IRS leading the pack in privacy

As agencies face a Dec. 15 deadline to submit a privacy report based on rules outlined in the E-Government Act of 2002, officials may want to borrow a lesson from the Internal Revenue Service.

The IRS has had procedures in place for years for conducting privacy impact assessments, a requirement under Section 208 of the law. The new requirements are complicating their efforts, but officials have a plan, said Charlene Thomas, IRS deputy privacy advocate.

"We were doing fine until E-Gov came along and brought some new challenges for us," she said, speaking last month at an event sponsored by the Center for Democracy and Technology and the Council for Excellence in Government.

The law requires agencies to conduct privacy impact assessments on new and significantly changed systems and notify users which information is being used and how it's being protected. Agencies' privacy reports are based on guidelines released by the Office of Management and Budget in September.

The E-Government Act added two new elements to privacy reporting, said Eva Kleederman, an OMB privacy policy analyst. First, agencies must identify which information is submitted voluntarily and how a user can consent to allowing the agency to use that information. Agencies must also explain how the personal information is maintained in a system of records.

"There is no reporting requirement per se, but the Web privacy policies should be beefed up to provide these elements by Dec. 15," Kleederman said, also speaking at the event.

OMB officials were unsure how many agencies were on track to meet the deadline but noted that agencies have had guidance or draft guidance for several months.

The IRS requires assessments for all new and changed systems and conducts about 130 assessments each year, Thomas said. Assessments are also mandatory for every milestone of a system, meaning there could be three or four reports for each major system.

To ease the complexity of the process, IRS officials are conducting privacy awareness training to guide systems developers, and officials recently developed an internal memorandum of agreement to ensure that the developers and the privacy advocates are working hand in hand.

"It mandates that the privacy advocate's office is involved in the very early stages of these systems being built," Thomas said.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.