Report calls for privacy safeguards on sensitive info

Balancing personal privacy without stifling the free flow of information in the digital environment may require the creation of a federal privacy entity according to an Office of Management and Budget report released late last month.

The report released by OMB on behalf of the Information Policy Committee of the National Information Infrastructure Task Force details federal options to heighten privacy safeguards to protect government databases that contain sensitive data including medical records tax documents and financial records.

While Congress has enacted legislation such as the Privacy Act and the Freedom of Information Act designed to protect widespread public access of sensitive data the report criticizes the current federal system of data protection as a " 'paper tiger ' with significant enforcement and remedial deficiencies."

OMB officials could not be reached for comment by press time.

As a result information privacy protection efforts in the public and the private sector are sporadic and tend to be reactive rather than proactive the report concludes. It also notes that the United States lacks a centralized entity to drive the development of federal data privacy policy or direct traffic for the various policy initiatives now under way.

Establishing a dedicated federal entity to promote privacy protection would likely create an agency whose mandate would be proactive and which would be armed with adequate tools to enforce regulations according to the report. The report also notes that creating a new agency could produce a duplication of efforts now performed by other agencies such as the Federal Trade Commission's regulatory authority to protect consumers and the Federal Reserve's authority with respect to banking.

'Keystone' to Privacy Protection

Privacy advocates who are critical of the government's privacy policies said the report is significant because it recognizes the need for a federal entity to coordinate and design privacy policy.

Marc Rotenberg director of the Electronic Privacy Information Center said a federal privacy coordinating office is the "keystone" to privacy protection. "For the most part the White House has been kicking this issue around and not taking it seriously " Rotenberg said. "They were fairly realistic [in this report] about the fact that there are significant holes in the U.S. privacy realm today."

Rotenberg noted however that the report's major weakness is the lack of mention of encryption technology which could be used as a privacy safeguard. Encryption technology is a hotly debated topic among law enforcement authorities who want the ability to decrypt data for criminal investigations and privacy advocates who object to this access.

The report also offers other options. Agencies could follow the lead of the Department of Health and Human Services and the Internal Revenue Service and establish their own privacy offices with formal privacy advocates to consider the privacy implications of agency practices the report suggests.

Other options presented include:

* Formal adoption by the government of privacy rules designed to foster privacy protection.

* OMB direction for agencies to incorporate privacy rules into information management and procurement practices.

* Creation of a nonfederal privacy entity.

* Creation of a federal entity with no regulatory authorization.


  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected