• Categories

  • Archives

    « Home

    DHS Data Privacy Committee Releases Privacy and Technology Recommendations for a Federated Information-Sharing System

    UPDATE: DPIAC member Barry Steinhardt has written a statement (DPIAC pdf; archive pdf) about the report that he describes as being “more in the way of a partial concurrence than a pure dissent.” Steinhardt wrote that he agrees with much of the DPIAC report, “But, as explained below, I could not vote in favor of a report that contained conflicting statements regarding the critical question of the creation of a new centralized database containing search results.” [Disclosure: Steinhardt is a friend and colleague.]

    The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee has released a new report, “Privacy Policy and Technology Recommendations for a Federated Information-Sharing System” (DPIAC pdf; archive pdf). The committee says its work, as defined under the Federal Advisory Committee Act, “is to provide advice on programmatic, policy, operational, administrative and technological issues within DHS that relate to personally identifiable information (PII), as well as data integrity and other privacy-related issues.”

    The report is a response to a request by DHS Chief Privacy Officer Mary Ellen Callahan. The report notes that “the Department is in the process of creating a policy framework and a technology architecture for enhancing DHS’s information-sharing capabilities,” and details suggestions for this new framework and architecture.

    Currently, the information sharing environment at DHS is composed of individual systems intended to support the unique missions of the various DHS components. The data are used within those systems, which essentially comprise a series of stovepipes, to support the unique functions of the distinct DHS components. The new information-sharing project aims to create a federated system to facilitate efficient and effective data sharing among the various DHS components.

    We understand that there are two possible approaches in designing such a system. One approach envisions a centralized database at the “hub,” which would contain pointers to participating component databases, the queries of users searching for information in other component databases, and the results of those queries. The hub also would contain an audit log. An alternative approach would be to retain far less information at the hub, limited to pointers to participating component databases and an audit log. The audit log would retain the queries and information on the users.

    As discussed in detail in this white paper, the Committee believes the latter approach, with minimal data stored at the hub, would be preferable (assuming little or no reduction in effectiveness of the proposed data-sharing project), reducing the possibility of adverse privacy impacts and database management challenges.

    The committee say it “believes the key privacy policy issues associated with such a federated system fall within the following broad categories: (a) controlling access and use, (b) applicable privacy policies, (c) data integrity and quality assurance, (d) accountability and audit, (e) data security and data retention, and (f) redress.” Read the full report for more from the committee, including how it would address each of the issues.

    One Response to “DHS Data Privacy Committee Releases Privacy and Technology Recommendations for a Federated Information-Sharing System”

    1. Tweets that mention » Privacy Lives » Blog Archive » DHS Data Privacy Committee Releases Privacy and Technology Recommendations for a Federated Information-Sharing System Says:

      […] This post was mentioned on Twitter by law_innovation, normative, techpolicy, open_digital, chuckcosson, gl33p, msbrumfield, dsalons, and privacyphd. privacyphd said: […]

    Leave a Reply