PIA Requirements and Privacy Decision-Making in US Government Agencies

D. Wright, P. DeHert (eds.), Privacy Impact Assessment (2012)

UC Berkeley Public Law Research Paper No. 2222322

26 Pages Posted: 21 Feb 2013

See all articles by Kenneth A. Bamberger

Kenneth A. Bamberger

University of California, Berkeley - School of Law

Deirdre K. Mulligan

University of California, Berkeley - School of Information

Date Written: July 22, 2012

Abstract

This chapter explores the ways in which the Privacy Impact Assessment requirement of the U.S. E-Government Act might be implemented in government agencies so as to mitigate agency “tunnel vision” and begin to integrate meaningful consideration of privacy concerns into agency structures, cultures and decision-making. It does this by considering the implementation of the PIA requirement by two different federal agencies -- the Department of Homeland Security and the Department of State -- considering the adoption radio frequency identification (RFID) technology, which allows a remotely-accessible data chip to be attached to or inserted into a product, animal or person. The two different approaches reflect the highly inconsistent adherence to the PIA mandate across agencies, and even between programs within a single agency.

An examination of the practices of these two US agencies, interviews with agency decision-makers involved in these processes, and insights from the US experience with the parallel context of environmental impact statements offer a starting point for developing hypotheses about the role of internal agency structure, culture, personnel and professional expertise in whether the PIA process can be meaningfully integrated as an element of bureaucratic decision-making. Specifically, they suggest the importance of continued research into the role of alternate methods of external accountability as a means for strengthening the hand of privacy officers internally, the importance of substantive experts combined with internal processes for insinuating privacy into daily practice, and the need for status and structures that respect the different roles privacy professionals play in protecting privacy during policy-making and integrating privacy into the bureaucracy.

Suggested Citation

Bamberger, Kenneth A. and Mulligan, Deirdre K., PIA Requirements and Privacy Decision-Making in US Government Agencies (July 22, 2012). D. Wright, P. DeHert (eds.), Privacy Impact Assessment (2012), UC Berkeley Public Law Research Paper No. 2222322, Available at SSRN: https://ssrn.com/abstract=2222322

Kenneth A. Bamberger (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall NA446
Berkeley, CA 94720-7200
United States
(510) 643-6218 (Phone)

HOME PAGE: http://www.law.berkeley.edu/faculty/profiles/facultyProfile.php?facID=5701

Deirdre K. Mulligan

University of California, Berkeley - School of Information ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
407
Abstract Views
3,042
Rank
145,489
PlumX Metrics