GAO: Senior privacy officials need authority

Agencies need to delegate oversight to their senior privacy officials to ensure the government protects the personal data it collects, the Government Accountability Office said in a recent report.

Senior agency privacy officials conduct a variety of activities required under privacy laws to coordinate privacy policy and compliance.

However, not all agencies give their senior privacy officials full oversight over all key privacy functions, Linda Koontz, director of GAO’s information management issues, said June 18.

“As a result, agencies may not be implementing privacy protections consistently,” she said. Without authority over all key privacy functions, these designated senior officials may be unable to effectively serve as the agency’s central point for information policy, she added.

Of the 12 agencies that GAO reviewed from September 2007 to May 2008, six assigned their senior privacy officials oversight of all key privacy functions. Those were the Homeland Security, State, Transportation and Veterans Affairs departments, and the Social Security Administration and the U.S. Agency for International Development, the report said.

However, six agencies relied on other offices in the agency that the designated official did not oversee, to perform some of the privacy functions. GAO recommended that those departments revise their policy to give the senior agency officials for privacy oversight over those activities. They are the departments of Commerce, Defense, Health and Human Services and Labor. At the Justice and Treasury departments, the sole function that the senior agency official for privacy does not oversee is redress of privacy complaints, according to the report.

Among their activities, the designated senior agency officials for privacy:



  • Perform activities to comply with the Privacy Act, such as publishing notices in the Federal Register of data to be collected and used in a system of records.

  • Conduct privacy impact assessments to evaluate risk from use of information systems to process personal data.

  • Produce reports on the status of privacy protections as part of compliance with the Federal Information Security Management Act.

  • Establish redress procedures to handle privacy complaints.

  • Assure that employees and contractors receive appropriate training.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.