An Examination of the Privacy Impact Assessment as a Vehicle for Privacy Policy Implementation in U.S. Federal Agencies
Abstract
The Privacy Act of 1974 was designed to protect personal privacy captured in the records held by government agencies. However, the scope of privacy protection has expanded in light of advances in technology, heightened security, ubiquitous threats, and the value of information. This environment has raised the expectations for public sector management of sensitive personal information and enhanced privacy protections. While the expanse of privacy policy implementation is broad, this study focuses specifically on how agencies implement privacy impact assessments (PIAs) as required under Section 208 of the E-Government Act of 2002. An enhanced understanding of the PIA implementation process serves as a portal into the strategic considerations and management challenges associated with broader privacy policy implementation efforts.
A case study of how the U.S. Postal Service and the U.S. Department of Veterans Affairs have implemented PIAs provides rich insights into privacy policy implementation and outcomes. Elite interviews enriched by process data and document analysis show how each organization undertook different approaches to PIA implementation over time. This study introduces the sociology of law literature using Lauren Edelman's conceptual framework to understand how organizations respond to and interpret law from within the organization, or endogenously. Building upon Edelman's model, certain characteristics of the PIA implementation are analyzed to provide rich description of the factors that influence the implementation process and lead to different policy outcomes.
The findings reflect valuable insights into the privacy policy implementation process and introduce the sociology of law literature to the field of public administration. This literature furthers our understanding of how organizations enact policy over time, how the implementation process unfolds and is impacted by critical factors, and for identifying emergent patterns in organizations. This study furthers our understanding how privacy policy, in particular, is implemented over time by examining the administrative capacities and levels of professionalism that are utilized to accomplish this effort. This research comes at a critical time in the context of the emerging legal and political environment for privacy that is characterized by new expectations by the public and the expanding role of government to manage and protect sensitive information.
Collections
- Doctoral Dissertations [16010]
Related items
Showing items related by title, author, creator and subject.
-
Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems
Bélanger, France; Crossler, Robert E. (University of Minnesota, Management Information Systems Research Center, 2011-12)Information privacy refers to the desire of individuals to control or have some influence over data about themselves. Advances in information technology have raised concerns about information privacy and its impacts, and ... -
Architectural correlates of privacy: the dynamics of privacy regulation
Johnson, Virginia Wilson (Virginia Tech, 1990-12-15)The study examines architectural correlates of privacy in an aerospace industry. Conceptual/theoretical notions are tested, whose ultimate value is the further refinement of privacy regulation, conceptually and operationally. ... -
Implementing Differential Privacy for Privacy Preserving Trajectory Data Publication in Large-Scale Wireless Networks
Stroud, Caleb Zachary (Virginia Tech, 2018-08-14)Wireless networks collect vast amounts of log data concerning usage of the network. This data aids in informing operational needs related to performance, maintenance, etc., but it is also useful for outside researchers in ...