DHS to consolidate Systems of Records Notices

The Homeland Security Department’s Privacy Office plans to consolidate many of its System of Records Notices (SORNs) to ensure its information systems' privacy implications can be accurately assessed.

When many of the 22 agencies that comprise DHS were folded into the department in 2003, they brought legacy information technology systems and the Privacy Act-required notices for those systems. DHS’ privacy office has been working to review the department’s 200-plus legacy SORNs and consolidate many of them.

For example, the department announced its plans to consolidate the SORNs for a wide range of systems that manage department assets, payroll, personnel, accounts payable and receivable, as well as legal and contractor records. DHS announced the SORN consolidation plans through a series of notifications published in the Federal Register during October.

Agencies are required to publish notifications of new records systems or revisions to existing systems that fall under the Privacy Act. The Office of Management and Budget's Circular A-130 requires the agencies to review the notices every two years.

In a report last year, the Government Accountability Office said by not keeping the notices current, “DHS hinders the public’s ability to understand the nature of DHS systems-of-records notices and how their personal information is being used and protected.”

Hugo Teufel, DHS’ chief privacy officer, said his office has been addressing GAO’s concern by reviewing the legacy notices and consolidating some of them.

Teufel said it took his office months to go through the 200-plus legacy SORNs and assess which systems could be covered by DHS-wide notices and to draft new SORNs that apply to multiple systems across the department.

Teufel said when the consolidation process is complete, his office will have cut the number of SORNs from more than  200 to between 75 and 100.

“The great thing about this project is that it’s an example of how the 22 pieces of the department are coming together," he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.