GPO Privacy Program
1. Purpose. The GPO Privacy Program establishes a framework for the protection of personally identifiable information (PII) at the U.S. Government Publishing Office. Appropriate measures are established to protect PII from unauthorized use, access, disclosure, or sharing and to protect related information systems from unauthorized access, modification, disruption, or destruction.
2. Authority. GPO Directive 825.41A: Privacy Program: Protection of Personally Identifiable Information (PII) establishes the GPO Privacy Program in compliance with Federal regulations (as best practices), and other GPO policies that provide direction and guidance concerning security planning. References to various laws, regulations, directives, and other policy and procedure guidance applicable to privacy and IT security are provided below as informative (non-required) references.
3. References. GPO Directive 825.41A: Privacy Program: Protection of Personally Identifiable Information (PII) incorporates by reference all the provisions of GPO Directive 825.33B, Subject: Information Technology (IT) Security Program Statement of Policy, and its appendices, dated May 24, 2011, and any amendments thereto. In addition, specific reference is made to OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, dated May 22, 2007, and National Institute of Standards and Technology Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Final), dated April 2013. Additional references are made to NIST Special Publication 800-53 Revision 4 "Security and Privacy Controls for Federal Information Systems and Organizations" Appendix J, Privacy Control Catalog dated April 30, 2013, any subsequent revisions to those documents and GPO Directive 840.7A, Subject: GPO Comprehensive Records Schedule 2014, issued September 2, 2014, and any amendments thereto.
4. Policy. The U.S. GPO will protect the confidentiality of PII consistent with best practices to insure that it is not subject to unauthorized use, access, disclosure, or sharing. These efforts extend to related information systems so that they also will not be subject to unauthorized access, modification, disruption, or destruction. Individuals may, in the regular course of agency activities, disclose employee names, work telephone numbers, work email addresses, other business-related identifying information, and other PII that is otherwise permitted to be made public by law or regulation. Information Security establishes requirements for the maintenance and security of Personally Identifiable Information (PII) maintained on agency information technology (IT) systems. The Information Security Division provides guidance and resources to help users understand these requirements and how they are implemented in the U.S. Government Publishing Office business units.
Continuity of Operations Programs (COOP)
GPO Privacy Program
Privacy Program Information Line
202.512.2205 Antonio F. David Workman, CIPP/G, CIPP/IT
GPO Privacy Program Manager