Options for Promoting Privacy on the National Information Infrastructure. Creation of a Privacy Entity


As we have observed, the United States lacks a centralized entity either to (1) drive development of Federal data privacy policy, or (2) direct traffic for the various privacy initiatives now underway. One option is to create a federal privacy entity to achieve and maintain the optimal balance between the benefits and harms associated with the unrestrained flow of personal data in the information age.

Federal entities come in a variety of sizes and shapes, and perform a range of functions -- from providing advise, education, advocacy, coordination and representation through promulgating and enforcing regulations.

Such entities can be located in existing agencies, or newly created agencies. Alternatively, they can rely on government staff resources exclusively, or include private sector representatives.

In the following section, we examine the pros and cons of a number of possible combinations of the factors listed above. We assume, throughout the discussion that follows, that the jurisdiction of any such entity would encompass private sector data use. Such an entity would also have responsibilities for informing, coordinating, or directing government data practices in accordance with applicable law. The goal of a privacy entity would be to implement the Privacy Principles (or a similar articulation of fair information practices) at the national level. Its methods of achieving this goal would depend, of course, on the tools it is given to do this job.

Readers should keep in mind that we have not attempted to identify every possible combination of responsibilities, sphere of influence, placement, and authority that a federal privacy entity might possess. The discussion that follows is intended to be illustrative rather than exhaustive, and to spark discussion rather than to curtail it.