From: Carter, Kerey (CDC/OCOO/OCIO/OCISO)
Sent:
Thursday, August 24, 2017 5:08 PM
To: Chen-Bowers, Naomi
E. (CDC/OD/OADP) <[email protected]>
Cc:
Ross, Melanie R. (CDC/OD/OADP) <[email protected]>;
Wheaton, Jocelyn (CDC/OD/OADP) <[email protected]>
Subject:
RE: Privacy Act Determination
Hello Naomi. Thanks for providing the ChangeLabs workplan, supporting statements, interview guide, and advance notice email. I reviewed the documents, and my feedback are below:
At CDC, we follow OMB’s definition of PII (below), but business contact information (such as name associated with work/office email, address, and phone number) is not considered confidential and does not require the same level of protection as other PII. The Privacy Act applies if records are retrieved by a personal identifier. Based on the descriptions in SS Part A that all participants will be responding in their official capacities and that information in identifiable form (IIF) will only include business contact information for each respondent (i.e., name, telephone number, and email address), there should not be a Privacy Act system of records here. In reviewing the Attachment 3 (Interview Guide), the interview questions do not collect PII.
Personally Identifiable Information (PII). Per the Office of Management and Budget (OMB) Circular A-130, “PII is information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.” Examples of PII include, but are not limited to the following: social
security number, date and place of birth, mother‘s maiden name, biometric records, etc.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Chen-Bowers, Naomi E. (CDC/OD/OADP) |
| File Modified | 0000-00-00 |
| File Created | 2021-01-21 |