber,orotheridentifyingparticularsofadatasubject.
“Personalinformation”meansanindividual’sfirstnameorfirstinitialandlastnameincombinationwithanyoneormoreofthefollowingdataelements,wheneithernameordataelementsarenotencrypted:
1. SocialSecuritynumber;2. Driver'slicensenumberorHawai‘iidentificationcardnumber;or3. Accountnumber,creditordebitcardnumber,accesscode,orpasswordthatwouldpermitaccesstoanindividual’sfinancialaccount.
Note:Personalinformationdoesnotincludepubliclyavailableinformationthatislawfullymadeavailabletothegeneralpublicfromfederal,stateorlocalgovernmentrecords.
PARTI.PIAContactsandQualificationQuestions
A. ContactInformationSystemTitle: Document Date:
Enter the date you are creating or updating this documentOfficeofResponsibility:
Entertheservice,office,divisionordepartmentnameProgramManagerName: ProgramManagerTitle: Phone:
eMail:
B. QualificationQuestions1. Doesyoursystemcollectanyinformationinidentifiableform(personaldata)onthegeneralpublic?❑ Yes❑No
Informationinidentifiableform(alsoknownaspersonaldata/information)referstoanydatacollectedaboutanindividualthatcanbeusedforidentificationpurposes.
Itincludesinformationthatidentifiestheindividualbynameorotheruniqueidentifierinconjunctionwithotherdataelementssuchasgender,race,birthdate,age,geographicindicator,personale-mailaddress,homeaddress,homephonenumber,healthrecords,SocialSecurityNumber(SSN),personalcreditcardinformation,andsimilarpersonalinformation.Informationpermittingthephysicaloronlinecontactingofaspecificindividualisconsideredinformationinidentifiableform.
Thisdoesnotrefertobusinessentitiesorgovernmentagencies,oraggregatedatathatcannotbetracedbacktoanindividualperson.
2. Doesyoursystemcollectanyinformationinidentifiableform(personaldata/information)ongovernmentemployees?❑ Yes❑No
Informationinidentifiableformreferstoanydatacollectedaboutanemployeethatcanbeusedforidentificationpurposes.Itincludesinformationthatidentifiestheemployeebynameorotheruniqueidentifierinconjunctionwithotherdataelementssuchasgender,race,birthdate,age,maritalstatus,homee-mailaddress,homeaddress,homephonenumber,healthrecords,SSN,performanceappraisals,employmenthistorynotrelatedtocurrentjob,allegationsofmisconduct/arrests/complaints/grievances/performancebasedactions,payrolldeductions,personalcreditcardinformation,andsimilarpersonalinformation.
3. HasaPIAbeendonebeforeforthesystem?❑ Yes❑No
IfYesto3.,enterthedateofthelastPIA,otherwiseleaveblank:
NOTE:IfyouansweredNOtoBOTHB.1.andB.2.above,STOP HERE.
Information Privacy and Security Council | PIA Form (rev. 2017) Page2of9
PARTII.SystemAssessment
PartIIisforsystemsthatansweredYEStoEITHERB.1.orB.2.above.A. DataintheSystem1. Whatisthespecificpurposeoftheagency’suseoftheinformationandhowdoesthatusefitwiththeagency’sbroadermission?Agencyshoulduseplainlanguagetodisclosethepurpose(s)ofitsuseoftheinformation.Agency’sdescriptionshouldprovideenoughdetailtoallowthereadertogainfullunderstandingofthepurpose(s).
1.a.Describeallinformationtobeincludedinthesystem.Brieflydescribethepurposeofthesystemandthedatathatwillbeinthesystem,includingthatofanysubsystems.
1.b.DescribeallPERSONALinformationtobeincludedinthesystem.Providethespecificprivacydataelementsthatwillbemaintainedinthesystem.
1.c.Whatstageofthelifecycleisthesystemcurrentlyin?Selectone.❑ Design/Planning❑ Operation/Maintenance❑ Development/Implementation❑ Disposal
2.a.Whatarethesourcesoftheinformationinthesystem?Describewherethesystemdataoriginates,whethertheprivacyinformationisprovidedbytheuserorenteredonbehalfoftheuserandbywhom,orifitcomesprogrammaticallyfromanothersystem.
2.b.WhatStatefilesanddatabasesareused?IdentifyanyStatefilesanddatabasesthatmaybeusedasasourceoftheinformation.
2.c.WhatFederalagenciesareprovidingdataforuseinthesystem?ListFederalagenciesthatareprovidingtheinformationforusebythesystem.Specifydataprovidedbyeach.Ifnone,enterNone.
2.d.WhatStateandlocalagenciesareprovidingdataforuseinthesystem?ListanyStateandlocalagenciesthatareprovidingdataforuseinthissystem.Specifythedataprovidedbyeach.Ifnone,enterNone.
2.e.Fromwhatotherthirdpartysourceswillthedatabecollected?Listanyothersourcesofdatainthesystemandthedataprovided.Ifnone,enterNone.
2.f.Whatinformationwillbecollectedfromtheindividualwhoserecordisinthesystem?Listthedatathatwillbecollectedfromtheindividual.
3.a.HowwillthedatacollectedfromsourcesotherthanStateagencyrecordsortheindividualbeverifiedforaccuracy?Theaccuracyofpersonalinformationisveryimportant.Indicatethestepsthatwillbetakentoensurethatthedataisaccurateandtheintegrityofthedataremainsintact.
Information Privacy and Security Council | PIA Form (rev. 2017) Page3of9
3.b.Howwilldatabecheckedforcompleteness?Missinginformationcanbeasdamagingasincorrectinformation.Indicatethestepsthatwillbetakentoensurethatallofthedataiscomplete.
3.c.Isthedatacurrent?Howdoyouknow?Indicatetheprocessthatwillbeusedtoensurethatthedataisrelevantandup-to-date.
4. Arethedataelementsdescribedindetailanddocumented?Ifyes,whatisthenameofthedocument?Eachofthedataelementsmustbedefinedanddescribed.Descriptionsshouldincludethename,datatype,andpurposeforcollection.
B. AccesstotheData1.a.Whowillhaveaccesstothedatainthesystem?Providealistofusersorgroupsofusersoftheentiresystem(i.e.governmentagencies,publicaccess,etc.)andaseparatelistofpeoplewhowillhaveaccesstoprivacydata.
1.b.IsanyofthedatasubjecttoexclusionfromdisclosureundertheFederalFreedomofInformationAct(FOIA)?Ifyes,explainthepolicyandrationalesupportingthisdecision.
Ifso,referencethespecificexemptionundertheFOIA(5U.S.C.Section(b)(1)through(9)),tosupportyourrationale.
Dept. of Justice guidance on exemptions:http://www.usdoj.gov/oip/foi-act.htmFOIAtext:http://www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm
1.c.IsanyofthedatasubjecttoexclusionfromdisclosureundertheStateofHawai‘iUniformInformationPracticesAct(UIPA)?Ifyes,explainthepolicyandrationalesupportingthisdecision.
Ifso,referencethespecificexemptionunderUIPA.OtherwiseenterNONE.
OfficeofInformationPractices,StateofHawai‘i:http://oip.hawaii.gov/laws-rules-opinions/uipa/
2. Howisaccesstothedatabyauserdetermined?Arecriteria,procedures,controls,andresponsibilitiesregardingaccessdocumented?Listanypoliciesorproceduresusedtoimplementaccesstothesystemandprivacydata.Iftherearesupportingdocumentssuchtechnicalandoperationalmanualsorasystemsecurityplan,listthemhere.
3. Willusershaveaccesstoalldatainthesystemorwilltheusers’accessberestricted?Explain.Specifytowhatdegreeuserscanaccesstheirownprivacydataafterithasbeenentered.Ifthereareanyrestrictionsonaccesstothisdata,identifytherestrictions.
Information Privacy and Security Council | PIA Form (rev. 2017) Page4of9
4. Whatcontrolsareinplacetopreventthemisuse(e.g.browsing)ofdatabythosehavingaccess?Referencetechnical,managerial,administrative,andoperationalcontrolsinplacesupportingmanagementofthedata.
5.a.Doothersystemssharedataorhaveaccesstodatainthissystem?Ifyes,explain,otherwiseenterNO.Listanysystemsthatwilleithersendorreceivedatainthissystem.Explainthepurposeoftheconnectionandthemethodsusedtoensureintegrityandsecurityofthedatabeingexchanged.
5.b.Whowillberesponsibleforprotectingtheprivacyrightsoftheclientsandemployeesaffectedbytheinterface?Listthetitleandofficeoftheperson(s)responsibletoensurethattheprivacydataisbeinghandledproperly.ThistypicallyshouldbetheSystemManager.
6.a.Willotheragenciessharedataorhaveaccesstodatainthissystem(International,Federal,State,Local,Other)?Listanyentitiesthatmayaccessthedatainthissystemandspecifywhichdata.Iftherearenone,enterNone.
6.b.Howwillthedatabeusedbytheagency?Describeindetailhoweachpieceofdatawillbeused,includingprogrammaticfunctions,indexing,aggregation,reporting,etc.
6.c. Who is responsiblefor assuring proper useof thedata? This shouldtypically be the same person(s) listedforquestion 5.b.
6.d.Howwillthesystemensurethatagenciesonlygettheinformationtowhichtheyareentitled?Listthecontrolsandsecuritymechanismsinplacetoensurethatexchangeofdataisappropriate.
7. Whatisthelifeexpectancyofthedata?Indicatewhetherthedatawillbecollectedandusedforaone-timeprocessorwhetherthedatawillbemaintainedinadatabase.Indicatehowlongtheone-timeprocesstypicallytakesorhowlongdatawillbemaintained.Ifsharedwithothersystems,provideindicationonlifeexpectancyfromthosesystemsaswell.
8. Howwillthedatabedisposedofwhenitisnolongerneeded?Provideexplanationofdatadisposalprocess.Indicatemethodsfordisposingofdatafromoperationaldatabasesaswellasforarchivingsystems.
C. AttributesoftheData1. Istheuseofthedatabothrelevantandnecessarytothepurposeforwhichthesystemisbeingdesigned?Listeachdataelementandtherelevancetothesystem.
Information Privacy and Security Council | PIA Form (rev. 2017) Page5of9
2.a.1.Willthesystemderivenewdataorcreatepreviouslyunavailabledataaboutanindividualthroughaggregationfromtheinformationcollected?❑ Yes❑No.
Ifyes,providedetailsonthederivationofthedata.Anexamplewouldbetocreateacreditriskratingbasedoncredithistory.
2.a.2.IfYESto2.a.1above,describehowthesystemderivenewdataorcreatepreviouslyunavailabledataaboutanindividualthroughaggregationfromtheinformationcollected.
2.b.Willthenewdatabeplacedintheindividual'srecord(clientoremployee)?❑ Yes❑No.
2.c.Canthesystemmakedeterminationsaboutindividualsthatwouldnotbepossiblewithoutthenewdata?❑ Yes❑No.
Explainwhyorwhynot.
2.d.Howwillthenewdatabeverifiedforrelevanceandaccuracy?Sincethisisprivacydataaboutanindividualthatwasnotprovidedbytheindividual,therelevanceandaccuracyareveryimportant.Providedetailsonprocessesusedtoverifythisinformation.
3.a. Ifthedataisbeingconsolidated,whatcontrolsareinplace toprotect the data andprevent unauthorizedaccess? Explain. Enter N/A if the data isnot beingconsolidated. Otherwise, describe the controlsused toensurethat aggregated or consolidated privacy dataremains protected.
3.b.Ifprocessesarebeingconsolidated,arethepropercontrolsremaininginplacetoprotectthedataandpreventunauthorizedaccess?Ifyes,explain.EnterN/Aiftheprocessesarenotbeingconsolidated.Otherwise,describethecontrolsusedtoensurethataggregatedorconsolidatedprivacydataremainsprotected.
4. Howwillthedataberetrieved?Canitberetrievedbypersonalidentifier?Ifyes,explain.Explainallprocessesforretrievingthedata.Ifpersonalidentifiers(i.e.name,SSN,employeenumber,etc.)areused,listtheidentifiers.
5. Whatarethepotentialeffectsontheprivacyrightsofindividualsof:
a. Consolidationandlinkageoffilesandsystems;b. Derivationofdata;andc. Useofnewtechnologies.Howaretheeffects
tobemitigated?
Explainhowtheprivacyrightsoftheindividualmaybeprotectedorjeopardizedbasedona,b,andc.Listallmitigationstrategiesusedtoensurethattherightsoftheindividualsarenotcompromised.
Information Privacy and Security Council | PIA Form (rev. 2017) Page6of9
D. MaintenanceofAdministrativeControls1.a.Explainhowthesystemanditsusewillensureequitabletreatmentofindividuals.Describetheprocessesinplacetoensurefairandequitabletreatmentofindividualsandtheirprivacydata.Ifjudgmentsaretobemadebasedontheprivacydata,indicatetherationaletobeusedtomakethejudgmentsandhowthejudgmentswillbekeptfairandequitable.
1.b.Ifthesystemisoperatedinmorethanonesite,howwillconsistentuseofthesystembemaintainedatallsites?Describetechnical,managerial,andoperationalcontrolsinplacetoensurethatdataintegrityandprotectionismaintainedacrosssites.Also,describehowdatawillbekeptcurrentandconsistentbetweenlocations.
1.c.Explainanypossibilityofdisparatetreatmentofindividualsorgroups.Describeanypotentialsituationwheredatacouldbeevaluateddifferently.Listthedataelementsthatmayimpactdisparatetreatment(i.e.race,gender,etc.).
2.a.Whataretheretentionperiodsofdatainthissystem?Howlongwilldatabekept(years,months,day,hours)?UseStateofHawai‘irecordsdispositionschedulestodeterminerequirements.
2.b. What are the procedures for eliminating the data atthe end ofthe retention period? Where are theprocedures documented? Provide detailedexplanationof the data disposal process. Indicate methods fordisposing of data from operational databases as well asarchivingprocedures. List documents supportingtheseprocedures andthe locations of these documents.
2.c.Whilethedataisretainedinthesystem,whataretherequirementsfordeterminingifthedataisstillsufficientlyaccurate,relevant,timely,andcompletetoensurefairnessinmakingdeterminations?Describedatamanagementproceduresandupdatingrequirement.
3.a.IsthesystemusingtechnologiesinwaysthatFederalagencieshavenotpreviouslyemployed(e.g.Caller-ID)?❑ Yes❑No.
Ifyes,describeanytechnologiesthatmaybeusedtocollectordisplayprivacydata.
3.b.Howdoestheuseofthistechnologyaffectindividuals’privacy?Isthedatamorevulnerabletoinadvertentorunintentionaldisplay?Doesitimprovetheprotectionoftheprivacydata?
4.a.Willthissystemprovidethecapabilitytoidentify,locate,andmonitorindividuals?Ifyes,explain.Describetherationaleandprocessesforidentifying,locating,andmonitoringindividuals.Thiscanincludestreetaddress,e-mail,cellphone,aswellasGPSdata.
Information Privacy and Security Council | PIA Form (rev. 2017) Page7of9
4.b.Willthissystemprovidethecapabilitytoidentify,locate,andmonitorgroupsofpeople?Ifyes,explain.Describetherationaleandprocessesforidentifying,locating,andmonitoringgroupsofindividuals.Thiscanincludestreetaddress,email,cellphone,aswellasGPSdata.
4.c.Whatcontrolswillbeusedtopreventunauthorizedmonitoring?Describemanagerial,technical,andoperationalcontrolsusedtomanagemonitoringactivities.
5.a.UnderwhichPrivacyActSystemofRecordsnotice(SOR)doesthesystemoperate?Providenumberandname.If this is a Federal associated system, under whichPrivacy Act System of Records notice (SOR) does thesystem operate? Provide number and name. If notFederal associated, enter N/A.5.b.Ifthesystemisbeingmodified,willtheSORrequireamendmentorrevision?Explain.If this is a Federalassociated system, AND if any of the information in theSOR is altered, such as acquisition of new privacyinformation, new implementations, etc., explain how orwhy the SOR should be amended. Coordinate preparationof a revised SOR with the Privacy Act Officer. IF there areno modifications or if not Federal associated, enter N/A.
PARTIII.Use of Third Party Websiteor Application
FilloutPartIIIonlyifthissystemutilizesathirdpartywebsiteorapplication(e.g.SAAS).A. UseofaThird-PartyWebsiteorApplication1. Whatisthespecificpurposeoftheagency’suseofthethird-partywebsiteorapplication,andhowdoesthatusefitwiththeagency’sbroadermission?Agencyshoulduseplainlanguagetodisclosethepurpose(s)ofitsuseofthethird-partywebsitesorapplications.
2. Is theagency’s useof thethird-party website orapplication consistent with all applicablelaws,regulations, and policies? Agency should make clearthatit willcomply with allapplicable laws, regulations, andpolicies, inparticular those pertainingto privacy,accessibility, information security, and recordsmanagement. Provide examples showing how it willcomplywith policies. Agencyshould indicate that it willwork with its counsel to ensure that its use of third-partywebsites and applications remains compliant.
B. Third-PartyWebsiteApplicationAssessmentUseofPII1. IsthereanyPIIthatislikelytobecomeavailabletotheagencythroughtheuseoftheThird-Partywebsiteorapplication?Answershouldbetailoredtoaddressthespecificwebsitesandapplicationsbeingused.
2.a.WillREGISTRATIONPIIbemadeavailabletoAgency?❑ Yes❑No
Manythird-partywebsitesorapplicationsrequestPIIatthetimeofregistration.Agenciesshouldmakeclearwhethertheywillhaveaccesstothisinformationandwhetheruserscantakestepstolimitagenciesaccess.
2.b.WillSUBMISSIONPIIbemadeavailabletoAgency?❑ Yes❑No
Anindividualcanmakeinformationavailabletoagencieswhenheorsheprovides,submits,communicates,links,posts,orassociatesPIIwhileusingthethird-partywebsiteorapplication.Thiscanincludesuchactivitiesas“friend-ing,”“following,”“liking,”joininga“group,”becominga“fan,”andcomparablefunctions.
Information Privacy and Security Council | PIA Form (rev. 2017) Page8of9
2.c.WillASSOCIATIONPIIbemadeavailabletoAgency?❑ Yes❑No
Evenwhenindividualsdonotactivelypostorsubmitinformation,theycanpotentiallymakePIIavailabletotheagencyby“associating”themselveswiththewebsitesorapplications.Suchactsofassociationmayincludeactivitiescommonlyreferredtoas“friend-ing,”“following,”“liking,”joininga“group,”becominga“fan,”andcomparablefunctions.
2.d.WillACCOUNTPIIbemadeavailabletoAgency?❑ Yes❑No
Evenindividualswhodonothaveanaccountwithathird-partywebsiteorapplicationmaymakePIIavailabletoagenciesifcertainfunctionsofthewebsiteorapplicationareavailabletoindividualswithoutanaccount.Agenciesshouldmakeclearwhethertheywillhaveaccesstothisinformationandwhetheruserscantakestepstolimitagencies’access.
3. HowwillagencyusethePIIasdescribedaboveinsection2?
4. ThetypesofusesthatPIIwillbesubjectedtointhissystemare:(answerinfollowinglist4.a.-4.d.)
4.a.PIIwillbesubjectedtoPublicinteraction/opengovernmentactivitiesuse❑ Yes❑No
Thiscouldincludesurveys,contests,ormessageboardsthatprovideaforumforthepublictocommentontheagency’sactivities.
4.b.PIIwillbesubjectedtoRecruitmentand/oremployeeoutreachuse❑ Yes❑No
Inordertorecruitandhirefromthewidestpossiblepoolofcandidates,theagencymayconsiderusingthird-partywebsitesorapplicationstoattractnewhiresortoinformorreceivefeedbackfromcurrentemployees.
4.c.PIIwillbesubjectedtoParticipationinagencyprogramsorsystemsuse❑ Yes❑No
Theagencymayconsiderusingthird-partywebsitesorapplicationsinordertofacilitateaccesstoprogramsorsystems.TheagencyshouldconsiderandaddresswhetherthisusewillresultinthePIIbeingcombined,matched,orotherwiseusedinconcertwithPIIthatisalreadymaintainedbytheagency.
4.d. PII will besubjected to Web measurement and/or customization use❑ Yes❑No
Theagency may usethird-party websites or applications toconductmeasurement and analysis of web usage, or to customize the user’sexperience.
5. Howwillthedataberetrievedonthird-partywebsiteorapplication?Canitberetrievedbypersonalidentifier?
Ifyes,explain.Explainallprocessesforretrievingthedata. Ifpersonalidentifiers(i.e.name,SSN,employeenumber, etc.) are used, list the identifiers. Registrationprocess shouldalso be considered.
C. IdentificationandMitigationofOtherPrivacyRisks–SharingandDisclosureofPII1.a.Thefollowingriskexists:DisclosureofPIIbyUsers❑ Yes❑No
Theagencymustchoosetodeleteorhidecommentsorotheruserinteractionswhenauser’ssensitiveinformationisincluded.Agencyshouldprovideanoticetousersonthethird-partysite,warningindividualstoavoidsharingordisclosingsensitivePII.
1.b.Thefollowingriskexists:Third-Partyadvertisingandtracking❑ Yes❑No
AdvertisementsmaycontaincookiesorbugsandPIImaybesharedbywebsiteoperatorwithadvertiser.
1.c.Thefollowingriskexists:Spam,Unsolicitedcommunications,Spywareandotherthreats❑ Yes❑No
Usersmayreceivespamorotherunsolicitedorfraudulentcommunicationfromathirdpartyasaresultoftheirinteractionswiththeagencyonthewebsite.Toavoidharm,usersshouldbewaryofrespondingtosuchcommunications.
1.d.Thefollowingriskexists:Accountsorpagesthatmisrepresentagencyauthorityoraffiliation❑ Yes❑No
Certainaccountsorpagesonthewebsitemaynotbeofficiallyauthorizedbyoraffiliatedwith,theagency,eveniftheyuseofficialinsigniaorotherwiseappeartorepresenttheagencyortheFederalGovernment.
Information Privacy and Security Council | PIA Form (rev. 2017) Page9of9
1.e.Thefollowingriskexists:ExternalLinksandembeddedthird-partyapplications❑ Yes❑No
Iftheagencypostsalinkthatleadstoathird-partywebsiteoranyotherlocationthatisnotpartofanofficialgovernmentdomain,agencyshouldprovidenoticetousertoexplainthatusersarebeingdirectedtoanongovernmentwebsitethatmayhavedifferentprivacypolicies(andrisks)fromthoseagency’sownofficialwebsite.
1.f.Thefollowingriskexists:Monitoringfuturerequirementsandfuturetechnology❑ Yes❑No
Agencyshouldestablishandmaintainprocedurestoidentify,evaluate,andaddressanynewadditionalprivacyrequirementsthatmayresultfromnewstatutes,regulationsorpolicies.
2. IftheanswerisYESto1a-1f,howwilltheagencymitigatethoserisks?IftheanswerisYESto1a,howwilltheagencymitigatethoserisks?
Describetechnical,managerial,andoperationalcontrolsinplacetoensurethatdataintegrityandprotectionismaintainedacrosssites.Alsodescribehowdatawillbekeptcurrentandconsistentbetweenlocations
3. Haveemployeesandcontractorsbeentrainedandinstructednottosolicitsensitiveinformationwheninteractingwithusersonbehalfoftheagency?
Describeanypotentialsituationwheredatacouldbeevaluateddifferently.Listthedataelementsthatmayimpactdisparatetreatment(i.e.race,gender,etc.)
4. Howdoestheuseofthistechnologyaffectindividuals’privacy?Isthedatamorevulnerabletoinadvertentorunintentionaldisplay?Doesitimprovetheprotectionoftheprivacydata?
4.a. Will this third-party website or applicationprovidethe capability to identify, locate, and monitorindividuals? If yes, explain.
Describetherationaleandprocessesforidentifying,locating,andmonitoringindividuals.Thiscanincludestreetaddress,e-mail,cellphone,aswellasGPSdataavailablewhileusingthird-partywebsiteorapplication.
4.b.Willthisthird-partywebsiteorapplicationprovidethecapabilitytoidentify,locate,andmonitorgroupsofpeople?Ifyes,explain.
Describetherationaleandprocessesforidentifying,locating,andmonitoringgroupsofindividuals.Thiscanincludestreetaddress,email,cellphone,aswellasGPSdata.
4.c.Whatcontrolswillbeusedtopreventunauthorizedmonitoring?Describemanagerial,technical,andoperationalcontrolsusedtomanagemonitoringactivities.
Whenyouhavecompletedallquestions,[email protected].