DHS to consolidate Systems of Records Notices
The Homeland Security Department’s Privacy Office plans to consolidate many of its System of Records Notices (SORNs) to ensure its information systems' privacy implications can be accurately assessed.
When many of the 22 agencies that comprise DHS were folded into the department in 2003, they brought legacy information technology systems and the Privacy Act-required notices for those systems. DHS’ privacy office has been working to review the department’s 200-plus legacy SORNs and consolidate many of them.
For example, the department announced its plans to consolidate the SORNs for a wide range of systems that manage department assets, payroll, personnel, accounts payable and receivable, as well as legal and contractor records. DHS announced the SORN consolidation plans through a series of notifications published in the Federal Register during October.
Agencies are required to publish notifications of new records systems or revisions to existing systems that fall under the Privacy Act. The Office of Management and Budget's Circular A-130 requires the agencies to review the notices every two years.
In a report last year, the Government Accountability Office said by not keeping the notices current, “DHS hinders the public’s ability to understand the nature of DHS systems-of-records notices and how their personal information is being used and protected.”
Hugo Teufel, DHS’ chief privacy officer, said his office has been addressing GAO’s concern by reviewing the legacy notices and consolidating some of them.
Teufel said it took his office months to go through the 200-plus legacy SORNs and assess which systems could be covered by DHS-wide notices and to draft new SORNs that apply to multiple systems across the department.
Teufel said when the consolidation process is complete, his office will have cut the number of SORNs from more than 200 to between 75 and 100.
“The great thing about this project is that it’s an example of how the 22 pieces of the department are coming together," he said.
Ben Bain is a reporter for Federal Computer Week.