The Information Security and Privacy Advisory Board (ISPAB) recently released a report to the Director of the Office of Management and Budget (OMB) on the need to update the nation’s privacy policies. Since the Privacy Act of 1974, there has been little or no government-wide guidance on privacy. Individual agencies have been responsible for the privacy of their data, with widely varying results. That absence of guidance and the significant changes in technology since 1974 have prompted the ISPAB’s report. Their recommendations:
Amend the Privacy Act and the E-Government Act of 2002 to:
1) Improve government privacy notices
2) Update the definition of a system of records to reflect changes in technology and use of data; and
3) Clearly cover commercial data sources.
Improve government leadership on privacy by:
1) Establishing a government Chief Privacy Officer within OMB,
2) Regularly update Privacy Act guidance,
3) Hire Chief Privacy Officers at all agencies with Chief Financial Officers, and
4) Establish a Chief Privacy Officers Council.
Make other changes to privacy policies, including:
2) Issue privacy guidance on agency use of location information,
3) Work with US-CERT to create interagency information on data loss across the government, and
4) Public reporting on use of Social Security Numbers.
More details on each of these recommendations can be found in the report.