PIA Requirements and Privacy Decisionmaking in U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING PRIVACY

PIA Requirements and Privacy Decisionmaking in U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING PRIVACY
Deirdre Mulligan, Kenneth A. Bamberger

Citation
Deirdre Mulligan, Kenneth A. Bamberger. "PIA Requirements and Privacy Decisionmaking in U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING PRIVACY". De Hert and Wright (eds.), 10, 225-250, Springer, 2012.

Abstract
The E-Government Act of 2002 obliges government agencies to conduct PIAs when developing or procuring information technology systems that include personally identifiable information. Bamberger and Mulligan say that it is notoriously difficult to make organisations take into account “secondary mandates” – values at best orthogonal to, and at worst in tension with, the institution’s primary mission. This difficulty arises in force in the context of legislative attempts to force administrative agencies to promote privacy protection while they pursue their primary policy objectives. This chapter begins an inquiry into lessons from the US experience regarding ways in which the PIA requirement might, in fact, be implemented so as to “mitigate agency tunnel vision” and begin to integrate meaningful consideration of privacy concerns into agency structures, cultures and decision-making. It does this by considering the implementation of the PIA requirement by two different federal agencies considering the adoption radio frequency identification (RFID) technology. The two different approaches reflect the highly inconsistent adherence to the PIA mandate across agencies, and even between programs within a single agency.

Electronic downloads

http://www.springerlink.com/content/hwmwr4g96767k505/

Citation formats

HTML

Deirdre Mulligan, Kenneth A. Bamberger. <a
href="http://www.truststc.org/pubs/861.html"
><i>PIA Requirements and Privacy Decisionmaking in
U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS:
ENGAGING STAKEHOLDERS IN PROTECTING
PRIVACY</i></a>, De Hert and Wright (eds.), 10,
225-250, Springer, 2012.

Plain text

Deirdre Mulligan, Kenneth A. Bamberger. "PIA
Requirements and Privacy Decisionmaking in U.S. Government
Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS
IN PROTECTING PRIVACY". De Hert and Wright (eds.), 10,
225-250, Springer, 2012.

BibTeX

@inbook{MulliganBamberger12_PIARequirementsPrivacyDecisionmakingInUSGovernment,
    author = {Deirdre Mulligan and Kenneth A. Bamberger},
    editor = {De Hert and Wright},
    title = {PIA Requirements and Privacy Decisionmaking in
              U.S. Government Agencies PRIVACY IMPACT
              ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING
              PRIVACY},
    chapter = {10},
    pages = {225-250},
    publisher = {Springer},
    year = {2012},
    abstract = {The E-Government Act of 2002 obliges government
              agencies to conduct PIAs when developing or
              procuring information technology systems that
              include personally identifiable information.
              Bamberger and Mulligan say that it is notoriously
              difficult to make organisations take into account
              â��secondary mandatesâ�� â�� values at best
              orthogonal to, and at worst in tension with, the
              institutionâ��s primary mission. This difficulty
              arises in force in the context of legislative
              attempts to force administrative agencies to
              promote privacy protection while they pursue their
              primary policy objectives. This chapter begins an
              inquiry into lessons from the US experience
              regarding ways in which the PIA requirement might,
              in fact, be implemented so as to â��mitigate
              agency tunnel visionâ�� and begin to integrate
              meaningful consideration of privacy concerns into
              agency structures, cultures and decision-making.
              It does this by considering the implementation of
              the PIA requirement by two different federal
              agencies considering the adoption radio frequency
              identification (RFID) technology. The two
              different approaches reflect the highly
              inconsistent adherence to the PIA mandate across
              agencies, and even between programs within a
              single agency. },
    URL = {http://www.truststc.org/pubs/861.html}
}

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.