For fiscal 2005, agencies will assess privacy of systems

For fiscal 2005, agencies will assess privacy of systems

For the first time, agencies must submit privacy assessments of their major IT systems with their business cases, a senior administration official said.

Dan Chenok, the Office of Management and Budget's branch chief for Information, Policy and Technology, today said the E-Government Act of 2002 requires agencies to analyze the potential impact of new IT systems or new collections of personal information. OMB expanded that mandate in a recent memo to agencies on implementing the law to include new IT investments and all online information collections.

'Last year we strongly recommended agencies perform privacy assessments, but we didn't require them,' Chenok said at a breakfast meeting sponsored by Federal Sources Inc. of McLean, Va. 'Not a whole lot of agencies did them. We are working with agencies this year to make sure they get done, because with any new requirement, there always is a need for extra assistance.'

Chenok said OMB will issue privacy guidance soon.

Agencies will include privacy reviews with their business case submissions for IT projects, which are due Sept. 8, he said.

In addition to requiring privacy assessments, Chenok said, OMB will sharpen its focus to make sure agency business cases outline IT project performance metrics, risk mitigation strategies and cost benefit analyses.

'We want to make sure agencies are looking at all the alternatives before making a decision on a new project,' Chenok said. 'They should look at all the cost benefits of using commercial software, having the system custom built or using Web services to fulfill their requirements.'

Agency IT security progress reports are due Sept. 22. Chenok said the security information will let OMB see how close the government is to having 80 percent of all IT systems certified as secure by agency and private-sector experts.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.