Privacy on the state side

The National Association of State Chief Information Officers earlier this month released a guide to help state officials deal with common privacy challenges.

The guide, "Information Privacy: A Spotlight on Key Issues," focuses on the most common information held by states, including information on children, drivers, education and health. It also highlights the issues that must be taken into consideration for Web site privacy policies and government data matching and sharing.

This document is important because, in many cases, CIOs effectively serve as chief privacy officers, said Stuart McKee, chairman of the association's Privacy Committee and CIO for the state of Washington.

"It seemed like the right step for us to take, to get a comprehensive handle on privacy legislation," he said. "It really gives people a sense of the magnitude of privacy laws and concerns, and that really hadn't been done before."

Privacy has become a hot issue in the past few years because of the amount of personal data handled and stored in information systems.

Studies performed in the past year have found that for new systems and online services, privacy and security are considered as important as convenience, said Ari Schwartz, associate director of the Center for Democracy and Technology.

"Citizens expect that governments will take all three into account and won't just focus on one," Schwartz said. "A lot of the IT folks we speak to want to do the right thing, but they don't know how to do that; this [guide] takes away the excuses."

The rise of new systems to hold and sort information related to homeland security has also raised the level of privacy awareness, and that reaches even further, initiating concerns within the business community and from private citizens, said Bardon "Buzz" Blizzard, a senior director at Computer Sciences Corp. He spoke at a meeting of the Homeland Security Leadership Alliance this month in Baltimore.

Given that environment, agencies must address the fact that concerns about privacy are just as often about perception as they are about reality, McKee said.

"Our perception of privacy is evolving, and one of the challenges we face is education and dialogue that has to occur around privacy," he said.

That doesn't only mean educating the public, but also educating officials within both the executive and legislative branches of state governments. During the next year, NASCIO's Privacy Committee plans to build on the guide by focusing on education and trying to create a common understanding so every person at every level is at least using the same set of definitions when they're talking about privacy, McKee said.

Standard definitions are clearly absent, even within a single organization, and developing a common language is an obvious but important first step, Blizzard said.