[Federal Register Volume 62, Number 81 (Monday, April 28, 1997)]
[Notices]
[Pages 22978-22979]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-10894]
=======================================================================
-----------------------------------------------------------------------
OFFICE OF MANAGEMENT AND BUDGET
Options for Promoting Privacy on the National Information
Infrastructure
AGENCY: Office of Management and Budget.
ACTION: Notice and request for comments.
-----------------------------------------------------------------------
SUMMARY: OMB announces the availability of ``Options for Promoting
Privacy on the National Information Infrastructure'' (Options Paper) on
behalf of the Information Policy Committee of the National Information
Infrastructure Task Force (IITF). This Options Paper results from work
performed by the Privacy Working Group and refined by the Committee.
The Committee is chaired by the Administrator of the Office of
Information and Regulatory Affairs, Office of Management and Budget
(OMB). This Options Paper builds upon the October 1995 report of the
Privacy Working Group, ``Privacy and the National Information
Infrastructure: Principles for Providing and Using Personal
Information'' (Privacy Principles), which was published in draft form
in the Federal Register on January 20, 1995 (60 FR 4362) and was
finalized in June 1995. None of the options presented has been adopted
as Administration policy; they are set forth in this document in the
belief that they are worthy of public discussion.
DATES: Comments should be submitted no later than June 27, 1997.
ELECTRONIC AVAILABILITY AND ADDRESSES: The options paper is available
electronically from the IITF site on the World Wide Web: http://
www.iitf.nist.gov/ipc/ipc-pub.html and in paper form from the OMB
Publications Office, 725 17th Street, NW., Washington, DC 20503,
telephone: 202/395-7332, facsimile: 202/395-6137.
Comments may be sent to the Information Policy Committee c/o the
Office of Information and Regulatory Affairs, Office of Management and
Budget, Room 10236, Washington, DC 20503. Comments may also be
submitted by facsimile to 202-395-5167, or by electronic mail to
[email protected] Comments submitted by facsimile or electronic
mail need not also be submitted by regular mail.
FOR FURTHER INFORMATION CONTACT: Ms. Maya A. Bernstein, Office of
Information and Regulatory Affairs, Office of Management and Budget,
Washington, DC 20503. Voice telephone: 202-395-4816. Facsimile: 202-
395-5167. Electronic mail: [email protected]
SUPPLEMENTARY INFORMATION: In the Report of the National Performance
Review, ``Creating a Government that Works Better & Costs Less:
Reengineering Through Information Technology,'' the Vice President
tasked the Information Infrastructure Task Force with considering
privacy policy with respect to the National Information Infrastructure
(NII). The Privacy Working Group first developed ``Privacy and the
National Information Infrastructure: Principles for Providing and Using
Personal Information'' (the Privacy Principles), which described a set
of fair information practices appropriate to the NII and which were
finalized in June 1995. The next step for the Privacy Working Group was
to consider how best to promote those principles. To that end, the
Working Group undertook significant research on
[[Page 22979]]
the state of privacy with respect to the NII, current U.S. law, and
private sector practices. That work served as the basis for the
Information Policy Committee's Option Paper. The Committee is now
making the Paper available for comment.
As Vice President Gore predicted in 1995, development of the Global
Information Infrastructure (GII) is increasing economic growth and
productivity, creating high-wage jobs in newly emerging industries, and
fostering U.S. technological leadership across the globe. Through this
medium, we can already secure high quality services at low cost and
prepare our children for the demands of the 21st Century. A more open
and participatory democracy is emerging at all levels of government.
The information economy of the 21st century will run on data. Some
of that data may be highly personal and sensitive. In some cases,
personal data may become quite valuable. Thus, the transition to the
Information Age calls for a reexamination of the proper balance between
the competing values of personal privacy and the free flow of
information in a democratic society. Will our traditional balance point
serve in the digital age? Can we continue to rely on the same tools we
have used to strike this balance in the past? Or, is an entirely new
approach warranted?
The Options Paper explores the growing public concern about
personal information privacy. The paper describes the status of
electronic data protection and fair information practices in the United
States today, beginning with a discussion of the ``Principles for
Providing and Using Personal Information,'' issued by the Information
Infrastructure Task Force in 1995. It then provides an overview of new
information technologies, which shows that personal information is
currently collected, shared, aggregated, and disseminated at a rate and
to a degree unthinkable just a few years ago. Government is no longer
the sole possessor of extensive amounts of personal information about
U.S. citizens: in recent years the acquisition of personal information
by the private sector has increased dramatically.
The paper next considers in more detail the laws and policies
affecting information privacy in four specific areas: government
records, communications, medical records, and the consumer market. This
examination reveals that information privacy policy in the United
States consists of various laws, regulations and practices, woven
together to produce privacy protection that varies from sector to
sector. Sometimes the results make sense, and sometimes they do not.
The degree of protection accorded to personal information may depend on
the data delivery mechanism rather than on the type of information at
issue. Moreover, information privacy protection efforts in the United
States are generally reactive rather than proactive: both the public
and the private sector adopt policies in response to celebrated
incidents of nonconsensual disclosure involving readily discernable
harm. Sometimes this approach leaves holes in the fabric of privacy
protection.
The paper then turns to the core question: in the context of the
Global Information Infrastructure (GII), what is the best mechanism to
implement fair information practices that balance the needs of
government, commerce, and individuals, keeping in mind both our
interest in the free flow of information and in the protection of
information privacy? At one end of the spectrum there is support for an
entirely market-based response. At the other end of the spectrum, the
federal government is encouraged to regulate fair information practices
across all sectors of the economy. In between these poles lie a myriad
of options.
In response to public concern, both government and private industry
seem to be taking a harder look at privacy issues. As government and
consumers become more aware of the GII's data collection, analysis and
distribution capabilities, demand could foster a robust, competitive
market for privacy protection. This raises the intriguing possibility
that privacy could emerge as a market commodity in the Information Age.
The paper recognizes ongoing efforts to enhance industry self
regulation to carry out the IITF Privacy Principles, and also discuss
ways this self regulation might be enforced. The paper also discusses a
number of ways that government could facilitate development of a
privacy market.
The paper then considers a number of options that involve creation
of a federal privacy entity. It discusses some of the many forms that
such an entity could take and considers the advantages and
disadvantages of the various choices. It also considers the functions
that such an entity might perform, as well as various options for
locating a privacy entity within the federal government.
This paper presents a host of options for government and private
sector action. The ultimate goal is to identify the means to maintain
an optimal balance between personal privacy and freedom of information
values in the digital environment. The next step is to receive and
respond to public comment on the report in order to develop consensus
regarding the appropriate allocation of public and private sector
responsibility for implementation of fair information practices.
Sally Katzen,
Administrator, Office of Information and Regulatory Affairs.
[FR Doc. 97-10894 Filed 4-25-97; 8:45 am]
BILLING CODE 3110-01-P
