Privacy

Treasury still working on privacy policies

Department has consolidated enforcement efforts

The Treasury Department has consolidated all its privacy functions under a single leader, but still has not completed developing policies and procedures. While the agency's inspector general believes Treasury is adequately safeguarding taxpayers' information, he urged the department in a December report to hurry up and finalize the policies.

The integration of privacy policies and procedures in the recently established Office of Privacy and Treasury Records elevates the profile and importance of privacy across the department, said Peter McCarthy, Treasury's assistant secretary for management, chief financial officer and senior agency official for privacy.

In addition to data privacy, the new office handles records management, Freedom of Information Act disclosure, civil liberties and broader information management activities, said Elizabeth Cuffe, deputy assistant secretary for privacy and Treasury records.

“It has helped us to proactively protect information, and we’re better able to share information,” she said. Previously, these activities were split among different offices. However, she said, although the consolidation is a significant step forward, the department needs more time and attention to finish formulating privacy requirements.

Specifically, the department is still finalizing its policies and procedures related to the collection, use, disclosure and storage of personally identifiable information and the response to breaches of that data. The Office of Management and Budget and a fiscal 2005 appropriations law for the Treasury and the Transportation departments required the policies, according to consulting firm KPMG. KPMG reviewed Treasury’s privacy program for the IG.

Although several privacy policies were only in draft form when KPMG assessed the department’s progress in 2008, most Treasury agencies had begun to adopt them. Based on KPMG’s findings, the department is adequately protecting personally identifiable information on public Internet sites, intranet sites and general support systems despite its sluggishness in finalizing the policy process, according to the IG.

Many agencies might have a chief privacy officer, but they may not have integrated their activities in one organization, said Ari Schwartz, vice president of the Center for Democracy and Technology.

“This is exactly where the agencies that have been the most successful have been moving to tie all these pieces together,” he said. It has been difficult for the federal government to implement privacy requirements because of a lack of leadership, Schwartz said.

Treasury, however, must start reporting to Congress on the status of its privacy program, KPMG said. The reports provide an agency benchmark of its privacy progress and a basis for funding requests.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group