The White House has announced plans to establish a new Federal Privacy Council, which will serve as an ecosystem for strategic thinking on privacy implementation.
It will serve as a central place to coordinate and share ideas, best practices and successful approaches for protecting privacy across the government, “bringing together the best minds we have to tackle the cutting-edge privacy issues of the digital era,” according to Shaun Donovan, director of the White House Office of Management and Budget.
The Council will also develop guidance, standards and best practices to serve as a road map to successful implementation, starting with updating privacy guidance at OMB over the next several months.
These will include an updated Circular A-130, to include a new approach for developing and maintaining a continuous privacy monitoring strategy and ensuring that agencies take a coordinated approach to addressing privacy and information security. OMB will also update government-wide policy to assist agencies when responding to a cybersecurity incident or other data breach involving personally identifiable information. And in the coming months, the Administration will publish for public comment Circular A-108 which will help agencies promote transparency and successfully implement the Privacy Act in today’s digital age.
Following on the appointment last spring of the creation of a Senior Advisor for Privacy position, led by Marc Groman, Donovan said that the OMB is going to ask each agency to take a hard look at the structure of its privacy program, to determine whether the right person is acting as the senior agency official for privacy at that agency. The OMB plans to issue guidance on this in “the near future,” he said.
Groman also has been meeting with CPOs, privacy teams and other managers from across the government, and has determined that the federal government needs more education, training and professional development opportunities for privacy professionals; that privacy guidance should be tailored to reflect recent technological and other changes; that most departments are facing significant challenges attracting and hiring top talent; that there is no career path for privacy in the federal government; and that there is too much “reacting” to incidents and not enough strategic thinking.
So, the Council will also assess and develop recommendations for attracting and hiring top talent in privacy programs as well.
“It is time to shift from reactive programs to proactive strategies,” Donovan said. “And it is time to ‘professionalize’ the privacy profession.”
Donovan stressed that privacy must be seen as part of, but distinct from, security as a whole.
“OMB’s revised policy documents make one point very clear—privacy and security may be two different disciplines requiring two separate skill sets but they must be part of one coordinated risk management framework,” Donovan said.
He added that the stakes are higher than ever: “The digital economy has changed how citizens interact with their government. With the click of a button, you can gain information about a job, receive health insurance, qualify for a student loan, seek immigration services or veterans’ benefits or file your taxes. This digital revolution creates enormous opportunities for our ability to search, connect and discover, but it also creates enormous challenges for our economy and our people.”
Photo © SKatzenberger