- Radio hour
- About us
To commemorate Data Privacy Day, this blog post addresses the Privacy Controls; the first addressed the Information Sharing Strategy (http://www.businessofgovernment.org/blog/business-government/information...); and a third will discuss the necessary linkages between the two.
Data Privacy Day (http://www.staysafeonline.org/data-privacy-day/about), which as the National Cybersecurity Alliance describes is “an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority.” As I have written previously, government has a critical role to play in bringing strong privacy protections to the online world, and especially where sharing information is key to government missions. Accordingly, today seems an opportune time to review the Federal CIO Council’s (www.cio.gov) December release on making privacy more consistent across agencies, “Recommendations for Standardized Implementation of Digital Privacy Controls.” https://cio.gov/wp-content/uploads/downloads/2012/12/Standardized_Digital_Privacy_Controls.pdf).
This document carries out a key recommendation of the Administration’s “Digital Government Strategy” (http://www.whitehouse.gov/sites/default/files/omb/egov/digital-government/digital-government.html), issued in May 2012, which calls upon the CIO Council, to work with the National Institute of Standards and Technology (NIST) (www.nist.gov) and the National Archives and Records Administration (www.nara.gov) on guidelines that help agencies to protect privacy online. The document cites three key controls that agencies can leverage in this regard:
The document also notes the importance of early consideration of privacy impacts as new digital technologies are developed, including mobile and consumer applications that agencies will increasingly leverage over time. These technologies provide great benefit to users, and the risk management approach cited by the document adapts NIST guidance to cybersecurity into a privacy setting – so that agencies can properly integrate privacy protections into their design of digital programs that serve the public (last year NIST has recently issued a draft appendix to a primary cybsecurity publication to implement this principle, http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf.
The steps that the CIO Council recommends provide a solid foundation for agencies who use digital technologies across a variety of activities, including those devoted to information sharing. Stay tuned for part 3, which will address important linkages and potential next steps in this arena.
** Image courtesy of twobee / FreeDigitalPhotos.net