Volume 22 Number 22, December 2, 2002
(Excerpted From Page 3)
E-GOVERNMENT LAW BEEFS UP
U.S. PRIVACY, DISSEMINATION DUTIES
In its final week, Congress passed a little-noticed
law requiring federal agencies to
conduct privacy impact assessments (PIAs) before
developing or procuring information technology or initiating any
new collections of personally-identifiable information.
The E-Government Act of 2002, which President Bush
is expected to sign into law,
also requires agencies to post privacy notices on
their Web sites, detailing agency practices and individual rights.
While most agencies already post such notices because of a Clinton
administrative order, the new law will further require "machine-readable"
notices, such as those specified in the Platform for Privacy Preferences
(P3P) standards.
According to Ari Schwarz, of the Center for
Democracy and Technology (CDT), only a few federal agency Web sites
currently are P3P compliant, including the Federal Trade Commission,
the US Postal Service and portions of the Commerce Department.
Originally introduced by Sens. Joe Lieberman (D-CT)
and Conrad Burns (R-MT), a privacy impact assessment must address
what information is to be collected, why it is being
collected, the intended uses of the information,
with whom the information will be shared, what notice would be provided
to individuals and how the information will be secured. To the extent
practicable, privacy impact assessments must be
published. The Office of Management and Budget (OMB) will issue
guidelines for the assessments.
The new law should not be confused with a proposal
by Representative Bob Barr (R-GA) which did not pass that would
have required PIAs for new agency rules and regulations. That bill
passed the House but was never taken up by the Senate. CDT recommended
that OMB incorporate standards from the Barr bill into its guidance.
According to a CDT summary, other important
provisions in the bill include:
- Creation of an OMB Administrator of the Office
of E-Government (a compromise in response to a proposal for a
U.S. Chief Information Officer. The compromise basically codifies
OMB Associate Director Mark Forman's role, but should increase
Congressional oversight. (Sec. 101) develop an online tutorial
explaining how to access government information services and information
on the Internet. Sec. 213 (f).
- "To the extent practicable," requires agencies
to ensure that its Web sites include all information that it is
required to publish in the Federal Register, and to accept electronic
submissions in rulemaking proceedings. (Sec. 206).
- Authorizes an E-Government Fund with $45 million
in fiscal 2003, an amount that would increase to $150 million
by fiscal 2006, to fund innovative uses of the Internet and other
electronic methods by federal agencies. (Sec. 101)
- Mandates a (1) study panel on standards to enable
government data to be searched across agencies. (Sec. 207). (2)
A 3-year study of interoperability and the integrated collection
and management of data. Sec. 212. A OMB and Interior Dept. effort
to develop protocols for acquisition/application of geographic
data (GIS). (Sec 216)
- Requires OMB to develop and maintain a repository
that fully integrates information about research and development
funded by the federal government. (Sec. 207(g))
- Authorizes an IT exchange program under which
mid-level information technology managers of the federal government
can be detailed to work in the private sector for up to 2 years,
and private sector employees can be assigned to work in federal
agencies. (Sec. 209)
- Imposes new data security duties on agency heads,
increases OMB oversight, mandate annual independent audits of
agency computer security practices, and renames the Computer System
Security and Privacy Advisory Board (CSSPAB) as the Information
Security and Privacy Advisory Board.
- Establishes a very strict rule of confidentiality
for federal agency statistical data, which may prove to be especially
important as Zip Code and other data that is not strictly personal
becomes easier to use for personal profiling purposes. (Sec. 501-513)
- Requires the General Services Administration
to establish a framework to allow interoperability among federal
agencies when using electronic signatures (Sec. 203)
- Requires each federal court to establish a Web
site where the public could get court rules, decisions, docket
information and documents filed with the court in electronic format,
and, requires the Supreme Court to adopt rules to protect privacy
and security concerns relating to the electronic filing and availability
of documents. (Sec. 205)
For the text and legislative history, see http://thomas.loc.gov/cgi-bin/bdquery/z?d107:hr2458
|