Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.1.2.3 Indicate the intended use <strong>of</strong> the information.<br />
Define the specific intended use <strong>of</strong> the collected information to<br />
ensure that the information is not being shared with other systems<br />
without a PIA first being performed on those secondary systems:<br />
• Identify all systems that will make use <strong>of</strong> the collected<br />
information to ensure that Privacy Assessment is performed<br />
for all <strong>of</strong> them.<br />
• Contact the system owners <strong>of</strong> secondary systems and inform<br />
them <strong>of</strong> the need to conduct a Privacy Assessment.<br />
2.1.2.4 Indicate with whom the information will be shared.<br />
Define the intended sharing <strong>of</strong> the collected information to ensure<br />
that the information is not being shared with other agencies without<br />
a PIA first being performed on the systems hosted by that secondary<br />
agency:<br />
• Identify all Agencies that will make use <strong>of</strong> the collected<br />
information to ensure that Privacy Assessment is performed<br />
on their systems.<br />
• Contact the Agency heads <strong>of</strong> alternate Agencies and inform<br />
them <strong>of</strong> the need to conduct a Privacy Assessment.<br />
2.1.2.5 Indicate what opportunities exist to decline consent to provide<br />
information.<br />
Individuals must be provided with the opportunity to decline to have<br />
their information stored within a system or to limit the uses <strong>of</strong> that<br />
data:<br />
• Ensure Privacy <strong>Policy</strong> documents indicate that consent to<br />
provide information can be removed at any time.<br />
2.1.2.6 Indicate how information will be secured.<br />
Specify both technical and non-technical controls that will be used to<br />
protect collected information:<br />
• Provide internal specifications indicating the exact controls<br />
that will be used to protect the data.<br />
• Provide external notifications indicating the generic controls<br />
that will be used to protect the data.<br />
2.1.2.7 Indicate if a system <strong>of</strong> records is maintained per the Privacy Act<br />
(USC 552a).<br />
Where records <strong>of</strong> different types are catalogued in any systemic<br />
manner the existence <strong>of</strong> that catalogue must be indicated to ensure<br />
that all records are equally protected and that a PIA has been<br />
performed for all linked systems:<br />
• A system <strong>of</strong> records catalogues multiple pieces <strong>of</strong> information<br />
such that access to the first can provide contiguous access to<br />
3