150 likes | 275 Views
“Reflections on the White House Privacy Office” Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008. Overview. Privacy actions in the Bill Clinton years Structure of the privacy office Possible reasons to care: Role of the CPO
E N D
“Reflections on the White House Privacy Office”Peter P. SwireOhio State UniversityCenter for American Progress N.C. State Privacy DayJanuary 29, 2008
Overview • Privacy actions in the Bill Clinton years • Structure of the privacy office • Possible reasons to care: • Role of the CPO • History of what happened • Preview of what might happen?
I. Clinton Administration Privacy Actions • Privacy hot buttons before I entered government in 2/99: • Clipper Chip & encryption • CALEA • Know Your Customer (banking)
Medical Privacy Rule • HIPAA in 1996 • Support for legislation through 8/99 • Proposed rule 10/99 • 52,000 comments by 2/00 • Final rule 12/00 • Executive Order 12/00: limits on using health oversight record for law enforcement
Financial Privacy • Clinton speech 5/99 • House bill with half that 6/99 • Significant Administration push for privacy • Gramm-Leach-Bliley 11/99 • Administration proposal for more, 4/00 • GLB regs 2000
Federal Government Privacy • 6/99 OMB memorandum to post clear privacy policies on agency sites • 6/00 OMB memorandum presumption against cookies on federal sites & reports to OMB on privacy in the budget process • 12/00 OMB memorandum on agency data sharing, including push for privacy impact assessments (E-Gov Act 2002) • Federal CIO Council privacy committee
Some other privacy actions • Crypto policy change 9/99 • Genetic Discrimination E.O. 2/00 • NAS study on authentication and privacy • Bankruptcy and privacy study 1/01: public records and privacy issue
Other privacy actions • Safe Harbor • DoubleClick & Network Advertising Code 6/00 • SSN bill proposed 6/00, and fought Gregg bill • Bill to update wiretap laws for the Internet, summer 2000; proposed higher standards for trap-and-trace and email wiretaps (Patriot Act 2001)
II. The Privacy Office in the U.S. • Chief Counselor for Privacy, • U.S. Office of Management and Budget • Executive Office of the President • Old Executive Office Building • 4 functions: • Government data handling • Clearance • Enforcement/Ombudsman • Bully Pulpit
Government Data Handling • Big advantage if in OMB • “Management” • Office of Information & Technology Policy • “Budget” • Can’t do that way in an independent agency – imagine a corporate CPO that was “outside” of the company
Clearance • Testimony, legislative proposals cleared in OMB • Less formal statements also cleared • Examples: • FIDNet • Money laundering • New hire data base (information sharing) • Can’t do as well in independent agency
Enforcement • Can’t do in OMB • HHS and financial agencies • FTC for consumer protection • Web seals & CPAs (expand scale)? • Private rights of action?
Bully pulpit • Cons: • Fishbowl in White House therefore cautious about statements • Can’t comment on individual products or companies • Pro: • Big impact if President or Cabinet speak • Any White House official can raise the issue’s visibility & help on the Hill • Independent agency has more flexibility
Ombudsman/Investigator • No subpoena power at OMB • Limited ability to blow the whistle externally to force change internally • W.H. Privacy & Civil Liberties Board • Version 1 • Version 2 • What role for this beyond GAO, IGs, Congress, and the press?
Conclusion • Episodes of privacy activity • What might happen in a next Administration? • Many issues could be open for revisiting, perhaps pretty soonNewAdministration has made encouraging statements but we need to watch their actions