Florida wants a privacy watchdog to protect citizens and information

The state of Florida is taking a cue from corporations including IBM Corp.,American Express Co. and Microsoft Corp. in creating the position of chiefprivacy officer to oversee privacy policies and practices.

Florida Gov. Jeb Bush, endorsing recommendations from the state's newTask Force on Privacy and Technology (search for "task force" at www.myflorida.com),supports the plan for a state chief privacy officer as well as state agencyprivacy audits.

State officials believe they are the first to consider creating a positionto deal exclusively with privacy. The bill is pending before the state legislature.

As government at all levels moves online, the traditional focus fromthe business world on customer relationship management has inevitably turnedto one of constituent relationship management.

"This task force was created last year to examine how best to createa balance between our open government and the privacy concerns of our citizens,"said Marc Slager, executive director of the task force. "Access is suchan important issue, but [at the same time] technology has allowed for peopleto use information for the wrong reasons, and we feel we need someone towatch over those competing issues."

In its recommendations to Bush, the task force cited "disparate practicesamong various governmental entities" as a key reason behind efforts to betterunderstand the status of what sensitive personal information Florida collects,uses and sells.

"It is vitally important that the state develop a better sense of thisinformation so that it can ensure the public that its policies reflect aproper balance between open government and the legitimate privacy interestsof Florida's citizens," the task force wrote.

In addition to analyzing state agency audits, the state CPO would makepolicy recommendations to the legislature and keep an eye on data sharing/sale contracts between the state and third parties, according to the taskforce.

Although Florida's move may be seen as a tactic for states to pre-emptfederal privacy legislation that may or may not come down from Capitol Hillthis year, Slager said that this is not the case.

"Honestly, it never was at the point where we said that we have to dosomething to strike first or pre-empt anything the Congress might pass.We looked at the issue as a problem that we as a state have to work through,"Slager said. "In fact, we're hoping Congress will actually work with usto do that."

Not all states think a CPO is necessary in the struggle to balance increasinglyopen and accessible government with the privacy concerns of its citizens.

Steve Akridge, Georgia's chief information security officer, said thatalthough his state does not have a CPO position, nor does it plan to createone, it has tackled the issue of privacy in a number of different ways.Efforts include state legislation restricting the disclosure of personalpublic records to unauthorized persons.

"The privacy issue is fundamental to each and every one of us here,"Akridge said. "We should all be shouldering the issue to a certain extent.This is not a new issue here, but rather one that we as a country have wrestledwith for many years. What's important is that we explore the issue, theoptions and try to understand how best to work through it."

Rich Varn, Iowa's CIO, said he has a CPO of sorts working for him, thoughin Iowa that position is shared between the state's chief security officer,the director of digital government and the director of the Office of InformationTechnology Management. "You can't look at privacy without looking at security,and you can't look at security without looking at access, and we chooseto look at all three together," Varn said.

Ari Schwartz, senior policy analyst for the Center for Democracy andTechnology (www.cdt.org), said that although federal privacy legislationwould regulate both public- and private-sector entities, a state CPO wouldfocus largely on public-sector concerns. One wouldn't pre-empt the other.

"The state CPO positions are important to moving forward," Schwartzsaid. "These officials would have their hands full because the state publicrecords are often more sensitive and have not been looked at as closelyas federal public records."

The result, Schwartz said, is that states' efforts to create their ownprivacy laws or CPOs are more of "a cry of "Let's get privacy at the governmentsector taken care of before we tackle the commercial sector.' "

Deborah Pierce, staff attorney at the Electronic Frontier Foundation(www.eff.org), said that audits and a CPO are a logical place to start becausea lot of people don't know what the state of government business might be."The state CPO could be good if it turns out to be a trend, because if theCPO is empowered, they might really be able to make a difference throughsuch state agency audits," Pierce said.