CDT Seeks New Federal Privacy Framework

Closely following many of the recommendations of the federally appointed Information Security and Privacy Advisory Board, the Center for Democracy and Technology calls for a federal privacy czar, data mining restrictions and standardized privacy notices.

The Center for Democracy and Technology proposed May 28 a "sweeping new federal privacy framework designed to respond to the realities of the digital age," according to its news release. The changes closely follow the recommendations of the federally appointed Information Security and Privacy Advisory Board calling for an update to federal privacy standards in light of technological advances.

The CDT wants the creation of a federal privacy czar in addition to "significant amendments" to the Privacy Act of 1974 and the E-Government Act of 2002. The changes would create "systemic improvements in governmental privacy leadership ... and other technology-specific policy rules limiting how the government collects and uses personally identifiable information."
"The Privacy Act has held up well over the past 35 years," CDT Vice President Ari Schwartz said in the release. "We are suggesting changes to ensure that it can last another 35 despite the strains that are showing from the advent of a range of new technologies that threaten to undermine the basis of the protections that have been put in place."

Are Gmail, Google Apps and Picasa secure? Click here to read about a privacy group's petition to have the FTC investigate.

In addition to creating a federal chief privacy officer, both the CDT and ISPAB are urging the White House and lawmakers to install chief privacy officers at all major federal agencies, keep a tight rein on data mining techniques, and strengthen and standardize privacy notices, including "privacy impact assessments."
"Because they must collect and use so much personal information, government agencies face unique privacy challenges," Schwartz said. "But government also has a unique opportunity to lead by example, by establishing strong, consistent rules that protect citizens without harming the government's ability to operate."
ISPAB was originally created by the Computer Security Act of 1987 as the Computer System Security and Privacy Advisory Board. ISPAB's authority does not extend to private sector systems or federal systems which process classified information.
In a report released May 27, ISPAB said, "Current law and policy do not reflect the realities of current technologies and do not protect against many important threats to privacy."
The CDT also is encouraging public participation in the process that will eventually lead to a proposed privacy overhaul bill, including opening a wiki that "allows anyone to read any part of the bill, change the language, provide feedback or simply open a discussion on any provision of the bill. CDT will edit and moderate this open process," it said in the release.
"For the first time the private process of drafting legislation by Washington 'insiders' will be opened to the public for inspection and comment before that legislation is submitted to Congress," stated the CDT.