ApplicabilityThis part applies to all GSA Information Technology based (IT) systems of records that contain Personally Identifiable Information (PII). Systems of records are groups of records from which information is retrieved by a personal identifier such as name, Social Security Number (SSN), fingerprint, or other unique symbol. Since computer technology has made it possible to store, retrieve, and manipulate data quickly and efficiently, additional safeguards are needed to ensure that personal data contained in IT systems are protected from unauthorized and illegal use. Show
GSA IT Systems RequirementsThe following security requirements apply to the protection of PII. For additional information please reference:
IT Systems ResponsibilitiesThe following responsibilities are specific to GSA IT systems that contain Privacy Act information.
Applicable IT Legal and Regulatory RequirementsThe requirements of the Privacy Act afford individuals the right to privacy of records that are maintained in systems of records by federal agencies and incorporates the provisions of the Computer Matching and Privacy Protection Act of 1988 (Public Law 100-503), including the Computer Matching and Privacy Protection Amendments. Both of these address electronic sharing of information. The following laws and regulations establish the basic requirements for federal IT systems:
Last Reviewed: 2022-03-01 Which 1997 law provides guidance on the use of encryption?H.R. 695 - Security and Freedom Through Encryption (SAFE) Act105th Congress (1997-1998)
What is privacy in an information security context?Privacy is when an individual's personal information, habits, and other sensitive data are protected from public disclosure. For information security, it means a company's confidential material cannot be taken or accessed by the public or another company.
What is PCI DSS and why is it important for information security quizlet?PCI DSS is a widely accepted set of policies and procedures designed to protect cardholders from the misuse of payment information. It is important for information security because it sets the standard the acceptable information security that organizations adopt.
What is law and ethics in information security?ü Law and Ethics in Information Security. Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics, which define socially acceptable behaviors. The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not.
|