As part of his 2017 budget proposal for the United States, President Barack Obama is including $19 billion for cybersecurity efforts, a 35-percent increase over fiscal year 2016. The funds will go toward a Cybersecurity National Action Plan, which includes the hiring of a chief information security officer, a $3.1 billion fund for IT modernization at the federal level, and, perhaps most importantly for privacy professionals, a new executive order establishing a permanent Federal Privacy Council, as announced by Office of Management and Budget Director Shaun Donovan in December.
A White House release says the new council is part of “a groundbreaking effort to enhance how agencies across the federal government protect the privacy of individuals and their freedom. Privacy has been core to our nation from its inception, and in today’s digital age safeguarding privacy is more critical than ever.”
Underscoring the importance of the cyber effort as a whole, President Obama announced his cyber plan with an op-ed in The Wall Street Journal, where privacy received prominent mention in the first paragraph:
More than any other nation, America is defined by the spirit of innovation, and our dominance in the digital world gives us a competitive advantage in the global economy. However, our advantage is threatened by foreign governments, criminals and lone actors who are targeting our computer networks, stealing trade secrets from American companies and violating the privacy of the American people.
The president’s executive order builds on and reinforces these high-level policy goals. “The proper functioning of government requires the public’s trust,” it reads, “and to maintain that trust the government must strive to uphold the highest standards for collecting, maintaining, and using personal data. Privacy has been at the heart of our government from its inception, and we need it now more than ever.”
However, the speed of technological innovation and the increasingly global marketplace “require that we find even more effective and innovative ways to improve the government’s efforts” in managing privacy, the president writes. And they “demand leadership and enhanced coordination and collaboration among a diverse group of stakeholders and experts.”
Thus, the details of the executive order. It dictates that, within 120 days, Donovan, the director of OMB, will issue a new policy on the role of senior agency officials for privacy (SAOPs, for short). Then, each government agency head will designate (or re-designate) a new SAOP “with the experience and skills necessary to manage an agency-wide privacy program.”
Finally, there is the Federal Privacy Council, which the executive order formally establishes, with the deputy director for management of the OMB as its chair (Andrew Mayock was nominated for the post in December, but doesn't appear to have been confirmed yet). The members of the council will be the SAOPs from 24 separate government agencies, including everyone from the Department of Homeland Security to the National Science Foundation and the Environmental Protection Agency. These members will be tasked with three essential duties:
- Develop recommendations for federal privacy policies.
- Coordinate best practices and share ideas.
- Recommend plans for hiring, training, and providing professional development for federal employees in the privacy arena.
The Privacy Council will also coordinate closely with the Federal Chief Information Officers Council, along with other councils and groups, like the Chief Financial Officers Council, the Domestic Policy Council, and many others.
Karen Neuman, chief privacy officer at the Department of Homeland Security, and thus likely her agency’s SAOP, will be among the first group to sit on the Federal Privacy Council. In an interview with The Privacy Advisor, she praised the efforts of OMB Senior Advisor for Privacy Marc Groman, CIPP/US, along with her Deputy CPO at DHS, Jonathan Cantor, CIPP/US, CIPP/G, in getting the council established and framing its structure and goals. Groman, especially, she said, has “accomplished a lot” in his short time since re-joining the federal government after his time heading up the Network Advertising Initiative, which followed his role as CPO of the Federal Trade Commission and a number of other federal roles.
“One of the biggest accomplishments,” she said, “is that [the privacy council] really elevates the privacy enterprise throughout the federal government in a manner that’s consistent and allows privacy professionals to engage with leadership in a way that’s really necessary. … They need to be forward thinking about how they’re going to address privacy and really be innovative in the way that they do so. The council is a logical way to accomplish that.”
Neuman said she’s looking forward to sharing best practices and standardizing the way each agency attacks the many privacy issues they face on a daily basis, “even at the level of hiring accomplished and qualified privacy professionals and getting agency buy in.”
Most importantly, Neuman said, “this council will enable the federal privacy enterprise to enter the modern age. The federal government is operating under the auspices of some very old privacy law and interpretations of that law. … Technology is moving at lightning speed, and the way that people interact with that is moving equally fast, and the law just can’t keep up. The council will be well positioned on how to weigh in on bringing those laws into the modern age and allowing privacy professionals to be agile in how they respond. That’s one of the most crucial benefits of this council.”
Quite simply, she said, Groman’s “accomplishment is tremendous. This is a huge, huge achievement. Don’t bury that lede.”
photo credit: HarshLight via photopin cc