The Department of Homeland Security’s Privacy Office has released its annual report (12 MB pdf) to Congress. The report focuses on the following “core activities”:
- Requiring compliance with federal privacy and disclosure laws and policies in all DHS programs, systems, and operations;
- Centralizing Freedom of Information Act (FOIA) and Privacy Act operations to provide policy and programmatic oversight, to support operational implementation within the DHS components, and to ensure the consistent handling of disclosure requests;
- Providing leadership and guidance to promote a culture of privacy and adherence to the Fair Information Practice Principles (FIPPs) across the Department;
- Advancing privacy protections throughout the Federal Government through active participation in interagency fora;
- Conducting outreach to the Department’s international partners to promote understanding of the U.S. privacy framework generally and the Department’s role in protecting individual privacy; and,
- Ensuring transparency to the public through published materials, reports, formal notices, public workshops, and meetings.
The report also focuses on the office’s “five strategic goals”:
- Goal 1 (Privacy and Disclosure Policy): Foster a culture of privacy and transparency, and demonstrate leadership through policy and partnerships;
- Goal 2 (Advocacy): Provide outreach, education, training, and reports in order to promote privacy and openness in homeland security;
- Goal 3 (Compliance): Ensure that DHS complies with federal privacy and disclosure laws and policies and adheres to the DHS FIPPs;
- Goal 4 (Oversight): Conduct robust oversight on embedded privacy protections and disclosures in all DHS activities; and
- Goal 5 (Workforce Excellence): Develop and maintain the best privacy and disclosure professionals in the Federal Government.
In terms of oversight, the office’s work this past year included “Conduct[ing] a comprehensive review of the Department’s compliance with the Automated Targeting System (ATS) PIA and SORN, and the 2011 U.S. – EU Passenger Name Record (PNR) Agreement4 in advance of the July 2013 Joint Review with the European Commission” and “Based on the January 2012 PCR5 of the EINSTEIN Program, NPPD developed and implemented a quarterly review process for PII handling associated with cyber incident reporting and information sharing to ensure that the handling of PII is consistent with five recommendations to improve privacy protections.”
Read the full 12 MB report.