"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

Slides:



Advertisements
Similar presentations
Department of Commerce Privacy Awareness
Advertisements

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
June 27, 2005 Preparing your Implementation Plan.
Data Sharing In Accordance with HIPAA
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Government Privacy IAPP Privacy Certification
JCAHO –A HIPAA Business Associate National HIPAA Summit
The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.
Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.
The Chief Privacy Officer for the U.S. Government Professor Peter P. Swire Ohio State University Visiting, George Washington University Privacy Officers.
"Security and Privacy After September 11 Professor Peter P. Swire Ohio State Law School Consultant, Morrison & Foerster Privacy & Data Security Summit.
Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, OSU College of Law, 2001-present CFP, March 8,
Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.
"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Court Records and Data Privacy: Online or Over the Line? Professor Peter P. Swire Moritz College of Law The Ohio State University Judges Day 2005 October.
Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,
Privacy in America: Your Role as Guardians of the Publics Data Professor Peter P. Swire Moritz College of Law The Ohio State University Ohio Digital Government.
Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.
The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.
Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.
"Security and Privacy After September 11: Implications for Healthcare" Professor Peter P. Swire George Washington Law School Consultant, Morrison & Foerster.
Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.
Reflections on the White House Privacy Office Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008.
Government Pattern Analysis: Securing Terrorists While Preserving Privacy? Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster.
The Need for Government-Wide Privacy Policy Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP DHS Privacy Advisory Committee.
Surviving Securely & Surviving Security -- Thoughts After 9/11 Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA.
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.
HIPAA AWARENESS TRAINING
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
Office for Human Research Protections 1 Updating the Common Rule Governing Human Subjects Research Protections Jerry Menikoff.
Privacy Act: System of Records Notices and Privacy Act Statements TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
2009 Data Protection Seminar
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Overview of the Privacy Act
Washington Headquarters Services Executive Services Directorate Information Management Division OMB Collection Number Paperwork Reduction Act – DoD Public.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
Informed Consent and HIPAA Tim Noe Coordinating Center.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
“Privacy and the Future of Justice Statistics” Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 Updates to Texas Administrative Code 1TAC 206 Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources February 8, 2012.
The Executive Office of the President (EOP). Office of Management and Budget (OMB)
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Strengthening Science Supporting Fishery Management  Standards for Best Available Science  Implementation of OMB’s Peer Review Bulletin  Separation.
Open Government, Social Media, and Information Policy: Constraints and Barriers John Carlo Bertot Professor and Director Center for Library & Information.
DOC Web Policies & Best Practices Jennifer Hammond NOAA Research WebShop 2002 August 7, 2002.
Policy and Implementation Plan for Public Access to Scientific Publications and Digital Data from VA-Funded Research Tom Puglisi, PhD, ORO Executive Director.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
Understanding Privacy An Overview of our Responsibilities.
HIPAA Administrative Simplification
FOIA, Privacy & Records Management Conference 2009
Alabama Data Breach Notification Act: What 911 Districts Need to Know
"Security and Privacy After September 11: The Healthcare Example”
The 2018 Human Subject Rules
“Court Records and Data Privacy: Online or Over the Line?”
Presentation transcript:

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop March 27, 2003

Overview n Agency privacy before 2001 n E-Government Act of 2002 n Beyond E-Gov n Total Information Awareness n Conclusions on security and privacy

I. Government Systems Thru 2000 n Privacy Act of 1974 – System of Records – Notice, consent, access, reasonable administrative and technical measures – OMB Guidance

Limits of the Privacy Act n Only applies to systems of records – Not, e.g., to queries of commercial databases n Large routine uses n Uneven compliance

1999 Web Policies n OMB Directive from Jack Lew June, 1999 – June 2, 1999, OMB M n Available at under Presidential Privacy Archives n Guidance and model language for federal sites

1999 OMB Policy n Principal agency web sites n Known, major entry points n Substantial collection of personal information

2000 OMB Cookies Policy n Issued June 22, 2000, OMB M n Reaction to cookies set for the National Office of Drug Control Policy n Cookies need – Clear and conspicuous notice – Compelling need to gather the data – Publicly disclosed safeguards – Personal approval by the agency head

2000 OMB Guidance n Agencies should comply with requirements of Childrens Online Privacy Protection Act n Description of privacy practices and steps for compliance on cookies incorporated into annual submission to OMB for IT budgets n OMB/OIRA has sent out guidance for annual budget submissions

II. E-Government Act of 2002 n Spotlight on Privacy Impact Assessments n PIAs before the Act – IRS PIA adopted as best practice by Federal CIO Council – CIO Council encouraged wider use – Only moderate adoption in the agencies – CIO Council subcommittee on privacy did not continue after January, 2001

PIAs under the E-Gov Act n PIA required where developing or procuring IT that collects, maintains, or disseminates information that is in identifiable form n Also new collection of information that includes information collected from federal reporting requirements affecting 10+ people (Paperwork Reduction Act extension)

PIAs n Review by agency CIO or equivalent official n If practicable, after completion of the review, publish the PIA n That can be waived for security reasons, or to protect classified, sensitive, or private information n Copy to OMB

Contents of the PIA n OMB to issue guidance – Perhaps this April or May n PIAs to be commensurate with – size of IT system – sensitivity of information – risk of harm from unauthorized release

Contents of PIA n PIA should include – what information is to be collected – why information is to be collected – intended use of the information – with whom the information is shared – notice or consent for individuals – how information is secured – whether it is a system of records

Other E-Gov Provisions n Statutory version of OMB 1999 guidance for privacy policies on agency web pages – More detail on notice, choice, access, security n Privacy policies in machine-readable formats – OMB guidance – P3P the likely current use n Identifiable permits the identity to be reasonably inferred, directly or indirectly

III. Beyond E-Gov n HIPAA and federal agencies – Privacy rule this April 14 – Transaction rule this October – Security rule in 2 years, and also by April 14 n What agencies? – VA, DOD, other federal/state health providers – Research on human subjects – Federal/state health insurance – Business associates -- receive data from others

Court Records and Privacy n OMB/DOJ/Treasury study in Jan on bankruptcy records and privacy n SEARCH and criminal records n PACER and court records as a current major debate

IV. Total Information Awareness n Surveillance after September 11 n Wiretap/surveillance changes in USA- PATRIOT Act n Philosophy of information sharing – Among agencies – Between federal and state/local

TIA n Does not look like embedding privacy in federal information systems n Contrasting trends – Embedding privacy – Increasing surveillance (data gathering) and data sharing

Conclusion n Will need to build federal systems better for security and privacy n They work together on the level of good data practices n They can work against each other with surveillance and data sharing proposals n Not clear how the cross-currents will change practices in coming years

Contact information n Professor Peter Swire n n n (240)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.