[Federal Register Volume 62, Number 81 (Monday, April 28, 1997)]
[Notices]
[Pages 22978-22979]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-10894]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


Options for Promoting Privacy on the National Information 
Infrastructure

AGENCY: Office of Management and Budget.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: OMB announces the availability of ``Options for Promoting 
Privacy on the National Information Infrastructure'' (Options Paper) on 
behalf of the Information Policy Committee of the National Information 
Infrastructure Task Force (IITF). This Options Paper results from work 
performed by the Privacy Working Group and refined by the Committee. 
The Committee is chaired by the Administrator of the Office of 
Information and Regulatory Affairs, Office of Management and Budget 
(OMB). This Options Paper builds upon the October 1995 report of the 
Privacy Working Group, ``Privacy and the National Information 
Infrastructure: Principles for Providing and Using Personal 
Information'' (Privacy Principles), which was published in draft form 
in the Federal Register on January 20, 1995 (60 FR 4362) and was 
finalized in June 1995. None of the options presented has been adopted 
as Administration policy; they are set forth in this document in the 
belief that they are worthy of public discussion.

DATES: Comments should be submitted no later than June 27, 1997.

ELECTRONIC AVAILABILITY AND ADDRESSES: The options paper is available 
electronically from the IITF site on the World Wide Web: http://
www.iitf.nist.gov/ipc/ipc-pub.html and in paper form from the OMB 
Publications Office, 725 17th Street, NW., Washington, DC 20503, 
telephone: 202/395-7332, facsimile: 202/395-6137.
    Comments may be sent to the Information Policy Committee c/o the 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, Room 10236, Washington, DC 20503. Comments may also be 
submitted by facsimile to 202-395-5167, or by electronic mail to 
[email protected]. Comments submitted by facsimile or electronic 
mail need not also be submitted by regular mail.

FOR FURTHER INFORMATION CONTACT: Ms. Maya A. Bernstein, Office of 
Information and Regulatory Affairs, Office of Management and Budget, 
Washington, DC 20503. Voice telephone: 202-395-4816. Facsimile: 202-
395-5167. Electronic mail: [email protected].

SUPPLEMENTARY INFORMATION: In the Report of the National Performance 
Review, ``Creating a Government that Works Better & Costs Less: 
Reengineering Through Information Technology,'' the Vice President 
tasked the Information Infrastructure Task Force with considering 
privacy policy with respect to the National Information Infrastructure 
(NII). The Privacy Working Group first developed ``Privacy and the 
National Information Infrastructure: Principles for Providing and Using 
Personal Information'' (the Privacy Principles), which described a set 
of fair information practices appropriate to the NII and which were 
finalized in June 1995. The next step for the Privacy Working Group was 
to consider how best to promote those principles. To that end, the 
Working Group undertook significant research on

[[Page 22979]]

the state of privacy with respect to the NII, current U.S. law, and 
private sector practices. That work served as the basis for the 
Information Policy Committee's Option Paper. The Committee is now 
making the Paper available for comment.
    As Vice President Gore predicted in 1995, development of the Global 
Information Infrastructure (GII) is increasing economic growth and 
productivity, creating high-wage jobs in newly emerging industries, and 
fostering U.S. technological leadership across the globe. Through this 
medium, we can already secure high quality services at low cost and 
prepare our children for the demands of the 21st Century. A more open 
and participatory democracy is emerging at all levels of government.
    The information economy of the 21st century will run on data. Some 
of that data may be highly personal and sensitive. In some cases, 
personal data may become quite valuable. Thus, the transition to the 
Information Age calls for a reexamination of the proper balance between 
the competing values of personal privacy and the free flow of 
information in a democratic society. Will our traditional balance point 
serve in the digital age? Can we continue to rely on the same tools we 
have used to strike this balance in the past? Or, is an entirely new 
approach warranted?
    The Options Paper explores the growing public concern about 
personal information privacy. The paper describes the status of 
electronic data protection and fair information practices in the United 
States today, beginning with a discussion of the ``Principles for 
Providing and Using Personal Information,'' issued by the Information 
Infrastructure Task Force in 1995. It then provides an overview of new 
information technologies, which shows that personal information is 
currently collected, shared, aggregated, and disseminated at a rate and 
to a degree unthinkable just a few years ago. Government is no longer 
the sole possessor of extensive amounts of personal information about 
U.S. citizens: in recent years the acquisition of personal information 
by the private sector has increased dramatically.
    The paper next considers in more detail the laws and policies 
affecting information privacy in four specific areas: government 
records, communications, medical records, and the consumer market. This 
examination reveals that information privacy policy in the United 
States consists of various laws, regulations and practices, woven 
together to produce privacy protection that varies from sector to 
sector. Sometimes the results make sense, and sometimes they do not. 
The degree of protection accorded to personal information may depend on 
the data delivery mechanism rather than on the type of information at 
issue. Moreover, information privacy protection efforts in the United 
States are generally reactive rather than proactive: both the public 
and the private sector adopt policies in response to celebrated 
incidents of nonconsensual disclosure involving readily discernable 
harm. Sometimes this approach leaves holes in the fabric of privacy 
protection.
    The paper then turns to the core question: in the context of the 
Global Information Infrastructure (GII), what is the best mechanism to 
implement fair information practices that balance the needs of 
government, commerce, and individuals, keeping in mind both our 
interest in the free flow of information and in the protection of 
information privacy? At one end of the spectrum there is support for an 
entirely market-based response. At the other end of the spectrum, the 
federal government is encouraged to regulate fair information practices 
across all sectors of the economy. In between these poles lie a myriad 
of options.
    In response to public concern, both government and private industry 
seem to be taking a harder look at privacy issues. As government and 
consumers become more aware of the GII's data collection, analysis and 
distribution capabilities, demand could foster a robust, competitive 
market for privacy protection. This raises the intriguing possibility 
that privacy could emerge as a market commodity in the Information Age. 
The paper recognizes ongoing efforts to enhance industry self 
regulation to carry out the IITF Privacy Principles, and also discuss 
ways this self regulation might be enforced. The paper also discusses a 
number of ways that government could facilitate development of a 
privacy market.
    The paper then considers a number of options that involve creation 
of a federal privacy entity. It discusses some of the many forms that 
such an entity could take and considers the advantages and 
disadvantages of the various choices. It also considers the functions 
that such an entity might perform, as well as various options for 
locating a privacy entity within the federal government.
    This paper presents a host of options for government and private 
sector action. The ultimate goal is to identify the means to maintain 
an optimal balance between personal privacy and freedom of information 
values in the digital environment. The next step is to receive and 
respond to public comment on the report in order to develop consensus 
regarding the appropriate allocation of public and private sector 
responsibility for implementation of fair information practices.
Sally Katzen,
Administrator, Office of Information and Regulatory Affairs.
[FR Doc. 97-10894 Filed 4-25-97; 8:45 am]
BILLING CODE 3110-01-P