NIST recommends updates to Privacy Act
- Amendments to the Privacy Act and E-Government Act in order to:
- Improve Government privacy notices;
- Update the definition of System of Records to cover relational and distributed systems based on government use, not holding, of records.
- Clearly cover commercial data sources under both the Privacy Act and the E‐Government Act.
- Improve government leadership and governance of privacy
- OMB should hire a full-time Chief Privacy Officer with resources.
- Privacy Act Guidance from OMB must be regularly updated.
- Chief Privacy Officers should be hired at all “CFO agencies.”
- A Chief Privacy Officers’ Council should be developed.
- OMB should issue privacy guidance on agency use of location information.
- OMB should work with US‐CERT to create interagency information on data loss across the government
- There should be public reporting on use of Social Security Numbers