Officials call for privacy czar

Privacy officials urged lawmakers to legislate a chief privacy officer position at the Office of Management and Budget to oversee federal privacy issues.

Rather than mandating a privacy officer at every agency, as with the Homeland Security Department, Congress should establish the position at OMB and then examine agency by agency which ones might also need a mandated position, officials said.

"I urge you to create a statutory privacy officer at OMB, an office headed by the chief counselor for privacy," said Sally Katzen, a professor at the University of Michigan Law School and former policy official under the Clinton administration. "We had such an office and it served us well. It's unfortunate that the current administration has chosen not to fill that position."

Katzen was testifying Feb. 10 on a panel before the House Judiciary Committee's Commercial and Administrative Law Subcommittee.

A chief privacy officer at OMB would advise agencies on federal privacy policies and direct the development of governmentwide policies, Katzen said. "An office inside OMB can provide both institutional memory and sensitivity to combat the unfortunate tendency in government to surveil first and think later," Katzen said.

James Dempsey, executive director for the Center for Democracy and Technology, agreed with the need for a privacy officer at OMB. "I think the recommendation by Ms. Katzen is 100 percent correct," he told lawmakers. "One way to strike the right balance is to have a designated chief privacy officer in OMB, and then to go agency by agency where it is particularly necessary."

Currently, DHS is the only agency with a mandated chief privacy officer position. Other agencies have privacy officers and OMB requires a senior-level position in privacy guidelines, but the duties are not codified in law. Some agencies, such as the Postal Service and the Internal Revenue Service, may need mandated privacy officers, officials said.

"There is a surprising amount of expertise in agencies that have a history of an effect on personal information," such as USPS and the IRS, DHS' chief privacy officer, Nuala O'Connor Kelly, told lawmakers. "Such a crucial lifeblood of their mission requires personal information."

However, James Gilmore III, president of USA Secure and former chairman of a panel on terrorism, cautioned that creating a chief privacy officer position at every agency would require a lot of staff and could create duplication when one official makes a decision on a rule and another makes a different decision on a similar rule.

Ranking member Rep. Melvin Watt (D-N.C.) said then rather than two-dozen officers, perhaps there should just be "one super privacy czar within OMB."

Dempsey said the legislation that created O'Conner Kelly's position should be a model for the rest of the government, particularly the Justice Department. Rep. Delahunt (D-Mass.) said he has already been discussing plans to examine legislation to implement the position at Justice, and subcommittee Chairman Chris Cannon (R-Utah) said the Justice reauthorization bill might be a good place to look.

"My sense is having done what we have done at DHS gives us a much better sense of what can be done, particularly with statutory authority," Cannon said. "I suspect we are going to see more privacy officers."