DHS is mindful that one of its missions is to ensure that privacy, confidentiality, civil rights and civil liberties are not diminished by the Department’s security initiatives. Accordingly, the Department has implemented strong privacy and civil rights and civil liberties standards into all its cybersecurity programs and initiatives from the outset. In order to protect privacy while safeguarding and securing cyberspace, DHS institutes layered privacy responsibilities throughout the Department, embeds fair information practice principles into cybersecurity programs and privacy compliance efforts, and fosters collaboration with cybersecurity partners.
On February 12, 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity. The Executive Order clears the way for more efficient sharing of cyber threat information between government and the private sector, while directing federal departments and agencies to incorporate robust privacy and civil liberty protections into all of their cybersecurity activities. The Executive Order’s privacy protections are based upon the widely-accepted Fair Information Practice Principles, and other applicable privacy and civil liberties frameworks and polices. The Administration has a strong commitment to privacy in cyberspace, including last year unveiling a “Privacy Bill of Rights” based on the Fair Information Practice Principles to protect consumers online.
There are eight Fair Information Practice Principles that serve as the framework for integrating privacy protections into everything we do:
- Individual Participation
- Purpose Specification
- Data Minimization
- Use Limitation
- Data Quality and Integrity
- Accountability and Auditing
Using these principles, DHS ensures privacy is an integral part of its operations, starting from a program’s early development and continuing through its implementation.
DHS is committed to protecting privacy, civil rights, and civil liberties. Successfully implementing the Executive Order and protecting the nation’s cyber and physical infrastructure will require the Department to be transparent. As part of this commitment to transparency, DHS posts its privacy impact assessments and privacy compliance reviews online. The Executive Order also requires regular assessments, and public reporting, of privacy and civil liberties impacts across the federal government.
The President’s actions mark an important milestone in the Department’s ongoing efforts to coordinate the national response to significant cyber incidents while enhancing the efficiency and effectiveness of our work to strengthen the security and resilience of critical infrastructure. In developing the Executive Order, the Administration sought input from stakeholders of all viewpoints in industry, government, and the advocacy community. Their input has been vital in crafting an order that incorporates the best ideas and lessons learned from public and private sector efforts while ensuring that our information sharing incorporates rigorous protections for individual privacy, confidentiality, and civil liberties. Indeed, as we perform all of our cyber-related work, we look forward to engaging all of our stakeholders to achieve cybersecurity together.