MITRE provided data-driven responses to an Office of Management and Budget (OMB) inquiry requesting input on enhancing Privacy Impact Assessments.
MITRE’s Response to the OMB RFI on Privacy Impact Assessments
Download RFI Response
What’s the issue? Pursuant to the Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, OMB requested public input on how privacy impact assessments (PIAs) may be more effective at mitigating privacy risks, including those further exacerbated by AI and other advances in technology and data capabilities.
What did we do? The Center for Data-Driven Policy led a cross-MITRE analysis of OMB’s posed questions, seeking to uncover data and evidence from our work in the public interest that would help them understand opportunities and develop plans that are evidence-based, actionable, and effective.
What did we find? MITRE's analysis indicates that the current PIA approach, and Fair Information Practice Principles, are insufficient for managing modern privacy risks. The document calls for a comprehensive reimagination of the federal government's privacy approach, integrating Privacy by Design and privacy engineering into all operations. It also emphasizes the need for enhanced training for senior officials to ensure effective privacy risk management. The document suggests a more nuanced approach to privacy analyses, replacing the current Privacy Threshold Analysis method with a more comprehensive risk assessment. Lastly, it recommends more deliberate oversight and auditing of PIAs by OMB to ensure their effectiveness and build public trust.