IITF Uniform Privacy Protection Practices

2. Establish uniform privacy protection practices and generally
acceptable implementation methods for these practices.

The IITF by July 1994 should direct the creation of an interagency task
force to create uniform privacy protection practices for information
systems and generally acceptable implementation methods for these
practices. The task force should include membership from the Departments
of Justice, Treasury, Commerce, Defense, Energy, Health and Human
Services, Education, and State, OMB, and the Office of Science and
Technology Policy and should solicit participation and input from groups
such as business, consumer, computer science, telecommunications, civil
liberties, and state and local governments.

OMB should have a coordination and advisory role, and the chair should
be selected from the participating federal agencies. The task force
should be directed to prepare a report within 12 months following its
creation that details uniform privacy protection practices and provides
generally acceptable implementation methods for these practices. Methods
for implementing the uniform privacy protection practices may differ by
sector, e.g., health care, personnel, or law enforcement.  These
practices and methods should be viewed as the recommended privacy
standards federal agencies will follow and the private sector will
consider.

The direction to the task force should require that the generally
acceptable implementation methods aggressively use information
technology--including the use of distributed interconnected systems--and
should effectively use technology to balance government's responsibility
to provide individuals a reasonable degree of control of information
about themselves and appropriate confidentiality with government's
desire for efficient and high-quality recordkeeping; detection and
prevention of fraud, waste, and abuse; and effective law enforcement
investigations.

OMB should issue new guidance (e.g., a circular), within six months of
receiving the task force's final report. This guidance will adopt, for
use governmentwide, uniform privacy protection standards and generally
acceptable implementation methods as set forth in that report.