The Information Security and Privacy Advisory Board (the “Board”), known from the late 1980’s until 2002 as the Computer System Security and Privacy Advisory Board, has released its expected report with recommendations on updating privacy law and policy in light of technological advancements. The Board’s report, titled “Toward a 21st Century Framework for Federal Government Privacy Policy,” (PDF), makes several recommendations at the federal government level to address longstanding deficiencies in current practices, as follows:
- Amendments to the Privacy Act of 1974 and Section 208 of the E-Government Act of 2002 are needed to:
- Improve Government privacy notices
- Update the definition of System of Records to cover relational and distributed systems based on government use, not holding, of records
- Clearly cover commercial data sources under both the Privacy Act and the E-Government Act
- Government leadership on privacy must be improved
- OMB should hire a full‐time Chief Privacy Officer with resources
- Privacy Act Guidance from OMB must be regularly updated
- Chief Privacy Officers should be hired at all “CFO agencies”
- A Chief Privacy Officers’ Council should be developed
- Other changes in privacy policy are necessary
- OMB should update the federal government’s cookie policy
- OMB should issue privacy guidance on agency use of location information
- OMB should work with US-CERT to create interagency information on data loss across the government
- There should be public reporting on use of Social Security Numbers
Citing a lack of leadership from Congress, the failure to update federal laws and regulations, and the breakneck speed of technological evolution, the Board appeared critical that “only a few privacy leaders in key agencies have been empowered by their internal leadership to fill the policy vacuum.”
Whether this report will be the catalyst of sweeping privacy reform from the Obama administration that many have expected remains to be seen.