Privacy

Treasury still working on privacy policies

Department has consolidated enforcement efforts

The Treasury Department has consolidated all its privacy functions under a single leader, but still has not completed developing policies and procedures. While the agency's inspector general believes Treasury is adequately safeguarding taxpayers' information, he urged the department in a December report to hurry up and finalize the policies.

The integration of privacy policies and procedures in the recently established Office of Privacy and Treasury Records elevates the profile and importance of privacy across the department, said Peter McCarthy, Treasury's assistant secretary for management, chief financial officer and senior agency official for privacy.

In addition to data privacy, the new office handles records management, Freedom of Information Act disclosure, civil liberties and broader information management activities, said Elizabeth Cuffe, deputy assistant secretary for privacy and Treasury records.

“It has helped us to proactively protect information, and we’re better able to share information,” she said. Previously, these activities were split among different offices. However, she said, although the consolidation is a significant step forward, the department needs more time and attention to finish formulating privacy requirements.

Specifically, the department is still finalizing its policies and procedures related to the collection, use, disclosure and storage of personally identifiable information and the response to breaches of that data. The Office of Management and Budget and a fiscal 2005 appropriations law for the Treasury and the Transportation departments required the policies, according to consulting firm KPMG. KPMG reviewed Treasury’s privacy program for the IG.

Although several privacy policies were only in draft form when KPMG assessed the department’s progress in 2008, most Treasury agencies had begun to adopt them. Based on KPMG’s findings, the department is adequately protecting personally identifiable information on public Internet sites, intranet sites and general support systems despite its sluggishness in finalizing the policy process, according to the IG.

Many agencies might have a chief privacy officer, but they may not have integrated their activities in one organization, said Ari Schwartz, vice president of the Center for Democracy and Technology.

“This is exactly where the agencies that have been the most successful have been moving to tie all these pieces together,” he said. It has been difficult for the federal government to implement privacy requirements because of a lack of leadership, Schwartz said.

Treasury, however, must start reporting to Congress on the status of its privacy program, KPMG said. The reports provide an agency benchmark of its privacy progress and a basis for funding requests.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.