What does this title do? Go to the Section-by-Section to see what each section does, in plain language. When you're ready to help us improve the E-Privacy Act Amendments, you can help us edit Title I.

Section 101. Government-Wide Chief Privacy Officer (CPO)

(a) IN GENERAL. — The President shall designate a senior official within the Office of Management and Budget as the Chief Privacy Officer, who shall manage internal privacy policy throughout all federal government agencies.

(b) Agency Information-

  1. The head of each agency shall provide to the OMB Chief Privacy Officer such information as the OMB Chief Privacy Officer considers necessary
  2. The OMB Chief Privacy Officer may:
    1. exempt agencies or components of agencies from the entities covered by this Act; and
    2. recommend to the agency head that chief privacy officers be established in components of agencies, which at a minimum must include considering whether to make this recommendation for the Internal Revenue Service within Treasury, the Census Bureau within the Department of Commerce, and the Federal Emergency Management Agency and Customs and Border Protection within the Department of Homeland Security.
    3. Exemptions and recommendations made under (b)(2) above should have a rationale based on the nature and extent of systems of records issues under the Privacy Act of 1974, personnel data processing and practices, and other relevant matters.

(c) The OMB Chief Privacy Officer shall coordinate with the Civil Liberties Board established in the Intelligence Reform Act of 2004.

(d) The OMB Chief Privacy Officer shall issue guidance to agencies to implement this Act within 9 months of the passage of this Act and shall update guidance on implementing the Privacy Act (5 U.S.C. Section 552a) and Section 208 of the E-Government Act of 2002 (44 U.S.C. 3501 note) at least every 7 years after.

(e) The OMB Chief Privacy Officer shall issue a report to Congress on the implementation of this Act 12 months and 24 months after appointment and then every 5 years.

Section 102. CPOs at all Major Agencies

In General.—Section 1062 of the National Security Intelligence Reform Act of 2004 (title I of Public Law 108-458; 118 Stat. 3688) is amended to read as follows: ``SEC. 1062. <<NOTE: 42 USC 2000ee-1.>> PRIVACY AND CIVIL LIBERTIES OFFICERS.

(a) All Executive branch Departments and major agencies shall have a Chief Privacy Officer. Other agencies may be designated by: i) the head of that department, agency, or element of the executive branch ii) the CPO of OMB, or iii) the Privacy and Civil Liberties Oversight Board under section 1061

Section 103. Creation of CPO Council headed by the Government-Wide CPO

(a) ESTABLISHMENT.—There is established in the executive branch a Chief Privacy Officers Council (in this section referred to as the 'Council').

(b) MEMBERSHIP.—The members of the Council shall be as follows:

  1. The Chief Privacy Officer of the Office of Management and Budget, who shall act as chairperson of the Council.
  2. The Administrator of the Office of Electronic Government of the Office of Management and Budget.
  3. The Chief Privacy Officer of each agency described under section 1062 of 42 USC 2000ee-1.
  4. The Executive Director of the Privacy and Civil Liberties Oversight Board.
  5. Any other officer or employee of the United States designated by the chairperson.

(c) CO-CHAIRPERSONS AND VICE CHAIRPERSONS.—

  1. The Administrator of the Office of Electronic Government of the Office of Management and Budget shall act as co-chairpersons of the Council.
  2. The vice chairperson of the Council shall be selected by the Council from among its members. The vice chairperson shall serve a 1-year term and may serve multiple terms. The vice chairperson shall serve as a representative on the Chief Information Officer Council.

(d) ADMINISTRATIVE SUPPORT.—The Administrator of General Services shall provide administrative and other support for the Council.

(e) FUNCTIONS.—

  1. The Council shall be the principle interagency forum for establishing best practices for agency privacy policy.
  2. The Council shall—
  3. share experiences and innovative approaches relating to information sharing and security best practices, common penetration testing regimes, and incident response mitigation;
  4. promote the development and use of common performance measures for agency information security;
  5. develop certification and accreditation processes and privacy audit process by establishing more effective and efficient methods and best practices; and
  6. submit proposed enhancements to the Office of Management and Budget.
Retrieved from "http://eprivacyact.org/index.php?title=Title_I:_Creation_of_Privacy_Leadership"
Powered by MediaWiki