Online Extra: Privacy officer looks to unify agencies' approach

Nuala O'Connor Kelly is the first privacy officer of the Homeland Security Department.

Before joining DHS, she was the privacy officer, chief counsel for technology and deputy director for policy and planning at the Commerce Department. With DHS, she is responsible for 'ensuring that the use of technologies within the department sustain, and do not erode, privacy protections,' according to the department.

GCN senior editor Wilson P. Dizard III talked to O'Connor Kelly at her Washington office.

GCN: Have you found that the component agencies of the department had privacy policies that didn't meet your standards?

O'Connor Kelly: Yes, I have found differences in approach'most of all, in the approach to the education of their employees.

For example, I would actually laud the Customs and Border Protection Directorate, which had terrific online training programs and clear-cut rules about database management. They seemed to have a pretty technologically savvy privacy implementation as well as a very good system for educating their employees.

Other agencies, whether as a result of their size, have had differing levels of training for their employees, and management and security principles around data.

We have more than 400 people in our larger privacy office team, across the department, working on privacy policy. They live in all the agencies. There is not one agency that I think falls short in terms of numbers. There are many that have more than I would have expected, actually.

What I have seen, though, is a difference in the level of automation, of inculcation in the culture, and some general awareness. I think there are pockets of excellence and there are other agencies that need to grow more.

GCN: How will the department develop IT systems that interact with other agencies while still protecting privacy?

O'Connor Kelly: There is a very real and valid reason why this is the first statutorily required privacy office in the federal government. We are the combination of more than 22 former agencies, each of which had its own data, its own database, its own information.

The potential for combining all that information in one place appropriately raised concerns in the minds of the members of Congress and the public that were involved in drafting the DHS enacting statute. That is a fear many people had.

Technology as a whole really was at the underpinnings of the Privacy Act of 1974'the new mainframe computers that were the cutting edge. There is always an undercurrent of fear of technology.

But I would say that it is not necessarily the technology that is the culprit. It is the use of the technology that we should be concerned about. In fact, one of our new senior staff members will be our director of privacy technology for the department [Peter Sand, former CIO and CPO of the Office of the Attorney General in Pennsylvania].

GCN: Should there be limits on data mining projects that use personal information to pinpoint terrorists?

O'Connor Kelly: Absolutely there should be limits. The federal government and the private sector need better rules. And not just the Privacy Act, but a clear understanding of how we use personal information responsibly.
But that is not to say that we have seen a great number of mishaps at various agencies in the past year involving people voluntarily submitting data for homeland security.

People must remember the fundamental fair-information principles that concern the collection of data about customers in the private sector or citizens in the government space: People have a right to know what is going on. They have a right to know what data you've got about them. They've got a right to know how it's going to be used. They've got a right to see it and correct it if that's at all possible.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.