The CIO Council has released new recommendations today under the Digital Government Strategy (Strategy) concerning standardized digital privacy controls (Milestone 10.3). In helping to create a government for the 21^st Century, the Strategy recognizes that Federal agencies, as good data stewards, must adopt strong privacy, confidentiality, and security safeguards to prevent the improper collection, use, retention or disclosure of personally identifiable information (PII) when developing and delivering such digital services and programs. Services and programs that incorporate digital content, platforms, mobile applications (apps), application programming interfaces (APIs), and other new and emerging technologies must be designed and operated in a manner that fosters trust, accountability, and transparency in how personal information is collected, retained, used, and disclosed through the information’s life cycle.

In order to aid in this process, the Strategy tasked the Privacy Committee of the Federal CIO Council to work with the National Institute of Standards and Technology (NIST), and the National Archives and Records Administration (NARA) to “develop guidelines for standardized implementation of digital privacy controls and educate agency privacy and legal officials on options for addressing digital privacy, records retention, and security issues.”

The resulting report, Recommendations for Standardized Digital Privacy Controls, was written by members of the CIO Council’s Privacy Committee and explains how privacy controls help enable and promote the Strategy’s data- and customer-centric approach. It also highlights the importance of integrating such controls into the risk management process to ensure that privacy is fully incorporated in the planning and development of digital services and programs.