In accordance with the Homeland Security Act of 2002, Section 222a (1) (as modified), the Department of Homeland Security (DHS) Chief Privacy Officer is authorized to…make such investigations and reports relating to the administration of the programs and operations of the Department as are, in the senior official's judgment, necessary or desirable.
OIG Privacy Incident Report and Assessment, February 2011, (PDF, 45 pages - 1.01 MB) Chief Privacy Officer (CPO) Mary Ellen Callahan issued a public report on a privacy incident involving the Office of Inspector General (OIG) and contractor KPMG. The report makes findings and recommendations addressing compliance with privacy policies and recommends steps for prevention and mitigation of similar privacy incidents.
Privacy Compliance Reviews
The DHS Privacy Office exercises its authority under Section 222 of the Homeland Security Act to assure that technologies sustain and do not erode privacy protections through the conduct of Privacy Compliance Reviews (PCRs). Consistent with the Privacy Office's unique position as both and advisor and oversight body for the Department's privacy sensitive programs and systems, the PCR is designed as a constructive mechanism to improve a program’s ability to comply with assurances made in existing privacy compliance documentation including Privacy Impact Assessments (PIAs), System of Records Notices (SORNs) and/or formal agreements such as Memoranda of Understanding or Memoranda of Agreements.
The most recent PCR is listed first.
Enhanced Cybersecurity Services (ECS) Program
Enhanced Cybersecurity Services (ECS) Program, April 9, 2015, (PDF, 26 pages). ECS is a voluntary DHS program in which the National Protection and Programs Directorate’s (NPPD) Cybersecurity and Communications provides indicators of malicious cyber activity to participating commercial service providers. The purpose of the program is to assist the owners and operators of critical infrastructure in enhancing their ability to protect their systems from unauthorized access, exploitation, or data exfiltration through a voluntary information sharing program. In performing the PCR, the DHS Privacy Office found that NPPD developed the ECS Program and its related processes with privacy-protective objectives in mind. NPPD continues to operate the ECS Program and its related processes with strong privacy oversight, which allows NPPD to identify and mitigate privacy risks as the program evolves and matures.
Analytical Framework for Intelligence
Analytical Framework for Intelligence, December 19, 2014 (PDF, 34 pages). The Department of Homeland Security (DHS) U.S. Customs and Border Protection (CBP), Office of Intelligence and Investigative Liaison (OIIL) developed the Analytical Framework for Intelligence (AFI) to enhance DHS’s ability to identify, apprehend, and prosecute individuals who pose a potential law enforcement or security risk, and to improve border security. AFI augments DHS’s ability to gather and develop information about persons, events, and cargo of interest by creating an index of the relevant data in existing operational systems and providing DHS AFI analysts with tools that assist in identifying non-obvious relationships. AFI allows analysts to generate tactical, operational, and strategic law enforcement intelligence products. Finished intelligence products better inform finished intelligence product users about why an individual or cargo may be of greater security interest based on the targeting and derogatory information identified in or through CBP’s existing data systems.
The DHS Privacy Office and CBP issued a Privacy Impact Assessment (PIA) and System of Records Notice (SORN) for AFI in 2012. Due to the sensitive nature of the AFI system, including its search and aggregation capabilities, AFI was developed in coordination with the DHS Privacy Office to minimize privacy risks. These privacy risks are identified and discussed in the 2012 AFI PIA. The DHS Privacy Office also required that AFI undergo a PCR within 12 months of the system’s operational deployment. The objective of this PCR is to assess compliance with the existing compliance documentation published by AFI and ensure the privacy protections in the PIA are followed. This is the first PCR on the AFI system. Between August 2013 and May 2014, the DHS Privacy Office Oversight Team assessed these privacy protections.
The DHS Privacy Office finds that CBP OIIL developed AFI with privacy-protective objectives and continues to operate AFI with sensitivity to privacy and data aggregation risks. During the two years since AFI’s launch, however, CBP has employed new search, analysis, and storage tools that have consolidated more data than was contemplated during the original privacy analysis in the PIA. Accordingly, the DHS Privacy Office makes sixteen (16) specific recommendations for CBP in order to enhance AFI privacy protections commensurate with AFI’s use of these new tools.
DHS Use of Social Media for Communications and Outreach
DHS Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue, and DHS Use of Unidirectional Social Media Applications Communications and Outreach March 28, 2012 (PDF, 10 pages - 96 KB) DHS utilizes social media for communications, public affairs, and outreach purposes and has an official presence on many of the major social media platforms such as Facebook, Twitter, and YouTube. To ensure DHS' use of social media for communications/outreach/dialogue with the public adheres to privacy requirements, DHS developed two Department-wide privacy impact assessments (PIAs): a PIA for Department use of social networking interactions and applications; and a PIA for Department use of unidirectional social media. If an initiative meets the PIA requirements, it is added to the Appendix of the appropriate PIA through the Social Media Privacy Threshold Analysis process. As noted in the PIAs, these initiatives are subject to Privacy Compliance Reviews (PCRs).
The DHS Privacy Office conducted this PCR to: 1) determine whether selected DHS social media uses listed in the DHS-wide social media PIA appendices continue to meet the requirements as described in the PIAs; and 2) to determine if the appendices of the DHS-wide social media PIAs reflect an accurate accounting of DHS users.
EINSTEIN Program January 3, 2012 (PDF, 9 pages -112, KB) The DHS National Protection and Programs Directorate (NPPD) National Cyber Security Division (NCSD) launched the EINSTEIN program in 2004 as a computer network intrusion detection system to help protect federal executive agency information technology enterprises. NCSD conducted PIAs for each phase of the EINSTEIN program, which the DHS Privacy Office reviewed and approved. As NCSD looks ahead toward the next phase of the program to EINSTEIN 3, the DHS Privacy Office determined that conducting a PCR would be timely to ensure the accuracy of compliance documentation and transparency of the EINSTEIN program moving forward.
The DHS Privacy Office found NPPD/NCSD generally compliant with the requirements outlined in the EINSTEIN 2 PIA and Initiative 3 Exercise PIA. Specifically, NPPD/NCSD is fully compliant on collection of information, use of information, internal sharing and external sharing with federal agencies, and accountability requirements. PRIV identified actions taken to address retention and training requirements as outlined in the relevant EINSTEIN PIAs, but additional actions by the program are needed to bring them into full compliance with these requirements. The DHS Privacy Office is making five recommendations to strengthen program oversight, external sharing, and bring NPPD/NCSD into full compliance with retention and training requirements. NPPD agreed with our findings and is taking steps to address our recommendations.
- Privacy Compliance Review Follow-Up Letter for the EINSTEIN Program, August 26, 2014 (PDF, 7 pages).
Immigration and Customs Enforcement Pattern Analysis and Information Collection Law Enforcement Intelligence Sharing Service
ICE Pattern Analysis and Information Collection Law Enforcement Information Sharing Service December 15, 2011, (PDF, 6 pages – 98.25KB). The U.S. Government Accountability Office (GAO) recently conducted a review of the selected DHS systems that support counterterrorism including the U.S. Immigration and Customs Enforcement Pattern Analysis and Information Collection System (ICEPIC) Law Enforcement Sharing (LEIS) Service. GAO’s review found that the LEIS Service was not described in the Privacy Impact Assessment (PIA) that was approved for the ICEPIC system in January 2008. Given E-Government Act and DHS policy requirements for conducting PIAs, GAO recommended that the Chief Privacy Officer investigate whether the LEIS component of ICEPIC should be deactivated until a PIA that includes this component was approved. DHS concurred with the recommendation and as a result of the report findings and recommendations, the DHS Privacy Office initiated this Privacy Compliance Review (PCR).
ICEPIC is a toolset that assists the U.S. Immigration and Customs Enforcement (ICE) law enforcement agents and analysts in identifying suspect identities and discovering possible non-obvious relationships among individuals and organizations that are indicative of violations of the customs and immigration laws as well as possible terrorist threats and plots. The LEIS Service allows external law enforcement officers (federal, state, local, tribal and international partners) direct access to certain DHS law enforcement data sources compiled by ICEPIC. The objectives of our review were to 1) identify the cause of the privacy compliance gap regarding the LEIS Service and 2) evaluate whether the compliance gap warranted a deactivation of the LEIS Service until the PIA could be approved.
Media Monitoring Initiative
Media Monitoring Initiative, May 21, 2015 (PDF, 12 pages). Privacy Compliance Reviews (PCR) are a key aspect of the layered privacy protections built into the Media Monitoring Initiative to ensure that the protections described in the PIAs are followed. This is the 7th PCR since the first PIA was published in June 2010. The DHS Privacy Office conducted this seventh PCR to assess compliance with both the May 2015 PIA Update and the May 2015 SORN. We found that the Office of Operations Coordination and Planning, National Operations Center, continues to be in compliance with the privacy requirements identified in both of these documents, and our specific findings are discussed herein.
- Media Monitoring Initiative, April 16, 2014 (PDF, 24 pages).
- Media Monitoring Initiative, November 8, 2012 (PDF, 25 pages - 2.59 MB).
- Media Monitoring Initiative May 3, 2012 (PDF, 33 pages – 898 KB)
- Media Monitoring Initiative November 15, 2011 (PDF, 6 pages – 150 KB)
- Media Monitoring Initiative February 7, 2011 (PDF, 6 pages – 133 KB)
- 2010 Winter Olympics Social Media Event Monitoring Initiative and Haiti Social Media Disaster Monitoring Initiative August 23, 2010 (PDF, 6 pages – 125.18 KB)
Passenger Name Records
The Passenger Name Record (PNR) Agreement between the United States and the European Union (EU) makes possible the transfer of certain passenger data to Customs and Border Protection (CBP) in order to facilitate safe and efficient travel. The documents below demonstrate the progression of the Agreement since its inception and include subsequent reviews conducted by both the United States and the EU to ensure compliance with the Agreement.
- 2015 DHS PNR Privacy Review, June 26, 2015
- European Commission letter to the European Parliament and the Council on the outcome of the joint review of the U.S. – EU PNR Agreement, November 27, 2013
- European Commission Report of the Joint Review of the implementation of the Agreement between the European Union and the United States of America on the processing and transfer of passenger name records to the United States Department of Homeland Security, November 27, 2013
- DHS PNR Privacy Review. July 3, 2013
- European Commission Report on the Joint Review of the U.S.-E.U. Passenger Name Record Agreement, April 7, 2010
- Department Response to the European Commission's Report on the Joint Review of the U.S.-E.U. Passenger Name Record Agreement, March 31, 2010
- Update to the 2008 Report Concerning Passenger Name Record Information Derived from Flights Between the U.S. and the European Union, February 2010
- Privacy Office Report Concerning Passenger Name Record Information Derived from Flights Between the U.S. and the European Union, December 2008
- Privacy Office Report Concerning Passenger Name Record Information Derived from Flights Between the U.S. and the European Union, September 19, 2005
- Related Privacy Impact Assessments. See DHS/CBP/PIA-006.
- DHS Procedures for Access, Correction or Rectification, and Redress for Passenger Name Record, July 27, 2012
- CBP Passenger Name Record Privacy Statement for PNR Data Received in Connection with Flights Between the U.S. and the European Union
- Answers to Frequently Asked Questions