Survey says: Privacy needs outreach
- By Sara Michael
- Mar 16, 2004
Privacy Practices that Work:Eight Federal and Non-Federal Examples
A successful privacy program depends on outreach to everyone involved, privacy officials said today.
Cross-agency councils, training programs and ongoing communication are some cornerstones of so-called gold standard privacy programs, according to officials and a survey released today by the Industry Advisory Council E-government Shared Interested Group.
"We reached out to find who we could partner with internally, so we could get the buy-in," said Barbara Symonds, director of the privacy service in the Department of Veterans Affairs. Symonds spoke on a panel this morning discussing the findings of the survey and agency experiences.
The study is based on in-depth interviews with officials at eight federal, private sector and international privacy programs to present the best practices of differing organizations. The report includes case studies on the VA, U.S. Postal Service, Interior Department, Census Bureau, Internal Revenue Service, Homeland Security Department, IBM Corp. and the government of Ontario, Canada.
Despite many differences in implementing privacy programs and their stages of maturity, several common themes emerged, the survey shows. Most organizations used privacy councils with diverse representatives from legal, human resources, technology and policy areas. Also, most organizations have a plan for outreach programs to communicate policies and offer training, the survey shows.
For example, VA officials launched an educational campaign that included a Privacy Day, with buttons and banners, to highlight the issues, Symonds said. VA officials also have a Web-based training program that more than 200,000 employees have completed, she said.
The survey found that senior management support was necessary. Although the structure of the eight privacy programs differed, with some housed in the office of the chief information officer and others in operations, officials expressed the need to have privacy programs operating independently.