The activities of the Privacy Office serve to build privacy into departmental programs. The following is a framework of privacy laws through which the Privacy Office accomplishes its activities and mission:
- Privacy Act of 1974, as amended (5 U.S.C. § 552a): Embodies a code of fair information principles that governs the collection, maintenance, use, and dissemination of personally identifiable information by federal agencies;
- E-government Act of 2002 (Public Law 107-347): Mandates Privacy Impact Assessments (PIAs) for all Federal agencies when there are new collections of, or new technologies applied to, personally identifiable information;
- Freedom of Information Act of 1966, as amended (5 U.S.C § 552): Implements the principles that persons have a fundamental right to know what their government is doing;
- Homeland Security Act of 2002, as amended (6 U.S.C. 552): Creates the Chief Privacy Officer at DHS with responsibilities to ensure privacy and transparency in government are implemented throughout the Department; and
- Implementing the Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53): Amends the Homeland Security Act to give new authorities to the Chief Privacy Officer.
The responsibilities of the Chief Privacy Officer, as set forth in Section 222 of the Homeland Security Act of 2002, as amended:
SEC. 222. [6 U.S.C. 142] PRIVACY OFFICER.
(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
(2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
(3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
(4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected;
(5) coordinating with the Officer for Civil Rights and Civil Liberties to ensure that—
(A) programs, policies, and procedures involving civil rights, civil liberties, and privacy considerations are addressed in an integrated and comprehensive manner; and
(B) Congress receives appropriate reports on such programs, policies, and procedures; and
(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.
(b) AUTHORITY TO INVESTIGATE.—
(1) IN GENERAL.—The senior official appointed under subsection (a) may—
(A) have access to all records, reports, audits, reviews, documents, papers, recommendations, and other materials available to the Department that relate to programs and operations with respect to the responsibilities of the senior official under this section;
(B) make such investigations and reports relating to the administration of the programs and operations of the Department as are, in the senior official’s judgment, necessary or desirable;
(C) subject to the approval of the Secretary, require by subpoena the production, by any person other than a Federal agency, of all information, documents, reports, answers, records, accounts, papers, and other data and documentary evidence necessary to performance of the responsibilities of the senior official under this section; and
(D) administer to or take from any person an oath, affirmation, or affidavit, whenever necessary to performance of the responsibilities of the senior official under this section. 7 ‘‘
(2) ENFORCEMENT OF SUBPOENAS.—Any subpoena issued under paragraph (1)(C) shall, in the case of contumacy or refusal to obey, be enforceable by order of any appropriate United States district court.
(3) EFFECT OF OATHS.—Any oath, affirmation, or affidavit administered or taken under paragraph (1)(D) by or before an employee of the Privacy Office designated for that purpose by the senior official appointed under subsection (a) shall have the same force and effect as if administered or taken by or before an officer having a seal of office.
(c) SUPERVISION AND COORDINATION.—
(1) IN GENERAL.—The senior official appointed under subsection (a) shall—
(A) report to, and be under the general supervision of, the Secretary; and
(B) coordinate activities with the Inspector General of the Department in order to avoid duplication of effort.
(2) COORDINATION WITH THE INSPECTOR GENERAL.—
(A) IN GENERAL.—Except as provided in subparagraph (B), the senior official appointed under subsection (a) may investigate any matter relating to possible violations or abuse concerning the administration of any program or operation of the Department relevant to the purposes under this section.
(i) REFERRAL.—Before initiating any investigation described under subparagraph (A), the senior official shall refer the matter and all related complaints, allegations, and information to the Inspector General of the Department.
(ii) DETERMINATIONS AND NOTIFICATIONS BY THE INSPECTOR GENERAL.—
(I) IN GENERAL.—Not later than 30 days after the receipt of a matter referred under clause (i), the Inspector General shall—
(aa) make a determination regarding whether the Inspector General intends to initiate an audit or investigation of the matter referred under clause (i); and
(bb) notify the senior official of that determination.
(II) INVESTIGATION NOT INITIATED.—If the Inspector General notifies the senior official under subclause (I)(bb) that the Inspector General intended to initiate an audit or investigation, but does not initiate that audit or investigation within 90 days after providing that notification, the Inspector General shall further notify the senior official that an audit or investigation was not initiated. The further notification under this subclause shall be made not later than 3 days after the end of that 90-day period.
(iii) INVESTIGATION BY SENIOR OFFICIAL.—The senior official may investigate a matter referred under clause if—
(I) the Inspector General notifies the senior official under clause (ii)(I)(bb) that the Inspector General does not intend to initiate an audit or investigation relating to that matter; or
(II) the Inspector General provides a further notification under clause (ii)(II) relating to that matter.
(iv) PRIVACY TRAINING.—Any employee of the Office of Inspector General who audits or investigates any matter referred under clause (i) shall be required to receive adequate training on privacy laws, rules, and regulations, to be provided by an entity approved by the Inspector General in consultation with the senior official appointed under subsection (a).
(d) NOTIFICATION TO CONGRESS ON REMOVAL.— If the Secretary removes the senior official appointed under subsection (a) or transfers that senior official to another position or location within the Department, the Secretary shall—
(1) promptly submit a written notification of the removal or transfer to Houses of Congress; and
(2) include in any such notification the reasons for the removal or transfer.
(e) REPORTS BY SENIOR OFFICIAL TO CONGRESS.—The senior official appointed under subsection (a) shall—
(1) submit reports directly to the Congress regarding performance of the responsibilities of the senior official under this section, without any prior comment or amendment by the Secretary, Deputy Secretary, or any other officer or employee of the Department or the Office of Management and Budget; and
(2) inform the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives not later than—
(A) 30 days after the Secretary disapproves the senior official’s request for a subpoena under subsection (b)(1)(C) or the Secretary substantively modifies the requested subpoena; or
(B) 45 days after the senior official’s request for a subpoena under subsection (b)(1)(C), if that subpoena has not either been approved or disapproved by the Secretary.