Data privacy is a full-time job at OPM. It’ll only get busier in the AI age

The Office of Personnel Management (OPM) holds tons of data on current and former federal employees.

It’s a full-time job making sure that sensitive information on federal employees and retirees gets to the right people at the right time, without falling into the wrong hands.

But that data privacy work is only going to get more complicated, as the federal government ramps up its use of artificial intelligence tools.

Kirsten Moncada, OPM’s chief privacy officer and a longtime federal privacy expert, said the rise of AI tools in government is sure to create more work for privacy officials across the government.

“The impact of AI on privacy and all information management work is huge. And it’s obviously only going to get bigger, because AI runs on data. And just as with any other kind of application, we have to ensure that we are using and processing that data in a way that’s fair and protects an individual’s privacy,” Moncada said in a recent interview.

President Joe Biden, in his AI executive order last October, called on the federal government to step up its use of this emerging technology — but also called on agencies to put guardrails in place that protect privacy and civil liberties.

“Artificial Intelligence is making it easier to extract, re-identify, link, infer, and act on sensitive information about people’s identities, locations, habits, and desires,” the executive order states. “Artificial Intelligence’s capabilities in these areas can increase the risk that personal data could be exploited and exposed.”

To combat this risk, the executive order directs agencies to ensure that the collection, use, and retention of data is “lawful, is secure, and mitigates privacy and confidentiality risks.”

Moncada, a career federal employee with more than 30 years of service, said the rise of AI will create more work for chief privacy officers in ways that may echo other tech innovations over the past few decades. But, in some cases, AI may introduce new and novel challenges.

“Boons in tech and data capabilities have always historically brought more work for privacy professionals,” Moncada said, adding that the rise of the federal government using computers in the 1970s gave rise to the 1974 Privacy Act. “AI is so new still, there will be new things, but we just don’t know yet even what they all are,” she added.

Federal privacy officials saw a similar spike in their work amid the dawn of the internet age in the late 1990s and early 2000s.

“We have a tech thing, and then it kind of levels off. Then something else happens. Now with AI, we might be on a constant, going straight up, in terms of increased work and complexity, but it’s really bringing that same privacy philosophy and analysis to a new application or environment,” Moncada said.

Before joining OPM last September, Moncada served as the privacy branch chief at the White House Office of Information and Regulatory Affairs (OIRA) and served as chairwoman of the Federal Privacy Council.

Moncada said the council, which works with other interagency groups like the Federal Chief Information Officers Council and the Federal Chief Data Officers Council, is working to unpack the challenges and opportunities of technology like AI.

“We have to have data to do our job. And of course, now that we have increased data capabilities, we can really extract more value from the data. But, of course, we still have to comply with law and policy and be fair in our use, and ensure that we maintain the public trust in how we’re handling especially personally identifiable information.”

Moncada said bringing all of these groups together is essential to strike the right balance between easily sharing data between agencies, while making sure those data-sharing efforts meet legal privacy requirements.

“Sometimes I think people are worried that if we bring in privacy, they’re going to tell us we can’t do something. And what we really try to strive for is to say, ‘Well, yes, of course, if the law says you can’t do something, you can’t do something.’ But more often than not, it’s not ‘yes’ or ‘no,’ it’s, ‘Here’s how to do it in a way that is fair, and that preserves privacy, but that still allows you to gain value and innovate while protecting the people that we’re all here to serve.”

Moncada also served as the executive director at the Social Security Administration’s Office of Privacy and Disclosure, and as the first director of the Justice Department’s Office of Privacy and Civil Liberties.

“At the heart of it, what we as federal privacy professionals really see our work being is about ensuring trust in government, preserving the trust of the people we serve,” Moncada said.

OPM and the federal government more broadly, have doubled down their cybersecurity and data privacy efforts since 2015, when the agency suffered a major data breach.

The OPM data compromised the personally identifiable information (PII) of approximately 22 million current and former federal employees and job applicants.

A federal judge in October 2022 finalized a $63 million settlement for individuals affected by the OPM data breach.

“It’s really imperative that privacy and security officials work close together. And I’m really delighted to say that here at OPM, our privacy and security teams are very closely aligned and very in lockstep, working together. And that’s a great thing,” Moncada said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.