White House’s Wong Makes the Case for Embedded Privacy Pros
Obama administration Deputy Chief Technology Officer Nicole Wong spoke publicly for just the second time since her presidential appointment by praising the work of government privacy pros and calling into question the need for a federal privacy czar
By Jedidiah Bracy, CIPP/US, CIPP/E
In May, the privacy world had a taste of excitement when it was reported that former Twitter Legal Director of Products Nicole Wong had taken on a new role as “the White House’s first chief privacy officer.” Though the early reporting was slightly inaccurate—she’s actually the White House’s deputy chief technology officer—any White House role with a stated responsibility for “Internet privacy and technology issues” has taken on huge import since the Snowden disclosures in June began a national conversation on privacy and surveillance issues.
However, since her official start at the White House in late June, Wong has been busy behind the scenes in her new position and has been fairly quiet in public … but not on Tuesday.
With a flourish of charm and wit, Wong helped kick off the IAPP Practical Privacy Series in Washington, DC, and spoke directly to a room full of privacy pros, the majority of whom work in the public sector.
“I’ve generally stayed away from public addresses,” she said, “but this invitation to speak to you, this is important to me. You are my peeps.”
Quoting the late privacy scholar Alan Westin, Wong noted that privacy is not an end state; the end state is freedom of expression and non-discrimination. Privacy is a means to that end. And the privacy pros working in government help facilitate that goal. “The work is not always glamorous,” she said, “but it is essential.”
And Wong directly addressed the unauthorized leaks by former government contractor Edward Snowden. “In a time of great scrutiny of our privacy practices, we should not shy away,” she said, adding that the White House is “brimming with people who are committed to privacy.”
She also addressed calls for a federal privacy czar.
Wong suggested a more tempered approach rather than a high-level point person. She noted, from her time working in Silicon Valley, that a “solely top-down approach doesn’t always work.” In a later communication with The Privacy Advisor, Wong clarified that a strategy of embedding privacy talent in organizations, not just appointing a high-level point person, is important.
And that’s where privacy professionals come in.
Wong said that top-level officials don’t “always get embedded enough” into the day-to-day realities of privacy pros working throughout an organization. “Sometimes an isolated office can divest the rest of the organization of its privacy responsibilities,” she said. “We need you, the privacy officers, throughout the agencies, who are embedded throughout the government.”
For Wong, cultivating government transparency—a goal often cited by the Obama administration—will help highlight that hard, on-the-ground privacy work and create balance between individual privacy and national security. As but one example, Wong said privacy impact assessments should be accessible and downloadable for citizens.
With so much behind-the-scenes reporting on privacy and civil liberties within government agencies—Wong cited Section 803, mandated under the 9/11 Act of 2007—moving toward a more “citizen-centric” compliance reporting system may serve the government and its citizens more thoroughly. She said the quarterly Section 803 reports “look like a score card. We’re now trying to change this to make our compliance work more citizen-centric.” In a later communication, Wong also clarified that not all Section 803 reports, but many, look like a score card.
Privacy pros working in the public sector will certainly have a chance to affect such change.
“As an outsider to government—wow!—I had no idea how much you are working on my behalf,” said Wong. “I think we should change that and share with people your work.”
Editor's Note: This article was updated at 12:29 pm EST on December 5, 2013.
Read more by Jedidiah Bracy:
Are Notice and Consent Possible with the Internet of Things?
Google: NSA Could Cause Splinternet
Establishing Trust with U.S. Privacy Regulators
Federal and State Regulators Talk Data Security Lessons