An Examination of the Privacy Impact Assessment as a Vehicle for Privacy Policy Implementation in U.S. Federal Agencies
Abstract
The Privacy Act of 1974 was designed to protect personal privacy captured in the records held by government agencies. However, the scope of privacy protection has expanded in light of advances in technology, heightened security, ubiquitous threats, and the value of information. This environment has raised the expectations for public sector management of sensitive personal information and enhanced privacy protections. While the expanse of privacy policy implementation is broad, this study focuses specifically on how agencies implement privacy impact assessments (PIAs) as required under Section 208 of the E-Government Act of 2002. An enhanced understanding of the PIA implementation process serves as a portal into the strategic considerations and management challenges associated with broader privacy policy implementation efforts.
A case study of how the U.S. Postal Service and the U.S. Department of Veterans Affairs have implemented PIAs provides rich insights into privacy policy implementation and outcomes. Elite interviews enriched by process data and document analysis show how each organization undertook different approaches to PIA implementation over time. This study introduces the sociology of law literature using Lauren Edelman\'s conceptual framework to understand how organizations respond to and interpret law from within the organization, or endogenously. Building upon Edelman\'s model, certain characteristics of the PIA implementation are analyzed to provide rich description of the factors that influence the implementation process and lead to different policy outcomes.
The findings reflect valuable insights into the privacy policy implementation process and introduce the sociology of law literature to the field of public administration. This literature furthers our understanding of how organizations enact policy over time, how the implementation process unfolds and is impacted by critical factors, and for identifying emergent patterns in organizations. This study furthers our understanding how privacy policy, in particular, is implemented over time by examining the administrative capacities and levels of professionalism that are utilized to accomplish this effort. This research comes at a critical time in the context of the emerging legal and political environment for privacy that is characterized by new expectations by the public and the expanding role of government to manage and protect sensitive information.
A case study of how the U.S. Postal Service and the U.S. Department of Veterans Affairs have implemented PIAs provides rich insights into privacy policy implementation and outcomes. Elite interviews enriched by process data and document analysis show how each organization undertook different approaches to PIA implementation over time. This study introduces the sociology of law literature using Lauren Edelman\'s conceptual framework to understand how organizations respond to and interpret law from within the organization, or endogenously. Building upon Edelman\'s model, certain characteristics of the PIA implementation are analyzed to provide rich description of the factors that influence the implementation process and lead to different policy outcomes.
The findings reflect valuable insights into the privacy policy implementation process and introduce the sociology of law literature to the field of public administration. This literature furthers our understanding of how organizations enact policy over time, how the implementation process unfolds and is impacted by critical factors, and for identifying emergent patterns in organizations. This study furthers our understanding how privacy policy, in particular, is implemented over time by examining the administrative capacities and levels of professionalism that are utilized to accomplish this effort. This research comes at a critical time in the context of the emerging legal and political environment for privacy that is characterized by new expectations by the public and the expanding role of government to manage and protect sensitive information.
Collections
- Doctoral Dissertations [13142]
Related items
Showing items related by title, author, creator and subject.
-
Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems
(University of Minnesota, Management Information Systems Research Center, 2011-12)Information privacy refers to the desire of individuals to control or have some influence over data about themselves. Advances in information technology have raised concerns about information privacy and its impacts, and ... -
New Approaches for Ensuring User Online Privacy
(Virginia Tech, 2007-11-26)With the increase of requesting personal information online, unauthorized disclosure of user privacy is a significant problem faced by todayâ s Internet. As a typical identity theft, phishing usually employs fraudulent ... -
Data and IRB issues in International Naturalistic Driving Study
(2014-08-25)Cultural expectations vary among regions; there are different expectations of privacy, volunteering criteria, and duties as a citizen. These differences such as driving laws may very well augment the risks that participants ...
