CIO Council considers new privacy guidance
Document designed to further build privacy considerations into federal enterprise architecture developments
The Federal Chief Information Officers Council may soon approve a new privacy guidance to be used by people working on the Federal Enterprise Architecture, according to a senior government privacy official involved in that effort.
The goal of the program would be to ensure that privacy protections are built into new or modified systems and to educate enterprise architects.
Roanne Shaddox, a senior privacy specialist with the Federal Deposit Insurance Corporation, described the initiative March 24 during the FOSE 2010 trade show in Washington. Shaddox said after her presentation that there’s a tendency to see privacy from a security perspective.
The guidance, already approved by a committee of the CIO Council focused on privacy, would set up “Privacy Control Families” for enterprise architects to consider that would be based on well-known Fair Information Practice Principles, Shaddox said in her presentation. She said preliminary steps for applying privacy controls would include: determining the type of personally identifiable information that’s involved and the legal framework that applies, and mapping the data flows.
Meanwhile, Shaddox said the privacy families are interrelated and must be analyzed and applied to each agency’s specific needs.
FOSE is put on by 1105 Media, the parent company of Federal Computer Week, Washington Technology, and Government Computer News.
Ben Bain is a reporter for Federal Computer Week.