As part of the Bush administration's security strategy, spearheaded by the PCIPB's Richard Clarke, a federal "privacy czar would vet all government data gathering and security initiatives for potential privacy problems.
Eager to head off criticism from privacy advocates and users over the expanded surveillance provisions in its forthcoming National Strategy for Securing Cyberspace, the Bush administration is expected to recommend appointing a federal "privacy czar" to act as watchdog. Chief among the czars duties would be to vet all government data gathering and security initiatives for potential privacy problems, according to a draft of the plan.
The draft plan, obtained by eWeek, also calls for the government to find a "flexible, nonregulatory" approach to encourage enterprises to improve their privacy protections and policies.
The chief privacy officer would work in the proposed Department of Homeland Security and would oversee a privacy advocate at each federal agency. The advocates would be responsible for facilitating an annual review of each agencys compliance.
The advocates and the federal CPO would work with a national advisory group to "ensure broad input into, and consideration of, privacy issues in implementing the national strategy to achieve solutions that protect privacy while enhancing network and host security," according to the plan.
"Its an important step to name a privacy officer," said Vince Schiavone, a member of the board of the International Association of Privacy Officers and president and CEO of ePrivacy Group, a privacy consulting company in Philadelphia, which counts the Federal Trade Commission and other government agencies among its clients. "The governments privacy efforts are sorely needed," said Schiavone, "in light of its surveillance proposals.
"To find the bad guys and the bad stuff amongst the good guys and the private stuff, they have to look at it all. It is a very real governmental privacy issue that needs to be thoughtfully and carefully monitored."
In addition to its own initiatives, the government is searching for ways to get private enterprises up to speed on privacy protections without new legislation. Privacy experts say that likely approaches range from enforcing existing laws to using the governments purchasing power to single out products that adhere to privacy requirements.