EXECUTIVE ORDER

– – – – – – –

ESTABLISHMENT OF THE FEDERAL PRIVACY COUNCIL

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The mission of the United States Government is to serve its people. In order to accomplish its mission, the Government lawfully collects, maintains, and uses large amounts of information about people in a wide range of contexts. Protecting privacy in the collection and handling of this information is fundamental to the successful accomplishment of the Government’s mission. The proper functioning of Government requires the public’s trust, and to maintain that trust the Government must strive to uphold the highest standards for collecting, maintaining, and using personal data. Privacy has been at the heart of our democracy from its inception, and we need it now more than ever.

Executive departments and agencies (agencies) already take seriously their mission to protect privacy and have been working diligently to advance that mission through existing interagency mechanisms. Today’s challenges, however, require that we find even more effective and innovative ways to improve the Government’s efforts. Our efforts to meet these new challenges and preserve our core value of privacy, while delivering better and more effective Government services for the American people, demand leadership and enhanced coordination and collaboration among a diverse group of stakeholders and experts.

Therefore, it shall be the policy of the United States Government that agencies shall establish an interagency support structure that: builds on existing interagency efforts to protect privacy and provides expertise and assistance to agencies; expands the skill and career development opportunities of agency privacy professionals; improves the management of agency privacy programs by identifying and sharing lessons learned and best practices; and promotes collaboration between and among agency privacy professionals to reduce unnecessary duplication of efforts and to ensure the effective, efficient, and consistent implementation of privacy policy Government-wide.

Sec. 2. Policy on Senior Agency Officials for

Privacy. Within 120 days of the date of this order, the Director of the Office of Management and Budget (Director) shall issue a revised policy on the role and designation of the Senior Agency Officials for Privacy. The policy shall provide guidance on the Senior Agency Official for Privacy’s responsibilities at their agencies, required level of expertise, adequate level of resources, and other matters as determined by the Director. Agencies shall implement the requirements of the policy within a reasonable time frame as prescribed by the Director and consistent with applicable law.

Sec. 3. Responsibilities of Agency Heads. The head of each agency, consistent with guidance to be issued by the Director as required in section 2 of this order, shall designate or re-designate a Senior Agency Official for Privacy with the experience and skills necessary to manage an agency-wide privacy program. In addition, the head of each agency, to the extent permitted by law and consistent with ongoing activities, shall work with the Federal Privacy Council, established in section 4 of this order.

Sec. 4. The Federal Privacy Council.

(a) Establishment. There is hereby established the Federal Privacy Council (Privacy Council) as the principal interagency forum to improve the Government privacy practices of agencies and entities acting on their behalf. The establishment of the Privacy Council will help Senior Agency Officials for Privacy at agencies better coordinate and collaborate, educate the Federal workforce, and exchange best practices. The activities of the Privacy Council will reinforce the essential work that agency privacy officials undertake every day to protect privacy.

(b) Membership. The Chair of the Privacy Council shall be the Deputy Director for Management of the Office of Management and Budget. The Chair may designate a Vice Chair, establish working groups, and assign responsibilities for operations of the Privacy Council as he or she deems necessary. In addition to the Chair, the Privacy Council shall be composed of the Senior Agency Officials for Privacy at the following agencies:

(i) Department of State;

(ii) Department of the Treasury;

(iii) Department of Defense;

(iv) Department of Justice;

(v) Department of the Interior;

(vi) Department of Agriculture;

(vii) Department of Commerce;

(viii) Department of Labor;

(ix) Department of Health and Human Services;

(x) Department of Homeland Security;

(xi) Department of Housing and Urban Development;

(xii) Department of Transportation;

(xiii) Department of Energy;

(xiv) Department of Education;

(xv) Department of Veterans Affairs;

(xvi) Environmental Protection Agency;

(xvii) Office of the Director of National Intelligence;

(xviii) Small Business Administration;

(xix) National Aeronautics and Space Administration;

(xx) Agency for International Development;

(xxi) General Services Administration;

(xxii) National Science Foundation;

(xxiii) Office of Personnel Management; and

(xxiv) National Archives and Records Administration.

The Privacy Council may also include other officials from agencies and offices, as the Chair may designate, and the Chair may invite the participation of officials from such independent agencies as he or she deems appropriate.

(c) Functions. The Privacy Council shall:

(i) develop recommendations for the Office of Management and Budget on Federal Government privacy policies and requirements;

(ii) coordinate and share ideas, best practices, and approaches for protecting privacy and implementing appropriate privacy safeguards;

(iii) assess and recommend how best to address the hiring, training, and professional development needs of the Federal Government with respect to privacy matters; and

(iv) perform other privacy-related functions, consistent with law, as designated by the Chair.

(d) Coordination.

(i) The Chair and the Privacy Council shall coordinate with the Federal Chief Information Officers Council (CIO Council) to promote consistency and efficiency across the executive branch when addressing privacy and information security issues. In addition, the Chairs of the Privacy Council and the CIO Council shall coordinate to ensure that the work of the two councils is complementary and not duplicative.

(ii) The Chair and the Privacy Council should coordinate, as appropriate, with such other interagency councils and councils and offices within the Executive Office of the President, as appropriate, including the President’s Management Council, the Chief Financial Officers Council, the President’s Council on Integrity and Efficiency, the National Science and Technology Council, the National Economic Council, the Domestic Policy Council, the National Security Council staff, the Office of Science and Technology Policy, the Interagency Council on Statistical Policy, the Federal Acquisition Regulatory Council, and the Small Agency Council.

Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to a department, agency, or the head thereof; or

(ii) the functions of the Director relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) Independent agencies are encouraged to comply with the requirements of this order.

(d) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

BARACK OBAMA

THE WHITE HOUSE,
February 9, 2016.