Follow Us:

Privacy Strategy Capability

Building Privacy into the Enterprise

Federal agencies face significant challenges in protecting individuals' privacy and the security of their personally identifiable information. At the same time, Congress and the Obama Administration are calling for agencies to increase information sharing for a variety of purposes, including combating terrorism, improving the delivery of healthcare, deploying new technologies to achieve efficiencies in federal programs, and providing an unprecedented level of transparency in government—all of which could impact individuals' privacy. Agencies also must comply with complex legal and regulatory requirements, which are likely to change as public expectations and perceptions about privacy continue to evolve. In this dynamic environment, it is paramount for agencies to balance protecting individuals' privacy with strengthening national security, increasing information sharing, deploying new technologies, and making government more transparent to the public.

MITRE's Privacy Strategy Capability supports our government sponsors by embedding privacy into an agency's vision, mission, goals, and strategies and by integrating privacy with other key processes and functions. We assist in developing and implementing a proactive approach to privacy throughout the enterprise. The Privacy Strategy Capability is part of MITRE's Center for Connected Government. This Capability leverages MITRE's Information Security Center to bring the full capabilities of MITRE to bear.

MITRE Support for Privacy Strategy

In this dynamic environment, it is paramount for agencies to balance protecting individuals' privacy with strengthening national security, increasing information sharing, deploying new technologies, and making government more transparent to the public.

MITRE's strategic approach involves integrating privacy into strategic planning and key information processes throughout the enterprise, establishing a strong privacy office and program, and formulating an implementation strategy. Specific aspects include:

• Integration: Embedding privacy into the agency's mission, vision, goals, and strategies during the strategic planning process; integrating privacy into key information functions, including information collection and dissemination and records management; and establishing measures to track progress toward ensuring individuals' privacy.
• Privacy Principles: Developing privacy principles, which provide the foundation for an agency's privacy program and reflect the agency's commitment to protecting individuals' privacy.
• Privacy Strategy: Developing a strategy that describes how the agency will implement its privacy principles; delivering internal communications and training; and crafting an external message that assures the public of the agency's commitment to protecting individuals' privacy.
• Privacy Offices and Programs: Determining how privacy fits optimally within an agency's structure, defining privacy office roles and responsibilities, and identifying the key building blocks of a privacy program.
• Privacy Requirements: Defining agency-wide and project-specific privacy requirements taking into consideration compliance with laws and regulations, the public's privacy expectations and perceptions, and agencies' operational goals and technical requirements.
• Privacy Training: Designing and conducting workshops to promote agency-wide privacy awareness, courses to reinforce employees' privacy responsibilities, and training for privacy office leadership.
• Independent Privacy Assessments: Determining privacy risks and formulating ways to address the impact of new strategies, policies, and technologies before they are implemented.

MITRE's Privacy Strategy Capability supports the unique needs of each federal agency by applying a deep understanding of privacy issues and a broad knowledge of how civilian agencies operate.