1 / 10

“The Need for Government-Wide Privacy Policy”

“The Need for Government-Wide Privacy Policy”. Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP DHS Privacy Advisory Committee April 6, 2004. Overview. Observations from my time as Chief Counselor for Privacy in OMB, 1999 to early 2001

sfleet
Download Presentation

“The Need for Government-Wide Privacy Policy”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “The Need for Government-Wide Privacy Policy” Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP DHS Privacy Advisory Committee April 6, 2004

  2. Overview • Observations from my time as Chief Counselor for Privacy in OMB, 1999 to early 2001 • How to build privacy in a world of information sharing? • Create institutions for appropriate privacy protection • Improving the agency CPO law from 12/04 • Implementing the Privacy & Civil Liberties Oversight Board from 12/04 intelligence reform bill

  3. Appropriate Institutions • Much policy debate is on the substantive rules for privacy, such as types of notice and choice • As the Privacy Advisory Board, you can also advise on the institutions that will build appropriate privacy into government action • Look for specific recommendations that will improve the institutional response

  4. Agency CPOs Can Help • Nuala Kelly’s actions, including creation of this advisory committee, show the effects of an agency CPO office • 12/04 appropriations bill required a CPO for each federal agency • A positive development, especially for agencies with substantial privacy issues

  5. Rep. Davis Criticism of CPOs • Chairman Tom Davis has criticized the law, and stated that the CPO functions should be placed under the CIO • He says this will promote unified responsibility/accountability over information flows • Based on my government experience, I strongly disagree with having CIOs supervise these issues

  6. CIOs Not the Right Answer • 1999 process for federal Web privacy policies • We included one CIO on the committee, and her contributions were very helpful • Overwhelmingly, we faced policy issues rather than technical issues • What to say in notices • Which types of sites should have notices • Many CIOs do not feel comfortable or expert at making those policy choices – they look for leadership from policy experts

  7. Flaws in the CPO Statute • Some bad drafting, and too large an emphasis on expensive outside audits of agency privacy activities • More importantly, the law uses a “silo” approach, with privacy policy only agency-by-agency • That’s a very bad match with modern information sharing, which emphasizes multi-agency, multi-function systems • How produce good government-wide policy?

  8. White House Privacy Policy • Intelligence Reform bill established 5 person “Privacy and Civil Liberties Board” • In the Executive Office of the President, and can thus address multi-agency issues • Limited to intelligence-related issues, so not a full answer to the need for coordination of privacy policy across agencies

  9. Privacy & Civil Liberties Board • Board was an explicit part of the legislative package • Get new info-sharing for intelligence • Have the Board as effective watchdog • Today, no appointees or staff for the Board • My proposal to you: no contracts for the information sharing systems until the Board is in place

  10. Conclusions • The Advisory Committee should consider what institutions will improve privacy policy • Agency CPOs are good, but we should not make agency-by-agency privacy policy when the information systems are multi-agency • Don’t make the mistake that privacy is a technical issue that should be managed only by CIOs • Do insist that the Privacy & Civil Liberties Board be implemented, as a pre-requisite to information sharing • Build government-wide privacy policy, to achieve national security as well as privacy and civil liberties

More Related