Agencies show privacy progress

IAC E-Government Shared Interest Group survey

When it comes to building strong privacy programs, agencies have come a long way.

A recent survey on privacy best practices at eight gold-standard federal, private-sector and international organizations offers a glimpse into a few successful programs and the lessons officials learned along the way. Although more work remains, agencies have made enough progress to bring them closer to finding a common governmentwide process for privacy, officials said.

"Agencies are all doing different things, but there are agencies committed to the issues, and as we start to build a better understanding, we're going to get more streamlined practices," said Ari Schwartz, associate director of the Center for Democracy and Technology.

Common themes emerged in the study, released this month by the Industry Advisory Council's E-Government Shared Interest Group.

For example, a successful program should involve everyone, privacy officials said, giving prominent roles to cross-agency councils, training programs and other communication strategies.

"We reached out to find who we could partner with internally, so we could get the buy-in," said Barbara Symonds, director of the privacy service in the Department of Veterans Affairs. She was speaking on a panel in Washington, D.C., discussing the survey's findings.

Outreach and training were a cornerstone of the VA's plan when officials embarked on a privacy program two years ago. They knew they needed a strong outreach program, Symonds said, so they created a Privacy Day at the VA, complete with buttons and banners to get the word out to customers and employees about the use of personal information. Officials also created a Web-based training course on general privacy issues, which more than 200,000 employees have completed.

Also, cross-agency privacy councils with representatives from areas such as legal, human resources and technology allow officials to tap available expertise, the survey shows.

Zoe Strickland, chief privacy officer at the U.S. Postal Service, said that because day-to-day operations within the agency must continue, a well-organized plan could help. "I suggest you really sit down and prioritize," she said.

The organizations surveyed were the VA, Postal Service, Interior Department, Census Bureau, Internal Revenue Service, Homeland Security Department, IBM Corp. and the government of Ontario, Canada.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected