FDIC Information Security and Privacy Strategic Plan: 2018-2021: Theme 1 – Privacy
The FDIC ISP SP’s goals build upon a foundation of three cross-cutting themes interwoven through all three strategic goals.
Theme 1 – Privacy
Privacy is critical to the FDIC due to the Personally Identifiable Information (PII) it collects through receivership, examination, and other business activities. Protection of PII is represented across many of the objectives within the ISP SP. Privacy must also address risks beyond those of information security. This includes ensuring transparency of types and uses for PII that is collected, as well as specific disclosure, access, and notice requirements that may be different than that of non-PII. As such, privacy requirements must also be discrete considerations when designing, developing, and acquiring systems or services that may store or process PII.
2 The FIPPs are a collection of widely accepted principles that agencies should use when evaluating systems, processes, programs, and activities that affect individual privacy. The FIPPs are not OMB requirements; rather they are principles that should be applied by each agency according to the agency's particular mission and privacy program requirements. The Federal government’s most recent articulation of the FIPPs is contained in the revised OMB Circular A-130 announced July 27, 2016. They are as follows: Access and Amendment, Accountability, Authority, Minimization, Quality and Integrity, Individual Participation, Purpose Specification and Use Limitation, Security, and Transparency.