I am happy you're going to be on the job. The appointment of a national chief privacy officer makes public sense. But we need a system of checks and balances to ensure that issues of confidentiality, data collection and the secure handling of personal information always weigh heavily in the office's decision-making. Several elements will need to go into the creation of any effective policy.
First, inform our citizens about what information is being collected about them, and why. As a general rule, people should be able to assume personal data is private, unless specifically notified otherwise. We're all familiar with examples of notice in the private sector, such as people being alerted that their customer service calls may be recorded.
As chief privacy officer, you must never forget that the Office of Homeland Security will be most effective when Americans cooperate to the fullest; being totally open and honest in situations when they're asked to give up their personal data for security purposes. This is a two-way street.
Second, provide people access to information collected about themselves. Not just from companies, but also from federal, state and local governments (obviously subject to limitations--for example, on data relating to criminal investigations). Every American should be able to easily review and make corrections to his or her records. It's mind-boggling that more than 70 percent of credit reports, a staple of creditworthiness and open to review, contain errors, according to a 1998 study by the Public Interest Research Group.
The stakes are far higher when it comes to homeland security. It's in the interest of both individuals and the government to avoid even accidental mix-ups, such as confusing two people with the same name.
A critical first step will be to put effective security measures in place to stop hackers from breaking in.
Imagine, if you will, the diminished willingness from Americans to give up their privacy for the sake of "security" if they see inappropriate, marketing uses of their information. Today, for example, Americans are generally more than willing to undergo new security procedures at airports. Now imagine how this would change if the government began creating passenger profiles that were made available to the airlines for marketing or other nonsecurity purposes.
Four, protect data from unauthorized viewing or use. This means preventing unnecessary access from both inside and outside the new department. A critical first step will be to put effective security measures in place to stop hackers from breaking in. Identity theft is already one of the fastest growing crimes in the U.S., affecting an estimated 900,000 new victims every year.
Americans must have recourse should the safeguards fail to protect their privacy.
Finally, provide for the timely redress of grievances. Citizens will value a mechanism for quick redress. Americans must have recourse should the safeguards fail to protect their privacy. If the above policies are unclear or abused, citizens must be assured the same rights to redress as those explicitly defined in the first article of our Bill of Rights.
As the first chief privacy officer, you are taking office at a unique time in history--a time when Americans are willing to trade degrees of privacy for degrees of security. Ultimately, the ability to deliver either means a commitment to both.