Archives

Approaches to Privacy Policy Enforcement - US Federal Departments & Agencies

Guided by privacy legislation and internal privacy policies, US federal government agencies and departments strive to protect citizens’ personal information and privacy rights. This article introduces the privacy practices of three federal departments: the US Census Bureau, the Internal Revenue Service (IRS) and the US Department of Defense.

US Census Bureau: Data Stewardship

The Census Bureau’s objective is to produce accurate, relevant statistics on US economy and population. It is legally and ethically obligated to protect the privacy and confidentiality of the individuals who offer their data. According to the Bureau’s mission statement, “We honor privacy, protect confidentiality, share our expertise globally, and conduct our work openly.” One of the Bureau’s strategic goals is to “Foster an environment that supports innovation, reduces respondent burden, and ensures individual privacy.” The approach that the Census Bureau takes to maintain the trust of US citizens is referred to as “Data Stewardship.”

Data stewardship is the formal process by which the Bureau remains responsible and accountable for data protection throughout the data lifecycle. This is the time which someone responds to a survey, all the way to the release of statistical data products. Each survey and program under the Census Bureau’s responsibility is required to comply with data stewardship policies at every step in the process.

There are three ways that the Bureau protects personal information:

  1. Federal Law – Federal law protects personal information. Title 13 of the US Code protects the confidentiality of all information provided to the Bureau. Violation of Title 13 results in severe penalties.
  2. Privacy Principles – In addition to federal legislation, the Bureau has developed its own set of privacy principles, which are guidelines for all its activities. Privacy principles include the Bureau’s responsibilities to protect personal information, as well as individuals’ rights as survey respondents.
  3. Statistics Safeguards – These include methods to ensure that statistics released by the Bureau do not identify individuals or businesses. All data products are extensively reviewed and analyzed. Disclosure avoidance methodologies (e.g. data suppression, data modification) are also applied.

IRS: Privacy Office

Like other federal agencies, the IRS is committed to protecting Americans’ privacy rights. It notes that individuals’ privacy rights are protected by the following:

  • Internal Revenue Code
  • Privacy Act of 1974
  • Freedom of Information Act
  • IRS policies and practices

In addition to adhering to the above, the IRS also has a Privacy Office, which ensures that personal information entrusted with the IRS is protected appropriately. The Office addresses questions regarding IRS privacy policies and concerns regarding how the IRS uses and collects personal information.

Department of Defense: Privacy Policy

The Department of Defense (DoD) provides a website as a public service by the Office of the Assistant Secretary of Defense – Public Affairs. Like other websites, there are options for individuals to offer the DoD personal information and the DoD is responsible for treating this information appropriately. The Dod maintains a wide variety of physical, electronic and procedural safeguards to protect personal information from unauthorized disclosure or data breach.

According to the DoD’s website Privacy Act Statement:

“If you choose to provide us with personal information… we will only use that information to respond to your message or request. We will only share the information you give us with another government agency if your inquiry relates to that agency, or as otherwise required by law. We never create individual profiles or give it to any private organizations. Defense.gov never collects information for commercial marketing.”

Summary

This article takes a look at approaches to privacy protection at various agencies of the US federal government: the US Census Bureau, the Internal Revenue Service (IRS) and the US Department of Defense (DoD). Each department or agency is guided by federal privacy legislation, as well as internal policies and practices.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/US Government (CIPP/G) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Privacy Policy Enforcement – Sample Approaches (II.A.e.ii.)
Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>