Critical Read

CIO Council proposes digital privacy measures

theft of SS card

Critical personal information needs protection as agencies put the Digital Government Strategy into motion. Today's thieves don't need gloves or access to your wallet. (Stock image)

As agencies put the Digital Government Strategy in motion in their offices, the government is addressing the hot-button issue of privacy with the release of recommendations from the CIO Council’s Privacy Committee. In a blog post dated Dec. 14, the council linked to a document with the recommendations, which can help agencies prepare for protecting private information as they implement the strategy.

“In helping to create a government for the 21st century, the strategy recognizes that federal agencies, as good data stewards, must adopt strong privacy, confidentiality and security safeguards to prevent the improper collection, use, retention or disclosure of personally identifiable information (PII) when developing and delivering such digital services and programs,” the document states.

It focuses on three central privacy controls for digital information: PII inventories, privacy impact assessments and privacy notices.

For PII inventories, the council includes a checklist of PII that is commonly collected and used in the digital environment, including the obvious — Social Security, credit card and driver’s license numbers, and government identification information — and the more obscure, such as biometric data and computer log and tracking data. However, the document also says agencies should account for information they will collect in the future, not just what they already store and use.

The document includes informal guidance for privacy impact assessments and directs agencies to establish processes for documenting and explaining what information is used, why it is collected, its intended uses and how the data will be secured. A list of suggested questions can help agencies better assess disclosure risks, plan for potential data breaches and manage how digital information is collected.

Additionally, the CIO Council outlines the basics of a strong privacy notice. Variations in context make it impossible to provide one notice that all agencies could use, so a checklist for key privacy notice elements is included in the document. The council says agencies will need to adjust their notices according to the specifics of their particular missions and as their use of data changes.

That flexibility is important. “Over time, agencies, digital developers, and data users may also create, discover, or propose new and innovative ways to combine, share or otherwise leverage the power of the digital data and content collected or disseminated by their digital services or programs,” the recommendations states.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group