Author(s): Kenneth A. Bamberger and Deirdre K. Mulligan
Year: 2012
Abstract:
This
chapter explores the ways in which the Privacy Impact Assessment
requirement of the U.S. E-Government Act might be implemented in
government agencies so as to mitigate agency “tunnel vision” and begin
to integrate meaningful consideration of privacy concerns into agency
structures, cultures and decision-making. It does this by considering
the implementation of the PIA requirement by two different federal
agencies — the Department of Homeland Security and the Department of
State — considering the adoption radio frequency identification (RFID)
technology, which allows a remotely-accessible data chip to be attached
to or inserted into a product, animal or person. The two different
approaches reflect the highly inconsistent adherence to the PIA mandate
across agencies, and even between programs within a single agency. An
examination of the practices of these two US agencies, interviews with
agency decision-makers involved in these processes, and insights from
the US experience with the parallel context of environmental impact
statements offer a starting point for developing hypotheses about the
role of internal agency structure, culture, personnel and professional
expertise in whether the PIA process can be meaningfully integrated as
an element of bureaucratic decision-making. Specifically, they suggest
the importance of continued research into the role of alternate methods
of external accountability as a means for strengthening the hand of
privacy officers internally, the importance of substantive experts
combined with internal processes for insinuating privacy into daily
practice, and the need for status and structures that respect the
different roles privacy professionals play in protecting privacy during
policy-making and integrating privacy into the bureaucracy.
Keywords:
Link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2222322