Properly Practicing Privacy
Julie Snyder
October 2011
 |
Julie Snyder helps MITRE's sponsors design their information systems with privacy laws and regulations in mind. |
|
|
"I spent most of my growing up years in a small town," says Julie Snyder, one of MITRE's privacy-law compliance experts. "Small towns have their perks, but privacy isn't one of them. By the time I was in junior high and high school, there were times my best friends would know something about my day before I had a chance to tell them myself."
Having everyone know her business as a teenager may not have determined Snyder's future career path, but it did give her an appreciation for personal privacy and how vital it is for organizations to have policies in place to protect it.
Asking the Right Questions
Snyder helps MITRE's sponsors design their information systems with privacy laws and regulations in mind.
"People think of privacy as a simple concept, but integrating it into system design can be very complex," she says. "Before designing a system that handles personal information, an agency needs to consider several factors. What is the purpose of collecting the information? What is the minimum amount of information they need to collect to meet that purpose? What's the best way to protect the information? How can they provide individuals with the opportunity to access their information and correct it when it's wrong?
"These questions need to be addressed at a policy level before you can address them at a systems level."
Snyder says an effective privacy program requires much forethought and even more discipline. "One of the challenges with privacy is that one branch of an agency will collect information and then another branch will say, 'You know what? We could use that information too!' But before agencies start using personal information in multiple ways, they have to work through such issues as providing notice, obtaining consent for the new purpose, and protecting the information. Then they have to build their systems accordingly."
The Right to Privacy
For Snyder, privacy is more than a systems design challenge. It's a fundamental right, a right she worries people take too lightly.
"We're putting a lot of ourselves out there without fully understanding the ramifications. People say, 'Oh, I don't have anything to hide.' But it's not necessarily about hiding our information or keeping secrets. It's about setting reasonable boundaries on the information we choose to share about ourselves and ensuring that each time the 'line in the sand' changes, we aren't setting ourselves up to wake up one day and wonder what happened to our privacy."
For example, as social media tools gain popularity for their ability to bring people closer together, that popularity also makes the need for strong and clear boundaries more pressing. "Facebook will implement a new capability that people find fun, so they'll trust it with their information. But how will that information be used in the future? The challenge is to train people to look three steps down the road and think about the bigger picture of what they are giving up."
Firm But Flexible
Snyder first began to consider these issues as she pursued her management information systems degree. After graduating, she joined a security consulting practice. There she became versed in security policy and strategy, and later government privacy. The opportunity to focus on privacy at a deeper level and incorporate this knowledge into the systems development process, to put theory into practice, brought her to MITRE two years ago.
At MITRE she has found a group of people who share her concerns about defending privacy and an environment that enables her to act on those concerns. "As an independent adviser, MITRE can toe a firm line on privacy implementation. Our sponsors trust us when we encourage them to design their information systems with privacy laws and regulations in mind. Our goal is to help our sponsors design systems that will be flexible and implementable, meeting their mission while still preserving privacy rights. And the best way to get there is to address the hard questions first."
Agencies have been tackling these hard questions since the Privacy Act of 1974 first laid the legal framework for government privacy. Thirty-seven years of rapid technological change continue bringing more complexity to the issue, not less. "For MITRE, the challenge is to stay ahead of the curve and help our sponsors understand the ramifications of the technologies and systems they use," says Snyder. "Our goal is to see what new issues are coming down the road, explore what needs to be done to address them, and help our sponsors respond."
—by Christopher Lockheardt
Related Information
Articles and News
Technical Papers and Presentations
Websites
|
