Team for Research in
Ubiquitous Secure Technology

PIA Requirements and Privacy Decisionmaking in U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING PRIVACY
Deirdre Mulligan, Kenneth A. Bamberger

Citation
Deirdre Mulligan, Kenneth A. Bamberger. "PIA Requirements and Privacy Decisionmaking in U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING PRIVACY". De Hert and Wright (eds.), 10, 225-250, Springer, 2012.

Abstract
The E-Government Act of 2002 obliges government agencies to conduct PIAs when developing or procuring information technology systems that include personally identifiable information. Bamberger and Mulligan say that it is notoriously difficult to make organisations take into account “secondary mandates” – values at best orthogonal to, and at worst in tension with, the institution’s primary mission. This difficulty arises in force in the context of legislative attempts to force administrative agencies to promote privacy protection while they pursue their primary policy objectives. This chapter begins an inquiry into lessons from the US experience regarding ways in which the PIA requirement might, in fact, be implemented so as to “mitigate agency tunnel vision” and begin to integrate meaningful consideration of privacy concerns into agency structures, cultures and decision-making. It does this by considering the implementation of the PIA requirement by two different federal agencies considering the adoption radio frequency identification (RFID) technology. The two different approaches reflect the highly inconsistent adherence to the PIA mandate across agencies, and even between programs within a single agency.

Electronic downloads

Citation formats  
  • HTML
    Deirdre Mulligan, Kenneth A. Bamberger. <a
    href="http://www.truststc.org/pubs/861.html"
    ><i>PIA Requirements and Privacy Decisionmaking in
    U.S. Government Agencies PRIVACY IMPACT ASSESSMENTS:
    ENGAGING STAKEHOLDERS IN PROTECTING
    PRIVACY</i></a>, De Hert and Wright (eds.), 10,
    225-250, Springer, 2012.
  • Plain text
    Deirdre Mulligan, Kenneth A. Bamberger. "PIA
    Requirements and Privacy Decisionmaking in U.S. Government
    Agencies PRIVACY IMPACT ASSESSMENTS: ENGAGING STAKEHOLDERS
    IN PROTECTING PRIVACY". De Hert and Wright (eds.), 10,
    225-250, Springer, 2012.
  • BibTeX
    @inbook{MulliganBamberger12_PIARequirementsPrivacyDecisionmakingInUSGovernment,
        author = {Deirdre Mulligan and Kenneth A. Bamberger},
        editor = {De Hert and Wright},
        title = {PIA Requirements and Privacy Decisionmaking in
                  U.S. Government Agencies PRIVACY IMPACT
                  ASSESSMENTS: ENGAGING STAKEHOLDERS IN PROTECTING
                  PRIVACY},
        chapter = {10},
        pages = {225-250},
        publisher = {Springer},
        year = {2012},
        abstract = {The E-Government Act of 2002 obliges government
                  agencies to conduct PIAs when developing or
                  procuring information technology systems that
                  include personally identifiable information.
                  Bamberger and Mulligan say that it is notoriously
                  difficult to make organisations take into account
                  âsecondary mandatesâ â values at best
                  orthogonal to, and at worst in tension with, the
                  institutionâs primary mission. This difficulty
                  arises in force in the context of legislative
                  attempts to force administrative agencies to
                  promote privacy protection while they pursue their
                  primary policy objectives. This chapter begins an
                  inquiry into lessons from the US experience
                  regarding ways in which the PIA requirement might,
                  in fact, be implemented so as to âmitigate
                  agency tunnel visionâ and begin to integrate
                  meaningful consideration of privacy concerns into
                  agency structures, cultures and decision-making.
                  It does this by considering the implementation of
                  the PIA requirement by two different federal
                  agencies considering the adoption radio frequency
                  identification (RFID) technology. The two
                  different approaches reflect the highly
                  inconsistent adherence to the PIA mandate across
                  agencies, and even between programs within a
                  single agency. },
        URL = {http://www.truststc.org/pubs/861.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.