JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for CYBER-SOCIETY-LIVE Archives

CYBER-SOCIETY-LIVE Archives

CYBER-SOCIETY-LIVE Archives


CYBER-SOCIETY-LIVE@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font
LISTSERV Archives

LISTSERV Archives
CYBER-SOCIETY-LIVE Home

CYBER-SOCIETY-LIVE Home
CYBER-SOCIETY-LIVE 2002

CYBER-SOCIETY-LIVE 2002

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

 Log In

Log In

 Get Password

Get Password

Subject:

[CSL]: Policy Post 8.25: Privacy Impact Assessments for Federal A ge

From:

J Armitage <[log in to unmask]>

Reply-To:

Interdisciplinary academic study of Cyber Society <[log in to unmask]>

Date:

Fri, 22 Nov 2002 07:44:19 -0000

Content-Type:

text/plain

Parts/Attachments:
Parts/Attachments

text/plain (248 lines) 

From: CDT Info
To: [log in to unmask]
Sent: 21/11/02 21:49
Subject: Policy Post 8.25: Privacy Impact Assessments for Federal Age

CDT POLICY POST Volume 8, Number 25, November 21, 2002

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:
(1) New Law to Require Privacy Impact Assessments for U.S. Agencies
(2) Privacy Notices, Including P3P Statements,  Now Required for
Agencies
(3) E-Government Act Includes Other Important Provisions

------------------------------------------------------------------------

(1) NEW LAW TO REQUIRE PRIVACY IMPACT ASSESSMENTS FOR U.S. AGENCIES

The E-Government Act of 2002, passed by Congress this week and soon
to be signed into law, includes an innovative and potentially
far-reaching provision requiring federal government agencies to
conduct privacy impact assessments before developing or procuring
information technology or initiating any new collections of
personally-identifiable information.

Under the legislation, originally introduced by Senators Joe
Lieberman (D-CT) and Conrad Burns (R-MT), a privacy impact assessment
must address what information is to be collected,  why it is being
collected, the intended uses of the information, with whom the
information will be shared, what notice would be provided to
individuals and how the information will be secured.  To the extent
practicable, privacy impact assessments must be published.  The
Director of the White House's Office of Management and Budget (OMB)
will issue guidelines for the assessments.

CDT believes that the law could have a significant positive impact in
three ways:

* The assessments will raise the level of attention to privacy issues
within federal agencies, at the most critical stage: before new
technology is purchased or new collections of data are initiated.

* The assessments will bring greater transparency to the IT
development and procurement process, allowing Congress, citizens and
advocacy groups to better scrutinize the privacy decisions of the
government .

* Using the massive purchasing power of the U.S. government , the
assessments could help to increase the marketplace for technologies
that incorporate privacy "by design."

CDT supported the privacy impact assessment provision.

Related legislation, the Federal Agency Protection of Privacy Act (HR
4561), introduced by Representative Bob Barr (R-GA), would have
required privacy impact assessments for new agency rules and
regulations. That bill passed the House earlier this year but was
never taken up by the Senate.  Rep. Barr, a leader on many privacy
issues, will not be in Congress next year. But his proposal remains
valid and a sound complement to the E-Gov Act.  We believe OMB should
require such assessments as best practices despite not being required
in law.

Links to the text and legislative history of the E-Government Act:
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:hr2458:
http://www.cdt.org/legislation/107th/e-gov/

A link to the Barr bill can be found at
http://www.cdt.org/legislation/107th/privacy/

------------------------------------------------------------------------

(2) PRIVACY NOTICES, INCLUDING P3P STATEMENTS, NOW REQUIRED FOR AGENCIES

The E-Government Act also requires agencies to post privacy notices
on their Web sites, detailing agency practices and individual rights.
Most agencies already post written privacy notices after the Clinton
administration, under the leadership of Chief Privacy Counselor Peter
Swire, required them in an administrative order.  The new law will
take the agencies one step further by requiring "machine-readable"
notices, such as those specified in the Platform for Privacy
Preferences (P3P) standards.

Under the P3P framework, Web sites can express their privacy policies
in a standardized format that can be read by Web browsers and other
end-user software tools. These tools can display information about a
site's privacy policy to end-users and take actions based on a user's
preferences. Such tools can notify users when the sites they visit
have privacy policies matching their preferences and provide warnings
when a mismatch occurs.

Currently, only a few federal agency Web sites are P3P compliant,
including the Federal Trade Commission, the US Postal Service and
portions of the Department of Commerce.

While privacy notices do not in and of themselves guarantee privacy
protection, they offer a basis for public and Congressional scrutiny
of agency practices.

For more information about P3P and privacy notices on government Web
sites:

Policy Post 8.09, Privacy Standard Moves Forward, April 26, 2002 --
http://www.cdt.org/publications/pp_8.09.shtml

P3P Toolbox - http://www.p3ptoolbox.org

OMB Memorandum M-99-18, Privacy Policies on Government Web sites --
http://www.whitehouse.gov/omb/memoranda/m99-18.html

Letter from CDT urging posting of privacy policies on federal Web
sites, April 15, 1999  --
http://www.cdt.org/privacy/lettertoswire.html

------------------------------------------------------------------------

(3)  E-GOVERNMENT ACT INCLUDES OTHER IMPORTANT PROVISIONS

The E-Government Act includes a host of other provisions that could
have an impact on how the public interacts with the government.  Many
of these could have merited free-standing legislation.  Most of them
have received little attention.  At the risk of an overly-long Policy
Post, we list some of them here - see the text of the bill for full
details:

* Creates a specific position in OMB for the Administrator of the
Office of Electronic Government.  Some Members of Congress had wanted
to create a Chief Information Officer for the federal government, but
the Administration balked.  The compromise basically codifies current
practice, under which Associate Director Mark Forman heads up
e-government efforts.  The new position does not have a lot of direct
power, but as a statutorily-authorized position it will be subject to
more consistent Congressional oversight.   Sec. 101.

*  Authorizes an E-Government Fund with $45 million in fiscal 2003,
an amount that would increase to $150 million by fiscal 2006, to fund
the development and implementation of innovative uses of the Internet
and other electronic methods by federal agencies.  Sec. 101.

* Requires the General Services Administration to establish a
framework to allow interoperability among federal agencies when using
electronic signatures, including the development of a "Federal bridge
certification authority for digital signature capability."  Sec. 203.

*  Requires each federal court to establish a Web sites where the
public could get court rules, decisions, docket information and
documents filed with the court in electronic information.  The
section requires the Supreme Court to adopt rules to protect privacy
and security concerns relating to the electronic filing and
availability of documents.  Sec. 205.

* Requires federal regulatory agencies, "to the extent practicable,"
to ensure that a publicly accessible federal government Web site
includes all information that the agency is required to publish in
the Federal Register, and to accept electronic submissions in
rulemaking proceedings.  Sec. 206.

* Creates a committee to study the adoption of standards to enable
government information to be searched across agencies.  Sec. 207.  A
separate section requires a 3 year study of interoperability and the
integrated collection and management of data.  Sec. 212.  Such
initiatives have positive implications for electronic Freedom of
Information Act requests, but may have negative implications for
privacy, allowing even greater amalgamation of
personally-identifiable information in the hands of disparate
government agencies.  A third provision requires OMB and the Interior
Department to develop common protocols for the acquisition and
application of geographic information (GIS), in order to maximize the
degree to which unclassified geographic information from various
sources can be made electronically compatible and accessible,
something that will be of importance on environmental issues.  Sec.
216.

*  Requires OMB to develop and maintain a repository that fully
integrates information about research and development funded by the
federal government.  Sec. 207(g).

*  Authorizes an IT exchange program under which mid-level
information technology managers of the federal government can be
detailed to work in the private sector for up to 2 years and private
sector employees can be assigned to work in federal agencies.  Sec.
209.

* Requires the Administrator of E-Gov to develop an online tutorial
explaining how to access government information services and
information on the Internet.  Sec. 213 (f).

* Requires a National Academy of Sciences study on the digital
divide.  Sec. 215.

*  At the behest of Chairman Tom Davis (R-VA), includes the "Federal
Information Security Management Act" (FISMA).   The provisions impose
certain responsibilities on agency heads, give OMB certain oversight
of agency information security practices, mandate annual independent
audits of agency computer security practices, and require reports to
Congress.   The Act also renames the Computer System Security and
Privacy Advisory Board (CSSPAB) as the Information Security and
Privacy Advisory Board, keeping its dual focus on security and
privacy.

*  Establishes a very strict rule of confidentiality for information
collected by the federal government for statistical purposes, which
may prove to be especially important as Zip Code and other data that
is not strictly personal becomes easier to use for personal profiling
purposes.  Secs. 501-513.

Ironically, the E-Government Act makes no improvements in Congress'
own practices -- failing to address such deficiencies as the lack of
a searchable index of individual Member voting records.

For more information:

CDT Deputy Director Jim Dempsey's testimony on FISMA, May 2, 2002
http://www.cdt.org/testimony/020502dempsey.shtml

CDT's statement on e-government to the Governmental Affairs
Committee, July 11, 2001
http://www.cdt.org/testimony/010711cdt.shtml

CDT press release in support of the E-Government Act, May 1, 2001
http://www.cdt.org/press/010501press.shtml

More on E-Government
http://www.cdt.org/righttoknow/

------------------------------------------------------------------------
Detailed information about online civil liberties issues may be found
at http://www.cdt.org/.

This document may be redistributed freely in full or linked to
http://www.cdt.org/publications/pp_8.25.shtml.

Excerpts may be re-posted with prior permission of [log in to unmask]


_______________________________________________
http://www.cdt.org/mailman/listinfo/policy-posts

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2024
March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
June 2022
May 2022
March 2022
February 2022
October 2021
July 2021
June 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
July 2020
June 2020
May 2020
April 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

For help and support help@jisc.ac.uk

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager