Thursday, January 20, 2011
Multiple actions from the Administration have led to a renewed emphasis on protecting information about individual citizens. Although the current activity centers on incentives for consumers, government managers will also be impacted and need to be aware

The Administration has recently built on two recent policy papers with a related action in stepping up the attention to privacy – all of which have energized privacy-minded leaders.  The first paper, a “Preliminary Staff Report” from the Federal Trade Commission (FTC) (http://www.ftc.gov/os/2010/12/101201privacyreport.pdf), raised questions about whether self-regulation of privacy and data protection is sufficient; despite several prominent laws intended to protect data in key parts of our economic, (including the Privacy Act for Government), the U.S. is one of the few nations without a national privacy statute to provide protections.  The FTC also notably proposed a “Do Not Track” list, that would allow consumers to prevent online businesses from tracking their web behavior much like  the FTC’s “Do Not Call” list creates protection from telemarketers by phone.   Finally, the paper promoted building privacy into systems and processes up front (“Privacy by Design”), and advocated greater transparency through privacy notices that are easier to find, read, and understand.

The second release, a “Green Paper” from the Department of Commerce entitled “Commercial Data Privacy and Innovation in the Internet Economy”

(http://www.ntia.doc.gov/reports/2010/IPTF_Privacy_GreenPaper_12162010.pdf), focuses more on building off existing self-regulatory approaches, but also proposes establishment of a baseline framework for privacy regulation in parts of the economy that are not covered by sectoral statutes.  It prominently recommends the establishment of a Privacy Policy Office (PPO) at Commerce to lead and coordinate the Administration’s efforts.  While the Office of Management and Budget has statutory oversight of Federal privacy  activities under the Privacy Act and related laws, OMB has not taken an active leadership role over the past decade. 

Both papers are out for comment, with a deadline of Jan 28 for Commerce and Jan 1 for the FTC. 

At the same time, the Administration’s June 2010 draft of the “National Strategy for Securing Online Transactions in Cyberspace” (NSTIC) (http://www.dhs.gov/xlibrary/assets/ns_tic.pdf) made privacy a key element of a recommended framework for securing online activity with government and industry.  This has recently led to the announcement by Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt of a “National Program Office” at Commerce to coordinate NSTIC and related activities (http://www.commerce.gov/news/press-releases/2011/01/07/us-commerce-secretary-gary-locke-white-house-cybersecurity-coordinato), which would address several goals of the PPO proposed in the Commerce Green Paper.

All of this focus affects government managers in several ways:

  • Consumers in the private sector are also citizens who receive Government services.  Most will expect protections in their online lives that emerge from the above activities to be at least as strong in their interactions with Federal Agencies – in fact, the likely demand will continue to be stronger protections from Government, given the historical mistrust of government intrusion into private lives.  So actions and standards resulting from the FTC and Commerce efforts will flow into government information policy as well.
  • The Administration and the Congress are likely to increase focus, not decrease it.  The recently-announced appointments to the Privacy and Civil Liberties Oversight Board is likely to result in that body’s finally being re-established to assess and make recommendation about protecting privacy and civil liberties as they relates to the fight against terrorism.  Meanwhile, the new Republican Majority in the House of Representatives will be engaged in wide-ranging oversight that will no doubt include attention to whether the Administration is doing enough on privacy.
  • “One Breach Away”.  Similar to the argument that one massive cybersecurity incident will lead to a major legislative and agency activity, one large-scale release of personal information by an agency – something on the scale of wikileaks, which in addition to the international news has led to OMB policy and agency actions across the Board – would reprioritize privacy to the top of many agency’s priority list.

So stay tuned, be aware, and be ready for privacy to take a driver’s seat in the 2011 issues race.