By Jim Kouri
Thursday, June 14, 2007
The Department of Homeland Security Privacy Office was established with the appointment of the first Chief Privacy Officer in April 2003, as required by the Homeland Security Act of 2002.
The Privacy Office's major responsibilities include reviewing and approving privacy impact assessments (PIA) -- analyses of how personal information is managed in a federal system, integrating privacy considerations into DHS decision making, ensuring compliance with the Privacy Act of 1974, and preparing and issuing annual reports and reports on key privacy concerns.
The DHS Privacy Office has made significant progress in carrying out its statutory responsibilities under the Homeland Security Act and its related role in ensuring compliance with the Privacy Act of 1974 and E-Government Act of 2002, but more work remains to be accomplished. Specifically, the Privacy Office has made significant progress by establishing a compliance framework for conducting PIAs, which are required by the E-Gov Act.
The framework includes formal written guidance, training sessions, and a process for identifying affected systems. The framework has contributed to an increase in the quality and number of PIAs issued as well as the identification of many more affected systems. The resultant workload is likely to prove difficult to process in a timely manner.
Designating privacy officers in certain DHS components could help speed processing of PIAs, but DHS has not yet taken action to make these designations. The Privacy Office has also taken actions to integrate privacy considerations into the DHS decision-making process by establishing an advisory committee, holding public workshops, and participating in policy development.
However, limited progress has been made in updating public notices required by the Privacy Act for systems of records that were in existence prior to the creation of DHS. These notices should identify, among other things, the type of data collected, the types of individuals about whom information is collected, and the intended uses of the data.
Until the notices are brought up-to-date, the department cannot assure the public that the notices reflect current uses and protections of personal information. Further, the Privacy Office has generally not been timely in issuing public reports.
For example, a report on the Multi-state Anti-Terrorism Information Exchange program -- a pilot project for law enforcement sharing of public records data -- was not issued until long after the program had been terminated. Late issuance of reports has a number of negative consequences, including a potential reduction in the reports' value and erosion of the office's credibility.
�Pursuant to Title 17 U.S.C. 107, other copyrighted work is provided for educational purposes, research, critical comment, or debate without profit or payment. If you wish to use copyrighted material from this site for your own purposes beyond the 'fair use' exception, you must obtain permission from the copyright owner. Views are those of authors and not necessarily those of Canada Free Press. Content is Copyright 1997-2024 the individual authors. Site Copyright 1997-2024 Canada Free Press.Com Privacy Statement