MANAGING INFORMATION PRIVACY IN THE INFORMATION AGE

Author(s): Margaret Ann Irving

Source: Administrative Law Review, Vol. 53, No. 2 (Spring 2001), pp. 659-677
Published by: American Bar Association
Stable URL: https://www.jstor.org/stable/40712053
Accessed: 19-09-2018 14:51 UTC

JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms

American Bar Association is collaborating with JSTOR to digitize, preserve and extend access
to Administrative Law Review

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 MANAGING INFORMATION PRIVACY IN THE
INFORMATION AGE

Margaret Ann Irving*

Table of Contents

Introduction

I. Changes in the Privacy Landscape

II. Creation of the 1RS Office
in Providing Privacy Protection
A. Declaration of Privacy Principles

B. Policy Statement on Taxpayer Privacy Rights

C. The 1RS Privacy Impact Assessment

III. Other Federal Privacy Initiatives

Conclusion

Introduction

The Internal Revenue Service (1RS) has been reorganizing and m

izing itself on an unprecedented scale for the past two and one-h
No federal agency has ever attempted such a massive underta
1952 organizational structure has been dismantled; geographic
regions and districts have been eliminated; and four operating div
are built around specific taxpayer constituencies have been cr
most all employee positions have been reevaluated for their utilit
new structure. Also, perhaps in the most comprehensive overhau
dertaken by government or private industry, the 1RS Information

♦ Privacy Advocate, Internal Revenue Service. J.D., Washington Colle

American University. The author currently serves on the Federal Chief Infor
cers' Privacy Subcommittee, and the Board of Directors for the American Soci
Professionals.
The author appreciates the research efforts of Ms. Marilyn Legnini in preparing this
Article. Ms. Legnini is the Department of the Interior's Privacy Act Officer.
1. See Bill Landauer, With Funds Assured, 1RS Begins Hiring and Upgrades, Fed.
Times, Oct. 30, 2000, at 3.

659

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 660 ADMINISTRATIVE LAW REVIEW [53:2

logical Services Division is updating its more than thir

systems and redesigning its business processes.2
These internal changes to 1RS are not occurring in
nal environment, as defined by the public, the admini
media, private industry, and others, is reassessing ho
conducted. Developments in technology have resul
communicate and obtain information electronically a
The Information Age - producing e-government, e-se
e-benefits, and e-mail - provides exceptional opportu
and share information.
However, an ever-increasing on-line capability presents new concerns.
Information can be accumulated and combined to create powerful informa-
tion packets on an individual, a business, or any other entity.3 This packet
can be manipulated easily and combined with other information. It can be
sent instantly and globally, with no ability to retrieve the sent information
or control its further dissemination.4 An article in an Internet magazine re-
cently heralded that today, anyone "on the Internet can find out more about
what you read, think, and earn than Joseph Stalin or Adolf Hitler, with their
fearsome secret police, could ever have learned about the inhabitants of
their totalitarian states."5 Privacy, in a word, captures the concerns raised
by this new informational capability.
Not surprisingly, a newspaper poll last year determined that the Ameri-
can public's number-one concern is personal privacy, suggesting that indi-
viduals are more concerned about a diminution of their privacy than they
are about a nuclear holocaust or an act of terrorism.6 A Harris Poll survey
indicates that ninety-two percent of Internet users expressed discomfort
about Web sites sharing personal information with other sites.7 At a pri-
vacy conference held last December at Microsoft headquarters, John

2. See id. Congress has set aside $577 million as a special information technology
investment account for 1RS modernization. See National Tax Publications, Tax Talk, at
http://www.nattax.com/taxtalk.htm (last updated Feb. 5, 2001).
3. See Senate Comm. on the Judiciary, Know the Rules, Use the Tools, Privacy
in the Digital Age: A Resource for Internet Users 9 (undated), available at
httpV/judiciary.senate.gov/privacy.htm (explaining that consumers constantly leave behind
information trails that can be utilized by third parties).
4. "[Technological advances have made the collecting, storing and disseminating of
personally identifiable information on the Internet easier and faster . . . ." Id.
5. Robert Scheer, Nowhere to Hide, Yahoo! Internet Life, Oct. 2000, at 100.
6. See Charles J. Sykes, Your Best Defense Against Big Brother: You, WALL ST. J.,
Jan. 24, 2000, at A27 (citing a Wall Street Journal/NBC poll which found that Americans
ranked the loss of personal privacy as their top concern about the 21st century).
7. See Heather Ureen et al., It s Time Jor Rules in Wonderland, BUS. WK., Mar. 20,
2000, at 84.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
200 1 ] MANAGING INFORMA TION PRIVACY 66 1

McCarthy of Forrester Research estimated that Internet-based busin

missed $12 billion in additional cyberspending in 2000 because
tomer privacy concerns.8 He said, that even for those who had been
four years or more, over half "still have serious reservations about
privacy on the Web. Consumers are spooked."9
This Article examines one federal agency's answer to the demands
opportunities of the Information Age concerning privacy.

I. Changes in the Privacy Landscape

Informational privacy - the "right to be let alone,"10 the right

information about oneself and, the right to prevent unconsent
information about oneself11 - is not a new concept. An individu
right to control the conditions under which information pertaini
collected, used, and disseminated.12 In 1974, Congress recogn
of privacy, enforceable in court, when it passed the Privacy Act
requires a federal agency to "maintain in its records only such
about an individual as is relevant and necessary to accomplish a
the agency required to be accomplished by statute or by execut

8. See Manny Frishberg, Web Privacy, Security Weighed, Wired NEWS,

at http ://www.wired.com/news/technology/0,l 282,4059 l,00.html.
9. Id.
10. Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissent
fining privacy as comprehensive term that includes right of individual to be let alo
11. See Alan F. Westin, Privacy and Freedom 7 (6th prtg. 1970) (stating au
definition of privacy).
12. See Privacy Working Group, Information Infrastructure Task Force,
Privacy and the National Information Infrastructure: Principles for Providing
and Using Personal Information (1995), available at http://www.iitf.nist.gov/ipc/ipc
pubs/n i iprivprin_final.html (discussing "information privacy" as an individual's cla
control terms under which personal information is acquired, disclosed, and used).
13. See Pub. L. No. 93-579, 88 Stat. 1896 (1974) (codified as amended at 5 U.S.
552a (1994)). The Privacy Act was an outgrowth of the Code of Fair Information prin
developed by the Department of Health, Education and Welfare in 1973. See Secret
Advisory Comm. on Automated Personal Data Systems, U.S. H.E.W., Records,
Computers, and the Rights of Citizens, at xxiii-xxvi (1973). The basic fair information
principles are that there be no secret personal data record keeping system; that an individual
can discover what information is in his/her file and how the information is being used; that
an individual can correct such information; that any organization creating, maintaining, us-
ing, or disseminating personally identifiable information assure the reliability of the data for
its intended use and take precautions to prevent misuse; and that an individual can prevent
personal information obtained for one purpose from being used for another purpose without
his/her consent. See id. at xxiv-xxvi.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
662 ADMINISTRATIVE LAW REVIEW [53:2

the President."14 The law also governs the use of inf

agencies by, inter alia, restricting the disclosure of p
information without the individual's consent,15 gran
increased right of access to agency records maintaine
granting the individual the right to amend his agenc
court decisions decided pursuant to this statute have
ual's right to expect control over information about
tain circumstances.18
However, the vast majority of these cases addres
ment. The cumbersome nature of collecting and hand
tion may have inadvertently provided a level of pr
public that is lacking in the electronic environment.1
other static forms such as tapes and microfiche, are
therefore are not immediately accessible to a large
nature does not permit as easy a matching and manipu
vasive packet of information as their electronic counte
In the 1980s, the 1RS, like many private corporation
sion of its paper records into electronic data syste

14. 5 U.S.C. § 552a(e)(l). The Watergate-inspired statute add

concern members of the public expressed regarding the mere a
information by federal government agencies. In particular, the
"with potential abuses presented by the government's increasing
and retrieve personal data by means of a universal identifier - s
security number." Office of Information and Privacy, U.S. D
of Information Act Guide & Privacy Act Overview 665 (Ma
15. See 5 U.S.C. § 552a(b) (stating conditions of disclosure).
16. See id. § 552a(d)(l).
17. See id. § 552a(d)(2).
18. See, e.g., DOJ v. Reporters Comm. for Freedom of the
780 (1989) (recognizing privacy interest in identities of individ
associated with wrongdoers); Int'l Bhd. of Elee. Workers Loca
F.2d 87, 89 (3d Cir. 1988) (recognizing privacy interest in empl
bers); Am. Fed'n of Gov't Employees v. HHS, 712 F.2d 931, 9
nizing privacy interest in home addresses of government employe
19. For example, the Supreme Court addressed the "practical
ords more than 20 years old in Reporters Committee, a concep
electronic records once they are available on the Internet. See R
U.S. at 762, 780.
20. The Clinton administration studied the effect on privacy of
ords that are now electronically available. Last June, the admin
selor noted that publicly filed bankruptcy records contain bank a
sensitive information that could be used for identity theft. He no
was once only publicly available in paper form may have a differe
form. Access decisions based on the medium used has major im
June 12, 2000, at 3.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
200 1 ] MANAGING INFORMA TION PRIVACY 663

continues to have, a special incentive to modernize its computer s

given the considerable information storage and access requir
needs to process millions of tax returns annually, collect revenues,
vide a broad array of services to taxpayers.21 In the face of budg
and a need to increase federal revenues, the 1RS augmented tax co
by pioneering and increasing the use of computer systems to
match large numbers of taxpayers and their financial records.22
As these efforts proceeded, both internal and external studies w
ducted on the Service's conversion and technological progress. The
tified privacy as a major concern. In January 1991, the 1RS in
comprehensive review of its privacy strategy.23 The review, whic
nated in the Privacy Project Report,24 recommended an improved
protection program.25 A General Accounting Office (GAO) report
tember 1992 also addressed privacy concerns.26 In response to

21. In 1998, it was estimated that the 1RS processed over 200 million tax ret
ally and collected over $1.5 trillion in tax revenues, using a wide range of inform
nology, most of it developed in the late 1950s and 1960s. See Staff Paper Prepa
President's Commission to Study Capital Budgeting, Internal Revenue Service
tion (June 19, 1998), at http://clinton2.nara. go v/pcscb/rmoirs.html.
22. See Charles O. Rossotti, Collecting Taxes: How Americans Expect Thei
ment to Work, Vital Speeches of the Day, Oct. 15, 2000, at 4, 5-6 (describ
panding use of computer systems at the 1RS).
23. The 1RS was responding to a report released by the Privacy Protect
Commission, which was established by the Privacy Act of 1974. In its report,
sion evaluated the statute and determined whether it could be improved. The
issued its report, which included over 160 recommendations, in 1977. See U
Protection Study Comm'n, Personal Privacy in an Information Society (19
commission specifically referred to 1RS records as requiring special care. "The f
collection is essential to government justifies an extraordinary intrusion on perso
by the 1RS, but it is also the reason why extraordinary precautions must be t
misuse of the information the Service collects from and about taxpayers." Id. at 5
24. Internal Revenue Service, Privacy Project Report (1992). The report was
completed in September 1992.
25. The Privacy Project Report identified elements for a "sound" Privacy Program, in-
cluding: (1) institutionalizing the Privacy Program within the 1RS; (2) communicating
clearly 1RS privacy protection policy; (3) serving as the taxpayer's advocate on privacy
rights; (4) assessing the best approach to implement and institutionalize privacy principles,
rules and procedures within the Service; (5) incorporating privacy into annual business
plans; (6) identifying and assessing privacy issues to heighten awareness of privacy impli-
cations of planned activities; (7) establishing a public relations program to enhance the pub-
lic's understanding of the Privacy Program and to reduce any credibility gap with the public;
(8) enhancing the orientation program for new employees to include privacy's importance to
the 1RS mission; and (9) establishing a privacy training program. Id. at 7-8.
26. GAO, Tax Systems Modernization: Concerns Over Security and Privacy
Elements of the Systems Architecture (1992). GAO reported that one of its basic con-
cerns with IRS's modernization efforts was that "[t]here is no one person or organization

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 664 ADMINISTRATIVE LAW REVIEW [53:2

report, the 1RS Chief Information Officer said that

responsibility for protecting the privacy of taxpayer
reside with an individual or specified group."27

II. Creation of the 1RS Office of the Privacy Advocate and Its
Role in Providing Privacy Protection

In testimony before Congress in 1992, the Acting Commissioner of

Internal Revenue Service advised Congress that the 1RS would cre
executive-level office to oversee the development and implementa
the IRS's privacy strategy.28 Four months later, in January 1993, th
established the Office of the Privacy Advocate, the federal governm
first privacy advocate position.29
The office's first major service-wide accomplishments were the cr
of two key privacy policies: the Declaration of Privacy Principles30 a
Policy Statement on Taxpayer Privacy Rights.31 These policies no
present a framework for more specific directions and procedures bu
provide a clear message to the public about the importance that t
places on protecting taxpayers' privacy interests.

A. Declaration of Privacy Principles

The Declaration of Privacy Principles, which was disseminated b

1RS Commissioner in May 1994 to all 1RS employees, acknowledg

accountable for incorporating privacy protection features into the architecture." I

GAO found that 1RS had three organizational units involved in privacy protection an
was being done to coordinate issues among these units. See id. at 4.
27. Id. at 5.

28. See Treasury, Postal Service, and General Government Appropriations f

Year 1994: Hearings Before the Subcomm. on the Treasury, Postal Service, and G
Appropriations, House Comm. on Appropriations, 103d Cong. 1323-24 (1993) (t
of Michael P. Dolan, Acting Commissioner of 1RS).
29. The Privacy Advocate was to report directly to the Chief Information
(CIO), who was leading the 1RS modernization efforts. In January 1997, the Offi
Privacy Advocate was incorporated into the newly formed Office of Security Stand
Evaluation, which reported to the CIO. In September 2000, to ensure privacy is
as an IRS-wide strategic value, the Privacy Advocate's office was relocated to th
established Office of Communications and Liaison, which reports directly to the
sioner.
30. See Office of the Privacy Advocate, Internal Revenue Service, 1RS Privacy
Impact Assessment app. A (1996) (setting forth ethical and legal obligations of 1RS to tax-
paying public), available at http://www.cio.gov/text/IRS.htm [hereinafter Privacy Impact
Assessment].
31. See id. at app. B. A copy of the Policy Statement on Taxpayer Privacy Rights, as
well as the Declaration of Privacy Principles, is also available through the Office of the Pri-
vacy Advocate by calling (202) 927-5170.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 2001] MANAGING INFORMATION PRIVACY 665

"responsibility of all 1RS employees to recognize and treat t

public trust."32 The principles establish that the "obligation
payer privacy ... is a fundamental part of the Service's miss
ister the tax law fairly and efficiently."33 They also establi
will conduct its business in order to ensure that the taxpay
protected. "[P]olicies and procedures must clearly state w
access to what information and for what purposes .... [Ap
tations must be placed on the collection, use and disseminat
[sic] personal and financial information . . . ,"34 The princip
both the rights of the individual and the needs of the gove
like the taxpayer privacy rights, encourage a confidence be
payer providing the information and the 1RS maintaining th
"All 1RS employees are required to exhibit individual perfor
flects a commitment to dealing with every taxpayer fairly a
to respect the taxpayers [sic] right to feel secure that their
mation is protected."35 Employees are expected to follow th

Principle 1 : Protecting taxpayer privacy and safeguardi

tial taxpayer information is a public trust.36
Principle 2: No information will be collected or used wi
taxpayers that is not necessary and relevant for
ministration and other legally mandated or au
purposes.37
Principle 3: Information will be collected, to the greatest extent prac-
ticable, directly from the taxpayer to whom it relates.38
Principle 4: Information about taxpayers collected from third parties

32. Id at 11.
33. Id
34. Id
35. Id

36. Privacy Impact Assessment, supra note 30, at 1 1. 1RS Principle 1 s

for the declaration and establishes the philosophy upon which the Service's p
tion program rests.
37. Id at 11; see also 5 U.S.C. § 552a(e)(l) (1994) (stating that each a
"maintain in its records only such information about an individual as is relev
sary to accomplish a purpose of the agency required to be accomplished by stat
ecutive order of the President"); Internal Revenue Manual (CCH) ch. 17.6
(Aug. 19, 1998) ("Nor may information be maintained merely because it is rel
be both relevant and necessary to accomplish the authorized purpose for whi
tained.").
38. Privacy Impact Assessment, supra note 30, at 1 1 ; see also 5 U.S.C. § 552a(e)(2)
(stating that each agency shall "collect information to the greatest extent practicable directly
from the subject individual when the information may result in adverse determinations about
an individual's rights, benefits, and privileges under Federal programs").

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 666 ADMINISTRATIVE LAW REVIEW [53:2

will be verified to the greatest extent pract

taxpayers themselves before action is ta
them.39
Principle 5: Personally identifiable taxpayer information will be used
only for the purpose for which it was collected, unless
other uses are specifically authorized or mandated by
law.40
Principle 6: Personally identifiable taxpayer information will be dis-
posed of at the end of the retention period required by
law or regulation.41
Principle 7: Taxpayer information will be kept confidential and will
not be discussed with, nor disclosed to, any person within
or outside the 1RS other than as authorized by law and in
the performance of official duties.42
Principle 8: Browsing, or any unauthorized access of taxpayer infor-
mation by any 1RS employee, constitutes a serious breach
of the confidentiality ofthat information and will not be
tolerated.43

39. Privacy Impact Assessment, supra note 30, at 1 1 ; see also 5 U.S.C. § 552a(e)(2);
id. § 552a(e)(5) (stating that each agency shall "maintain all records which are used by the
agency in making any determination about any individual with such accuracy, relevance,
timeliness and completeness as is reasonably necessary to assure fairness to the individual in
the determination"); id. § 552a(p)(l)(A)-(B) ("In order to protect any individual whose rec-
ords are used in a matching program, no recipient agency . . . may suspend, terminate, re-
duce, or make a final denial of any financial assistance or payment . . . until ... the agency
has independently verified the information; or ... the individual receives a notice from the
agency containing a statement of its findings and informing the individual of the opportunity
to contest such findings . . . .").
40. Privacy Impact Assessment, supra note 30, at 12; see also 5 U.S.C. § 552a(a)(7),
(b)(3) (prohibiting agency from disclosing individual records to any person or to another
agency without prior written consent of individual unless such disclosure is compatible with
purpose for which the record was collected).
4 1 . Privacy Impact Assessment, supra note 30, at 1 2.
42. See id.; see also 5 U.S.C. § 552a(b) (stating "[n]o agency shall disclose any record
which is contained in a system of records by any means of communication to any person, or
to another agency, except pursuant to a written request by, or with the prior written consent
of, the individual to whom the record pertains . . ." unless one of the statutory exceptions
applies); 26 U.S.C. § 6103 (1994) (regarding confidentiality and disclosure of tax returns
and return information).
43. Privacy Impact Assessment, supra note 30, at 12. This principle was later codi-
fied into law. The Taxpayer Browsing Protection Act, Pub. L. No. 105-35, 111 Stat. 1104
(1997) (codified as amended at 26 U.S.C. §§ 7213A, 7431 (Supp. Ill 1997)), prohibits in-
tentional, unauthorized viewing of paper or electronic tax return information, even if such
information is not subsequently disclosed to another person. Such unauthorized "browsing"
is a misdemeanor, punishable by loss of job, and a fine and/or imprisonment. 26 U.S.C. §
7213A(b). The law requires notification to the affected taxpayer when an individual is in-

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
200 1 ] MANAGING INFORMA TION PRIVACY 667

Principle 9: Requirements governing the accuracy, reliabil

pleteness, and timeliness of taxpayer information w
such as to ensure fair treatment of all taxpayers.44
Principle 10: The privacy rights of taxpayers will be respe
times and every taxpayer will be treated honestly, f
and respectfully.45

B. Policy Statement on Taxpayer Privacy Rights

In October 1994, the 1RS commissioner signed Policy State

the Taxpayer Privacy Rights.46 This policy statement serve
privacy rights for the taxpayer. These rights "recognize[] that
with legal requirements alone is not enough. The Service als
its social responsibility which is implicit in the ethical relations
the Service and the taxpayer."47 These rights create a series of
pectations. The taxpayer may expect to be treated with honest
fairness, and respect.48 The taxpayer has the "right to expect th
ice will collect, maintain, use, and disseminate personally ident
formation and data only as authorized by law and as necessary
agency responsibilities."49 The 1RS will perform its duties in a m
recognizes and enhances an individual's right of privacy.50

dicted for reviewing his/her tax return information. Id. § 743 l(e). It also p
payer to receive civil penalties in the amount of $1,000 or the sum of actu
greater. Id. § 7431(c)(l). Until recently, the Office of the Privacy Advocate
ble for ensuring that all 1RS employees were trained, on an annual basis, abou
tions under this law. The office emphasized proactively preventing viola
awareness briefings. This responsibility is now being handled by the Inform
ogy Systems Division's Office of Security.
44. Privacy Impact Assessment, supra note 30, at 12; see also 5 U.S.C
(1994) ("Each agency . . . shall . . . maintain all records which are used by
making any determination about any individual with such accuracy, relevan
and completeness as is reasonably necessary to assure fairness to the indiv
termination[.]").
45. Privacy Impact Assessment, supra note 30, at 1 2.
46. Id. at 12. The Policy Statement was incorporated into the Internal Re
Manual Handbook 1.2.1.2.1 P-l-1 and the Internal Revenue Service Rules
Conduct statement.
47. Privacy Impact Assessment, supra note 30, at 1 3 .
48. See id.
49. Id.

50. See id. This involves the implementation of practices related to securi
by the language stating that the "[s]ervice will safeguard the integrity and
taxpayers' personal and financial data[,]" and practices related to records m
noted by the language stating that the "[s]ervice will . . . maintain fair inform

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 668 ADMINISTRATIVE LAW REVIEW [53:2

cate for privacy rights, the Service takes very seriou

bility to taxpayers to limit and control information us
These statements became the foundation for the work of the Office of
the Privacy Advocate (the Office). They became the lens through which
the Office creates, promotes and supports privacy programs and privacy
awareness throughout the 1RS.52 Although these principles and rights an-
swered at a highly strategic level the growing privacy concern resulting
from electronic information systems, an even more pointed and pragmatic
response to the government's entrance into the Information Age is the Of-
fice's creation of a Privacy Impact Assessment (PIA).53

C. The 1RS Privacy Impact Assessment

The Office created the PIA process to evaluate privacy risks through a
series of questions that must be answered when a new 1RS information
system is being developed.54 The questions are the basis for an exchange
between the Office and the 1RS system (business) owner and system (tech-
nology) developer, focusing on the information they intend to collect and
include in the new system. The business and technology participants' full
responses and follow-up dialogue with the Office ensure that the privacy
risks have been fully identified and addressed.55
Four categories of questions are presented for answers by the 1RS busi-
ness owner and system developer. They are expected to describe and
document their responses in detail. The first category generally addresses
the information being proposed for inclusion. The questions include: who
does the information pertain to (taxpayer, employee, or other person); who
is the source of the information (1RS, another federal agency, a state or lo-
cal agency, another party, the individual him/herself); and, if it is not from

ord keeping practices to ensure equitable treatment of all taxpayers" and "respect the indi-
vidual's exercise of his/her First Amendment rights." Id.
51. Id.

52. The Office is presently reevaluating these principles to determine whether

adequately address current privacy issues.
53 . Privacy Impact Assessment, supra note 30.
54. See id. at 1. The Office used the Privacy Act of 1974, 5 U.S.C. § 552a (19
Computer Security Act of 1987, Pub. L. No. 100-235, 101 Stat. 1724 (codified in s
sections of 15 U.S.C.), the Internal Revenue Code, 26 U.S.C. § 6103 (1994 & S
1997), the Freedom of Information Act, 5 U.S.C. § 552 (1994 & Supp. IV 1998), an
of Management and Budget Circular No. A- 130, Management of Federal Informa
sources, 61 Fed. Reg. 6428 (Feb. 20, 1996), as the bases for these questions. See
Impact Assessment, supra note 30, at 1-2.
55. "The 1RS PIA is a useful document. Its best feature is the way it establis
players' roles: the system chief and developer, the Privacy Advocate and the CIO."
Gellman, 1RS Writes a Script for Privacy Requirements, Gov't Comp. News (July
at http://www.gcn.com/vol 1 8_no20/opinion/200- 1 .html.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 200 1 ] MANAGING INFORMA TION PRIVACY 669

the 1RS or the individual, how will the information be verifie

racy, completeness, and currency?56
The second category of questions focuses on access to the inf
The questions include: who has access and how is that access
does the user have access to all of the information or is the information to
which he has access limited; what controls are in place to prevent misuse
by authorized users;57 is there an interface with other systems of informa-
tion and, if so, who is responsible for protecting the information;58 will
other agencies share the information and, if so, how will it be used, who is
responsible for ensuring its proper use, and what controls are in place to
ensure any applicable laws are followed?39
The third category of questions scrutinizes closely the information pro-
posed for inclusion. For example, the questions ask: is the information
relevant and necessary to the business purpose for which the system is be-
ing designed;60 will new information be created as a result of the aggrega-
tion of information; and, if so, will new determinations be made as a result
of the new information; and, if so, how will the new information be verified
for accuracy and relevance; what controls will be in place to prevent unau-
thorized access to or use of the new information; and, will an individual's
due process rights be affected because of the consolidation, accelerated de-
cision-making, or new technology?61
The final category of questions addresses administrative controls. The
questions include: how will the system ensure the equitable treatment of
individuals, and what procedures are in place to assure consistent use of
systems and information that may be in different sites; what are the reten-
tion periods for the information, and what procedures are in place for dis-

56. See Privacy Impact Assessment, supra note 30, at 9 (providing a complete list of
the privacy questions contained in the 1RS PIA).
57. See id. Both the user and the use to which the user puts the information must be
authorized.

58. See id. This is obviously an issue that would not have been present in the paper
world.
59. See id. The 1RS PIA references Internal Revenue Code section 6103, which re-
stricts the use of tax return information. See 26 U.S.C. § 6103.
60. See Privacy Impact Assessment, supra note 30, at 9. Limitation of the informa-
tion to what is necessary to fulfill the business objective of the system, assuming such pur-
pose is appropriate, is the centerpiece of this approach. For example, through application of
the PIA approach, the amount of data contemplated for use in a program proposed by the
IRS's Electronic Tax Administration was reduced from over two hundred information items
to twenty-six information items. See Amy Hamilton, Barr Discusses Proposal for Elec-
tronic Disclosure of Tax Data, 55 Tax Analysts Daily Tax Highlights & Documents,
1089, 1091 (1999); see also Bruce Horovitz, 1RS E-Sharing Raises Privacy Fears, USA
Today, Oct. 1, 1999, at 1 A.
61. See Privacy Impact Assessment, supra note 30, at 9- 1 0.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 670 ADMINISTRATIVE LAW REVIEW [53:2

posing of the information and assuring the informat

vance, currency and completeness while it is being m
system can identify, locate, or monitor people, what c
prevent unauthorized monitoring?62
These questions ensure that privacy is not an afterth
vacy protection is considered at each stage of a syste
cradle to grave approach.63 "The PIA is to be initiated
the development of a system and completed as par
[System Life Cycle] reviews. Privacy must be cons
ments are being analyzed and decisions are being m
and system design."64 Of course, as the system is dev
that is being considered becomes more defined, the p
become more refined. For example, as the system mo
design to the actual information that may be included,
clearly identified. The final PIA must evaluate all
propose means of resolving them in order for the Pr
prove the system.65
In February 2000, the Federal Chief Information Of
Council) endorsed the PIA as a "best practice for a
privacy risks on information systems."66 The counci
the PIA be used by all federal agencies, because the "m
relevant since it is designed to evaluate privacy needs
tems that contain personal and financial data on virt

62. See id. at 10. A comprehensive list of the questions tha

business owner, and technology partner must address is located
at 9-10.
63. The 1RS uses the PIA at each of the milestones of a system s development. A pri-
vacy thread is followed throughout the conceptual, design specification, data element desig-
nation, implementation/roll out, and operational stages of the system/application.
64. PRIVACY IMPACT ASSESSMENT, supra note 30, at 3.
65. Building privacy into the system as it is being developed is certainly less costly
than retrofitting it into a system already built. The amount of resources lost through retro-
fitting, in terms of personnel and computer time, cannot be calculated. See Tax Systems
Modernization Institute, 1RS Model-Oriented Privacy Policy (1995) ("Privacy issues
must be carefully thought out and integrated into modernization very early in the life cycle.
Timely attention should lead to effective privacy measures at lower cost.").
66. Letter from Roger Baker, Chair, CIO Council Subcommittee on Privacy, to Agency
Chief Information Officers, IT Professionals, and Agency Privacy Officials (Feb. 25, 2000),
available at http://www.cio.gov/text/IRS.htm [hereinafter Baker Letter]. John M. Gilligan,
Chief Information Officer for the Department of Energy, also endorsed the 1RS PIA as
"particularly relevant" for evaluating privacy needs and risks. See Testimony of John M.
Gilligan, Chief Information Officer, U.S. Department of Energy, presented to Subcommittee
on Government Management, Information, and Technology, House Committee on Govern-
ment Reform 7 (Sept. 1 1, 2000) (on file with author).

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
2001] MANAGING INFORMATION PRIVACY 671

resident with extremely rigorous privacy requirements."67 Al

CIO Council found that the PIA is premised on authorities
1RS (the Internal Revenue Code and the Taxpayer Privacy R
clared the template "simple, succinct and robust" and easi
without "detracting from the overall effectiveness of the mod
privacy expert notes, "[o]ther agencies can benefit from the w
started. ... If [an] agency isn't developing a complex new pe
mation system today, it will tomorrow. [The agency] might as
thinking about how to integrate privacy into that system and
tions."69
Shortly thereafter, President Clinton announced that agencies should
"make privacy impact assessments a regular part of the development of
new government computer systems" to help ensure that federal agencies
continue to build privacy protections into their activities.70 On October 31,
2000, the Office of Management and Budget (OMB) asked agencies to
provide it with information regarding their "privacy policy formation proc-
ess ... including any use of privacy impact assessments."71

III. Other Federal Privacy Initiatives

In light of the public's increasing concern about informational

was inevitable that both the Congress and the Clinton administr
dressed the issue more broadly and proactively than ever befor
amples of recent laws on the subject include the Driver's Privac
tion Act,72 which prohibits the selling of driver license inform
Gramm-Leach-Bliley Financial Modernization Act of 199
authorizes a study of information sharing practices by financial

67. Baker Letter, supra note 66.

68. See id. Federal agencies, private companies, public interest groups,
governments have requested copies of the PIA for adaptation to their needs.
69. Gellman, supra note 55. In keeping with the need to remain vigilant, th
rently reviewing its PIA approach to determine whether it can be more effe
cient.
70. Press Release, The White House, The Clinton-Gore Plan to Enhance
Financial Privacy: Protecting Core Values in the Information Age (May
http://clinton4.nara.gov/WH/New/html/2000050 l_4.html [hereinafter Clinton-
71. Memorandum from Robert E. Barker, Deputy Assistant Director fo
view and Concepts, to Program Deputy Associate Directors, OMB Budget
No. 01-3 att. A, at 3 (Oct. 31, 2000) (on file with author).
72. Pub. L. No. 103-322, tit. XXX, 108 Stat. 2099 (1994) (codified as am
U.S.C. §2721 note (1994)).
73. Pub. L. No. 106-102, tit. V, § 508, 113 Stat. 1442 (1994) (to be cod
U.S.C. § 6808).

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 672 ADMINISTRATIVE LAW REVIEW [53:2

and the Children's Online Privacy Protection Act of 19

the online collection of information about children under thirteen. Bills
addressing privacy and Internet use increased from approximately seventy-
five in the 103rd Congress to over four hundred bills in the 105th Con-
gress.75 New congressional power clusters that focus on privacy have
formed.76 Privacy is a bipartisan issue.
The Clinton administration also addressed the challenges presented.
President Clinton honored privacy interests while promoting the use of the
Internet for e-government transactions. In a memorandum to federal de-
partment and agency heads, the president stated that:

[A]s public awareness and Internet usage increase, the demand for online Govern-
ment interaction and simplified, standardized ways to access Government information
becomes [sic] increasingly important. At the same time, the public must have confi-
dence that their online communications with the Government are secure and their pri-
vacy protected.77

The administration focused particular attention on protecting the privacy

of sensitive personal information, such as medical records, financial data,
and genetic information. Among the administration's efforts in this field
were medical privacy regulations to safeguard personal health information
and to guarantee patient access to their records; an executive order banning
the use of genetic information in federal hiring decisions and a call to Con-
gress to extend this protection to the private sector; a legislative proposal to
expand the financial privacy protections contained in the Financial Mod-
ernization Act; a legislative proposal to stop certain sales and purchases of
individuals' Social Security numbers; and a study of financial privacy in
the bankruptcy process.78
On May 14, 1998, President Clinton issued a memorandum to all execu-
tive departments and agencies regarding privacy and personal information
in federal records. He noted that "increased computerization of Federal re-

74. Pub. L. No. 105-277, tit. XIII, 1 12 Stat. 2681-728 (1998) (codified as amended at
15 U.S.C. §§ 6501-6506 (Supp. IV 1998)).
75. See Electronic Privacy Information Center, EPIC Bill Track, at http://www.epic.
org/privacy/bilMrack.html (last visited Mar. 10, 2001) (tracking privacy-related legislative
proposals).
76. For example, the Congressional Privacy Caucus is made up of both Senate and
House Republican and Democratic members. See Fearsome Foursome Forms Congres-
sional Privacy Caucus, PrivacyTimes.COM, Feb. 18, 2000, at http://www.privacytimes.com
/NewWebstories/caucus_priv 2 23.htm (announcing formation of the caucus).
77. President's Memorandum on Electronic Government, 35 Weekly Comp. Près.
Doc. 2641 (1998).
78. See CIO Council, Selected Recent Privacy Initiatives by the US Federal Govern-
ment, at http^/cio.gov/docs/privacylist.htm (last visited Mar. 10, 2001) (providing list of
privacy initiatives by the federal government).

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 2001] MANAGING INFORMATION PRIVACY 673

cords permits [personal] information to be used and analyze

could diminish individual privacy."79 He directed agencies t
"that their use of new information technologies sustain [sic
not erode, the protections provided in all statutes relating
collection, and disclosure of personal information."80 Ag
rected to "designate a senior official within the agency to a
responsibility for privacy policy [,]" and to "conduct a thor
their Privacy Act systems of records" to ensure full compl
statute.81

Another important element in the Clinton administration's promise to

focus on privacy concerns82 was the appointment of the first Chief Coun-
selor for Privacy, Peter P. Swire, in March 1999.83 The privacy counselor's
responsibility is to "provide expertise on privacy issues, helping to find an
appropriate balance between individual privacy and the legitimate use of
personal information by government and the private sector."84 In May
1999, the privacy counselor convened agency privacy officials to discuss
emerging privacy concerns and how to address them.85 On June 2, 1999, as

79. President's Memorandum on Privacy and Personal Information in Federal Records,

34 Weekly Comp. Près. Doc. 871 (1998) [hereinafter President's Memorandum on Pri-
vacy].
80. Id. The only other agency which created a privacy advocate position before this
directive was the Department of Health and Human Services (HHS) in 1997. Other agen-
cies are now required to create their own counterparts to the 1RS and HHS privacy advo-
cates.

81. Id

82. Two actions were proposed in the 1997 Report of the Vice Preside
Performance Review and the Government Information Technology Services
the Government Information Technology Board should immediately add a me
responsibility for ensuring that privacy issues are considered and addressed
ment-wide information technology initiatives, and (2) that someone conside
permanent entity within the federal government that would focus on resolv
sues. See Report of the National Performance Review and the Government
Information Technology Services Board, Access America: Reengineering Through
Information Technology pt. A 14 (1997), at httpV/www.accessamerica.gov/reports/
security.html.
83. White House Names Peter Swire to Be an Advisor on Privacy Policy, Gov'T
Computer News, Mar. 15, 1999, at http://www.gcn.com/archives/gcn/1999/Marchl5/
14a.htm.

84. See id. (quoting Vice President Gore).

85. Pursuant to the president's memorandum on privacy and personal information in
federal records, see President's Memorandum on Privacy, supra note 79, the OMB subse-
quently directed each agency to designate a senior official within the agency to assume pri-
mary responsibility for privacy policy. See OMB, Memorandum on Complying with
President's Memorandum on Privacy M-99-05 att. B, § B(l) (Jan. 7, 1999), at
http://www.whitehouse.gov/omb/memoranda/m99-05.html (last visited Mar. 15, 2001)

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 674 ADMINISTRATIVE LAW REVIEW [53:2

a result of the efforts of the privacy counselor's offic

issued the first of its directives on privacy policy for
All agencies and departments were directed to post
notices on their Internet sites so that a visitor will kno
being collected about him or her as a result of the vi
vacy policy helps ensure that individuals have notice
thus confidence in, how their personal information i
use the Internet."88 The document provided guidance
that agencies could use to ensure that they created ap
tices.89 OMB directed that certain information be inc
web privacy notice: an introduction providing a clear
eration's privacy practices; the identification of what
lected and stored automatically, including the use of
fication of information collected from e-mails and
addressing security, intrusion, and detection; and the
Privacy Act.90 The Office of the Privacy Advocate wo
1RS webmasters and program offices to create and po
the appropriate 1RS web pages.91 Over the next year,
also posted the privacy notices on their Web sites.
nine out of seventy principal web sites had posted pri
one- third a year earlier.92

[hereinafter OMB Memo M-99-05]. Privacy officials from a num

came the Steering Committee for Federal Agency Privacy Policies. See OMB,
Memorandum on Privacy Policies on Federal Web Sites M-99-18 att. (June 2, 1999), at
http://cio.gov/docs/m9918/htm (last visited Mar. 13, 2001) [hereinafter OMB Memo M-99-
18] (describing the Steering Committee in the guidance attachment to the memorandum).
The members of the steering committee included the 1RS Privacy Advocate, the HHS Pri-
vacy Advocate, the CIO and General Counsel for the Department of Commerce, the Chief
Privacy Officer for the Department of Justice, and the Director of the Defense Privacy Of-
fice, Department of Defense. Id.
86. See OMB Memo M-99- 1 8, supra note 85.
87. See id.
88. Id.
89. See id. at attachment A.
90. See id.

91. The guidance requires posting of privacy notices not only at "the prin
site," but also "at any known, major points of entry to [the agency's] sites as well a
web page where [an agency] collects] substantial personal information from the
Id. In the case of the 1RS, postings were made at approximately fifty web pages.
92. See GAO, Internet Privacy: Agencies' Efforts to Implement OMB's Pri
Policy 3-4 & n.7 (2000). In August 1997, only eleven out of thirty-one agencies
personal information as a result of visits to agencies' Internet web sites posted info
regarding how the information would be used. Id. at 7.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 200 1 ] MANAGING INFORMA TION PRIVACY 675

On June 22, 2000, OMB supplemented its earlier guidance and

restricted the use of "persistent cookies,"93 to only those instanc
"in addition to clear and conspicuous notice, the following c
met: a compelling need to gather the data on the site; appropri
licly disclosed privacy safeguards for handling of information d
'cookies'; and personal approval by the head of the agency
tember 5, 2000, OMB supplemented its guidance on persistent c
Internet activities.95
The Office of the Privacy Advocate worked closely with 1
operations and the webmasters to ensure they remained in full
In addition, the Office focused on 1RS Internet linkages to oth
agency web sites and private industry. In order to increase
awareness of the privacy implications of its Internet visits, th
ated "departure notices" that alert the Internet visitor when he i
1RS site. The new site may not have the same privacy (and secu
dards that the 1RS site has and, through the posting of a depa
that automatically pops up if the visitor is about to exit the 1R
the linked site, the visitor will be put on notice. Accordingly, th
notice includes the following or similar language:
Please note that by clicking on this link, you will leave the 1RS web site
privately owned web site created, operated, and maintained by a private
The information that this private business collects and maintains as a res
visit to its web site may differ from the information that the 1RS collects
tains .... We recommend you review the businesses information collectio
terms and conditions to fully understand what information is collected by
business.96

93. See OMB, Memorandum on Privacy Policies and Data Collection on

Federal Web Sites, M-00-13 (June 22, 2000), at http://www.cio.gov/docs/
lewfinal062200.htm (defining "cookies" as "small bits of software that are placed on a w
user's hard drive" that can "track the activities of users over time and across different we
sites").
94. Id.

95. See Letter from John T. Spotila, Administrator, OMB Office of Informatio
Regulatory Affairs, to Roger Baker, CIO, U.S. Department of Commerce (Sept.
available at http://www.cio.gov/docs/OMBCookies2.htm (noting that some governm
line activities, such as the electronic filing of applications for Department of Educatio
dent loans, do not raise privacy concerns because they do not enable the government
users over time and across different websites).
96. To view the 1RS departure notices, go to the 1RS website, http://www.irs.go
click on any external non-federal link. The 1RS has a comparable departure notice f
ing to other federal government web sites.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
 676 ADMINISTRATIVE LAW REVIEW [53:2
Conclusion

No one believes that the public's privacy fears will simply disappe
In fact, the concern is that privacy fears will create so much un
pressure that an "incoherent body of law" will result through "scat
legislation.98 The 1RS, other federal agencies, and private industry
afford to wait for legislative solutions.99
They require the trust of the public in order to fulfill their mis
whether it is to meet their statutory responsibilities or increase co
profits.100 One means of gaining that trust is the embedding of rob
vacy protection into corporate thinking and processes. The achievem
this objective requires a mindset that is still being developed -
protection viewed as a strategic value. Privacy needs to be consi
an asset of, not as a barrier to, new product lines. In addition, the ch
increasing use of technology and the opportunities it provides will
federal agencies and private industry to frequently reexamine their
strategy. To use technology to advance privacy protection requires
partnerships between business owners, systems developers, and
advocates,101 all of whom should build privacy into the design of a
tive. We must "keep our privacy protections as up to date as our

97. In 2000, an IDC Privacy Survey found that "more respondents were conce
very concerned about the sharing or sale of their personal information that is co
online purchase than through their tax returns, which ranked second." Molly Up
vacy Costs, IDC Newsletter, at http:/www/wirehub.nl/~rick/koopgedrag%
internet.htm (last visited Mar. 24, 2001).
98. Jay Stanley & John C. McCarthy, Growing Privacy Labyrinth Hinders eB
Forrester Brief, Dec. 1, 2000 (on file with author).
99. At a symposium sponsored by the American Society oí Access Professi
panel of privacy experts addressed the issue "Privacy: Recent Initiatives and Fut
forts." The panelists, Peter Swire, OMB Chief Counselor for Privacy, Ari Schwar
Policy Analyst, Center for Democracy and Technology, and Frank Reeder, Reed
agreed that privacy is viewed as a bipartisan issue and will be the focus of future
sional actions.
100. Opinion Research Corporation International reported in May 2000 that a poll it
conducted revealed that 43% of the 1000 adults surveyed consider government posing the
greatest threat to their privacy, compared with 24% for the media, and 18% for private in-
dustry. See Jedediah Purdy, An Intimate Invasion, USA WEEKEND ONLINE, July 2, 2000, at
http://usaweekend.com/00_issues/000702/000702privacy.html.
101. Until privacy is fully recognized as a strategic value, a "privacy advocate" opera-
tion dedicated solely to recognizing privacy issues and creating protections may be required.
See President's Memorandum on Privacy, supra note 79, at 871 (describing President
Clinton's determination that all agencies should designate officials to focus on privacy con-
cerns). Of course, the level of authority given this position and its strategic alignment in the
host organization will determine how quickly privacy protection is incorporated into all
agency initiatives.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms
2001] MANAGING INFORMATION PRIVACY 611

technology: Breakthroughs in technology should not break

of privacy."102
The privacy protection tools discussed above were devel
privacy in the IRS's strategic planning and systems devel
concept in any modernization initiative. They represent
needed to secure the public's confidence in the ability of the
and maintain their sensitive information. To succeed, th
holder of sensitive information, must remain vigilant abou
addressing the privacy concerns of their constituencies.

1 02. Clinton-Gore Plan, supra note 70.

This content downloaded from 202.65.183.63 on Wed, 19 Sep 2018 14:51:46 UTC
All use subject to https://about.jstor.org/terms