DHS to launch new system for insider threat data

The Department of Homeland Security is planning a new system to centralize data on potential insider threats, according to a Feb. 26 public notice published on Regulations.gov.

The new system casts a wide net in term of information collection. This Insider Threat Program system of records includes basic biographical data, information from security clearance form questionnaires, government or contractor ID credentials, investigative records related to DHS personnel security programs, medical data, financial data and public-facing social media. Biometrics, including fingerprints and voiceprints, are also specified.

The notice states that the system will collect and retain records of investigative or analytic insider threat investigations, as well as IT activity.

In addition to official sources and background-check data, records can come from informants, news media and social media.

DHS plans to cut a wide swath in terms of whose data could end up in the system. In addition to DHS employees and contractors, the system will cover anyone authorized by DHS to enter its facilities or access its IT systems – including state, local, and tribal law enforcement.

DHS also is planning a rulemaking to exempt this system from certain Privacy Act provisions, including the notification of those whose data is stored within the system – because it is considered a law enforcement database.

In the notice, DHS said the system is part of the implementation of a 2011 executive order, which requires agencies to establish insider threat programs.

The DHS insider threat system of records becomes effective on March 28; the agency is taking public comments on it until that date.