Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Discussion: Information Sharing vs. Privacy
Friday - 10/29/2010, 11:00am EDT
By Suzanne Kubota
Senior Internet Editor
Across federal agencies, you'll find agreement that sharing information can make everyone smarter, improve mission delivery and boost transparency, but you'll also find agreement that information-sharing increases the threat to privacy. Some recent events have intensified the need to balance sharing and privacy.
For example, OPM has announced plans for a database to track cost and quality of service under the Federal Employees Health Benefits Program. But the system would collect names, Social Security numbers, and employment details.
Finding the right balance between privacy and sharing is the subject of today's Federal News Radio Discussion.
Joining us for the discussion were Hannah Bergman, Assistant General Counsel at the National Archives and Records Administration and William Saunders, Deputy Director for the Office of Information Services at the Centers for Medicare and Medicaid Services.
Here are some of the topics, questions and excerpts from the responses of the panel:
I. Guiding Principles and Weighing Interests
Saunders: "I think balance would be a good word." Balancing the interests of privacy with the value of data for a lot purposes is a constant challenge for Saunders' office. "It means we recognize that there is often a legitimate need to release information, but we try to make sure that it's the minimal necessary information needed for that purpose."
Bergman: NARA, said Bergman, has a "little bit of a different mission than most federal agencies." NARA takes in records with the express intent of making them available to the public. On top of that, said Bergman, they need to "try and balance the privacy interests of the individuals whose information is in the records, our employees, in different ways and different contexts." This forces the staff to think about privacy differently in archival records than operational files, "and we really try and do the right calculus on a case by case basis."
Examples - Both Saunders and Bergman gave examples of the issues they could or have run up against. NARA has railroad retiree data. Of course that contains personally identifiable information, but since some of the data dates from the 1920's, it also has important historical and genealogical significance. CMS has claims data from 45 million medicare beneficiaries. That needs to be protected, but at the same that data could be used to improve the quality of health care and reduce the costs.
Bergman: So weighing the interests is built into the process at NARA. "Any time records are received from a federal agency, and there's an indication from the federal agency that those records are not appropriate for a wholesale public release, archivists go in and they might do a sampling of the records, they might do a page by page review - it would depend on where the records came from, the age of the records, and the level of description and detail we have from the federal agency."
Saunders: CMS also uses standard processes for handling data, but flexibility has been built in. Requests outside the routine process can be looked at individually so a unique decision can be made.
II. Growing a Culture of Privacy in a Paper Based World
Bergman:"We're working hard increasing our awareness of privacy particularly within operational records where employees are accustomed to working with archival records," said Bergman. It can be the same type of information, but needs to be treated differently when it's about current employees. And even within archival records, there's a difference between records that have been digitized versus "when they're only available on request in a room in College Park that you have to go ask for a particular box and have a box pulled." So it's "all about awareness and thinking about how privacy effects different situations and taking that into account." Asked about pulling boxes of files, Bergman responded, "We're a paper based agency. We're a paper based federal government."
Saunders: At CMS, privacy training is "a never ending process. It will never stop," said Saunders. From initial training before getting a password to the computer to yearly training sessions, Saunders said the culture of privacy at CMS is constantly being updated.
Bergman: While they're working toward a more electronic base, Bergman said NARA takes in paper records. Agencies' official mechanism is paper. Until agencies put electronic records management systems in place "we're in a print to file world". Bergman said she's "sad a little bit about that," but has to deal with the current reality.