Federal Computer Week reports on a new Federal Register notice from the Department of Homeland Security that is raising privacy questions. DHS is seeking to make changes to the Personal Identity Verification and Identity Management System; the last Privacy Impact Assessment for this system (pdf) was released on June 18. The information will be used for the HSPD-12 ID card system, which “covers all DHS employees, contractors and their employees, consultants, and volunteers who require long-term access to DHS facilities and computer systems, the department said. The system also has been expanded to cover federal emergency responders, foreign nationals on assignment and other federal employees detailed to DHS.”

DHS is updating the Personal Identity Verification and Identity Management System to support measures in Homeland Security Presidential Directive 12 that pertain to who gets access to buildings and computer systems.

But the new categories of data are raising eyebrows, especially the ones requiring a mother’s maiden name and financial history. [...]

The new categories of data also include the employee or contractor’s own maiden name, clearance level, identifying physical information, duty date and weapons-bearer designation.

DHS already collects date of birth, Social Security number, organizational and employee affiliation, fingerprints, digital color photograph, digital signature and telephone number.

Some are raising questions about the possibilities of identity theft and privacy violations:

Jim Harper, director of information policy studies at the Cato Institute, said the expanded data collection seems to increase the risks of possible identity theft and privacy loss for employees and contractors. Financial institutions often use mother’s maiden name as an added layer of authentication for people trying to gain access to bank accounts or other financial holdings. If there were to be a data breach that allowed identity thieves to get the personal information that DHS is now requiring, knowing someone’s mother’s maiden name could give the thieves easier access to that person’s accounts, he said.

A DHS Privacy Impact Assessment Update issued on the HSPD-12 program June 18 said the expanded amount of information collection presents no additional privacy risks. It states that all the information will be secured and protected under existing policies.

This entry was posted on Friday, July 10th, 2009 and is filed under Anonymity, Biometrics, Civil liberties, Fourth Amendment, Identification, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• Federal Computer Week: DHS approves enhanced tribal ID cards
• Events of Interest: Federal Trade Commission Conference on International Aspects of Securing Personal Data (March 16-17)
• Events of Interest: Federal Trade Commission Workshop on Protecting Personal Data (Nov. 13)