White House plots privacy updates for 2016
OMB's privacy adviser hopes to advance on a number of documents, guidance and councils to bolster privacy efforts before a new administration takes office.
Marc Groman, who advises the White House on privacy issues, is focusing on delivering fundamental changes to privacy policy in government operations, including IT, in the next 11 months before President Barack Obama leaves office.
"Privacy is not a subset of cybersecurity or IT," said Groman, senior adviser for privacy at the Office of Management and Budget, during a Department of Homeland Security Data Privacy and Integrity Advisory Committee presentation on Feb. 8. "It has to move with those, but it needs its own council."
He was referring to the Federal Privacy Council, which was announced in December 2015 by OMB Director Shaun Donovan. It will be modeled on the CIO Council and will seek to bolster privacy best practices and operations in the federal government.
The council will also try to capitalize on individual agencies' advances in privacy policy, transform those strategies from reactive to proactive and "professionalize" privacy roles in the federal government, Groman said.
"We want to shift from an environment of one-time compliance to one of ongoing risk-based" management that incorporates continuous reevaluation of privacy plans, he added.
Groman said a fundamental component of that shift is the overhaul of the A-130 document, the foundational text for all federal information policy. In October 2015, OMB issued a draft of the first A-130 revision in 15 years. Revisions are still in progress, but he said the overhaul will result in some significant privacy guidance from OMB.
In addition, OMB officials want to update documents related to cybersecurity incident response to protect personally identifiable information. Groman said he is working on guidance for responding to privacy exposures and what agencies should look for in a chief privacy officer.
A recent posting for a chief privacy officer at the Office of Personnel Management, which suffered a breach of more than 22 million records in 2015, notes that the job duties span providing legal advice, interacting with the CIO's office on IT system risk and representing the OPM director to industry stakeholders, other federal agencies and the public on issues of privacy.