Privacy Commons for Government

Note: This article originally appeared on the The Security Catalyst Blog

Unconferences” (hat tip to identitywoman) are great opportunities to network, gather and share information. They attract bleeding-edge leaders on emerging problems and technologies. My most recent unconference was Congress Camp 2009, organized by the Open Forum Foundation. The gathering focused (broadly) on social networking tools and Web 2.0 for government. It was well attended by advocates who want to reach Congress, and over-worked hill staffers who use IE6 and must cope with information overload. We also got a preview of If you have an interest in social networking and government, I highly recommend looking at some of the blog articles.

Here’s my report: Don’t hold your breath for Congress to go Social-Web crazy in the immediate future.

I hosted a discussion on developing a Privacy Commons framework for government. In short, Privacy Commons will be a series of Privacy Policy Frameworks: A list of required, optional, and prohibited subject matter for privacy policies. Each framework will be tailored to particular industries (i.e., medical, financial, goods and services, social media, government, etc.). Adoption of a Privacy Commons Framework will require that your Privacy Policy address all subject matter in the framework, and make certain high-level disclosures in the form of iconography (i.e., a “$” symbol to indicate that you sell personal information to third parties).

I already knew that a government Privacy Commons policy would have to include disclosures about how personal information may be transmitted to other federal agencies, for example. But I was surprised to hear from staffers that Congressional privacy policies should also disclose how personal anecdotes may be used. Many constituents e-mail their elected representatives with poignant personal stories that often support draft legislation. Staffers must decide whether they can or should use the stories in a press release, on the House or Senate floor, or whether they can use the story and change the names.

A government Privacy Commons framework will also need to address the different rules that elected officials and their campaigns must follow. Elected officials must follow strict rules governing sharing personal and contact information. In contrast, campaigns (which may run full-time, even after an official is elected) can do almost anything with personal information. The distinction between “Congressman Jones” and “Congressman Jones’ Campaign” may be lost on the average constituent; but the effects on privacy might be substantial.

As I make the transition to full-time attorney (after I pass the bar… wish me luck), I’ll be able to continue developing Privacy Commons. In fact, at Congress Camp I hooked up with the ECitizen Foundation, which might help host Privacy Commons working groups. Stay tuned.

  1. No comments yet.
(will not be published)