Header, homeland security: Office for Domestic Preparedness

 

About the Privacy Office

The DHS Privacy Office is the first statutorily required Privacy Office at any federal agency whose mission is to minimize the impact on the individual’s privacy, particularly the individual’s personal information and dignity, while achieving the mission of the Department of Homeland Security.  It operates under the direction of the Chief Privacy Officer, who is appointed by the Secretary. The DHS Privacy Office serves as the steward of Section 222 of the Homeland Security Act, the Privacy Act of 1974, the Freedom of Information Act, the E-Government Act of 2002 and the numerous laws, Executive Orders, court decisions and DHS policies that protect the collection, use, and disclosure of personal and Departmental information.
Mission Statement
The mission of the DHS privacy office is to minimize the impact on the individual’s privacy, particularly the individual’s personal information and dignity, while achieving the mission of the Department of Homeland Security.
The privacy office will achieve this mission through:

  • Internal education and outreach efforts to imbue a culture of privacy and a respect for fair information principles across the department.
  • Constant communication with individuals impacted by DHS programs to improve our understanding of DHS’s impact, and, where necessary, modify DHS activities—through formal notice, constructive policy discussions, and complaint resolution mechanisms.
  • Encouraging and demanding at all times an adherence to the letter and the spirit of laws promoting privacy, including the Privacy Act of 1974 and the E-Government Act of 2002, as well as widely accepted concepts of fair information principles and practices.

Section 222 of the Homeland Security Act of 2002
The text below is the authorizing legislation for the Privacy Office and details the specific responsibilities for the Chief Privacy Officer:
Section 222 of the Homeland Security Act of 2002 mandates the Secretary shall appoint a senior official in the Department to assume primary responsibility for privacy policy, including:

  1. Assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
  2. Assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
  3. Evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
  4. Conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and
  5. preparing a report to Congress on an annual basis on activities of the Department that affect privacy including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.

 

Chief Privacy Officer

The Chief Privacy Officer of the Department of Homeland Security has oversight over the duties of the Privacy Office.  The Privacy Office is responsible for privacy compliance across DHS, which includes assuring that the technologies used by DHS to protect the United States sustain, and do not erode, privacy protections relating to the use, collection and disclosure of personal and DHS information.  The Privacy Office also has oversight of all privacy policy matters, including compliance with the Privacy Act of 1974, the Freedom of Information Act of 1966 (as amended), and the completion of Privacy Impact Assessments on all new programs, as required by the E-Government Act of 2002 and Section 222 of the Homeland Security Act.  The Privacy Office also evaluates legislative and regulatory proposals involving collection, use and disclosure of personal and DHS information by the Federal Government.

 

Compliance

The Director of Compliance is responsible for establishing and enforcing privacy policy, including privacy impact assessment requirements, for the various electronic and records systems used by DHS.  He/she  reviews and identifies best practices across the various directorates’ privacy  education and training, polices, procedures, protocols, and protections that have been implemented as required by law and DHS and then implementing these best practices agency wide.  Responsibilities also include auditing programs to ensure they remain compliant with rules and regulations and also international agreements, regarding the privacy of U.S. citizens as well as visitors to the United States.  Additional responsibilities include establishing, conducting and monitoring Privacy Act and compliance training throughout the Department for all employees.

 

Disclosure
The Director of Disclosure establishes FOIA and Privacy Act disclosure policy and regulations.  He/she advises the Chief Privacy Officer on FOIA and privacy information release aspects of requests and systems planning.  He/she also provides FOIA guidance to the more than 22 component offices and agencies of DHS and the more than 400 FOIA specialists processing more than 180,000 FOIA and Privacy Act Request each year.  He/she ensures the development of public affairs guidance and training programs are consistent with Departmental policies and regulations and FOIA and Privacy Act training programs of the Privacy Office.  He/she also represents the FOIA interests DHS on various agency and inter-departmental committees and workgroups.

 

International

The Director of International Affairs is responsible for international policy development and also advises on international privacy law and policies.  Responsibilities include monitoring DHS Security activities for their possible impact on international privacy issues and regulations.  He/she also monitors the DHS compliance with international agreements such as the U.S.-European Union Passenger Name Records Undertaking and Agreement which sets guidelines on sharing certain passenger information.  He/she represents the interests of the DHS at international meetings and as a delegate to multilateral and multinational organizations such as the Organization of Economic Cooperation and Development, a 30-member national organization on data protection issues.  He/she also engages in bilateral dialogues with representatives of foreign governments and data protection commissions.

 

Education and Outreach

The Director of Privacy Education and Outreach is responsible for the design, execution, and overall coordination of detailed education and information outreach programs that ensure the short and long range education and training objectives of DHS.   Responsibilities include working in conjunction with all Department components to identify training needs based on job functions, existing and new policies for all levels of employees and contractors.  In addition he/she works with each of the 22 components within DHS to review and update existing privacy training and develop and manage in-person, video and web-based training, plus a comprehensive program for tracking employee training and required updates.

 

Technology

The Director of Privacy Technology is responsible for coordinating the integration of privacy awareness and protections with the Department’s development and use of information technologies.  This is accomplished primarily through an ongoing dialogue with members of the Department’s scientific and technology components.  As new technologies and technology-rich programs are developed within the DHS, the Director of Privacy Technology ensures that privacy is one of the first and prominent issues considered.  At the same time, he/she brings the details of the nature and use of technology back to the DHS Privacy Office to keep the policy and legal architecture of privacy grounded in the hard science of information technology.