DigitalGov Summit Recap: Building Privacy & Identity Management in the Open

Aug 28, 2015

How can government protect citizens while delivering the services they demand in the modern age? This was a theme of the panel discussion on privacy and identity management at the 2015 DigitalGov Citizen Services Summit.

Data and identity security concept of cyber attack warning messages on a computer screen.

Matej Moderc/iStock/Thinkstock

“Cybersecurity has really come a long way in the last 10 years, unifying the conversation about risk across organizations,” said Sean Brooks, panelist and privacy engineer at the National Institute of Standards and Technology (NIST), “but privacy has really lagged behind.” And NIST is trying to help agencies understand the risks they’re trying to mitigate with controls in their information systems, Brooks added.

Government also needs to think about user experience because consumers want convenience and trust, said Jennifer Kerber, director of Connect.gov at the General Services Administration. By doing user testing and research in the early stages, we can ensure we’ll deliver digital services in a common lexicon that customers can understand, she explained.

On the left, it shows 3 examples of how without Connect.gov, you can only use an agency-issued credential for access to that agency’s applications. On the right, it shows how Connect.gov enables you to use a single third-party credential to access multiple agencies’ applications.

Government can “build all these beautiful digital services, but if people don’t trust them, they aren’t going to use them—and if they have to use them in order to do business with us, we would like to tamp down their fear and concern” said Dan Morgan, panel moderator and chief data officer at the Department of Transportation. “It’s very important we address these user experience things early on and make sure the people who are building these services understand what we’re trying to do and how best to address these risks,” he continued.

NIST’s draft publication on privacy engineering framework will be going out for public comment, and it will be critical to get comments from people “trying to build stuff and do things” at agencies, Brooks said. One of the goals of the privacy engineering framework is to make communication across different staff at agencies more productive. It will contain worksheets that will help facilitate an iterative approach to this work in agencies.

You can watch the video below to see the rest of the 15 minute panel.