DHS' annual privacy report later than expected, again
The Homeland Security Department’s Privacy Office has released its annual privacy report to Congress several months after the document was expected.
The report to lawmakers, which they received Feb. 4, is the third of its kind since DHS’ inception and not the first one to face delays in publishing.
The first Privacy Office Annual Report that covered April 2003 through June 2004 was released in February 2005. And the second annual report, which was planned to cover July 2004 through June 2005, was postponed after DHS’ chief privacy officer resigned. It was then combined with the following year's filing, creating one report for the period beginning July 2004 to June 2006, which was released in December 2006.
The latest report, which covered July 2006 to July 2007, chronicles the work of DHS’ privacy office and privacy issues of specific programs. The subjects included: Real ID, the Western Hemisphere Travel Initiative, Homeland Security Presidential Directive 12, along with data-mining efforts and the privacy office’s work on RFID technology.
The routine tardiness of the report raises a question about the agency’s commitment to releasing privacy reports to the public, said Lillie Coney, associate director of the Electronic Privacy Information Center, an organization that advocates more privacy protections for persons using electronic communications.
However, Coney said it was important that the report is consistently released on time, as DHS’ inspector general reports are, because of the important privacy issues affected by many of the department’s programs.
“The new programs and policies that they implement have an immediate impact on American citizens,” she added.
Amy Kudwa, a DHS spokeswoman, said that department had hoped to release the report this past September, but the new requirements under the “Implementing Recommendations of the 9/11 Commission Act of 2007,” that became law last summer, caused the delay. She said the report had not been changed substantively since then.
Kudwa also said the results of the privacy report were not subject to the administration’s review before they were published.
Between July 2006 and July 2007, the department had 54 privacy impact analyses approved and published. Two other privacy impact analyses for “National Security Systems for Intelligence and Analysis” were conducted but will not be published because of the sensitivity of the systems.
In addition to chronicling the current state of many of DHS’ programs and data initiatives, the latest report to Congress recapped adjustments to the guidance for how DHS' components should complete privacy impact analyses and changes to the questions asked.
Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, said the committee finally received the report “after a six-month delay and a series of written and verbal requests.”
“While the report revealed that the privacy office is attempting to instill privacy principles at the developmental stage of department policies and programs, it also raised concerns about the privacy office’s ability to integrate these principles into all of the department components,” he said. “As a result, the backlog of programs and policies that operate without proper legal notification to the public and without an assessment of their impact on individual privacy continues to grow.”
Ben Bain is a reporter for Federal Computer Week.