GAO: DHS falling behind on privacy notices

The Homeland Security Department’s Privacy Office faces a huge backlog in informing the public of privacy risks related to more than 200 departmental systems, according to congressional testimony given this week by a top official at the Government Accountability Office.

The Privacy Office was established in April 2003 as the first senior-level federal privacy office created by Congress. It is charged with enforcing the provisions of the Privacy Act of 1974 and the E-Government Act of 2002, which include notifying the public of new and existing systems of records containing personal information and conducting privacy impact assessments on new and existing federal programs.

Although the DHS Privacy Office has made progress in putting together a framework for conducting the assessments and issuing the public notices, backlogs of uncompleted work are continuing to grow in both areas, Linda Koontz, GAO’s director of information management issues, told the House Judiciary Committee’s Commercial and Administrative Law Subcommittee.

For example, as of February 2007, there were 218 systems of records containing personal information at DHS for which no updated public notices had been issued under the Privacy Act, Koontz said. Most of the systems existed at component agencies before the department was formed in 2003.

Privacy officials have been focusing their attention on new systems, not pre-existing ones, so they have fallen far behind and are unlikely to catch up soon, Koontz said. Since the DHS Privacy Office was founded, it has published 56 public notices of systems of records containing personal information.

Issuing public notices for the remaining systems is the biggest challenge the office faces in complying with the Privacy Act, Koontz said.

“By not keeping its notices up-to-date, DHS hinders the public’s ability to understand the nature of DHS systems-of-records notices and how their personal information is being used and protected,” Koontz said.

Furthermore, the Privacy Office is falling behind in conducting privacy impact assessments. According to the office’s determinations, 46 DHS programs required privacy impact assessments in 2005, 143 required them in 2006, and 188 will require them in 2007. But the office has performed only 71 such assessments since it was founded, Koontz said.

In addition, the Privacy Office has damaged its credibility by releasing little information about its activities and generally issuing reports months late.

“Until its reports are issued in a timely fashion, questions about the credibility and authority of the Privacy Office will likely remain,” Koontz testified.

Among its recent recommendations, GAO advised the Privacy Office to develop a policy for the department’s use of data purchased from commercial brokers. Officials indicated that they are developing such a policy, which will be reviewed throughout DHS and by the Office of Management and Budget before it is adopted, Koontz said.

Alice Lipowicz writes for Washington Technology, an 1105 Government Information Group publication.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.