Enclosure (1) to COMDTINST 5260.4A
7.4
If no redress is provided, what alternatives are available to the individual?
7.4.1
Redress is the process by which an individual gains access to his/her records and seeks
corrections or amendments to those records. Redress may be provided through the
Privacy Act and/or Freedom of Information Act (FOIA).
Privacy Impact Analysis: Given the access and other procedural rights provided for in the
Privacy Act of 1974 as well as in the Freedom of Information Act, what procedural rights are
provided and, if access, correction, and redress rights are not provided, please explain why not.
Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
8.1
Which user group(s) will have access to the system?
8.1.1
Identify and list the types of users. For example: managers, system administrators,
contractors, and developers may have access to the system.
8.1.2
Identify users from other agencies that may have access to the system and under what
roles do these individuals have access to the system.
8.2
Will contractors to DHS have access to the system?
8.2.1
If so, please submit a copy of the contract describing their role to the Privacy Office with
this PIA.
8.3
Does the system use "roles" to assign privileges to users of the system?
8.3.1
Describe the different roles in general terms that have been created to provide access to
the system. For example, certain users may have "read-only" access while others may be
able to make certain amendments or changes to the information.
8.4
What procedures are in place to determine which users may access the system and
are they documented?
8.5
How are the actual assignments of roles and rules verified according to established
security and auditing procedures?
8.5.1
For example, when an employee no longer works for the organization or in a specific job
function, there is a set procedure for removing access in timely.
8.6
What auditing measures and technical safeguards are in place to prevent misuse of
data?
8.7
Describe what privacy training is provided to users either generally or specifically
relevant to the program or system?
17
Previous Page
