Upload
arianna-hammond
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
““Reflections on the White HouseReflections on the White House Privacy Office” Privacy Office”
Peter P. SwirePeter P. SwireOhio State UniversityOhio State University
Center for American Progress Center for American Progress N.C. State Privacy DayN.C. State Privacy Day
January 29, 2008January 29, 2008
OverviewOverview
Privacy actions in the Bill Clinton yearsPrivacy actions in the Bill Clinton years Structure of the privacy officeStructure of the privacy office Possible reasons to care:Possible reasons to care:
Role of the CPORole of the CPO History of what happenedHistory of what happened Preview of what might happen?Preview of what might happen?
I. Clinton Administration Privacy I. Clinton Administration Privacy ActionsActions
Privacy hot buttons before I entered Privacy hot buttons before I entered government in 2/99:government in 2/99: Clipper Chip & encryptionClipper Chip & encryption CALEACALEA Know Your Customer (banking)Know Your Customer (banking)
Medical Privacy RuleMedical Privacy Rule
HIPAA in 1996HIPAA in 1996 Support for legislation through 8/99Support for legislation through 8/99 Proposed rule 10/99Proposed rule 10/99 52,000 comments by 2/0052,000 comments by 2/00 Final rule 12/00Final rule 12/00 Executive Order 12/00: limits on using Executive Order 12/00: limits on using
health oversight record for law health oversight record for law enforcementenforcement
Financial PrivacyFinancial Privacy
Clinton speech 5/99Clinton speech 5/99 House bill with half that 6/99House bill with half that 6/99 Significant Administration push for privacySignificant Administration push for privacy Gramm-Leach-Bliley 11/99Gramm-Leach-Bliley 11/99 Administration proposal for more, 4/00Administration proposal for more, 4/00 GLB regs 2000GLB regs 2000
Federal Government PrivacyFederal Government Privacy
6/99 OMB memorandum to post clear 6/99 OMB memorandum to post clear privacy policies on agency sitesprivacy policies on agency sites
6/00 OMB memorandum presumption 6/00 OMB memorandum presumption against cookies on federal sites & reports to against cookies on federal sites & reports to OMB on privacy in the budget processOMB on privacy in the budget process
12/00 OMB memorandum on agency data 12/00 OMB memorandum on agency data sharing, including push for privacy impact sharing, including push for privacy impact assessments (E-Gov Act 2002)assessments (E-Gov Act 2002)
Federal CIO Council privacy committeeFederal CIO Council privacy committee
Some other privacy actionsSome other privacy actions
Crypto policy change 9/99Crypto policy change 9/99 Genetic Discrimination E.O. 2/00Genetic Discrimination E.O. 2/00 NAS study on authentication and privacyNAS study on authentication and privacy Bankruptcy and privacy study 1/01: public Bankruptcy and privacy study 1/01: public
records and privacy issuerecords and privacy issue
Other privacy actionsOther privacy actions
Safe HarborSafe Harbor DoubleClick & Network Advertising Code DoubleClick & Network Advertising Code
6/006/00 SSN bill proposed 6/00, and fought Gregg SSN bill proposed 6/00, and fought Gregg
billbill Bill to update wiretap laws for the Internet, Bill to update wiretap laws for the Internet,
summer 2000; proposed higher standards summer 2000; proposed higher standards for trap-and-trace and email wiretaps for trap-and-trace and email wiretaps (Patriot Act 2001)(Patriot Act 2001)
II. The Privacy Office in the II. The Privacy Office in the U.S.U.S.
Chief Counselor for Privacy,Chief Counselor for Privacy, U.S. Office of Management and BudgetU.S. Office of Management and Budget Executive Office of the PresidentExecutive Office of the President Old Executive Office BuildingOld Executive Office Building
4 functions:4 functions: Government data handlingGovernment data handling ClearanceClearance Enforcement/OmbudsmanEnforcement/Ombudsman Bully PulpitBully Pulpit
Government Data HandlingGovernment Data Handling
Big advantage if in OMBBig advantage if in OMB ““Management”Management”
Office of Information & Technology PolicyOffice of Information & Technology Policy ““Budget”Budget” Can’t do that way in an independent Can’t do that way in an independent
agency – imagine a corporate CPO that agency – imagine a corporate CPO that was “outside” of the companywas “outside” of the company
ClearanceClearance
Testimony, legislative proposals cleared in Testimony, legislative proposals cleared in OMBOMB
Less formal statements also clearedLess formal statements also cleared Examples:Examples:
FIDNetFIDNet Money launderingMoney laundering New hire data base (information sharing)New hire data base (information sharing)
Can’t do as well in independent agencyCan’t do as well in independent agency
EnforcementEnforcement
Can’t do in OMBCan’t do in OMB HHS and financial agenciesHHS and financial agencies FTC for consumer protectionFTC for consumer protection Web seals & CPAs (expand scale)?Web seals & CPAs (expand scale)? Private rights of action?Private rights of action?
Bully pulpitBully pulpit Cons:Cons:
Fishbowl in White House therefore cautious about Fishbowl in White House therefore cautious about statementsstatements
Can’t comment on individual products or companiesCan’t comment on individual products or companies Pro: Pro:
Big impact if President or Cabinet speakBig impact if President or Cabinet speak Any White House official can raise the issue’s Any White House official can raise the issue’s
visibility & help on the Hillvisibility & help on the Hill Independent agency has more flexibilityIndependent agency has more flexibility
Ombudsman/InvestigatorOmbudsman/Investigator
No subpoena power at OMBNo subpoena power at OMB Limited ability to blow the whistle Limited ability to blow the whistle
externally to force change internallyexternally to force change internally W.H. Privacy & Civil Liberties BoardW.H. Privacy & Civil Liberties Board
Version 1Version 1 Version 2Version 2
What role for this beyond GAO, IGs, What role for this beyond GAO, IGs, Congress, and the press?Congress, and the press?
ConclusionConclusion Episodes of privacy activityEpisodes of privacy activity What might happen in a next What might happen in a next
Administration?Administration? Many issues could be open for revisiting, Many issues could be open for revisiting,
perhaps pretty soonNew Administration perhaps pretty soonNew Administration has made encouraging statements but we has made encouraging statements but we need to watch their actionsneed to watch their actions