CIO Council - Chief Information Officers Council - Beta

Guidance on Establishing a Federal Privacy Office

January 1st, 2009

CIO Council

Two new publications offer guidance to Federal personnel seeking to establish or streamline a privacy office: “Best Practices: Elements of a Federal Privacy Program,” by the Federal CIO Council Privacy Committee, and the “Guide to Implementing Privacy,” by the Department of Homeland Security (DHS) Privacy Office, the first statutorily mandated privacy office in the Federal Government.
DHS’ Chief Privacy Officer Mary Ellen Callahan, who co-chairs the Federal CIO Council Privacy Committee, noted that the documents are intended to complement one another. “Best Practices” describes how to build a privacy program within any Federal agency, whether it’s a privacy department, component, or office.
The “Guide to Implementing Privacy” explains how the DHS Privacy Office puts theory into practice. It details the office’s responsibilities and scope of authority, and describes the concrete steps DHS takes to implement privacy policies. “We wanted to provide guidance on the big question: how do you protect privacy while also supporting the mission of the Department?” Callahan explained.

Encouraging a Dialogue on Privacy

While developing the “Guide to Implementing Privacy,” Callahan and her office spoke with a number of Federal agencies interested in upgrading their privacy capabilities. “To be effective on a limited budget, you have to build relationships with your natural allies, such as the CIO’s office,” Callahan said, describing a key takeaway common to both documents. “You can’t be a ‘standalone’ office.”
So far both public and government reaction to the documents has been resoundingly positive. The documents have created a lively dialogue around privacy issues, and been touted as an “effective accountability model” for government.