Agencies show privacy progress

IAC E-Government Shared Interest Group survey

When it comes to building strong privacy programs, agencies have come a long way.

A recent survey on privacy best practices at eight gold-standard federal, private-sector and international organizations offers a glimpse into a few successful programs and the lessons officials learned along the way. Although more work remains, agencies have made enough progress to bring them closer to finding a common governmentwide process for privacy, officials said.

"Agencies are all doing different things, but there are agencies committed to the issues, and as we start to build a better understanding, we're going to get more streamlined practices," said Ari Schwartz, associate director of the Center for Democracy and Technology.

Common themes emerged in the study, released this month by the Industry Advisory Council's E-Government Shared Interest Group.

For example, a successful program should involve everyone, privacy officials said, giving prominent roles to cross-agency councils, training programs and other communication strategies.

"We reached out to find who we could partner with internally, so we could get the buy-in," said Barbara Symonds, director of the privacy service in the Department of Veterans Affairs. She was speaking on a panel in Washington, D.C., discussing the survey's findings.

Outreach and training were a cornerstone of the VA's plan when officials embarked on a privacy program two years ago. They knew they needed a strong outreach program, Symonds said, so they created a Privacy Day at the VA, complete with buttons and banners to get the word out to customers and employees about the use of personal information. Officials also created a Web-based training course on general privacy issues, which more than 200,000 employees have completed.

Also, cross-agency privacy councils with representatives from areas such as legal, human resources and technology allow officials to tap available expertise, the survey shows.

Zoe Strickland, chief privacy officer at the U.S. Postal Service, said that because day-to-day operations within the agency must continue, a well-organized plan could help. "I suggest you really sit down and prioritize," she said.

The organizations surveyed were the VA, Postal Service, Interior Department, Census Bureau, Internal Revenue Service, Homeland Security Department, IBM Corp. and the government of Ontario, Canada.