President Barack Obama’s U.S. Digital Service team recently released its “playbook”
that collected successful digital systems best practices from the private sector and government.
The Digital Service team’s goal is to ease some of the burdens of digital services and technology management for government entities. The playbook consists of 13 plays and Play 11 focuses on how to “manage security and privacy through reusable processes.” Some of the team’s tips include knowing how information is collected, secured, used and shared. This can be accomplished through testing and certification procedures to seek out vulnerabilities.
The privacy and security portion of the playbook also provides a checklist for organizations to use as a baseline when working with a privacy specialist.
- Contact the appropriate privacy or legal officer of the department or agency to determine whether a System of Records Notice (SORN), Privacy Impact Assessment, or other review should be conducted
- Determine, in consultation with a records officer, what data is collected and why, how it is used or shared, how it is stored and secured, and how long it is kept
- Consider whether the user should be able to access, delete, or remove their information from the service
- “Pre-certify” the hosting infrastructure used for the project using FedRAMP
- Use deployment scripts to ensure configuration of production environment remains consistent and controllable
And the Digital Service team also said organizations to pose certain questions related to digital privacy and security questions, including how much information is required to perform a specific task or whether patient data will be shared with others.
Read the full U.S. Digital Services Playbook here