Privacy needs to be baked into systems, experts say

DHS Privacy Officer Web site

WILLIAMSBURG, Va. – To be as effective as possible, agency privacy officers should not act as a Dr. No. Rather, they should be an important part of the team that helps focus a system, two privacy officials said.

Kenneth Mortensen, senior adviser to the Homeland Security Department’s privacy officer, speaking at the IRMCO conference, said the department is trying to institutionalize privacy by making privacy impact statements part of how the agency does business.

The goal for privacy is to bake it into the system, said Barbara Symonds, director of the Internal Revenue Service’s Office of Privacy and Information Protection. Privacy issues are harder to address when organizations treat them as an afterthought. When they consider privacy throughout a system’s development, they rarely encounter additional costs or slower growth, she said.

The IRS assesses a system’s privacy impact at each of the five development milestones to ensure that all the important issues have been addressed.

“Privacy is your enabler to better business and more business,” Symonds said. The IRS’ e-file system, for example, requires taxpayers to trust that their data is secure and private. If privacy and security are not fully addressed, a program would not be successful.

Many people think that merely having a good security program is an adequate way of addressing privacy issues. But privacy goes beyond security, Symonds said. A good security program will not assess the reasons and purpose of collecting data, she said.

Jim Dempsey, policy director at the Center for Democracy and Technology, a Washington, D.C., advocacy group, said agencies should collect only the data they need. The role of a privacy officer is to ask questions about the agency’s mission and why it is collecting data.

Dempsey, however, was critical of the Bush administration for failing to have a privacy czar who could assess privacy issues governmentwide. “This administration dropped the ball” by failing to follow the Clinton administration’s lead and appoint a senior person at the Office of Management and Budget who would focus on privacy issues. “It has been seven years since there has been centralized OMB guidance,” he said, adding that it is not too late.

Privacy falls under OMB’s Office of Information Regulatory Affairs.

About the Author

Christopher J. Dorobek is the co-anchor of Federal News Radio’s afternoon drive program, The Daily Debrief with Chris Dorobek and Amy Morris, and the founder, publisher and editor of the, a leading blog for the Federal IT community.

Dorobek joined Federal News Radio in 2008 with 16 years of experience covering government issues with an emphasis on government information technology. Prior to joining Federal News Radio, Dorobek was editor-in-chief of Federal Computer Week, the leading news magazine for government IT decision-makers and the flagship of the 1105 Government Information Group portfolio of publications. As editor-in-chief, Dorobek served as a member of the senior leadership team at 1105 Government Information Group, providing daily editorial direction and management for FCW magazine,, Government Health IT and its other editorial products.

Dorobek joined FCW in 2001 as a senior reporter and assumed increasing responsibilities, becoming managing editor and executive editor before being named editor-in-chief in 2006. Prior to joining FCW, Dorobek was a technology reporter at, one of the first online community centers for current and former government employees. He also spent five years at Government Computer News, another leading industry publication, covering a variety of federal IT-related issues.

Dorobek is a frequent speaker on issues involving the government IT industry, and has appeared as a frequent contributor to NewsChannel 8’s Federal News Today program. He began his career as a reporter at the Foster’s Daily Democrat, a daily newspaper in Dover, N.H. He is a graduate of the University of Southern California. He lives in Washington, DC.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected