This document contains comments CDT submmited to the Office of Personnel Management in response to the agency's Multi-State Plan Program (MSP) Draft, issued on September 21, 2011.
We commend OPM for suggesting several important privacy features in this draft. We are pleased to see that OPM will evaluate MSP candidates on their privacy and security compliance under "Utilization/quality assurance." We also commend OPM for requiring applicants to describe their compliance with Fair Information Practice Principles, under "IT Systems, security and confidentiality." We urge OPM to retain these evaluation criteria in the final MSP application.
However, we have some recommendations to improve the section "IT Systems, security and confidentiality."
We appreciate OPMʼs interest in routinely analyzing line-level plan data; effectively managing the MSP program depends on access to data that will be needed for the defined set of purposes described in rules and guidance for all Exchange health plans. However, we believe that OPMʼs plan to centrally collect copies of this data creates unnecessary privacy and security risks.
Some degree of government surveillance and secrecy is necessary to protect against national security threats. However, overbroad government power to conduct mass surveillance with minimal transparency threatens Constitutional freedoms and inhibits meaningful public debate. Here are four – but not the only – needed national security surveillance reforms that the Administration and Congress should tackle now.