Privacy protection standards for the information sharing environment

Abstract

Created in response to findings of the 9/11 Commission concerning the lack of information sharing as a primary factor in the failure to stop the September 11, 2001, attacks, the Information Sharing Environment (ISE) was mandated by the Intelligence Reform and Terrorist Prevention Act of 2004 (IRTPA). The ISE was intended to build on existing information sharing systems and promote increased information sharing through the creation of a collaborative culture among a diverse group of participants. Another goal of the ISE is to protect information privacy. ISE efforts to meet the goal of information privacy protection are stymied by a lack of uniform privacy standards that are equally applicable to all ISE participants. The thesis compares two policy options--voluntarily adopted mandatory standards and federally imposed mandatory standards--to the status quo system of voluntary guidelines. These policy options are evaluated in terms of their effect on collaboration and information sharing, their constitutionality, their consistency and enforceability in application, and political acceptability. Based on projected relative outcomes, this thesis recommends that the ISE adopt a privacy protection system consisting of voluntary standards that, once adopted, become mandatory in application.