Mind your own business

The best way to safeguard personal information? Don't collect it.

The concept of "data minimization" might be easier to understand if you think about it in terms of dieting: You still eat the food you need, but you avoid consuming extra calories you'll have to burn off later.

Government, like many organizations, is a profligate eater of personal information, said John Sabo, a former fed who is now manager of security, privacy and trust initiatives at Computer Associates International.

The Web's ubiquity has "created a culture where we collect everything and then park it and attempt to make use of it later," Sabo said.

That would be fine if government agencies had airtight privacy policies, but that's not the case, he said.

Protocols and mandates, such as the Government Paperwork Elimination Act of 1998, help agencies when they collect data from individuals. But they have no comparable guidelines for collecting personal data that has been amassed by private organizations or businesses.

Worse yet, agency officials often cannot determine the accuracy of secondhand information, Sabo said.

The solution? Agencies should err on the side of privacy and not collect information for which they have no pressing need, he said.

Ari Schwartz, associate director of the Center for Democracy and Technology, agreed. The good news is that data minimization is an element of the privacy impact assessments that agency officials were required to begin conducting in 2002 for all new data collections.

"If agencies are doing the privacy impact assessments as they're supposed to, they should be addressing those issues at least upfront," he said. "The question is: How is that being put into place later on? The law reads they have to do that every time the system's upgraded."

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • Shutterstock imag (by Benjamin Haas): cyber coded team.

    What keeps govtech leaders up at night?

    A joint survey by Grant Thornton and PSC found that IT stakeholders in government fear their own employees and outdated systems the most when it comes to cybersecurity.

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group