Reflections on the White House Privacy Office Peter

“Reflections on the White House Privacy Office” Peter P. Swire Ohio State University Center for American Progress N. C. State Privacy Day January 29, 2008

Overview Ø Privacy actions in the Bill Clinton years Ø Structure of the privacy office Ø Possible reasons to care: l l l Role of the CPO History of what happened Preview of what might happen?

I. Clinton Administration Privacy Actions Ø Privacy hot buttons before I entered government in 2/99: l l l Clipper Chip & encryption CALEA Know Your Customer (banking)

Medical Privacy Rule Ø HIPAA in 1996 Ø Support for legislation through 8/99 Ø Proposed rule 10/99 Ø 52, 000 comments by 2/00 Ø Final rule 12/00 Ø Executive Order 12/00: limits on using health oversight record for law enforcement

Financial Privacy Ø Clinton speech 5/99 Ø House bill with half that 6/99 Ø Significant Administration push for privacy Ø Gramm-Leach-Bliley 11/99 Ø Administration proposal for more, Ø GLB regs 2000 4/00

Federal Government Privacy Ø 6/99 OMB memorandum to post clear privacy policies on agency sites Ø 6/00 OMB memorandum presumption against cookies on federal sites & reports to OMB on privacy in the budget process Ø 12/00 OMB memorandum on agency data sharing, including push for privacy impact assessments (E-Gov Act 2002) Ø Federal CIO Council privacy committee

Some other privacy actions Ø Crypto policy change 9/99 Ø Genetic Discrimination E. O. 2/00 Ø NAS study on authentication and privacy Ø Bankruptcy and privacy study 1/01: public records and privacy issue

Other privacy actions Ø Safe Harbor Ø Double. Click & Network Advertising Code 6/00 Ø SSN bill proposed 6/00, and fought Gregg bill Ø Bill to update wiretap laws for the Internet, summer 2000; proposed higher standards for trap-and-trace and email wiretaps (Patriot Act 2001)

II. The Privacy Office in the U. S. Ø Chief Counselor for Privacy, l l l U. S. Office of Management and Budget Executive Office of the President Old Executive Office Building Ø 4 functions: l l Government data handling Clearance Enforcement/Ombudsman Bully Pulpit

Government Data Handling Ø Big advantage if in OMB Ø “Management” l Office of Information & Technology Policy Ø “Budget” Ø Can’t do that way in an independent agency – imagine a corporate CPO that was “outside” of the company

Clearance Ø Testimony, legislative proposals cleared in OMB Ø Less formal statements also cleared Ø Examples: l l l FIDNet Money laundering New hire data base (information sharing) Ø Can’t do as well in independent agency

Enforcement Ø Can’t do in OMB Ø HHS and financial agencies Ø FTC for consumer protection Ø Web seals & CPAs (expand scale)? Ø Private rights of action?

Bully pulpit Ø Cons: l l Fishbowl in White House therefore cautious about statements Can’t comment on individual products or companies Ø Pro: l l Big impact if President or Cabinet speak Any White House official can raise the issue’s visibility & help on the Hill Ø Independent agency has more flexibility

Ombudsman/Investigator Ø No subpoena power at OMB Ø Limited ability to blow the whistle externally to force change internally Ø W. H. Privacy & Civil Liberties Board l l Version 1 Version 2 Ø What role for this beyond GAO, IGs, Congress, and the press?

Conclusion Ø Episodes of privacy activity Ø What might happen in a next Administration? Ø Many issues could be open for revisiting, perhaps pretty soon. New Administration has made encouraging statements but we need to watch their actions