Please help us refine the admendments with your suggestions to the amendments.

Section 101. Government-Wide Chief Privacy Officer (CPO)

(a) IN GENERAL. — There is established in the Office of Management and Budget an Office of Privacy Policy. There shall be at the head of the Office a government-wide Chief Privacy Officer who shall be appointed by the President. Any individual nominated for appointment as Chief Privacy Officer shall have expertise in privacy protection policy.

(b) PRINCIPAL RESPONSIBILITY. — Subject to the authority, direction, and control of the President, the Chief Privacy Officer shall—

  1. serve as the leader and convener of the federal community of chief privacy officers;
  2. ensure that the privacy policies governing the federal government’s collection, use, sharing, disclosure, transfer, storage, security, and disposition of personal information are consistent with legal and regulatory guidance, including OMB guidance, the Privacy Act of 1974, and section 208 of the E-Government Act of 2002;
  3. serve as the principal adviser for federal privacy policy matters to the President, to the Director of the Office of Management and Budget, and to the National Security Council, Homeland Security Council, and Office of Science and Technology Policy;
  4. oversee and direct the development and promulgation of guidance and regulations related to the implementation of the Privacy Act of 1974 and section 208 of the E-Government Act of 2002;
  5. oversee the development of government-wide policies promoting education and training for federal employees and contractors in privacy policy and awareness; and
  6. coordinate with the Privacy and Civil Liberties Oversight Board as established by section 1061 of the Intelligence Reforms and Terrorism Prevention Act of 2004 as amended by Section 801 of the Implementing the Recommendations of the 9/11 Commission Act of 2007.

(c) REVIEW OF PRIVACY RELATED FUNCTIONS, RESOURCES, GUIDANCE, AND REPORT. —

  1. Within twelve months of designation, the Chief Privacy Officer, in consultation with the Attorney General, shall submit a comprehensive report to the President and to the appropriate committees of Congress, including the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Government Reform of the House of Representatives, describing the organization and resources of the the federal government with respect to privacy and related information management functions, including assessing the existing guidance related to section 552a of title 5 of the United State Code and section 208 of the E-Government Act of 2002, and making appropriate recommendations for changes to the organization and guidance on these laws.
  2. Within twelve months of the issuance of the above report, the Chief Privacy Officer, in consultation with the CPO Council, shall issue consolidated guidance on the implementation of section 552a of title 5 of the United States Code and section 208 of the E-Government Act of 2002 consistent with this Act and the recommendations within such report. The Chief Privacy Officer and CPO Council shall review such guidance within two years and thereafter continue to issue updated or new guidance consistent with needs and legal authorities within a time period no longer than three years from each previous review.
  3. Within 24 months of appointment, and then every second year thereafter, the Chief Privacy Officer shall submit a report to the appropriate committees of Congress, including the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Government Reform of the House of Representatives on the activities of the Chief Privacy Officer, including implementation of section 552a of title 5, United States Code, section 208 of the E-Government Act of 2002, internal controls, and other relevant matters.
  4. Within 90 days of appointment, the Chief Privacy Officer shall enter into an arrangement with the National Academy of Sciences for a study to determine the impact of extending protections of the Computer Matching and Privacy Protection Act of 1988 to include as matching programs all computerized comparison of data from systems of records that is used to determine eligibility for rights, benefits, and privileges in Section 552a(a)(4).

(d) AGENCY INFORMATION —

  1. The head of each agency shall provide to the Chief Privacy Officer such information as the Chief Privacy Officer considers necessary to assure that the use of technologies sustains, and does not erode, privacy protections relating to the use, collection, and disclosure of personal information; assure that personal information contained in systems of records is handled in full compliance with fair information practices; and evaluate legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government.
  2. The Chief Privacy Officer may recommend to the agency head, in consultation with the Chief Privacy Officer of that agency, that chief privacy officers be established in particular components of agencies.

Section 102. Establishment of Agency Chief Privacy Officers

(a) IN GENERAL. — The head of every department, agency, or element of the executive branch designated by the Chief Privacy Office under section 101 of the E-Privacy Amendments Act to be appropriate for coverage under this section shall designate not less than 1 senior officer to serve as the principal advisor to the head of the department, agency, or element on privacy policy.

(b) FUNCTIONS. - The privacy officers of each department, agency, or element will assume primary responsibility for privacy policy, including--

  1. assuring that the use of technologies sustains, and does not erode, privacy protections relating to the use, collection, and disclosure of personal information;
  2. assuring that technologies used to collect, use, store, and disclose personal information allow for auditing of compliance with stated privacy policies and practices governing the collection, use and distribution of information in the operation of the program;
  3. assuring that personal information contained in Privacy Act systems of records is handled in compliance with fair information practices as defined in the Privacy Act of 1974;
  4. conducting privacy impact assessments as required by law and by rules of the agency, or as otherwise called for by the CPO, on the privacy of personal information, including the type of personal information collected and the number of people affected;
  5. evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the agency;
  6. training and educating agency employees and contractors on privacy policies to promote awareness of and compliance with established privacy policies; and
  7. ensuring compliance with established privacy policies.

(c) PERIODIC REPORTS. - The privacy officers of each department, agency or element shall submit an annual report on their activities to --

  1. the appropriate committees of Congress;
  2. the head of such department, agency, or element; and
  3. the Privacy and Civil Liberties Oversight Board.

(d) SAVINGS CLAUSE. - Nothing in this section shall be construed to limit or otherwise supplant any other authorities or responsibilities provided by law to privacy officers or civil liberties officers designated under Section 1062 of the National Security Intelligence Reform Act of 2004.

(e) CLARIFYING AMENDMENT. - Section 1062 of the National Security Intelligence Reform Act of 2004 (Title 1 of Public Law 108-458, 118 Stat. 3688, to be codified at 42 U.S.C. 2000ee-1 as amended by Section 803 of Public Law 110-53, 121 Stat. 266) shall be amended by striking subsection (b) and inserting the following: "(b) COORDINATION WITH STATUTORY PRIVACY OFFICERS. - Any privacy and civil liberties officer designated under this section will be primarily responsible for privacy and civil liberties policy in the context of the national security and counterterrorism policy of the department, agency, or element but will coordinate with the privacy officer designated under Section 102 of the E-Privacy Act Amendments of 2009 to the extent necessary."

Section 103. Federal Chief Privacy Officers Council

(a) ESTABLISHMENT.—There is established in the executive branch a Chief Privacy Officers Council (in this section referred to as the 'Council').

(b) MEMBERSHIP. — The members of the Council shall be as follows:

  1. The Chief Privacy Officer, as established under this title, who shall act as chair of the Council.
  2. The Administrator of the Office of Electronic Government of the Office of Management and Budget.
  3. The Administrator of the Office of Information and Regulatory Affairs of the Office of Management and Budget.
  4. The Privacy Officer of each agency designated by section 101 of this Act.
  5. The Chair of the Privacy and Civil Liberties Oversight Board.
  6. Any other officer or employee of the United States designated by the chair.

(c) VICE CHAIR. —

  1. The vice chair of the Council shall be selected by the Council from among the members as determined under subsection (b)(4) of this title. The vice chair shall serve a 1-year term and may serve multiple terms. The chair and vice chair shall serve as representatives on the Chief Information Officer Council.

(d) ADMINISTRATIVE SUPPORT.—The Administrator of General Services shall provide administrative and other support for the Council.

(e) FUNCTIONS.—

  1. The Council shall be an interagency forum for establishing best practices for agency privacy policy.
  2. The Council shall—
    1. Share, and promote the development of, best practices to assure that the use of technologies sustains, and does not erode, privacy protections relating to the use, collection, and disclosure of personal information; assure that personal information contained in systems of records is handled in full compliance with fair information practices; and evaluate legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government; and
    2. Submit proposed improvements to privacy practices to the Office of Management and Budget.
Retrieved from "http://eprivacyact.org/index.php?title=Edit_Title_I:_Creation_of_Privacy_Leadership"
Powered by MediaWiki