Ms. O'CONNOR KELLY. There's a surprising amount of expertise in the agencies that have a historic mission that affects personal information. I think it's no accident that you see tremendously well formed privacy programs at agencies like the Internal Revenue Service and the United States Postal Service. I know both of those privacy officers in those programs quite well. Because certainly incidents have happened in the past where people were concerned about those agencies' work but also because such a crucial lifeblood of their mission involves personal information. I certainly would say that we need to look at the hierarchy of agency missions and of the language of the proposed bill as well in that light, that we certainly may not need PIAS for rules that have absolutely no impact on human beings at all but simply deal with statistics or other intangible objects. But certainly agencies and programs that impact personal information should be, I think, our first line of attack. Mr. WATT. Go-ahead. Ms. KATZEN. If I may, I'm not in the Government right now but my experience is that the amount of expertise in the field of privacy has been increasing exponentially, and that we have a cadre of people who understand the concept and know how the Federal Government works and that there would be a good pool to feed this process. But the solution is to have a statutory office in OMB, the Chief Counselor For privacy, so you would not have the kinds of disagreements among agencies that Governor Gilmore was suggesting. Mr. WATT. So you're not saying you might not need 20 of them, you might need one super privacy czar, in OMB? Ms. KATZEN. Exactly. If you had that then you could have a handful of agencies, five or six agencies max, where, as Ms. Kelly has indicated, we have the expertise because for years they have been dealing with personally sensitive information, either financial or medical records, SSA, those kinds of areas, with it topped by an OMB official would be, I think, very sensible. Mr. DEMPSEY. Congressman Watt, just two quick-two or three quick points. First of all, the Center for Democracy and Technology, recognizing this question about expertise, has been conducting a series of workshops-we held two last year, we held one in January, we're holding a second one on March 31-for Government officials to help actually walk them through the implementation of the E-Government Act, including the preparation of privacy impact assessments and some of the other provisions there. We've had roughly 150 agency officials at each one of those so far, working with OMB. Now, I'll say that OMB has not been fully fulfilling, I think, it's mission here. They were late in issuing the guidance on preparation of privacy impact assessments. They clearly have a role to do that. They were late in doing that. And they're now unfortunately encouraging agencies to withhold the privacy impact assessments that they have done until after the budget process is completed. And really, the whole purpose of the privacy impact assessment is to do it, get it out there for comment so that both this Congress and members of the public can take a look at it and comment upon it before something is set in stone. I think the recommendation of Ms. Katzen is 100 percent correct, that one way perhaps to strike the right balance here is to have that designated chief privacy counselor in OMB, preferably with some statutory basis, and then to go agency by agency where it's particularly necessary, with the Department of Justice, with the Social Security Administration. We have two very, very good nonstatutory privacy officers at the Postal Service and at the IRS, both of whom are excellent but have no real statutory basis. And those are agencies that clearly need them. Mr. WATT. Thank you, Mr. Chairman. You've been very gen erous. Mr. CANNON. We appreciate it. Thank you, Mr. Watt. The gentleman yields back. And we thank the panel for your comment. I do have a couple of comments but first of all, without objection, Members will have be allowed 7 days to submit questions 1 for the members of the panel. Hearing no objection, so ordered. Let me just point out that the testimony today was appropriate and interesting and remarkably coherent. And I think we have our work cut out for us here. May I just say, in the first place, we intend to oversee this process rigorously. And secondly, we will take the comments and suggestions very much into consideration between now and the time that we mark up this bill at full Subcommittee and appreciate that. I believe at this point that there is good reason to have more statutory-more privacy officers with statutory authority. I think that's worked very well. I said earlier that I thought that Ms. O'Connor Kelly's work was historic and, in fact, I think it is groundbreaking and it's the foundation for what we do. I might just add my own comments. I think the Administration has done a remarkably good job in this regard. And maybe it's a little different. Somebody called it-said we ought to have a czar, a privacy czar at OMB. I forget who actually used that term. But my sense is that having done what we've done at DHS, and which Ms. O'Connor Kelly has really led on, gives us a much better sense of what can be done and frankly and particularly the importance of statutory authority, which I think Mr. Dempsey you talked about with particularity. I think that that has a tendency to grow the ideas. And I view that if we get a privacy czar at OMB, I wouldn't think of him as a czar so much as a best practices kind of person who is watching what happens. Because I don't think you can force privacy down. I think you need agencies to get the gospel, which is that if youand I think you said this with great clarity, Mr. Dempsey. If you consider these in the design of the program with regulation, you end up with a much lower cost overall and a much better outcome. My experience with OMB, and I don't mean to disagree with you on this, Ms. Katzen, but it's always very bitter. It's just difficult when you're pounding on these guys who have great authority. 1 Post-hearing questions were submitted by the Honorable Chris Cannon, Chairman of the Subcommittee, to Ms. Nuala O'Connor Kelly, Chief Privacy Officer, U.S. Department of Homeland Security. No response had been received by the Subcommittee at the time this hearing was printed. A copy of the questions submitted by Mr. Cannon can be found in the Appendix. And I don't think this is an issue that resolves itself well by a young person who comes in the Government and serves in OMB where he is given a robe of authority that transcends anything he could imagine or she could imagine in advance of that, and now is going to tell people who have actually got experience in an and agency and in the problems and the programs of that agency, how they're going to do business. I think it works much better if it goes the other way. But we are going to deal with that issue I can assure you, and I suspect we're going to see several more privacy officers because I think this has worked out well. So I thank the panel and Members for coming today. With that, we will stand adjourned. [Whereupon, at 4:35 p.m., the Subcommittee was adjourned.] APPENDIX MATERIAL SUBMITTED FOR THE HEARING RECORD February 26, 2004 Ms. Nuala O'Connor Kelly Chief Privacy Officer United States Department of Homeland Security Dear Ms. Kelly: Thank you for appearing before the Subcommittee on Commercial and Administrative Law at the legislative oversight hearing on “Privacy in the Hands of the Government: The Privacy Officer for the Department of Homeland Security" on February 10, 2004. Your testimony, and the efforts you made to present it, are deeply appreciated and will help guide us in whatever action we take on this matter. Pursuant to the unanimous consent request agreed upon at the hearing, Subcommittee Members were given the opportunity to submit written questions to the witnesses. These questions are annexed. Your response will help inform subsequent legislative action on this important topic. Please submit your written response to these questions by 5:00 p.m. on Monday, March 15, 2004, to: Susan Jensen, Counsel, Subcommittee on Commercial and Administrative Law, B353 Rayburn House Office Building, Washington, DC 20515. Your responses may also be submitted by e-mail to: susan jensen @mail.house.gov In addition, we have enclosed for your review a copy of the official transcript of this hearing. The transcript is substantially a verbatim account of remarks actually made during the hearing. Accordingly, please only make corrections addressing technical, grammatical, or typographical errors. No substantive changes are permitted. Please return any corrections you have to: Susan Jensen, Subcommittee on Commercial and Administrative Law, B353 Rayburn House Office Building, Washington, DC 20515 by Monday, March 15, 2004. |