On February 17, 2005, 42 privacy professionals from around the San Francisco Bay Area gathered at the TRUSTe-IAPP KnowledgeNet to hear Nuala O’Connor Kelly speak about establishing effective privacy policies and protocols within the U.S. Department of Homeland Security (DHS). Ms. O’Connor Kelly, who is the United States’ first congressionally appointed privacy officer, first took office in 2003. Her position reports directly to the Secretary of Homeland Security, Michael Chertoff.

O’Connor Kelly began by sharing how the DHS Privacy Office became the first statutorily required comprehensive privacy operation at any federal agency. The mission of the office is “to defend and protect the individual rights, liberties, and the information interests of our citizens, residents, and visitors,” and her position is appointed by the U.S. Secretary of Homeland Security.

In reporting directly and independently to Congress, O’Connor Kelly has oversight of privacy policy matters and information disclosure policy, including Section 222 of the Homeland Security Act of 2002, the Freedom of Information Act, the E-Government Act of 2002, the Privacy Act of 1974, as well as numerous federal laws (such as COPPA and HIPAA), executive orders, court decisions, and all DHS policies that protect the collection, use, and disclosure of personal and departmental information.

The protection of information privacy has been an integral part of the DHS’s security mission from the beginning. In addition to ensuring that appropriate access to or withholding of information is consistent with existing privacy laws, the Privacy Office is also statutorily required to evaluate all new technologies used by the department for their impact on personal privacy. Furthermore, the office is required to report to Congress on these matters as well as on complaints about possible privacy violations.

This triple mandate has provided the CPO and her staff of 400 with a number of politically charged issues to address on the world stage. Simultaneously, they must build comprehensive, effective policies and procedures that integrate privacy awareness and best practices throughout the 22 agencies (with 180,000 employees total) that make up the DHS.

One of the top challenges O’Connor Kelly faces regularly outside the United States involves “overcoming misperceptions about U.S. non-compatability with the information privacy protections afforded to individuals in other regions of the world.” Ongoing collaboration with groups such as the International Committee for Information Technology Standards, International Standards Organization, and privacy groups worldwide has been essential in the Privacy Office’s efforts to develop new privacy principles that will guide the government’s use of biometrics, data mining technologies, RFID, and other newly emerging technologies in supporting the war on terrorism.

Another important public policy issue that the DHS and the federal government as a whole now faces revolves around the sharing of personally identifiable information between public- and private-sector agencies. The department’s outreach efforts with private-sector groups have also led to the creation of the new Data Privacy and Integrity Advisory Committee, to be made up of diverse privacy and security experts who will advise the Secretary of Homeland Security and the CPO on various issues that affect individual privacy, data integrity, and data inoperability.

Ms. O’Connor Kelly concluded her remarks by highlighting the similar obstacles she and her team share with industry privacy professionals when striving to embed privacy as a universally recognized core value within the DHS. Her office has been successful in fostering a major paradigm shift at DHS -- from a “need to know” attitude to a “need to share responsibly” attitude.

Lorraine Carlson is CEO of Creative Capital Resources and Bay Area co-chair. 

 

Wiley Rein LLP