Congress Daily reports that the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board has sent a letter (pdf) to Peter Orszag, director of the Office of Management and Budget, calling for an overhaul of federal privacy laws and regulations, including the Privacy Act of 1974.
In the letter, the Board explains:
Attached to this letter is a Board report that analyzes issues and makes recommendations around updating privacy law and policy in light of technological change. The Privacy Act of 1974 is the basis for much of the legal and policy framework by which the U.S. Government handles personal information. At the same time, vast changes in technology since 1974 have transformed how Federal agencies collect, use, and distribute information in major ways. While the fundamentals of the Act—the principles of fair information practices—remain relevant and current, the letter of the Act and related law and policy may not reflect the realities of current technologies and information systems and do not protect against many important threats to privacy. Moreover, new technologies, not covered by the Act, are generating new questions and concerns; and government use of private-sector databases now allows the collection and use of detailed personal information with little privacy protection.
The recommendations “to create a new framework to protect privacy” are:
Amendments to the Privacy Act of 1974 and Section 208 of the E‐Government Act of 2002 are needed to:
- Improve Government privacy notices;
- Update the definition of System of Records to cover relational and distributed systems based on government use, not holding, of records.
- Clearly cover commercial data sources under both the Privacy Act and the E‐Government Act.
Government leadership on privacy must be improved.
- OMB should hire a full‐time Chief Privacy Officer with resources.
- Privacy Act Guidance from OMB must be regularly updated.
- Chief Privacy Officers should be hired at all “CFO agencies.”
- A Chief Privacy Officers’ Council should be developed.
- OMB should issue privacy guidance on agency use of location information.
- OMB should work with US‐CERT to create interagency information on data loss across the government
- There should be public reporting on use of Social Security Numbers