The Federal government switched to largely digital service delivery during the COVID-19 pandemic, and Deputy Federal CIO Maria Roat is reiterating that data privacy and security efforts are crucial to the success of citizen interactions with digital technology.
“The pandemic really highlighted how digital transactions are critical for the Federal government to deliver its mission,” Roat said at the September 11 Federal Identity Forum and Exposition.
She continued, “Agencies really need to have and make sure they have sound processes for authentication and access control to make sure we can securely deliver our services and protect an individual’s identity.”
When implementing technologies such as robotic process automation and artificial intelligence, Roat said as an example, agencies must make sure that the processes are auditable and constantly managed. All components of emerging technology should be continuously updating, revoking, and destroying credentials to build public trust in government, she asserted.
“The trust and safety of the transactions with the public is incredibly critical to the Federal government’s digital service, to our delivery, and agencies have to manage the risk to that public user data,” Roat said.
While agencies already have Privacy Impact Assessments and other procedures in place to ensure proper security measures are taken, Roat said that guidance such as the Office of Management and Budget’s (OMB) Identity, Credential, and Access Management (ICAM) policies “specifically calls out what appropriate consent and privacy protections agencies should share, proofing confirmations across agencies to reduce public burden.”
OMB’s May 2019 update to its ICAM guide encourages the use of more flexible solutions, supporting pilots for new authenticators, and requiring agencies to create an ICAM team.
“Ultimately, our goal [is] we want to make sure we’re driving standardization, reducing cost, and simplifying access,” Roat said of her office’s efforts,” and we want to make sure that we’re addressing those concerns from a privacy perspective.”