On December 2, 2015, the Office of Management and Budget (OMB), announced a new initiative that is being developed to ensure that government agencies are putting the proper privacy protocols in place. Specifically, Shaun Donovan, the Director of OMB, announced the creation of a new federal privacy council. The purpose of the council will be to make policy recommendations, establish best practices, and foster a community of privacy professionals within the federal government.
The Privacy Council will be modeled after the federal Chief Information Officers’ (CIO) Council—a group of agency CIOs that work together to advise on IT priorities.
“It’s time to stop reinventing the privacy wheel at agencies and do a better job of leveraging the success of each agency’s related efforts,” said Donovan, who made the announcement at the recent federal privacy summit in Washington. “It’s time to shift from reactive programs to proactive strategies. It’s time to professionalize the privacy profession. The privacy council will serve as an ecosystem for strategic thinking on privacy implementation, bringing together the best minds we have to tackle cutting edge issues in the digital area. It will be the place to coordinate and share ideas, best practices, and successful practices for protecting privacy across the government. And like the CIO Council, this council will assess and develop recommendations for the attracting and hiring of top talent in privacy programs across the federal government.”
The CIO and OMB councils will work in tandem as the two areas often overlap. “Privacy and security may be two different disciplines, requiring two separate skill sets but they must be part of one coordinated risk management framework,” he said. “The work of the two councils will complement each other and promote more efficient and effective programs for both privacy and IT security.”
The OMB council will form in early 2016. According to Marc Groman, OMB’s senior adviser on privacy, after creating the governing documents, the Council’s first priorities will be to increase the talent pool around privacy; enhance privacy-related training, education, and professional development for current employees; and create a community of practice among privacy professionals.