Protecting Privacy

Maureen Cooney finessed the fine line between national security and citizens' rights at DHS.

Maureen Cooney, who resigned recently as acting chief privacy officer at the Homeland Security Department, had it tough from the start.

The job is arguably the most difficult in government. At DHS, the chief privacy officer must monitor 22 agencies with a wide range of missions and fight for power inside the department, all while guiding it down the fine line between protecting national security and the privacy rights of Americans. In other words, if you're not willing to scuffle with other senior officials over the privacy policies of national security programs, walk away battered and bruised with limited concessions, and then catch flak from outside observers for not doing enough, don't bother applying for the job.

After nine months as acting chief, Cooney left DHS in late July. In September, she will join the Hunton & Williams law firm, based in New York, as a senior policy adviser for global privacy strategies at the firm's Center for Information Policy Leadership.

Privacy experts have praised Cooney for her persistence in coaxing DHS leaders to consider the effect of programs on citizens' rights. The Transportation Security Administration's Registered Traveler and Secure Flight programs and Homeland Security's US VISIT initiative for tracking visitors, among others, have raised privacy concerns that have yet to be resolved. But DHS officials say the programs are on a positive path in launching safeguards and a new review of the Secure Flight program. By breathing life back into the impact assessment process, observers say Cooney and her predecessor, Nuala O'Connor Kelly, the agency's first chief privacy officer, were able to put privacy back on the agenda.

This is not a small feat in an organization where program managers are resistant to an autocratic approach to privacy policies, observers say. By building relationships, Cooney embedded best practices in safeguarding personal information. Drawing on her experience as an international negotiator at the Federal Trade Commission, Cooney was able to win over tentative program managers. "She's kind and gentle, but she can be a tough cookie when she wants to be," says O'Connor Kelly, who has a management reputation as a brawler within the DHS bureaucracy. "She motivates people through respect."

But some say Cooney was marginalized at the agency because DHS Secretary Michael Chertoff never gave her the permanent chief privacy officer post. The job is hard enough as it is, says Sally Katzen, Clinton-appointed administrator of the Office of Information and Regulatory Affairs at the Office of Management and Budget, and it becomes "virtually impossible for an acting official."

"The fact that [Chertoff] has allowed the office to languish so long without a permanent confirmed head . . . indicates a probably unwise inattention to the question of privacy," says Jim Dempsey, policy director of the Center for Democracy and Technology, a Washington privacy advocacy organization. O'Connor Kelly had a direct relationship with then-DHS Secretary Tom Ridge, he says, but Cooney did not have that type of rapport with Chertoff.

Cooney says she had Chertoff's ear and respect and already had planned to leave federal service on her 20th anniversary, which is this year. "With any compliance function, people push back a lot," she says. "My experience has really been support from the top." Cooney hopes that the DHS privacy office will become a model for other federal agencies.

Since Cooney joined the office in January 2004, it has grown from a staff of three to more than 30. Under its guidance, DHS officials now assess the effects of programs on privacy and publish notices for public comment before launching systems that contain citizens' records, she says. Public forums on the government's use of information have given the department a better idea of citizens' expectations on privacy, Cooney says. The office's data privacy and integrity advisory committee, which guides Chertoff on policy decisions, has elevated privacy concerns within the department through such forums, she says. "We try to be as transparent as possible," she says. "When the government uses information, we want to know what it's for and how it's being taken care of."

Before she was acting privacy chief, Cooney was the office's chief of staff and director of international privacy policy, serving as O'Connor Kelly's deputy chief operating officer and policy strategist. Previously, she was legal adviser for international consumer protection and information privacy and security at the FTC and worked at the Treasury Department on a variety of international financial enforcement issues.

Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, is sorry to see Cooney go. Protecting the privacy rights of Americans is critical, he says, and Chertoff must be pushed to make a clear statement on privacy issues and their place in agency decision-making.

Cooney's replacement, Hugo Teufel III, must have "a steel spine and a hell of a lot of charm with which to negotiate" within DHS, says Linda Ackerman, an attorney and staff counsel for, a nonprofit organization concerned with the collection and nonconsensual use of personal information. In a department intent on using data mining for advancing national security, anyone bringing up privacy matters is not likely to get a hearing, she says. In fact, Cooney faced huge challenges in replacing O'Connor Kelly, whose remarkable success came on account of her dynamic personality, Ackerman says.

But Cooney's predecessor says she will be the "tough act to follow." Teufel must be a forceful advocate for privacy by demonstrating the importance of the office, says O'Connor Kelly. "They deserve a leader that they respect as a manager and as a privacy expert."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.