WILLIAMSBURG, Va. -- The CIO Council is formally addressing privacy issues — much the same way it looks at enterprise architecture, best practices and workforce challenges.
In May, the council created the Privacy Committee, headed by Karen Evans, the Office of Management and Budget’s administrator for e-government and information technology and director of the CIO Council, and Ken Mortensen, the Justice Department’s acting chief privacy and civil liberties officer. The committee’s purpose is to discuss privacy issues related to governance, policy and security.
“We wanted to have an agency help lead the committee that has a privacy officer beyond” the chief information officer, Evans said after a panel discussion on security and privacy at the 17th annual Executive Leadership Conference, sponsored by the Industry Advisory Council. “Justice forcibly volunteered. Ken makes sure we don’t just look at the strict definitions of privacy laws but ensures we look at it from a practical standpoint, too.”
Mortensen said he believes there is a conflict when the CIO is also the privacy officer. He said the two jobs are different because CIOs try to manage and make information flow, while privacy officers must make sure information is kept private.
The Bush administration didn’t always support keeping the two functions separate. In early fiscal 2005, Rep. Tom Davis (R-Va.) introduced a provision repealing or modifying language in an appropriations bill that called for separate privacy officers. The administration watered down a similar provision in the Intelligence Reform and Terrorism Prevention Act.
Mortensen said some of the concern revolved around adding another layer of bureaucracy where it might not be needed. But he said there has been solid support at Justice for his position.
The recent attention to privacy is one reason the CIO Council formalized the committee.
Mortensen said the committee's most recent meeting discussed the Implementing Recommendations of the 9/11 Commission Act’s privacy requirements and how agencies could comply with them.
Digg
De.licio.us
Slashdot
Technorati
