 |
 |
 |
 |
| |
|||||
|
|
|
Home > News & Events > MITRE Publications > The MITRE Digest > | |||||||||||||||||||
| Private Eyes: Keeping Personal Information Safe November 2008
As a U.S. citizen you often provide personal information to the government. Have you ever wondered what happens to that information once it leaves your hands? Julie McEwen does. And it's her job to help make sure that information is protected and used appropriately. A principal information privacy and security engineer, McEwen is one of the leaders of MITRE's privacy practice. "We help [government agencies] ensure they're collecting the right information, and that what they collect is being used appropriately," she says of the 24-member, cross-corporate group. Losing Trust As privacy issues gain national attention, the privacy practice team is becoming known for its expertise—both inside and outside the company. "Because we're steeped in the government environment, we have unique insights into privacy in a governmental context," says Stuart Shapiro, also a principal information privacy and security engineer. Several widely publicized security breaches involving government agencies recently prompted the Government Accountability Office to call for increased information security. A privacy breach can affect not only an agency's reputation with the public, but also with other government bodies with which it shares information. As McEwen points out, "If you lose trust, it's hard to accomplish your mission."
Privacy Systems Engineering Three U.S. laws currently govern the steps agencies must take to keep information private: the Privacy Act, the Freedom of Information Act, and the E-Government Act. In addition, the Office of Management and Budget maintains a slew of privacy guidelines. Complying with these rules is a complicated process, which is where MITRE can provide support. The goal, according to McEwen, is to help customers implement a comprehensive program that supplies a framework for responding to privacy issues or preventing privacy problems before they occur. Since its inception in 2000, the MITRE privacy practice has helped stand up or improve privacy programs at agencies such as the Internal Revenue Service and Immigration and Customs Enforcement, and for the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program. The team performs a wide range of work that it describes as "privacy systems engineering." That includes creating, updating, or auditing privacy programs; helping customers respond to a breach; or even implementing privacy-enabling technologies, for which MITRE is a rapidly evolving center of expertise. Leaders in the Field The privacy programs established by MITRE for these agencies have established the practice as a leader in the field. "These agencies have policies, a set of principles, a defined approach; they can do self-assessments and audits based on that," McEwen says. MITRE has also been instrumental in establishing the standards for the U.S. government privacy section of the International Association of Privacy Professionals (IAPP) certification program. In particular, MITRE privacy practice members wrote the current version of the certification exam and helped develop the IAPP's U.S. Government Privacy Training Program, for which McEwen and Shapiro are lead faculty. As information sharing in the government continues to increase, the privacy practice team expects to stay busy. "MITRE is really good at bringing all the stakeholders together—that's important, because there's so much information sharing in the government," McEwen says. "The MITRE privacy team can act as the glue that holds everything together." —by Tricia C. Bailey Related Information Articles and News
Websites |
||||||||||||||||||||
| Page last updated: November 18, 2008 | Top of page |
Solutions That Make a Difference.® |
|
|
