Critical Read

CIO Council proposes digital privacy measures

theft of SS card

Critical personal information needs protection as agencies put the Digital Government Strategy into motion. Today's thieves don't need gloves or access to your wallet. (Stock image)

As agencies put the Digital Government Strategy in motion in their offices, the government is addressing the hot-button issue of privacy with the release of recommendations from the CIO Council’s Privacy Committee. In a blog post dated Dec. 14, the council linked to a document with the recommendations, which can help agencies prepare for protecting private information as they implement the strategy.

“In helping to create a government for the 21st century, the strategy recognizes that federal agencies, as good data stewards, must adopt strong privacy, confidentiality and security safeguards to prevent the improper collection, use, retention or disclosure of personally identifiable information (PII) when developing and delivering such digital services and programs,” the document states.

It focuses on three central privacy controls for digital information: PII inventories, privacy impact assessments and privacy notices.

For PII inventories, the council includes a checklist of PII that is commonly collected and used in the digital environment, including the obvious — Social Security, credit card and driver’s license numbers, and government identification information — and the more obscure, such as biometric data and computer log and tracking data. However, the document also says agencies should account for information they will collect in the future, not just what they already store and use.

The document includes informal guidance for privacy impact assessments and directs agencies to establish processes for documenting and explaining what information is used, why it is collected, its intended uses and how the data will be secured. A list of suggested questions can help agencies better assess disclosure risks, plan for potential data breaches and manage how digital information is collected.

Additionally, the CIO Council outlines the basics of a strong privacy notice. Variations in context make it impossible to provide one notice that all agencies could use, so a checklist for key privacy notice elements is included in the document. The council says agencies will need to adjust their notices according to the specifics of their particular missions and as their use of data changes.

That flexibility is important. “Over time, agencies, digital developers, and data users may also create, discover, or propose new and innovative ways to combine, share or otherwise leverage the power of the digital data and content collected or disseminated by their digital services or programs,” the recommendations states.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.