The federal government collects a lot of data — I mean a lot of data. A considerable amount of that is sensitive information about American citizens, whether for Social Security, the decennial census, health insurance or many other programs; information the government must protect by law.
To ensure agencies are putting in place the proper protocols, the Office of Management and Budget is creating a new Federal Privacy Council to make policy recommendations, establish best practices and foster a community of privacy professionals within the federal government.
The Privacy Council will be modeled off the Federal CIO Council — a group of agency CIOs that work together to advise on IT priorities. The new council will form in early 2016 and begin by setting a charter and establishing working groups, according to Marc Groman, OMB's senior adviser on privacy.
BONUS: Join FCC CIO David Bray for an exclusive webcast on Dec. 16, in which he will describe how a contractor owned and operated model aided the agency in IT management and transition. Register here.
After creating the governing documents, Groman said the council's first priorities will be to increase the talent pool around privacy; enhance education, training and professional development for current employees; and build a community of practice among privacy professionals.
"They are distinct issues," Groman said. "Privacy officers are going to look at, specifically, information about people. And information security … is an element of that but only part. Privacy professionals look at things like how is the data being used at an agency. What is your legal authority for collecting that data; what is the retention schedule and is it being followed; if notice is required to consumers or citizens, is that being provided; are citizen being provided with the right choices and can they exercise those choices?"
"Privacy and security may be two different disciplines, requiring two separate skill sets but they must be part of one coordinated risk management framework," he said. "The work of the two councils will complement each other and promote more efficient and effective programs for both privacy and IT security."
Along with the new council, Donovan is also issuing a directive to all agencies to review their current privacy management structure and ensure it is a priority being handled by the right people.
"You want somebody to be placed correctly within an agency so they have access to top leadership and can tee up issues as appropriate," he said. "We also want someone with experience and a background in privacy — it doesn't have to be all of privacy because that's a very broad area — somebody who can bring to the table some level of experience."
Finally, that person should have some level of independence within the agency so they can raise issues as necessary, Groman said.
Ensuring citizen data remains private is a fundamental part of the America ethos, Donovan said.
"We are the country that created the Internet but we're also the country that pioneered the Bill of Rights," he said. "We have a belief that our privacy should not only be guarded against unwarranted government intrusion but should also be protected."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.