IRS leading the pack in privacy

As agencies face a Dec. 15 deadline to submit a privacy report based on rules outlined in the E-Government Act of 2002, officials may want to borrow a lesson from the Internal Revenue Service.

The IRS has had procedures in place for years for conducting privacy impact assessments, a requirement under Section 208 of the law. The new requirements are complicating their efforts, but officials have a plan, said Charlene Thomas, IRS deputy privacy advocate.

"We were doing fine until E-Gov came along and brought some new challenges for us," she said, speaking last month at an event sponsored by the Center for Democracy and Technology and the Council for Excellence in Government.

The law requires agencies to conduct privacy impact assessments on new and significantly changed systems and notify users which information is being used and how it's being protected. Agencies' privacy reports are based on guidelines released by the Office of Management and Budget in September.

The E-Government Act added two new elements to privacy reporting, said Eva Kleederman, an OMB privacy policy analyst. First, agencies must identify which information is submitted voluntarily and how a user can consent to allowing the agency to use that information. Agencies must also explain how the personal information is maintained in a system of records.

"There is no reporting requirement per se, but the Web privacy policies should be beefed up to provide these elements by Dec. 15," Kleederman said, also speaking at the event.

OMB officials were unsure how many agencies were on track to meet the deadline but noted that agencies have had guidance or draft guidance for several months.

The IRS requires assessments for all new and changed systems and conducts about 130 assessments each year, Thomas said. Assessments are also mandatory for every milestone of a system, meaning there could be three or four reports for each major system.

To ease the complexity of the process, IRS officials are conducting privacy awareness training to guide systems developers, and officials recently developed an internal memorandum of agreement to ensure that the developers and the privacy advocates are working hand in hand.

"It mandates that the privacy advocate's office is involved in the very early stages of these systems being built," Thomas said.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected