The Department of Homeland Security has released the “2010 Data Mining Report to Congress” (DHS pdf; archive pdf). In a news release, the DHS Privacy Office said, “The Department provides this Report annually to the Congress, as required by the Federal Agency Data Mining Reporting Act. The Report provides detailed descriptions of Department programs in 2010 that fall under the Act’s definition of ‘data mining,’ including discussion of the privacy protections in place in each program. This is the Department’s fifth comprehensive data mining report.” From the executive summary:
In the 2009 DHS Data Mining Report,the DHS Privacy Office identified three DHS programs that engage in activities that meet the Data Mining Reporting Act’s definition of data mining: (1) the Automated Targeting System (ATS) Inbound, Outbound, and Passenger modules administered by U.S. Customs and Border Protection (CBP); (2) the Data Analysis and Research for Trade Transparency System (DARTTS) administered by U.S. Immigration and Customs Enforcement (ICE); and (3) the Freight Assessment System (FAS) administered by the Transportation Security Administration (TSA). This year’s report, covering the time period from December 2009 through November 2010, includes complete descriptions of each of these programs, with updates on modifications, additions, or other developments that have occurred since the 2009 DHS Data Mining Report was issued. After consulting with the DHS components, the DHS Privacy Office identified no additional DHS activities during the current reporting year that meet the Act’s definition of data mining.
The Homeland Security Act of 2002, as amended (Homeland Security Act), expressly authorizes the Department to use data mining, among other analytical tools, in furtherance of its mission. DHS exercises this authority to engage in data mining in the programs discussed in this report, all of which have been reviewed by the DHS Chief Privacy Officer for potential impact on privacy. The Chief Privacy Officer’s authority for reviewing DHS data mining activities stems from three principal sources: the Privacy Act of 1974, as amended (Privacy Act); the E- Government Act of 2002 (E-Government Act); and section 222 of the Homeland Security Act, which states, in part, that the Chief Privacy Officer is responsible for “assuring that the [Department’s] use of technologies sustains, and does not erode, privacy protections relating to the use, collection, and disclosure of personal information.” […]
While each of the programs described below engages to some extent in data mining, none uses data mining to make unevaluated automated decisions about individuals. These programs do not make decisions about individuals solely on the basis of data mining results. In all cases, DHS employees conduct investigations to verify (or disprove) the results of data mining, and then bring their own judgment and experience to bear in making determinations about individuals initially identified through data mining activities.