DHS to consolidate Systems of Records Notices

The Homeland Security Department’s Privacy Office plans to consolidate many of its System of Records Notices (SORNs) to ensure its information systems' privacy implications can be accurately assessed.

When many of the 22 agencies that comprise DHS were folded into the department in 2003, they brought legacy information technology systems and the Privacy Act-required notices for those systems. DHS’ privacy office has been working to review the department’s 200-plus legacy SORNs and consolidate many of them.

For example, the department announced its plans to consolidate the SORNs for a wide range of systems that manage department assets, payroll, personnel, accounts payable and receivable, as well as legal and contractor records. DHS announced the SORN consolidation plans through a series of notifications published in the Federal Register during October.

Agencies are required to publish notifications of new records systems or revisions to existing systems that fall under the Privacy Act. The Office of Management and Budget's Circular A-130 requires the agencies to review the notices every two years.

In a report last year, the Government Accountability Office said by not keeping the notices current, “DHS hinders the public’s ability to understand the nature of DHS systems-of-records notices and how their personal information is being used and protected.”

Hugo Teufel, DHS’ chief privacy officer, said his office has been addressing GAO’s concern by reviewing the legacy notices and consolidating some of them.

Teufel said it took his office months to go through the 200-plus legacy SORNs and assess which systems could be covered by DHS-wide notices and to draft new SORNs that apply to multiple systems across the department.

Teufel said when the consolidation process is complete, his office will have cut the number of SORNs from more than  200 to between 75 and 100.

“The great thing about this project is that it’s an example of how the 22 pieces of the department are coming together," he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.