PM-19

Requirement

Appoint a senior agency official for privacy with the authority, mission, accountability, and resources to coordinate, develop, and implement, applicable privacy requirements and manage privacy risks through the organization-wide privacy program.

Discussion

The privacy officer is an organizational official. For federal agencies as defined by applicable laws, executive orders, directives, regulations, policies, standards, and guidelines this official is designated as the senior agency official for privacy. Organizations may also refer to this official as the chief privacy officer. The senior agency official for privacy also has roles on the data management board (see PM-23) and the data integrity board (see PM-24).

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Privacy program documents, including policies, procedures, plans, and reports; public privacy notices, including Federal Register notices; privacy impact assessments; privacy risk assessments; Privacy Act statements; system of records notices; computer matching agreements and notices; contracts, information sharing agreements, and memoranda of understanding; governing requirements, including laws, executive orders, regulations, standards, and guidance; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with privacy program planning and plan implementation responsibilities; organizational personnel with privacy responsibilities; senior agency official for privacy; privacy officials].

ID	Assessment Objectives
PM-19[02]	the senior agency official for privacy coordinates applicable privacy requirements;
PM-19[03]	the senior agency official for privacy develops applicable privacy requirements;
PM-19[04]	the senior agency official for privacy implements applicable privacy requirements;
PM-19[05]	the senior agency official for privacy manages privacy risks through the organization-wide privacy program.
PM-19[01]	a senior agency official for privacy with authority, mission, accountability, and resources is appointed;

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!