Aide: Senate panel weighs Privacy Act update

The Senate Homeland Security and Governmental Affairs Committee is exploring potential updates to the 35-year-old Privacy Act and could advance legislation this Congress, a top panel aide said today.

Evan Cash, who works for Sen. Daniel Akaka, D-Hawaii, told an audience at a Center for Democracy and Technology briefing the senator intends to introduce a bill to bring the law up to speed with modern technologies and information systems. Akaka chairs the panel's Oversight of Government Management Subcommittee.

Staffers crafting the measure will build on recent GAO studies and recommendations released Wednesday in a new report by the Information Security and Privacy Advisory Board, a federal panel that advises the National Institute of Standards and Technology, OMB and the Commerce Department.

Cash cited a suggestion to expand the definition of "system of records" to encompass relational and distributed systems based on government use of records, not just its possession of them.

Under current law, privacy protections only apply to databases where records are regularly located by a unique identifier, such as a name or government ID number. Cash said his office has been looking at the amount of information collected by agencies and how it is being utilized in the context of "routine use" -- a justification for data gathering that "has been really blurred."

The role of federal chief privacy officers will factor prominently in the forthcoming bill, Cash added. The ISPAB report calls for the hiring of CPOs at all major agencies and the creation of a Chief Privacy Officers' Council, much like the existing Chief Information Officers' Council that is chaired by OMB's e-government and IT administrator.

Cash lauded the proposal by ISPAB as well as a GAO proposal that a Privacy.gov Web site be created so that visitors could more easily find and search systems of records and privacy-impact assessments for government projects.

At the same event, Homeland Security Chief Privacy Officer Mary Ellen Callahan said she is "cautiously optimistic" OMB will act on ISPAB's recommendations. She noted a CIO Council privacy subgroup, which she co-chairs, has been effective at addressing cross-cutting privacy issues. Making it a stand-alone council is a good goal, she added.