The Privacy Czars

Corporations have been rushing to create a new executive position: "chief privacy officer." They're awash in a flood of privacy concerns from customers who worry whether their personal information is being trafficked over the Internet. Few governments have created such a position, but some now are starting to follow in those corporate footsteps.
by | July 2001
 

Corporations have been rushing to create a new executive position: "chief privacy officer." They're awash in a flood of privacy concerns from customers who worry whether their personal information is being trafficked over the Internet. Few governments have created such a position, but some now are starting to follow in those corporate footsteps.

Certainly the subject of the privacy of online government records is a hotly debated issue in state and local government. As it has become easier to get all kinds of information online, there has been a growing outcry from citizens who fear, rightly or not, that the personal information they must submit to their governments is vulnerable. Governments have been trying to quell those fears with legislation and executive orders, privacy policies posted on their Web portals and now, in some cases, the creation of a whole new position.

TEAM APPROACH

Florida will have a new privacy cop any day now, if one has not been named already. The legislature passed a law at the end of May that creates the new CPO position, effective July 1. His or her job will be to do privacy audits, make policy recommendations to the legislature and review data-sharing or the sale of state data to outside parties.

A task force on privacy and technology that first met last August, and whose members were appointed by Governor Jeb Bush, recommended that the state create the position. "The task force recognized that government is unique," says Hayden Dempsey, deputy general counsel in the governor's office. "It can actually compel its own citizens to provide it with information." But the state doesn't own the information, he points out, and must make certain that it is adequately protected. To that end, privacy policies are posted on state agency Web pages.

Iowa hasn't limited itself to a chief privacy officer. It also has a security officer, an integrity officer and an accuracy officer, although that is not what they are called. "People say you need a chief privacy officer," says Iowa CIO Richard Varn. "I say you need a team of people."

THE REAL PRIVACY CZARS

Washington State is more typical of the way most states are approaching the issue. The state has no chief privacy officer and isn't planning to appoint one. But in April, Governor Gary Locke issued an executive order requiring all agencies to display privacy policies on their Web sites and to keep sensitive personal information, such as Social Security numbers, out of online databases that can be trolled by those wishing to create havoc.

Up to 90 percent of Washington's Web sites already had privacy policies posted, and the rest must now do the same. The privacy notice on the state's home page at access.wa.gov, for instance, says that the site automatically collects and stores certain information about the user, including the browser and operating system being used, the date and time of the visit to the site, the Web pages or services accessed, and the Web site visited prior to arriving at the site. But the notice also says that the information is used to improve content and that no attempt is made to link Web traffic logs with individuals who browse Washington's Web site.

Former Washington CIO Steve Kolodney says he would be surprised if many states end up appointing full-fledged chief privacy officers. State government is a different world from that of the private sector, he points out. "We have privacy officers," says Kolodney, now a vice president with American Management Systems. "They're called the legislature. They take on public policy issues of concern."

Varn agrees with Kolodney that although a state may name someone a chief privacy officer, it must be the governor, the legislature and the courts that make privacy policies. What the Iowa privacy officer-- a position now held by Tom Shepherd--does is raise issues of privacy when the state engages in projects that could potentially compromise it.

LEGISLATIVE RESISTANCE

Other states are bumping up against opposition to privacy officers or state privacy offices from businesses that want as much access as possible to state data. This has made it hard for lawmakers who support privacy efforts to make legislative headway.

There was an effort in New Hampshire to create a state office of privacy in the Department of Administrative Services. The office's mission would have been to make sure state information on individuals is secure and private, "for those of us concerned about Big Brother and Big Government," says Representative Neal Kurk, chairman of the House Finance Committee and one of the bill's sponsors. The bill was shot down in committee.

But more and more states are considering new laws, policies and positions on privacy. "The time to begin looking at privacy issues is now," says Dempsey. "It's important for the state to act responsibly with information it has received from its citizens."

Join the Discussion

After you comment, click Post. You can enter an anonymous Display Name or connect to a social profile.

More from Tech Talk