The word privacy does not appear in the Declaration of Independence, the U.S. Constitution, or even their poor cousin, the Articles of Confederation.
But as we move into the Information Age, privacy is a hot-button issue. Giant databases fill up with every aspect of citizens' personal lives. Corporations buy, sell and consolidate this information with frightening efficiency, and identity theft is the crime du jour. Citizens and lawmakers are increasingly concerned that sensitive information will be abused, and no one holds more sensitive information about the average U.S. citizen than the government. Government officials are being asked to safeguard citizens' privacy while navigating a dangerous sea of regulations and legislation. The federal government alone has created a smorgasbord of legislation regulating privacy. The Patriot Act, the Fair Credit Reporting Act, the Children's Online Privacy Protection Act and dozens of other pieces of legislation combine to create a regulatory and compliance nightmare for thousands of state and local government officials.
At the same time, there is tremendous pressure on government to provide services that put privacy at risk. From Web-based e-government initiatives to the emergence of health information networks, more sensitive data than ever before is being made available to the public.
Government is struggling to adapt.
"Your policy might be that no personal data leaves the network, but how do you implement that policy?" said Harriet Pearson, vice president of corporate affairs and chief privacy officer (CPO) for IBM. "People have BlackBerries. They have e-mail. They have cell phones."
Help Is Here
The International Association of Privacy Professionals (IAPP) created a certification program called the Certified Information Privacy Professional/Government (CIPP/G) program to assist the public sector in setting sound privacy policies.
Underwritten by IBM, the program is designed exclusively for employees of government and of businesses that interact with government. Its goal is institutionalizing the knowledge necessary to ensure government compliance with existing privacy law.
"There is a need for agency employees at both federal and state levels to be knowledgeable and confident in applying the relevant laws and best practices for balancing citizen privacy and civil liberties with the necessities of a connected world," said Trevor Hughes, executive director of the IAPP.
The CIPP/G program's curriculum includes such broad topics as privacy principles, laws applicable to governmental information practices and policy enforcement. The curriculum also gets down to the nitty-gritty with information on government-specific legislation such as Freedom of Information Act requests and the Federal Information Security Management Act of 2002.
Although not a government agency, the IAPP didn't develop the CIPP/G curriculum in a private-sector vacuum. The assistance of the U.S. Postal Service, the U.S. Department of Veterans Affairs, the U.S. Office of Management and Budget, the California State Department of Consumer Affairs, and others helped craft the program -- making this a true public/private partnership.
"We're not in the business of telling the government what privacy measures they need to adapt," said Pearson. "We're here to help them effectively implement their existing privacy policies and understand what federal privacy laws they need to follow."
The CIPP/G program is an extension of the existing CIPP program, a certification that stresses the concepts and application of privacy law, information management and operational best practices, as well as the privacy implications of emerging technologies. The CIPP/G builds on those concepts, with focus on areas of law specific to government.
To get CIPP certified, students must pony up $245 and pass a two-hour, multiple-choice test. Once the test has been passed, the student becomes CIPP certified. This qualifies students to take a 30-minute, multiple-choice CIPP/G test focusing on government-specific privacy issues, which costs another $100. Upon passing both tests, the student is CIPP/G certified.
Certification exams are held throughout the year at various IAPP events, and anyone can just walk in, pay the fee and take the tests. Without preparation, however, there's a high probability of failure. The IAPP offers training for these programs on the Web, CD-ROM and through on-site instruction.
The first class of CIPP/G certified professionals held a graduation ceremony this summer.
"Developing the unique skills and knowledge necessary to serve as a privacy professional is key to being able to effectively address the myriad issues related to privacy in the public sector," said keynote speaker Dan Caprio, chief privacy officer of the U.S. Department of Commerce. "I applaud the inaugural class of certified governmental privacy professionals for this important step forward."
S I D E B A R
The Path to CIPP/G Certification
- Become an IAPP member
- Study
- Get CIPP certified
- Study
- Get CIPP/G certified
Upcoming IAPP Certification Events:
- Friday, Sept. 9, 2005: The 11th National HIPAA Summit, The Renaissance Hotel, Washington, D.C.
The CIPP and CIPP/G exams will be administered from 2:00 p.m. to 4:30 p.m. EST on the final day of the HIPAA Summit, which includes the Health Information Technology Summit. Certification training courses will be offered on Wednesday, Sept. 7, 2005, from 8 a.m. to 6 p.m. Separate registration is required for the conference and the certification exams.
- Friday, Oct. 28, 2005: The "IAPP Privacy Academy", The Green Valley Ranch Resort and Spa, Las Vegas, Nev.
The CIPP and CIPP/G exams will be administered from 8:00 a.m. to 10:30 a.m. PST on the final day of the IAPP's marquee fall privacy event. Certification training courses will be offered on Wednesday, Oct. 26, 2005, from 8 a.m. to 6 p.m. Separate registration is required for training, testing and conference. IAPP membership required for testing.
- TBD: New York City (December 2005) and Washington, D.C. (March 2006)
Autor: John Marcotte
Quelle: Government Technology, 01.08.2005
