The Department of Homeland Security (DHS) Privacy Office was established with the appointment of the first Chief Privacy Officer in April 2003, as required by the Homeland Security Act of 2002. The Privacy Office's major responsibilities include: (1) reviewing and approving privacy impact assessments (PIA)--analyses of how personal information is managed in a federal system, (2) integrating privacy considerations into DHS decision making, (3) ensuring compliance with the Privacy Act of 1974, and (4) preparing and issuing annual reports and reports on key privacy concerns. GAO's objective was to examine progress made by the Privacy Office in carrying out its statutory responsibilities. GAO did this by comparing statutory requirements with Privacy Office processes, documents, and activities.
Recommendations for Executive Action
|Department of Homeland Security||The Secretary of Homeland Security should designate full-time privacy officers at key DHS components, such as Customs and Border Protection, the U.S. Coast Guard, Immigration and Customs Enforcement, and the Federal Emergency Management Agency.|
|Department of Homeland Security||The Secretary of Homeland Security should implement a department-wide process for the biennial review of system-of-records notices, as required by the Office of Management and Budget.|
|Department of Homeland Security||The Secretary of Homeland Security should establish a schedule for the timely issuance of Privacy Office reports (including annual reports), which appropriately consider all aspects of report development, including departmental clearance.|
|Department of Homeland Security||The Secretary of Homeland Security should ensure that the Privacy Office's annual reports to Congress contain a specific discussion of complaints of privacy violations, as required by law.|