The DHS Privacy Office serves as both an advisor and oversight body for the Department’s privacy-sensitive programs and systems.
Privacy Compliance Reviews
The Privacy Compliance Review (PCR) is designed as a collaborative effort to help improve a program’s ability to comply with existing privacy compliance documentation, including Privacy Impact Assessments (PIA), System of Records Notices (SORN), formal agreements such as Memoranda of Understanding or Memoranda of Agreements, or at the DHS Chief Privacy Officer’s discretion. A PCR may result in a public report or internal recommendations, depending upon the sensitivity of the program under review.
The DHS Privacy Office tracks implementation of PCR recommendations based on supporting evidence provided by the Component Privacy Office and/or Program reviewed. PCR recommendations that have yet to be implemented according to DHS Instruction 047-01-004 are listed here:
Completed PCRs in alphabetical order:
- Analytical Framework for Intelligence
- Countering Violent Extremism Grant Program
- DHS Use of Social Media for Communications and Outreach
- Electronic System for Travel Authorization (ESTA)
- Enhanced Cybersecurity Services (ECS) Program
- FEMA's Information Sharing Practices
- ICE Pattern Analysis and Information Collection Law Enforcement Information Sharing Service
- Media Monitoring Initiative
- Office of the Chief Human Capital Officer
- Passenger Name Records Reviews
- Science and Technology Directorate
- Section 1367 Privacy Incidents
- Southwest Border Pedestrian Exit Field Test
- USCIS Customer Profile Management Service & National Appointment Scheduling System
- U.S. Secret Service (USSS)
Although the PCR is designed as a proactive and constructive mechanism, it is possible that potentially egregious behavior could be uncovered during the PCR. Should this occur, the DHS Privacy Office will either refer the matter to the DHS Office of Inspector General to investigate, or convert the PCR into a formal investigation conducted under the Chief Privacy Officer’s investigative authority. The DHS Chief Privacy Officer is authorized to conduct investigations and issue reports relating to the administration of the programs and operations of the Department as are, in the senior official’s judgment, necessary or desirable.