Coinciding with Data Privacy Week, MeriTalk sat down with Office of Personnel Management (OPM) Chief Privacy Officer Kirsten Moncada to discuss how data privacy efforts are working to build trust in government, and the importance of teamwork in data governance.
Moncada, who joined OPM in September, serves as the executive director of the Office of the Executive Secretariat, Privacy, and Information Management at OPM. She also served as the chair of the Federal Privacy Council – until the end of last week – where she led the Federal privacy community.
Prior to joining OPM, Moncada served as the Office of Management and Budget’s (OMB) first privacy branch chief. As a leader in Federal privacy law and policy for over 30 years, Moncada kicked off our conversation by explaining that data privacy “is often misunderstood.”
“Oftentimes people think it’s just securing data or keeping it secret, but it’s really so much more than that,” Moncada said. “At the heart of it, it’s really about trust and fairness, preserving the trust of the people that we serve in their government, and we do that through a set of Fair Information Practice Principles.”
The Fair Information Practice Principles, or FIPPs, are a set of widely accepted principles that agencies use as the foundation for privacy laws and policies.
Notably, Moncada said the United States was the first country to establish privacy principles. The FIPPS are rooted in a 1973 Federal government report from the Department of Health, Education, and Welfare Advisory Committee, titled “Records, Computers, and the Rights of Citizens.”
This report was issued following the development of the personal computer, and it led to the Privacy Act of 1974 – “the first place that those foundational principles were articulated in law,” she said.
“Data fuels everything we do. In government, in order for us to execute the missions and serve the people – especially in an agency like OPM – we have to have information about people or we can’t do our job,” Moncada said. “How we handle that information about the public we serve is directly related to their trust in government.”
“So, we really try to uphold very high standards in the handling of that personal data,” she added. “Everything we do is basically trying to incorporate those principles.”
The nine FIPPS, she explained, include transparency, individual participation, authority, purpose specification and use limitation, minimization, quality and integrity, access and amendment, security, and accountability.
Through those principles, Moncada said OPM is taking initiatives, in line with government-wide policy, to transition privacy from being simply a compliance exercise to being a more comprehensive, continuous, and risk-based program.
“My data governance colleagues and I like to refer to data governance as a team sport, and I think that is really the important message I have for other agencies,” Moncada said. “Good data governance and protection of sensitive data, such as data about people, obviously depends on us coordinating across disciplines and working as a team.”
Moncada said privacy officials need to collaborate with a variety of people on their team, including those who are collecting and using the information.
Additionally, she said they need to work with those in “data governance disciplines,” such as chief data officers who are looking at how to leverage the data, chief information officers who are working with the technology, chief information security officers who are working with the security, and even statistical officials who are looking at reducing the risk of identification in a data set.
“All of these disciplines have really unique expertise, that when we all work together contributes to better data governance,” Moncada said. “You’ll have to work and engage with your colleagues across the agency because you have to really understand what it is they’re doing, how they’re collecting and using the information before you can even begin to start assessing and managing the compliance and risk management.”
“You cannot do privacy and data governance in a silo. You’ve got to work and collaborate and approach it as a team,” she concluded.
So, what’s next for Moncada? Given her new position at OPM, she explained she is stepping down as chair of the Federal Privacy Council – which is chaired by OMB – so that OMB can resume its leadership responsibilities.
However, she is looking forward to working as a member of the council, “especially working on workforce-related issues” as she leans into her new role at OPM.
“It’s been an interesting time to be focused on this kind of work,” Moncada said. “As the tech and data landscape evolves, our work naturally evolves too, and there are new laws and new policies that keep it really exciting.”
