Privacy needs to be baked into systems, experts say

DHS Privacy Officer Web site

WILLIAMSBURG, Va. – To be as effective as possible, agency privacy officers should not act as a Dr. No. Rather, they should be an important part of the team that helps focus a system, two privacy officials said.

Kenneth Mortensen, senior adviser to the Homeland Security Department’s privacy officer, speaking at the IRMCO conference, said the department is trying to institutionalize privacy by making privacy impact statements part of how the agency does business.

The goal for privacy is to bake it into the system, said Barbara Symonds, director of the Internal Revenue Service’s Office of Privacy and Information Protection. Privacy issues are harder to address when organizations treat them as an afterthought. When they consider privacy throughout a system’s development, they rarely encounter additional costs or slower growth, she said.

The IRS assesses a system’s privacy impact at each of the five development milestones to ensure that all the important issues have been addressed.

“Privacy is your enabler to better business and more business,” Symonds said. The IRS’ e-file system, for example, requires taxpayers to trust that their data is secure and private. If privacy and security are not fully addressed, a program would not be successful.

Many people think that merely having a good security program is an adequate way of addressing privacy issues. But privacy goes beyond security, Symonds said. A good security program will not assess the reasons and purpose of collecting data, she said.

Jim Dempsey, policy director at the Center for Democracy and Technology, a Washington, D.C., advocacy group, said agencies should collect only the data they need. The role of a privacy officer is to ask questions about the agency’s mission and why it is collecting data.

Dempsey, however, was critical of the Bush administration for failing to have a privacy czar who could assess privacy issues governmentwide. “This administration dropped the ball” by failing to follow the Clinton administration’s lead and appoint a senior person at the Office of Management and Budget who would focus on privacy issues. “It has been seven years since there has been centralized OMB guidance,” he said, adding that it is not too late.

Privacy falls under OMB’s Office of Information Regulatory Affairs.

About the Author

Christopher J. Dorobek is the co-anchor of Federal News Radio’s afternoon drive program, The Daily Debrief with Chris Dorobek and Amy Morris, and the founder, publisher and editor of the, a leading blog for the Federal IT community.

Dorobek joined Federal News Radio in 2008 with 16 years of experience covering government issues with an emphasis on government information technology. Prior to joining Federal News Radio, Dorobek was editor-in-chief of Federal Computer Week, the leading news magazine for government IT decision-makers and the flagship of the 1105 Government Information Group portfolio of publications. As editor-in-chief, Dorobek served as a member of the senior leadership team at 1105 Government Information Group, providing daily editorial direction and management for FCW magazine,, Government Health IT and its other editorial products.

Dorobek joined FCW in 2001 as a senior reporter and assumed increasing responsibilities, becoming managing editor and executive editor before being named editor-in-chief in 2006. Prior to joining FCW, Dorobek was a technology reporter at, one of the first online community centers for current and former government employees. He also spent five years at Government Computer News, another leading industry publication, covering a variety of federal IT-related issues.

Dorobek is a frequent speaker on issues involving the government IT industry, and has appeared as a frequent contributor to NewsChannel 8’s Federal News Today program. He began his career as a reporter at the Foster’s Daily Democrat, a daily newspaper in Dover, N.H. He is a graduate of the University of Southern California. He lives in Washington, DC.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.