Homeland Security:
DHS Privacy Office Has Made Progress but Faces Continuing Challenges
GAO-07-1024T: Published: Jul 24, 2007. Publicly Released: Jul 24, 2007.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-6240
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
The Department of Homeland Security (DHS) Privacy Office was established with the appointment of the first Chief Privacy Officer in April 2003, as required by the Homeland Security Act of 2002. The Privacy Office's major responsibilities include: (1) reviewing and approving privacy impact assessments (PIA)--analyses of how personal information is managed in a federal system, (2) integrating privacy considerations into DHS decision making and ensuring compliance with the Privacy Act of 1974, and (3) preparing and issuing annual reports and reports on key privacy concerns. GAO was asked to testify on its recent report examining progress made by the DHS Privacy Office in carrying out its statutory responsibilities. GAO compared statutory requirements with Privacy Office processes, documents, and activities.
The DHS Privacy Office has made significant progress in carrying out its statutory responsibilities under the Homeland Security Act and its related role in ensuring compliance with the Privacy Act of 1974 and E-Government Act of 2002, but more work remains to be accomplished. Specifically, the Privacy Office has established a compliance framework for conducting PIAs, which are required by the E-Gov Act. The framework includes formal written guidance, training sessions, and a process for identifying systems requiring such assessments. The framework has contributed to an increase in the quality and number of PIAs issued as well as the identification of many more affected systems. The resultant workload is likely to prove difficult to process in a timely manner. Designating privacy officers in certain DHS components could help speed processing of PIAs, but DHS has not yet taken action to make these designations. The Privacy Office has also taken actions to integrate privacy considerations into the DHS decision-making process by establishing an advisory committee, holding public workshops, and participating in policy development. However, limited progress has been made in one aspect of ensuring compliance with the Privacy Act--updating public notices for systems of records that were in existence prior to the creation of DHS. These notices should identify, among other things, the type of data collected, the types of individuals about whom information is collected, and the intended uses of the data. Until the notices are brought up-to-date, the department cannot assure the public that the notices reflect current uses and protections of personal information. Further, the Privacy Office has generally not been timely in issuing public reports. For example, a report on the Multi-state Anti-Terrorism Information Exchange program--a pilot project for law enforcement sharing of public records data--was not issued until long after the program had been terminated. Late issuance of reports has a number of negative consequences, including a potential reduction in the reports' value and erosion of the office's credibility.
Oct 11, 2018
Coast Guard Acquisitions:
Lessons Learned to Inform Coast Guard and NOAA Shipbuilding EffortsGAO-19-147T: Published: Oct 11, 2018. Publicly Released: Oct 11, 2018.
Sep 21, 2018
-
Chemical Terrorism:
A Strategy and Implementation Plan Would Help DHS Better Manage Fragmented Chemical Defense Programs and ActivitiesGAO-18-562: Published: Aug 22, 2018. Publicly Released: Sep 21, 2018.
Sep 19, 2018
-
Homeland Security:
Clearer Roles and Responsibilities for the Office of Strategy, Policy, and Plans and Workforce Planning Would Enhance Its EffectivenessGAO-18-590: Published: Sep 19, 2018. Publicly Released: Sep 19, 2018.
Sep 6, 2018
-
Homeland Security Grant Program:
Additional Actions Could Further Enhance FEMA's Risk-Based Grant Assessment ModelGAO-18-354: Published: Sep 6, 2018. Publicly Released: Sep 6, 2018.
Sep 4, 2018
-
Coast Guard Acquisitions:
Polar Icebreaker Program Needs to Address Risks before Committing ResourcesGAO-18-600: Published: Sep 4, 2018. Publicly Released: Sep 4, 2018. -
Department of Homeland Security:
Components Could Improve Monitoring of the Employee Misconduct Process [Reissued with revisions on Sep. 4, 2018.]GAO-18-405: Published: Jul 31, 2018. Publicly Released: Aug 30, 2018.
Aug 16, 2018
-
Criminal Alien Statistics:
Information on Incarcerations, Arrests, Convictions, Costs, and RemovalsGAO-18-433: Published: Jul 17, 2018. Publicly Released: Aug 16, 2018.
Aug 14, 2018
-
Nonimmigrant Visas:
Outcomes of Applications and Changes in Response to 2017 Executive ActionsGAO-18-608: Published: Aug 7, 2018. Publicly Released: Aug 14, 2018.
Aug 8, 2018
-
Critical Infrastructure Protection:
DHS Should Take Actions to Measure Reduction in Chemical Facility Vulnerability and Share Information with First RespondersGAO-18-538: Published: Aug 8, 2018. Publicly Released: Aug 8, 2018. -
DHS Acquisitions:
Additional Practices Could Help Components Better Develop Operational RequirementsGAO-18-550: Published: Aug 8, 2018. Publicly Released: Aug 8, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Homeland Security
- Best Practices and Leading Practices in Acquisition Management
- Countering Overseas Threats
- DHS Management - High Risk Issue
- Disaster Management
- Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests - High Risk Issue
- Ensuring the Security of Federal Information Systems and Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information - High Risk Issue
- Federal Grants to State and Local Governments
- National Defense System Acquisitions
- National Flood Insurance Program - High Risk Issue
- Public Health Emergency Preparedness and Response
- Terrorism-Related Information Sharing - High Risk Issue
- U.S. Arctic Interests
Explore our other Key Issues here
