Enclosure (1) to COMDTINST 5260.4A
5.3.2
Describe how the information is transmitted to entities external to DHS and whether it is
transmitted electronically, by paper, or some other means.
5.3.3
Describe how the information arrives from entities external to DHS and whether it is
transmitted electronically, by paper, or some other means.
5.4
Is a Memorandum of Understanding (MOU), contract, or agreement in place with any
external organization(s) with whom information is shared, and does the MOU reflect
the scope of the information currently shared?
5.4.1
If an MOU is not in place, is the sharing covered by a routine use in the System of
Records Notice? If not, explain the steps being taken to address this omission.
5.5
How is the shared information secured by the recipient?
5.5.1
For each interface with a system outside DHS:
5.5.1.1 Identify and list who is responsible for assuring the security and privacy of the data once
it is shared; and if possible, include a reference to and quotation from any MOU, contract,
or other agreement that defines the parameters of the sharing agreement.
5.5.1.2 Explain whether the external system has a certification & accreditation (C & A) under
FISMA or other relevant computer security standards. If the external system has not
completed C & A, how have the external system's security issues been addressed to
ensure the privacy and security of the information once it is shared?
5.6
What type of training is required for users from agencies outside DHS prior to
receiving access to the information?
Privacy Impact Analysis: Given the external sharing, what privacy risks were identified and
describe how they were mitigated. For example, if a decision was made to limit external sharing,
include such a discussion.
Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information
collected, the right to consent to uses of said information, and the right to decline to provide
information.
6.1
Was notice provided to the individual prior to the collection of information? If yes,
please provide a copy of the notice. A notice may include a posted privacy policy, a
Privacy Act notice on forms, or a System of Records Notice published in the Federal
Register Notice. If notice was not provided, explain why not.
6.1.1
Question 6.1 is directed at the notice provided prior to collection of the information. This
refers to whether the person is aware that his or her information is being collected.
15
Previous Page
