FORT BELVOIR, Va. –
A new tool that helps the Defense Logistics Agency comply with privacy laws and regulations governing personally identifiable information is being highlighted across the federal government as it celebrates Data Privacy Week Jan. 24-28.
The DLA Privacy Compliance Application is a software application designed to help the agency monitor which of its nearly 400 information technology systems contain PII. It also streamlines the completion of compliance documentation and privacy assessments.
Jennifer Nikolaisen, a senior privacy officer for DLA Information Operations, will demonstrate the app Jan. 26 during the Federal Privacy Summit. She calls it the new platinum standard for accomplishing privacy compliance and has demonstrated the tool for the IRS, Defense Health Agency and Federal Communications Commission among others.
“We’ve had a lot of agencies respond to this capability with their mouths hanging wide open in surprise that we’ve come up with this,” she said.
Privacy compliance is such a niche field, she added, that most organizations don’t have resources or time to spend on making processes easier.
System or program managers using the tool go through a series of prompted questions that determine whether PII is included in their systems. That PII could belong to anyone who works for or with DLA, from its worldwide employees and military customers to contractors or other federal agencies that use DLA services.
Documentation on whether PII exists in a particular system is then automatically sent to an information systems security manager who provides a digital signature agreeing that PII is or isn’t included. If PII is included, the app forwards the package to the privacy office for further assessment.
“This eliminates the back-and-forth exchange of emails and documents that we had before, which can be particularly cumbersome when you’re already getting hundreds of emails a day or there’s a vacant position.”
The app includes a customizable dashboard that tells users which tasks await their attention and alerts them when existing documentation is about to expire. Users can also generate data-specific reports.
“You can run a report on dates of birth, for example, to find out exactly how many dates of birth appear and in how many systems,” Nikolaisen said, adding that results can also include who the information is being shared with and how it enters DLA systems. “We can also see how long it takes a particular process to get through the workflow.”
Nikolaisen said DLA is committed to protecting PII and maintaining the trust of those it supports.
Data Privacy Week commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection, according to the Federal Privacy Council. Jan. 28 has been designated as National Data Privacy Day in the United States since 2009. The campaign was expanded this year to Data Privacy Week with the goal of educating individuals and businesses about the importance of online privacy.