Hello everyone. It's Chris Stevens, the privacy ground man, and I'm back once again as the instructor for the InfoSec Institute's learning path, information privacy essentials for cybersecurity professionals. In this course, we're going to provide you with an introduction to several US Federal Government executive branch privacy related laws because they're important. Now, they're applicable or related to the US Federal Government's executive branch. Now it's interesting when I supported the legislative branch, I'd learned, and I didn't know this beforehand, that although Congress passes the laws, they don't have to follow those. I'm working with the US House of Representatives supporting really a quasi private sector company to where they could take from different global and US national best practices, incorporate those into their cybersecurity risk management and information assurance practices. I thoroughly enjoyed it. We want you to be familiar with these different laws because they're important to your understanding. You may be a cybersecurity professional and a privacy professional supporting one of the US Federal Government executive branch agencies so it's important to understand what those privacy requirements are. Now we're going to talk about the Privacy Act of 1974. We're going to talk about the Computer Matching and Privacy Protection Act in 1988 that amends the Privacy Act. Then we'll conclude with our discussion on the E-Government Act of 2002, really specifically focusing on a Section 208b, which provides privacy related guidance to executive branch agencies. Now, just because you're in the private sector doesn't mean you can't look to these laws themselves and take from them what's applicable to your organization. I do that. You can find best-practices anywhere, you just have to look for them. Then they have to make sense for your organization so as I've stated before, so that we can always show due care and due diligence every time we process an individual's personal identifiable information, personal data, personal information, or however is defined jurisdictionally. Again, these are the three laws. The Privacy Act of 1974 is important. It was in 1973 that the Secretary of the former Health, Education and Welfare Department, we know that today as US Department of Health and Human Services, created an advisory committee to look at just how the US Federal Government executive branch agencies had stored legal permanent residents and American citizens' data and records. We saw the broader use of computer technology and the information technology to collect this information from American citizens, legal permanent residents, and then they store those into records. The advisory committee determined that the US Federal Government executive branch agencies, some had engaged in questionable practices. It's findings well, was that they were maintaining secret dossiers on individuals without their consent. Individuals, American citizens and legal permanent residents didn't know what data was being collected from them, how that information was being used. They had no way of accessing and correcting any information, amending it. The government agencies themselves didn't have a way of indicating or determining where there were instances of misuse. They had no way of relying or determining the accuracy and reliability of the data, personally identifiable information collected from American citizens and legal permanent residents. My apologies. It was that from that in 1974 that Congress quickly enacted the Privacy Act of 1974 based on the first US Code of Fair Information Practices. We're going to talk about that in greater detail a little later in this video. We started seeing, like I said before, technology always help paces the law. If we think about the Privacy Act of 1974, we were in a file cabinet type environment. It was more paper based but as we started to see government agencies themselves transition from that type of paper-based environment to an electronic environment, we had to update the Privacy Act for that reason. We have the Computer Matching and Privacy Protection Act of 1988, gets established guidelines for our agencies, and sales could use an individual's personal information. Using that matching different databases, whether we're talking about US Federal Government, or US none federal government entities like with the states, as it related to determine if individuals were qualified for certain benefits and services or making a determination if they were no longer or were not been favorable for that. What happens is the Computer Matching and Privacy Protection Act of 1998 establish those requirements on how federal government agencies in the executive branch can engage in those practices. It also gave broader privacy protections to American citizens and legal permanent residents. Fast forward to 2002 that again, we had the enactment of the E-Government Act of 2002 that really accounted for changes and advances made in information technology database and ensure that the US Federal Government itself was open in his privacy practices. That again, with respecting the rights and freedoms of American citizens and legal permanent residents. We're going to talk about that in greater detail. We're specifically going to focus on Section 208 of the Act because it's the section itself that really talks about establishing and developing privacy policies, privacy notices and also when and how federal government agencies can conduct privacy impact assessments. Now, that concludes this discussion. We're going to talk about those three important laws. I hope that you're excited just like I am to have this discussion. I hope you, your family members, and significant others are safe and well wherever you are on this earth of ours. My name is Chris Stevens, as always it's pleasure to be your instructor. I hope you have a wonderful day. Stay safe, and take care.
