{"id":1786,"date":"2024-08-06T18:34:41","date_gmt":"2024-08-06T18:34:41","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1786"},"modified":"2025-02-12T18:56:41","modified_gmt":"2025-02-12T18:56:41","slug":"ra-8-privacy-impact-assessments","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/risk-assessment-ra\/ra-8-privacy-impact-assessments\/","title":{"rendered":"RA-8: Privacy Impact Assessments"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">RA-8: Privacy Impact Assessments<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline: &nbsp;<\/strong>Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Not Required by DIR or TAMUS (Discretionary)<\/strong>&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: \u00a0<\/strong>02\/12\/2025<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resource owners and\/or custodians, in coordination with the Tarleton State University (Tarleton) Chief Information Security Officer (CISO), are responsible for ensuring that privacy impact assessments for any applicable systems, programs, or other activities are conducted before:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Developing or procuring information technology that processes personally identifiable information (PII); and&nbsp;<\/li>\n\n\n\n<li>Initiating a new collection of PII that:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Will be processed using information technology; and&nbsp;<\/li>\n\n\n\n<li>Includes PII permitting the physical or virtual (online) contacting of a specific individual, if identical questions have been posed to, or identical reporting requirements imposed on, ten or more individuals, other than agencies, instrumentalities, or employees of the federal government.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Third-party security and privacy documentation, like a vendor\u2019s provided <a href=\"https:\/\/www.educause.edu\/higher-education-community-vendor-assessment-toolkit\" data-type=\"link\" data-id=\"https:\/\/www.educause.edu\/higher-education-community-vendor-assessment-toolkit\" target=\"_blank\" rel=\"noreferrer noopener\">Higher Education Community Vendor Assessment Toolkit (HECVAT)<\/a>, can be important documentation for the Tarleton CISO and\/or Office of Innovative Technology Solutions (OITS) &#8211; Security Team to review during the software and\/or information resource procurement process to assist in reviewing the protections the third-party software has in place to protect PII.\u00a0<\/li>\n\n\n\n<li>Ensure compliance with any applicable <a href=\"https:\/\/www2.ed.gov\/ferpa\" target=\"_blank\" rel=\"noreferrer noopener\">Family Educational Rights and Privacy Act (FERPA)<\/a> privacy requirements for information resources in coordination with the Tarleton State University (Tarleton) Office of the Registrar, as applicable. &nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.congress.gov\/107\/plaws\/publ347\/PLAW-107publ347.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">EGOV<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.whitehouse.gov\/sites\/whitehouse.gov\/files\/omb\/circulars\/A130\/a130revised.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">OMB A-130<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.whitehouse.gov\/sites\/whitehouse.gov\/files\/omb\/memoranda\/2003\/m03_22.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">OMB M-03-22<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www2.ed.gov\/ferpa\" target=\"_blank\" rel=\"noreferrer noopener\">FERPA<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/library.educause.edu\/resources\/2020\/4\/higher-education-community-vendor-assessment-toolkit\" target=\"_blank\" rel=\"noreferrer noopener\">HECVAT<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RA-8: Privacy Impact Assessments Privacy Baseline: &nbsp;Yes&nbsp; Not Required by DIR or TAMUS (Discretionary)&nbsp; Review Date: \u00a002\/12\/2025 References\/Additional Resources EGOV&nbsp; OMB A-130&nbsp; OMB M-03-22&nbsp; FERPA&nbsp; HECVAT&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1510,"menu_order":9,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1786","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 1 year ago"},"absolute_dates":{"created":"Posted on August 6, 2024","modified":"Updated on February 12, 2025"},"absolute_dates_time":{"created":"Posted on August 6, 2024 6:34 pm","modified":"Updated on February 12, 2025 6:56 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1786"}],"version-history":[{"count":1,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1786\/revisions"}],"predecessor-version":[{"id":2648,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1786\/revisions\/2648"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1510"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}