[ Pobierz całość w formacie PDF ]
In 2010, OCR also issued guidance on conducting a risk analysis under the HIPAA Security Rule. OCR
plans to issue additional guidance on the HIPAA Privacy Rule s minimum necessary standard and on
de-identification of health information under the HIPAA Privacy Rule.
Federal agencies are also providing guidance on how to make more effective use of existing privacy-
protecting measures. In 2009, eight Federal agencies released a model privacy notice form that financial
institutions can opt to use for their privacy notices to consumers required by GLB. Use of the model form
provides a legal safe harbor for compliance with the GLB Privacy Rule, though the model form is not
required. The agencies conducted extensive consumer research and testing in developing the model
form to ensure that consumers can easily understand what financial institutions do with their personal
information and compare different institutions information sharing practices.
& &
43
CONSUMER DATA PRIVACY IN A NETWORKED WORLD: A FRAMEWORK FOR PROTECTING
PRIVACY AND PROMOTING INNOVATION IN THE GLOBAL DIGITAL ECONOMY
Other Significant Administration Guidance on Privacy:
" Raising Public Awareness of Privacy and Data Security. DHS is leading a national public
awareness effort called Stop. Think. Connect. to inform the American public of the need to
strengthen cybersecurity and to provide practical tips to help Americans increase their
safety and security online. In addition, the FTC has issued guides explaining measures that
consumers and companies can take to protect children s privacy online, minimize the risk
of medical identity theft, and prevent the loss of sensitive data through peer-to-peer file
sharing applications.
" Applying Privacy Principles to New Technologies. The Administration is demonstrating
that the same privacy principles that inform the general consumer data privacy framework
developed here also apply to specific, emerging contexts. The Smart Grid the incorpo-
ration of information technologies to make the electric grid more efficient, more accom-
modating of clean sources of energy, and a source of new jobs and innovation provides
an excellent example. Over the past two years, the Department of Energy and the National
Institute of Standards and Technology engaged with stakeholders to understand privacy
issues that could arise from this promising new technology. This work culminated in the
Administration s Policy Framework for The 21st Century Grid: Enabling Our Secure Energy
Future, which recommends that States make comprehensive FIPPs the starting point for
protecting the detailed energy usage data that the Smart Grid will generate.
D. Integrating Privacy Into the Structure of Federal Agencies
Finally, Federal agencies are leading the way in incorporating privacy into their structure and opera-
tions and in developing accountable organizations. Some of these accountability-enhancing practices
and tools have diffused to the private sector and across the globe. For example, the Internal Revenue
Service and DHS pioneered the use of privacy impact assessments (PIAs), which provide for structured
assessments of the potential privacy issues arising from new information systems and, under the
E-Government Act of 2002, are now required of Federal agencies under some circumstances. Building
on efforts of previous Administrations, this Administration has extended the use of PIAs to social media.
Since their initial development within the Federal government, PIAs have become widely used in the
private sector and within the European Union. Federal agencies also continue to make privacy profes-
sionals part of their senior leadership structures. Many Federal agencies have full-time, professional chief
privacy officers, who engage on privacy issues within their agencies, in broader discussions within the
Federal government, and with the general public.
& &
44
VIII. Conclusion
The United States is committed to protecting privacy. It is an element of individual dignity and an aspect
of participation in democratic society. To an increasing extent, privacy protections have become critical
to the information-based economy. Stronger consumer data privacy protections will buttress the trust
that is necessary to promote the full economic, social, and political uses of networked technologies. The
increasing quantities of personal data that these technologies subject to collection, use, and disclosure
have fueled innovation and significant social benefits. We can preserve these benefits while also ensur-
ing that our consumer data privacy policy better reflects the value that Americans place on privacy and
bolsters trust in the Internet and other networked technologies.
The framework set forth in the preceding pages provides a way to achieve these goals. The Consumer
[ Pobierz całość w formacie PDF ]