The USG Office of Information Security & ePrivacy (IS&EP) is dedicated to promoting and protecting the privacy rights of its constituents. Its mission is to identify constituent problems in the privacy area and encourage the development of fair information practices.
IS&EP is thoroughly knowledgeable with privacy statutes and regulations. IS&EP takes a broader view, going beyond compliance issues to consider the technical, operational, social, and ethical implications of designs and processes. IS&EP works with USG institutions to establish and maintain high-standard privacy programs that:
* Comply with the letter and spirit of privacy laws and regulations
* Build trust and respect among constituents
* Facilitate appropriate sharing of personally identifiable information (PII)
* Reduce threats to PII, e.g., identity theft and insider threat
* Align with mission objectives
* Plan and execute strategically
To improve privacy protection and compliance, USG ePrivacy activities include:
* Establish new privacy programs and strategies
* Improve existing privacy programs and strategies. Assess programs and develop plans to address gaps
* Meet compliance and reporting requirements, e.g. FISMA.
* Address operational privacy issues, e.g., identity theft, privacy incident response, protecting privacy while sharing data, social networking, cloud computing.
* Integrate privacy into the systems development life cycle through activities such as developing system privacy requirements, addressing privacy in systems development documentation and performing privacy testing.
* Security/Privacy [awareness and training](http://www.usg.edu/infosec-v4/outreach/)
IS&EP’s privacy work leverages its’ expertise in information security and risk management. In particular, IS&EP’s appreciation of the interrelated but distinct requirements of privacy and security enables a focus on synergy rather than tradeoffs.