By Sam Pfeifle
Publications Director

Much has been made of Nicole Wong’s appointment to work on privacy matters in the White House under U.S. CTO Todd Park, but there’s another privacy pro in the White House who actually has “privacy” in his title: Ari Schwartz, Director for Cybersecurity Privacy, Civil Liberties and Policy, National Security Staff, who started in the job this past month. (And, actually, there is another with privacy in his title in the White House: R. David Edelman, Senior Advisor for Internet, Innovation, and Privacy.)

Serving under Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, Schwartz is on something of a parallel track to Wong’s. While Wong works on a wide range of privacy issues, similar to the role that Danny Weitzner played while in the White House, “I’m much more focused on the security space,” Schwartz said in an interview with The Privacy Advisor, “working directly with the security agencies and the security staff.”

Private industry, too. Schwartz said public outreach is an integral part of his position. “They can approach me,” he said of private-industry CPOs. “If they have good ideas in the space, we definitely want to hear them.”

There are a lot of security standards out there; when a new problem comes up, and it gets solved, security ends up with a technical standard really quickly. You don’t see that in privacy.

Ari Schwartz

In fact, that’s part of why he got the job in the first place. “I used to go to the IAPP meetings when there were 200 people in the room,” he said of his privacy background, which has included recent stops at NIST and the Center for Democracy & Technology. “So the fact that people in the IAPP know me means that [my position] will be more high profile in that way, and Michael Daniel understood that when they asked me to come and take it.”

Maybe you’d like to chime in on the cybersecurity bill for which a draft proposal is circulating (see accompanying story). The bill is part of a line of work that began with the cybersecurity initiative announced in 2009 by President Obama that also created Schwartz’ position. Schwartz’s previous work with NIST as part of the Internet Policy Taskforce also played a major role in the public policy formulation in this area.

“We spent a lot of time over the last few years on the legislative side,” said Schwartz, “particularly around information sharing. Even in my short time here, I’ve been on information sharing: How do you go about making sure that PII is not mixed up in what is being shared with the government, and to private sector agencies, and between two government agencies when it’s not needed to figure out what the problem is? That is a key point.”

Schwartz also highlighted one of the key discussions held by the Privacy and Civil Liberties Oversight Board in last week’s public meeting: Is government oversight easier when the PII stays in the hands of private firms rather than government intelligence agencies? “And looking at privacy laws,” he said, “as we do liability protection for companies that do want to share some information, how do we do that in a way that still considers privacy … [and] have a discussion about how that can work in a way that helps share information without impinging on privacy.”

Not surprisingly, he sees frequent collaboration with the PCLOB in his future. “If you look at the cybersecurity legislation,” he noted, “in the administration’s first draft from May 2011, we call for the PCLOB to be part of the review process, and moving forward, the PCLOB will be very busy. We’re hoping they work on some of the direct cybersecurity pieces as well.”

For example, Schwartz said he’s looking closely at DDoS and botnet attacks. “One thing we’ve heard is that the entire Internet ecosystem should be working on botnet attacks,” he said, “and that means going to some companies that might not think of themselves as one the front lines with botnets, and do that in a way that protects privacy and gives notice to individuals who had their computers taken over.”

Further, Schwartz said it’s incumbent upon CPOs to know what he’s talking about when he talks about things like DDoS attacks and botnets. “Having people who are technically astute on your staff and having technical understanding is very helpful” for CPOs, he said. Maybe even make sure you’ve got an IT person dedicated to your privacy staff. At the very least, he said, liaising with the data security staff is crucial.

“There are some things that privacy could learn from the security world,” he said. “For instance, security uses standards a lot better than privacy. There are a lot of security standards out there; when a new problem comes up, and it gets solved, security ends up with a technical standard really quickly. You don’t see that in privacy.”

However, he said, “privacy has the principles laid out really well, as everyone who’s taken the CIPP knows well … I think this framework that NIST is putting together will help develop those principles a lot more clearly.

“I hope there is learning back and forth on both sides, and we can make both better.”

Read More By Sam Pfeifle:
Harris To Step Down at CDT, Looks To Continue Global Growth, Legislative Progress
First PCLOB Meeting’s Ideas for USA PATRIOT Act; FISA Improvements May Affect Interaction with Private Industry
The Future of Data Dealer Is in the Balance
How UI and UX can KO privacy


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»