Customs and Border Protection not taking privacy seriously, audit says
The Customs and Border Protection agency handles sensitive private information for about 350 million travelers a year but has only a part-time privacy officer, according to a new audit from the Homeland Security Department Office of Inspector General.
The department has several gaps in how it is protecting personally-identifiable information of travelers as well as the Social Security numbers of its own employees, the May 11 report said.
In 2009, the DHS Secretary directed 10 component agencies, including CBP, to designate senior-level full-time privacy officers. However, CBP designated a branch chief for a dual role as privacy officer. The branch chief continues to serve in the dual roles, the audit said.
The dual nature of the assignment for the privacy officer is “limiting his ability” to address all the privacy duties associated with the position, the inspector general report said.
"CBP has made limited progress toward instilling a culture of privacy," the audit stated. "This is in part because it has not established a strong organizational approach to address privacy issues across the component."
In addition, the privacy office has not made a complete inventory of personally-identifiable information, has not performed an analysis of privacy requirements for 70 percent of its systems and has not developed accurate privacy notices informing the public that the information has been collected, the report said. The privacy office also has not done enough to protect employee Social Security numbers.
The inspector general made recommendations to the Acting Commissioner of CBP to establish a privacy office with adequate resources and staffing, issue a directive to hold assistant commissioners and directors accountable for privacy responsibilities and implement stronger measures to protect worker Social Security numbers.
Agency officials agreed with the recommendations.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.