U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Date Issued
September 13, 2018
OIG Component Office
Develop and implement a process to inventory all agency PII holdings not less than annually.
Program Office
Office of Administration
Questioned Costs
Better Funds Use
Publication Report Number

Related Recommendations

Recomendation Status Date Issued Summary
2018-OE-0001-01 Closed September 13, 2018 Ensure the privacy program is staffed with experienced personnel (such as a Chief Privacy Officer) to manage the operational aspects of the program.
2018-OE-0001-02 Closed September 13, 2018 Issue a notice at the Secretary level delegating and clarifying the authority and responsibilities of the SAOP and Privacy Office
2018-OE-0001-03 Closed September 13, 2018 A. Document the roles and specific responsibilities of all positions assigned privacy responsibilities. B. Communicate these responsibilities on a recurring basis, at least annually, to individuals holding these positions.
2018-OE-0001-04 Open September 13, 2018 Implement thorough human capital processes to ensure execution of the HUD privacy program and all its requirements
2018-OE-0001-05 Closed September 13, 2018 Finalize and approve the draft privacy program strategic plan
2018-OE-0001-06 Closed September 13, 2018 Ensure the privacy program is integrated with the enterprise risk program and that privacy risks are incorporated into the agency risk management process
2018-OE-0001-07 Closed September 13, 2018 Establish an executive leadership dashboard to communicate continuous monitoring of key program risks and issues
2018-OE-0001-08 Closed September 13, 2018 A. Develop an internal privacy program communication plan to describe how privacy issues will be disseminated and best practices will be shared. B. Implement the communication plan
2018-OE-0001-09 Closed September 13, 2018 Develop a dedicated budget to address Privacy Office training needs and initiatives
2018-OE-0001-10 Closed September 13, 2018 Update all privacy guidance to reflect current Federal requirements and processes.
2018-OE-0001-11 Closed September 13, 2018 Implement a formal process for the Privacy Office to issue and communicate privacy guidance, requirements, and deadlines.
2018-OE-0001-12 Closed September 13, 2018 Update and continue to maintain a central collaboration area to include all current privacy program policies, procedures, and guidance
2018-OE-0001-13 Closed September 13, 2018 Establish standard processes to ensure consistent work flow and communications between program office and Privacy Office personnel
2018-OE-0001-14 Open September 13, 2018 Ensure role-based privacy training is provided to all personnel with privacy responsibilities
2018-OE-0001-15 Open September 13, 2018 Ensure privacy awareness training is provided to all contractor and third party personnel
2018-OE-0001-16 Closed September 13, 2018 Provide personnel tasked with handling Privacy Act requests with recurring training on Privacy Act exceptions
2018-OE-0001-17 Closed September 13, 2018 Establish documentation procedures for accounting of disclosures made under the Privacy Act, as required by 5 USC 552a(c)
2018-OE-0001-18 Closed September 13, 2018 Establish an annual computer matching activity reporting process to meet the requirements of OMB Circular A-108
2018-OE-0001-19 Closed September 13, 2018 Determine if general support system privacy threshold assessments or privacy impact assessments should be completed; if not, document the rationale
2018-OE-0001-20 Open September 13, 2018 Develop the technical capability to identify, inventory, and monitor the existence of PII within the HUD environment
2018-OE-0001-22 Closed September 13, 2018 Renew the PII minimization effort, to include a prioritization by the SAOP of specific minimization initiatives
2018-OE-0001-23 Closed September 13, 2018 Require all system owners to review the records retention practices for each information system and take any corrective actions necessary to ensure adherence to the applicable records retention schedule
2018-OE-0001-24 Closed September 13, 2018 A. Issue a clean desk policy prohibiting unattended and unsecured sensitive data in workplaces. B. Implement procedures to enforce the clean desk policy.