The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee has released a draft letter to new DHS Secretary Janet Napolitano and Acting Chief Privacy Officer John W. Kropf (who replaces Hugo Teufel as CPO).
The committee will discuss privacy issues during a public conference call today at 1 p.m. ET. “Members of the public are welcome to listen to the meeting by calling (800) 320-4330 and entering Pin Number 215132. The number of teleconference lines is limited, however, and lines will be available on a first-come, first-served basis.”
Some key issues highlighted by the committee:
Border Searches and Seizures of Stored Digital Information. This is currently a highly visible and sensitive issue. While certain DHS components may have legal authority to conduct border searches, there is a significant difference between looking at paper documents and searching through the volume of digital information that can be carried by travelers. The Privacy Office should have a role in reviewing current policies and practices for searches and seizures of digital information and developing guidelines to integrate privacy protections into these processes. […]
REAL ID: Despite the best efforts of the Privacy Office and the Committee, the final rule under the REAL ID Act does not fully address privacy and data security. The Committee has made recommendations for strengthening the rule in this regard in its Report No. 2007-01. The rule leaves states in the position of subjecting their residents’ personal information to the vulnerabilities of the state with the weakest protections. Since the rule has not yet gone into full effect, given the absence of the reference databases, it should at least be reviewed and considered for revision to better address privacy and data security issues regarding the shared state data. In addition, the rule’s provision allowing for the placement of unencrypted personal information in the machine-readable zone, which encourages inappropriate data collection and mission creep, should be reviewed and considered for revision.
Some recommendations on the DHS Privacy Office from the draft letter:
Structure of the Privacy Office. The Committee believes that the Privacy Office should remain a separate office within the Department of Homeland Security (DHS or Department), with the Chief Privacy Officer reporting directly to the Secretary. The Office should not be merged with the Office for Civil Rights and Civil Liberties, which the Committee understands serves a function that is different from that of the Privacy Office. Where the Privacy Office builds programs to effectuate privacy rights, the Civil Liberties Office focuses on community relations and civil rights. Although the offices should work closely together, they have somewhat different perspectives. It is important to have two different offices to address issues from their varying perspectives. The Chief Privacy Officer should be a person who is trusted by the Secretary as a member of the DHS senior management team. He or she should be someone who has a proven record of leadership and decisiveness, and who acknowledges the value of privacy as the foundation for a democracy. The Chief Privacy Officer should be a strategic thinker (not solely a functionary who knows the
Privacy Act). […]
Component Privacy Officers. The Committee believes that each DHS component should have a dedicated, accountable privacy officer. Those individuals should report directly to the component head as advisors on privacy issues, with dotted line reporting to the Chief Privacy Officer. […]
Data Integrity Initiative. A prerequisite for privacy protection, as well as for extracting value from our bits and bytes, is to safeguard the integrity of data. Continued focus on and commitment to data integrity can increase the usefulness to the Department of personal data and also help ensure that the Department is adequately protecting what needs protection. The Committee recommends that DHS launch an initiative, led by the Privacy Office, to develop a rigorous and methodical approach to data integrity. […]
The Privacy Act. The Privacy Act of 1974 has not kept pace with the evolution of technology and developments in how data is collected, used, shared and stored. To the extent the Secretary is asked to submit recommendations to Congress for making the Act more relevant and effective, the Committee recommends that the Secretary seek guidance from the Privacy Office staff, who are experts in applying the Act’s provisions throughout the Department.
Here’s some background info on the committee: “The DHS Data Privacy and Integrity Advisory Committee provides advice at the request of the Secretary of Homeland Security and the DHS Chief Privacy Officer on programmatic, policy, operational, administrative, and technological issues within the DHS that relate to personally identifiable information, as well as data integrity and other privacy-related matters. The committee was established by the Secretary of Homeland Security under the authority of 6 U.S.C. section 451 (pdf) and operates in accordance with the provisions of the Federal Advisory Committee Act (FACA) (5 U.S.C. App)”