DHS office describes how it assesses privacy -- Federal Computer Week

DHS office describes how it assesses privacy

By Ben Bain
Jan 05, 2009

The Homeland Security Department’s privacy office has released a policy guidance document that explains the principles the office uses to assess the privacy effects of DHS programs.

DHS’ privacy office released a memorandum Dec. 29 that laid out eight fair information practice principles (FIPPs) that it said constitute the foundation for the department's privacy policy development and implementation. That office said it has already been using FIPPs in its privacy notices and assessments.

“They are the things that we use when evaluate the privacy impact of any information system, any program of any activity,” said Hugo Teufel, DHS’ chief privacy officer.

FIPPs, used to assess the effects of systems, processes and programs on individual privacy, are central to the 1974 Privacy Act, and variations of the principles are reflected in international privacy protection frameworks, as well as state-level and national legislation, the memo said.

The memo describes how the privacy office applies the principles specifically to DHS programs. The incoming Obama administration will appoint a new chief privacy officer there.

The FIPPS said in the memo that DHS should:

• Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII).

• When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII.

• Explain the authority that permits DHS to collect PII and the ways it will be used.

• Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary.

• Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected.

• Ensure, as much as possible, that data is accurate, relevant, timely and complete.

• Protect PII with appropriate security.

• Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Share this Page

Napolitano endorses PASS ID bill06/26/2009
DHS to kill satellite surveillance program 06/23/2009
E-Verify extension in contention06/19/2009
DHS funds IT-related projects06/17/2009
DHS spending bill would fund SBInet, E-Verify06/16/2009

Reader comments

Wed, Jan 7, 2009

Host a panel discussion on "How not to do it", with guests from Ohio DJFS (former head Helen Jones-Kelly and a half dozen of her cronies) and Joe the Plumber. Ms. Helen should have to do hers from a prison cell. Have her former boss, Ted, be the moderator. I'd buy a ticket to see that show.

Wed, Jan 7, 2009 Howard Washington DC

DHS fails on almost every point. In all of my airline travel, I have not received a single notice regarding what personal information is collected, how it is used, or how long it will be kept. DHS has established no accessible process for citizens to view PII held by DHS. Further, DHS has refused personal requests for such information. There is also no method for offering consent. Further, redress is impossible when citizens don't know how their personal information is used or misused. Unfortunately, it is impossible to tell whether the PII collected, mined, or combined from other sources will be used for new purposes in the future. "Mission Creep" is a significant risk. And "as long as necessary" is unacceptably ambiguous: Hours, Days, Weeks, Months, or Years? "Be held accountable..." By whom? Certainly not by citizens. Although DHS must report to a burdensome number of congressional committees, they ignore all of them except for Appropriations. Accountability seems like a mirage. I guess this is a trade magazine, so real reporting is optional.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)

Your Email:(optional)

Your Location:(optional)

Comment:

Please type the letters/numbers you see above

Related Resources

Federal Computer Week eNewsletters

Subscribe to Newsletters
Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

eSeminar

Find opportunity in the cloud
Washington Technology presents Patrick Stingley, chief technology officer of the Bureau of Land Management, in a recent eSeminar, where he explains opportunities and challenges of the federal government adoption of cloud computing. Read more

Current issue of FCW

Cybersecurity training: The battle over mandates

Will mandatory cybersecurity training or licensing make government systems more secure? Read more

What is your e-mail address?

Do you have a password?

HOT TOPICS

FCW SHORTCUTS

Resource Center