ITS provides a privacy framework for the State of Idaho that strengthens Idaho’s cybersecurity posture, mitigates risk, and incorporates both legal and ethical obligations for protecting citizen data.
Service Includes
- Point of contact for privacy guidance, consultation, and training related to completion of agency Privacy Impact Assessments (PIA) for Personally Identifiable Information (PII) embedded programs or systems
- Assist with remediating technology-related privacy issues
- Assistance with developing agency-level policies and procedures for business practices related to PII use, collection, maintenance, and sharing pursuant to state and federal requirements
Prerequisites
- Agency understanding of the data collected, used, stored, and/or transmitted for business objectives
What Is Excluded
While we are dedicated to comprehensive support, there are certain exclusions:
- Performing formal auditing functions
- Ownership of agency PIAs, policies, and procedures
Customer Responsibility
We believe in a collaborative partnership where both parties share responsibilities. Customers are expected to:
- Designate a Privacy Point of Contact (PPOC) and all other policy directives pursuant to ITA Policy P4150 – Privacy Policy, in addition to the additional policies, standards, and guidelines set by the Idaho Technology Authority (ITA)
- Maintain agency-level policy and process documentation
- Classify information and information systems to support the assignment of appropriate security and privacy controls in accordance with ITA Policy P4130 – Information Systems Classification Policy
- Coordinate with the state Chief Information Security Officer, Chief Privacy Officer, and Chief Compliance Officer as appropriate for matters such as incident response, threat mitigation, and changes that may affect how data is collected, used, stored, and protected
To request services, complete the Contact Us form and select ‘Privacy/Ada Services’ from the menu.
