Challenging conventional wisdom

It's not privacy vs. security, says DHS privacy czar

Nuala O'Connor Kelly bio at DHS

An understanding husband, two dogs with no sense of respect for titles and a new membership at a downtown gym. These are things Nuala O'Connor Kelly hopes will relieve the pressure that comes with overseeing protection of individual privacy at the Homeland Security Department.

The job of chief privacy officer at the newly created agency is one that comes with plenty of potential pitfalls, many of which extend from the debate currently raging over the Transportation Security Administration's passenger screening plans and the concerns over the numerous systems coming online to consolidate information across the 22 agencies that are now part of the department. When the topics of homeland security and privacy intersect, a debate is almost guaranteed.

O'Connor Kelly is certainly familiar with such challenges. Much of the respect that helped get her the job came from helping define and defend the privacy policy at DoubleClick Inc. after critics assailed the national Web firm for wanting to use personal information to guide its marketing and advertising services.

"There are very few people who could do this job effectively," said Ari Schwartz, associate director of the Center for Democracy and Technology in Washington, D.C. "She, in fact, may be the only one."

For O'Connor Kelly, this is not about gaining a higher profile — and it is certainly not about getting a bigger office. She occupies one of many windowless cubicles in a government building at L'Enfant Plaza in downtown Washington, D.C. For her, as for so many at DHS, "This is personal."

"I've wanted this position since it was a twinkle in the president's eye," she said, pointing to a framed copy of the New York Times that is immediately recognizable as the cover of the Sept. 12, 2001, issue, and is only one of many personal photos and items lining the walls of her cubicle.

At the time of the attacks, she was living in New York City, but she was born in Northern Ireland, where she witnessed the impact of terrorism and counterterrorism on the lives of the people there. She wanted to be involved in achieving not only physical safety for U.S. citizens, but also personal safety, which means protecting both the tangible and intangible aspects of a citizen's well-being.

"I like to really challenge the conventional wisdom that [says it's] either privacy or security," she said.

Much of her family is still in New York, and "having folks out in the real world, out past the Beltway, is a really good way to keep yourself grounded," she said. She also escapes from the office by spending time with her two Labrador retrievers — a love she shares with DHS Secretary Tom Ridge, who has three.

At the same time, "it's hard to put [the job] down at the end of the day," she said. "It's a life-changing opportunity for all of us, and that's what keeps us going" through long hours, political push and pull, and the need to schedule "dates" with her husband in order to see him some weeks.

"I've had to develop some more positive coping mechanisms," she said, admitting that this is where the new gym comes in. "I am trying to remember to keep a little bit of sanity."

O'Connor Kelly's job at DHS is the first chief privacy officer position to be created by law. Members of the Bush administration, Congress and the private sector shaped it. Her responsibilities stretch from education and oversight inside the department to communication and collaboration with the private sector and the public, which leaves very little in the way of free time. She keeps a copy of the section outlining her responsibilities under both the Homeland Security Act of 2002 and the E-Government Act of 2002 taped to the wall above her desk.

The chief information officer's staff generally develops privacy impact assessments for new systems, and the program management staff ensures Freedom of Information Act and Privacy Act compliance. "Having these two processes intertwine in my office means we have the cross-functional dialogue," she said. "I see [the internal oversight] as a much more proactive effort, trying to help people ward off problems before they really become problems."

O'Conner Kelly may not deserve all the credit for the change in the privacy notice for TSA's Computer Assisted Passenger Prescreening System (CAPPS) II from an unintelligible document to one that can be read and used to find answers to personal questions by nearly anyone, Schwartz said. But he added that there is no way to deny the drastic improvement in the department's communication on privacy issues since she arrived.

Educating other agencies on privacy issues is not part of her job, but coordinating with them, particularly the Federal Aviation Administration and the Justice Department, is a must. This is because of the importance of the information that passes back and forth everyday in order to keep the homeland security mission on track.

The interagency privacy group that the Office of Management and Budget recently restarted is central to this effort because it allows all of the privacy officials across the government to get together to share ideas and problems and form personal relationships, O'Connor Kelly said. She used the example of the relationship she has with Zoe Strickland, the chief privacy officer at the U.S. Postal Service.

OMB officials themselves, including Dan Chenok, branch chief for information policy and technology at OMB, and Eva Kleederman, the lead privacy analyst working under Chenok, "have been a tremendous help," O'Connor Kelly said. But she is also well aware that her position is seen as a test case and a model, and other senior privacy officials are keeping a careful eye on how well she fares as they attempt to raise their profiles and positions within their agencies.

When it comes to external communication, technology both helps and confuses the issue. O'Connor Kelly and another staff member have access to the privacy@dhs.gov e-mail account, which, she says, gets "tons" of messages each day. Messages range from technical questions from lawyers to personal comments and complaints from people around the country.

Before, in the all-paper world, queries were limited to a select few. E-mail has largely removed that barrier. But with so many different kinds of questions, many of them necessitate individual responses, which is a time-consuming process.

With two wireless phones, a beeper and a personal digital assistant, O'Connor Kelly can attest to the fact that "an outgrowth of increasing technology and increasing access is that you're going to have more feedback."

Many agencies are struggling with this volume, and O'Connor Kelly said her experience in the private sector has helped with handling that volume and range of messages. However, her office is also trying to set up an automated response on the general e-mail address so that people know someone received their message, at the very least, she said.

***

The Nuala O'Connor Kelly file

Title: Chief privacy officer, Homeland Security Department

Appointed: April 16, 2003

Born in: Belfast, Northern Ireland

Now lives in: Arlington, Va., with her husband and a pair of 2-year-old Labrador retrievers.

Other government jobs: Chief privacy officer, chief counsel for technology and deputy director of the Office of Policy and Strategic Planning at the Commerce Department.

Private-sector experience: Vice president of data protection and chief privacy officer for emerging technologies at DoubleClick Inc. Previously worked at several Washington, D.C., law firms.

Quote: "No matter what I do during the day, I have to come home and clean up after the dogs."

NEXT STORY: Post office has new pay system