Page Content | Main Menu | Section Menu | Support Us | Contact Us
Center for Democracy and Technology
Working for Democratic Values in a Digital Age
Support CDT
Contact Us
PolicyBeta - Digital Policy in Process
This Section
« White House Probably Violated Federal Records Act in Lost E-Mails
FTC Takes On Sanford Wallace… Again »

OMB Continues Progress on Privacy

January 22nd, 2008 by Ari Schwartz

The Office of Management and Budget has been quietly ramping up its privacy requirements. Since the security scare of having a Veteran Affairs laptop containing the personal information of 26.5 million veteran and active-duty military stolen was resolved, OMB has offered no less than six memos related to privacy:

M-07-19, FY 2007 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 25, 2007) (43 pages, 251 kb);

M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007) (22 pages, 228 kb);

Recommendations for Identity Theft Related Data Breach Notification (September 20, 2006) (12 pages, 1,903 kb);

M-06-20, FY 2006 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (July 17, 2006) (42 pages, 301 kb);

M-06-19, Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments (July 12, 2006) (2 pages, 41 kb);

M-06-15, Safeguarding Personally Identifiable Information (May 22, 2006) (2 pages, 50 kb).

And on Friday they issued an eighth memo:

M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (January 18, 2008). Among other things, this guidance requires agencies to report on privacy issues including those that are not covered by the Privacy Act.

While this is a positive step and shows that OMB is indeed beginning to show real leadership on privacy issues (in contrast to GAO’s June 2003 report entitled Privacy Act: OMB Leadership Needed to Improve Agency Compliance), CDT is still urging OMB to move forward, including efforts toward best practices for privacy impact assessments (PIAs) as we explained in our recent testimony on E-Government Act Reauthorization in front of the Senate Homeland Security and Government Affairs Committee. OMB has been supportive of the passage of this legislation, but could move forward with best practices even without it.

This entry was posted on Tuesday, January 22nd, 2008 at 12:44 pm and is filed under CDT, Security & Freedom. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Archives
 
About the Blog

    PolicyBeta is a forum for CDT experts to discuss news and developments in the technology policy arena. Visitors are encouraged to comment on the blog or email the authors.

    Our goal with PolicyBeta is to foster thoughtful discussion regarding technology policy as it relates to civil liberties and democratic values. While we encourage comments, we must insist that they be focused, relevant and written in a tone that is respectful of other posters. For more information, please feel free to contact PolicyBeta editor Brock Meeks.

    Check the main CDT site for complete, up-to-date information on CDT initiatives and activities.

 
Search Blog
 
Blogroll
 
Meta
 
 
       Top
Privacy Policy | Feedback