AT-03(05) Processing Personally Identifiable Information

Provide at-03.05_odp.01 with initial and at-03.05_odp.02 training in the employment and operation of personally identifiable information processing and transparency controls.

Parameter ID Definition
at-03.05_odp.01 personnel or roles
at-03.05_odp.02 frequency

Baselines

Guidance

Personally identifiable information processing and transparency controls include the organization’s authority to process personally identifiable information and personally identifiable information processing purposes. Role-based training for federal agencies addresses the types of information that may constitute personally identifiable information and the risks, considerations, and obligations associated with its processing. Such training also considers the authority to process personally identifiable information documented in privacy policies and notices, system of records notices, computer matching agreements and notices, privacy impact assessments, [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) statements, contracts, information sharing agreements, memoranda of understanding, and/or other documentation.

Related controls 4