PM-27 Privacy Reporting
a. Develop pm-27_odp.01 and disseminate to:
1. pm-27_odp.02 to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and
2. pm-27_odp.03 and other personnel with responsibility for monitoring privacy program compliance; and
b. Review and update privacy reports pm-27_odp.04.
Through internal and external reporting, organizations promote accountability and transparency in organizational privacy operations. Reporting can also help organizations to determine progress in meeting privacy compliance requirements and privacy controls, compare performance across the federal government, discover vulnerabilities, identify gaps in policy and implementation, and identify models for success. For federal agencies, privacy reports include annual senior agency official for privacy reports to OMB, reports to Congress required by Implementing Regulations of the 9/11 Commission Act, and other public reports required by law, regulation, or policy, including internal policies of organizations. The senior agency official for privacy consults with legal counsel, where appropriate, to ensure that organizations meet all applicable privacy reporting requirements.
- FISMA Federal Information Security Modernization Act (P.L. 113-283), December 2014.
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- OMB A-108 Office of Management and Budget Memorandum Circular A-108, *Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act* , December 2016.