A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology

Privacy Bill Passes House Judiciary Committee

CDT POLICY POST Volume 10, Number 9, June 28, 2004

A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology

(1) Federal Agency Privacy Bill Passes House Judiciary Committee

(2) Bill Would Make Privacy an Early Part of the Regulatory Process

(3) Bill's Requirements Expand on Privacy Impact Assessments Required by the E-Government Act of 2002

(1) Privacy Bill Passes House Judiciary Committee

The Federal Agency Protection of Privacy Act (FAPPA, H.R. 338), was passed by the House Judiciary Committee on June 24. The bill includes a provision requiring federal government agencies to conduct privacy impact assessments for both new and existing agency rules and regulations.

Under the bipartisan legislation, originally introduced by Rep. Steve Chabot (R-OH) and co-sponsored by Reps. Cannon (R-UT), Boucher (D-VA) and Nadler (D-NY), a privacy impact assessment must address up front some of the basic "Fair Information Practices" reflected in the federal Privacy Act of 1974, such as notice to individuals of the collection of personally identifiable information, the right of individuals to access information about themselves, the opportunity to correct information, limits on use and disclosure of data for purposes other than those for which the data was collected in the first place, and appropriate security measures to protect the information against abuse or unauthorized disclosure. To the extent practicable, privacy impact assessments must be made public. Significantly, the Act also provides a judicial review mechanism to ensure enforcement.

(2) Bill Would Make Privacy an Early Part of the Regulatory Process

CDT believes that FAPPA could have a significant positive impact:

• The assessments will raise the level of attention to privacy issues within federal agencies at the initial stages of a new project or policy, before regulations are promulgated.
• The assessments will compel agencies to consider ways to reduce the privacy impact of regulations.
• The requirement that agencies invite public comment on regulations that affect privacy will bring greater transparency to the rulemaking process, allowing Congress, citizens and advocacy groups to better scrutinize the privacy decisions of the government.
• Mandated review of existing regulations every 10 years will benefit agency operations by identifying information collection practices that have become outdated or unnecessary and that can be dispensed with altogether.

(3) Bill's Requirements Expand on Privacy Impact Assessments Required by the E-Government Act of 2002

The Federal Agency Protection of Privacy Act would serve as a sound complement to the E-Government Act of 2002, which requires that federal agencies conduct privacy impact assessments whenever they develop or purchase new information technology or initiate a new collection of personally identifiable information.

CDT has strongly supported the privacy impact assessment provision in both Acts and urged Congress to ensure that the two are congruent. At the markup in the House Judiciary Committee last week, Rep. Cannon introduced several significant changes to the bill to make its requirements consistent with those imposed by the E-Government Act.

• H.R. 338 as passed by the House
• CDT Executive Director Jim Dempsey's testimony on FAPPA
• E-Government Act of 2002