GSA-Protecting Personally Identifiable Information

The General Services Office of Intergovernmental Affairs solicited and is now publishing a collection of articles related to protecting personal information.  Included below is the announcement with a link to the newsletter.  This is a good series of articles on projects and approaches in Government.  Additionally, there is an article by yours truly relating what I believe to be the current state of privacy and who are the responsible parties.  Hint provided by Walt Kelly through Pogo (Does anyone remember Pogo?): "We have met the enemy and he is us."

The USA Services Intergovernmental Newsletter on Protecting Personally Identifiable Information is now available.  For access click on Link .  This edition highlights the many ways governments and other organizations are protecting personally identifiable information, or PII, with articles from US federal agencies, state and local governments, other countries, associations, and industry, and excerpts from the U.S. government’s fiscal 2008 budget and recommendations of the President’s Identity Theft Task Force.

PII is information that can be traced back to a specific individual user, e.g., name, credit card number, postal address, digital identity, Social Security or telephone number.  The FTC estimates that as many as 9 million Americans have their identities stolen each year.   

Articles include a discussion of the key elements in an agency strategy for protecting personal information; ways employers can implement responsible information handling practices; national policies for dealing with privacy and the use of PII in five countries; advantages of a federated approach to secure data exchange; the progress that has been made and the enterprise-wide strategies that are being employed to reach a high level in data security. These are just a few notable initiatives presented in this newsletter.

Highlights from the newsletter include:

Protecting PII: the VA Story, by Robert Howard, Assistant Secretary for Information Technology, U.S. Department of Veterans Affairs
Keeping Citizen Trust: “What Can a State CIO Do To Protect Privacy,” by Mary Gay Whitmer, Senior Issues Coordinator, NASCIO
Personal Information Protection in Japan, by Yoko Miyazaki, Deputy Director, Ministry of Internal Affairs and Communication
The  of PII, by Joanne McNabb, Chief, California Office of Privacy Protection
Prevent Identity Theft with Responsible Information-Handling Practices in the Workplace, by Beth Givens, Privacy Rights Clearinghouse
Privacy (for You and Me) is Dead. By Dan Combs, Board member National Electronic Commerce Coordinating Council

We hope you will enjoy Protecting Personally Identifiable Information and find it useful.  If you have any questions or comments please do not hesitate to contact Lisa Nelson at lisa.nelson@gsa.gov.

When Public Information is too Public?

On February 28 the EC3 Real ID Workgroup had an excellent presentation and discussion concerning public records.  Here is a link,  http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9012221&pageNumber=1 ,to a story now unfolding in Texas with versions and variations occuring across the U.S.  The Texas Attorney General has issued a ruling that the practice conducted by county clerks (and by extension other government personel) of publishing on the Internet various public documents that include personal information, such as social security numbers,  "is a criminal offense punishable by jail time and fines."  The ruling does not say that the information is not public, that access to the information should be restricted nor that changes be made to the information included in these records, etc., just that it is illegal to publish public information in this particular manner and that the clerks in this case have a responsibility for the content.

It is worthwhile to reference www.cspra.org website and read The Public Record: Information Privacy and Access--A New Framework for Finding the Balance by Richard Varn and Fred Cate to understand another point of view on this topic.  Broad societal naivete and misunderstanding of what information is and is not public energizes a large proportion of the discussion related to the Real ID Act.  A first step to conducting a productive discussion on the potential effects of Real ID on privacy and personal information is to understand what information is or is not private.  It seems misguided to to blame the Real ID Act for making public information less private.  by Dan Combs