Agencies submit privacy plans

For the first time, agencies in their fiscal 2005 budget proposals have included privacy assessments of major systems with their business case submissions.Dan Chenok, the Office of Management and Budget’s branch chief for information, policy and technology, said the E-Government Act of 2002 requires agencies to analyze the potential impact on privacy of new IT or new collections of personal information. OMB expanded that mandate in a recent memorandum to agencies about implementing the law and required the details about new IT investments and all online information collections.“Last year we strongly recommended agencies perform privacy assessments, but we didn’t require them,” Chenok said last month at a breakfast meeting sponsored by Federal Sources Inc. of McLean, Va. “Not a whole lot of agencies did them. We are working with agencies this year to make sure they get done, because with any new requirement, there always is a need for extra assistance,” he said.Chenok said OMB will issue privacy guidance called for in the E-Government Act soon.Agencies included privacy reviews with their business case submissions for IT projects, which were due Sept. 8.Besides requiring privacy assessments, Chenok said, OMB focused more rigidly on making sure agency business cases outlined IT project performance metrics, risk mitigation strategies and cost-benefit analyses.“We want to make sure agencies are looking at all the alternatives before making a decision on a new project,” he said. “They should look at all the cost benefits of using commercial software, having the system custom built or using Web services to fulfill their requirements.”OMB also asked agencies for the first time to identify not just what they are spending on technology on the program level, but where in the agency’s overall budget does technology fit in, Chenok said.“In the past, we have been able to do this on an ad hoc basis, but we haven’t had a systematic view of how technology supports program and mission functions,” he said. “We had to build it by hand. We will have that much more systematically this year, and we will be able to use it to identify greater cross-agency opportunities.”Increasing the integration between technology and program performance and analysis is an important goal of OMB this year, Chenok said.Such integration also is a part of the larger budget exercise. OMB is working with members of congressional appropriations and authorizing committees as lawmakers finalize the 2004 budget, and will use this integration when negotiating for 2005 as well, Chenok said.OMB asked agencies to hold spending at the top line of the 2004 budget request when putting together their 2005 submissions, Chenok said.Next up, OMB will review IT security efforts; agencies had to submit their reports today. Chenok said the security information will let OMB see how close the government is to having 80 percent of all systems certified as secure by agency and private-sector experts.“We’ve seen progress with security, but we still have a long way to go,” he said. “The importance of security in overall programs and governmentwide is evident as we’ve seen by recent events.”