Protecting Privacy

Maureen Cooney finessed the fine line between national security and citizens' rights at DHS.

Maureen Cooney, who resigned recently as acting chief privacy officer at the Homeland Security Department, had it tough from the start.

The job is arguably the most difficult in government. At DHS, the chief privacy officer must monitor 22 agencies with a wide range of missions and fight for power inside the department, all while guiding it down the fine line between protecting national security and the privacy rights of Americans. In other words, if you're not willing to scuffle with other senior officials over the privacy policies of national security programs, walk away battered and bruised with limited concessions, and then catch flak from outside observers for not doing enough, don't bother applying for the job.

After nine months as acting chief, Cooney left DHS in late July. In September, she will join the Hunton & Williams law firm, based in New York, as a senior policy adviser for global privacy strategies at the firm's Center for Information Policy Leadership.

Privacy experts have praised Cooney for her persistence in coaxing DHS leaders to consider the effect of programs on citizens' rights. The Transportation Security Administration's Registered Traveler and Secure Flight programs and Homeland Security's US VISIT initiative for tracking visitors, among others, have raised privacy concerns that have yet to be resolved. But DHS officials say the programs are on a positive path in launching safeguards and a new review of the Secure Flight program. By breathing life back into the impact assessment process, observers say Cooney and her predecessor, Nuala O'Connor Kelly, the agency's first chief privacy officer, were able to put privacy back on the agenda.

This is not a small feat in an organization where program managers are resistant to an autocratic approach to privacy policies, observers say. By building relationships, Cooney embedded best practices in safeguarding personal information. Drawing on her experience as an international negotiator at the Federal Trade Commission, Cooney was able to win over tentative program managers. "She's kind and gentle, but she can be a tough cookie when she wants to be," says O'Connor Kelly, who has a management reputation as a brawler within the DHS bureaucracy. "She motivates people through respect."

But some say Cooney was marginalized at the agency because DHS Secretary Michael Chertoff never gave her the permanent chief privacy officer post. The job is hard enough as it is, says Sally Katzen, Clinton-appointed administrator of the Office of Information and Regulatory Affairs at the Office of Management and Budget, and it becomes "virtually impossible for an acting official."

"The fact that [Chertoff] has allowed the office to languish so long without a permanent confirmed head . . . indicates a probably unwise inattention to the question of privacy," says Jim Dempsey, policy director of the Center for Democracy and Technology, a Washington privacy advocacy organization. O'Connor Kelly had a direct relationship with then-DHS Secretary Tom Ridge, he says, but Cooney did not have that type of rapport with Chertoff.

Cooney says she had Chertoff's ear and respect and already had planned to leave federal service on her 20th anniversary, which is this year. "With any compliance function, people push back a lot," she says. "My experience has really been support from the top." Cooney hopes that the DHS privacy office will become a model for other federal agencies.

Since Cooney joined the office in January 2004, it has grown from a staff of three to more than 30. Under its guidance, DHS officials now assess the effects of programs on privacy and publish notices for public comment before launching systems that contain citizens' records, she says. Public forums on the government's use of information have given the department a better idea of citizens' expectations on privacy, Cooney says. The office's data privacy and integrity advisory committee, which guides Chertoff on policy decisions, has elevated privacy concerns within the department through such forums, she says. "We try to be as transparent as possible," she says. "When the government uses information, we want to know what it's for and how it's being taken care of."

Before she was acting privacy chief, Cooney was the office's chief of staff and director of international privacy policy, serving as O'Connor Kelly's deputy chief operating officer and policy strategist. Previously, she was legal adviser for international consumer protection and information privacy and security at the FTC and worked at the Treasury Department on a variety of international financial enforcement issues.

Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, is sorry to see Cooney go. Protecting the privacy rights of Americans is critical, he says, and Chertoff must be pushed to make a clear statement on privacy issues and their place in agency decision-making.

Cooney's replacement, Hugo Teufel III, must have "a steel spine and a hell of a lot of charm with which to negotiate" within DHS, says Linda Ackerman, an attorney and staff counsel for, a nonprofit organization concerned with the collection and nonconsensual use of personal information. In a department intent on using data mining for advancing national security, anyone bringing up privacy matters is not likely to get a hearing, she says. In fact, Cooney faced huge challenges in replacing O'Connor Kelly, whose remarkable success came on account of her dynamic personality, Ackerman says.

But Cooney's predecessor says she will be the "tough act to follow." Teufel must be a forceful advocate for privacy by demonstrating the importance of the office, says O'Connor Kelly. "They deserve a leader that they respect as a manager and as a privacy expert."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.


When you download a report, your information may be shared with the underwriters of that document.