Office of Management and Budget (OMB)

WPF Comments to OMB regarding public participation draft memorandum

The World Privacy Forum has filed comments to the U.S. Office of Management and Budget in response to its Request for Feedback on Draft Guidance: Broadening Public Participation and Community Engagement with the Federal Government. WPF made three specific suggestions to OMB regarding how Privacy Act notices might be managed in a way that facilitates better feedback from those interested specifically in Privacy Act of 1974 notices, which have meaningful bearing on matters relating to data governance, privacy, and data protection.

WPF Comments to OMB regarding AI and Privacy Impact Assessments

The World Privacy Forum has filed detailed comments to the U.S. Office of Management and Budget (OMB) in response to its Request for Information on Privacy Impact Assessments. Specifically, OMB requested information about how the U.S. Federal government should update or adjust its requirements for Privacy Impact Assessments (PIAs) in regards to changes to data ecosystems brought about by Artificial Intelligence (AI). WPF provided substantive recommendations regarding administrative provisions of the Privacy Act, scalable automated AI governance tools for privacy and trustworthy AI, ensuring nimble processes for privacy and AI assessments, and ensuring balanced, skillful socio-legal-technical decisionmaking.

Initial Analysis of the new U.S. governance for Federal Agency use of Artificial Intelligence, including biometrics

Today the Biden-Harris Administration published a Memorandum that sets forth how U.S. Federal Agencies and Executive Departments will govern their use of Artificial Intelligence. The OMB memorandum provides an extensive and in some ways surprising articulation of emergent guardrails around modern AI. There are many points of interest to discuss, but the most striking includes the thread of biometrics systems guidance throughout the memorandum and continuing on in the White House Fact Sheet and associated materials. Additionally, the articulation of minimum practices for safety -impacting and rights- impacting AI will likely become important touch points in regulatory discussions in the U.S. and elsewhere. The guidance represents a significant policy shift for the U.S. Federal government, particularly around biometrics.

WPF comments to OMB regarding its Draft Memorandum on establishing new Federal Agency requirements for uses of AI

In December 2023, WPF submitted detailed comments to the U.S. Office of Management and Budget regarding its Request for Comments on Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence Memorandum.  OMB published the request in the Federal Register on November 3, 2023. This particular Memorandum is of historic importance, as it articulates the establishment of new agency requirements in the areas of AI governance, innovation, and risk management, and would direct agencies to adopt specific minimum risk management practices for uses of AI that impact the rights and safety of the public.

New proposed Privacy Act guidance: Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act

The World Privacy Forum submitted comments today on an important proposal from the US Executive Office of the President, Office of Management and Budget regarding a circular directing agencies how to write, post, review, and generally handle Privacy Act notices. The proposal, called Circular A-108 Federal Agency Responsibilities for Review, ...

WPF asks Office of Management and Budget to re-evaluate plan to request social media account information on entry/exit forms; requests pilot study

The World Privacy Forum filed comments today with the US Office of Management and Budget regarding a US Customs and Border Protection agency proposal to request social media account information from arriving and departing travelers on entry/exit forms. Earlier this year, WPF wrote comments to CBP directly and urged the agency to drop its proposal to request social media profile information from travelers on these key entry/exit forms due to procedural and policy concerns.

WPF files comments on federal information handling to the Office of Management and Budget

The World Privacy Forum filed comments today on the Office of Management and Budget's proposed revision to a document that advises Federal agencies on how to handle the information they store. The document, OMB Circular A-130, Managing Information as a Strategic Resource , establishes policies for the management of federal ...

WPF Report - Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens, Part III in a series

This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Introduction and Background

The US federal government uses commercial data brokers [1] extensively for a wide variety of governmental activities. It is unquestioned that the government provides considerable revenue to commercial data brokers. How much? A reasonable and conservative estimate is that the number ranges in the billions of dollars. Over the course of the last 20 years, the extent of the relationship has become clear through a series of detailed investigations and scholarly research. For background purposes, we reference a leading study and discuss a newer use. This report does not seek to reinvestigate and re-document known uses.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Recommendations

Recommendations for the Office of Management and Budget: OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Conclusion

OMB deserves much praise for this novel privacy initiative, but it has more work to do. The evaluation of the first private sector database in the Do Not Pay Initiative needs to be accomplished in the open with full participation by all interested parties. The OMB memo provides for that. We need to see how well that process works.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Discussion and Analysis of the OMB Do Not Pay Guidance

The best starting point for understanding the OMB Do Not Pay memo is with the legal framework behind the Do Not Pay Initiative. The Initiative derives from a combination of little-noticed executive orders and updates to existing laws. In 2009, Executive Order 13520, Reducing Improper Payments, [29] directed agencies to identify "ways in which information sharing may improve eligibility verification and pre-payment scrutiny." This was the start of the current Do Not Pay Initiative.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | Executive Summary

You are reading the Executive Summary of Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens Report Links: Report Home & Executive Summary Download the full report (PDF) Jump to other sections of the report: Executive Summary | I. Introduction | II. Discussion | ...

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens | All Appendices

You are reading Appendices A, B, and C of Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens Report Links: Report Home & Executive Summary Download the full report (PDF) Jump to other sections of the report: Executive Summary | I.Introduction | II. Discussion ...

Public Comments: August 2009 - WPF files comments on government use of web tracking technologies

The World Privacy Forum filed comments with the Office of Management and Budget regarding its proposal to begin to allow the use of tracking cookies on government web sites. The proposal was published in the Federal Register, and outlined a three-tiered plan for how web tracking technologies might be used. The Forum's comments focused on methods of opt-out, data retention, secondary use, user authentication, new tracking technologies such as Flash cookies, and the need for new opt-out mechanisms. The Forum also urged the federal government to not allow third party tracking of consumers' use of government web sites, and to guard against any discrimination against consumers who do not want to be tracked.

World Privacy Forum files comments on government use of web tracking technologies

Online privacy and government web sites -- The World Privacy Forum filed comments with the Office of Management and Budget regarding its proposal to begin to allow the use of tracking cookies on government web sites. The proposal was published in the Federal Register, and outlined a three-tiered plan for how web tracking technologies might be used. The Forum's comments focused on methods of opt-out, data retention, secondary use, user authentication, new tracking technologies such as Flash cookies, and the need for new opt-out mechanisms. The Forum also urged the federal government to not allow third party tracking of consumers' use of government web sites, and to guard against any discrimination against consumers who do not want to be tracked.

WPF comments on proposed guidance on Confidential Information Protection and Efficiency Act of 2002 (CIPSEA)

e-Government /CIPSEA -- The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.

Public Comments: December 2006 - Confidential Information Protection and Efficiency Act of 2002 (CIPSEA)

The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.

Department of Justice Proposes Making Changes to Routine Uses of its Systems and Databases; World Privacy Forum Files Comments on Problematic Privacy Act Issues with the Proposed Changes

Privacy Act of 1974 -- The Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter.