The CIO Council has announced the availability of two new publications offering guidance for agencies in establishing or streamlining a privacy office.
"Best Practices: Elements of a Federal Privacy Program," by the Federal CIO Council Privacy Committee describes how to build a privacy program within any federal department, component, or office.
One fundamental strategy to protecting information it mentions is data minimization – that is, limiting data collection and/or retention to only that information which is necessary and relevant to the mission in order to mitigate the risk of information being compromised, inadvertently exposed, or stolen.
The DHS Privacy Office’s "Guide to Implementing Privacy," details the office’s responsibilities and scope of authority, and describes the concrete steps DHS takes to implement privacy policies.
DHS Chief Privacy Officer and co-chair of the Federal CIO Council Privacy Committee, Mary Ellen Callahan, said the documents are meant to complement one another.
She also noted that privacy officers would be wise to build relationships with natural allies such as the CIO’s office to get more out of limited budget, adding that, "you can’t be a standalone office."