| abstract | - The DHS Privacy Office was created in response to the Homeland Security Act of 2002. The first Chief Privacy Officer was appointed in April 2003. It was the first statutorily mandated privacy office in the federal government. Its mission is to minimize the impact on an individual's privacy, particularly an individual's personal information and dignity, while achieving the Department's mission to protect the homeland. The DHS Chief Privacy Officer reports directly to the Secretary of the Department, and the Office's mission and authority are founded upon the responsibilities set forth in the Homeland Security Act of 2002. The Privacy Office serves to implement Section 222 of the Homeland Security Act of 2002, and has programmatic responsibilities involving the Privacy Act of 1974, the Freedom of Information Act ("FOIA"), the privacy provisions of the E-Government Act of 2002, and the numerous laws, Executive Orders, court decisions and Departmental policies that protect the collection, use, and disclosure of personal and Departmental information are all followed. Section 222 of the Homeland Security Act of 2002 calls on the Chief Privacy Officer to assume primary responsibility for privacy policy within the Department, as well as "assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information." The Chief Privacy Officer is also responsible for “assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974.” The mission of the Office is to preserve and enhance privacy protections for all individuals, to promote transparency of DHS operations, and to serve as a leader in the federal privacy community. The Office accomplishes its mission by focusing on by several core activities:
* Requiring compliance with the letter and spirit of federal privacy and disclosure laws and policies in all DHS programs, systems, and operations;
* Centralizing Freedom of Information Act (FOIA) and Privacy Act operations to provide policy and programmatic oversight, to support operational implementation within the DHS components, and to ensure the consistent handling of disclosure requests;
* Providing leadership and guidance to promote a culture of privacy and adherence to the Fair Information Practice Principles across the Department;
* Advancing privacy protections throughout the federal government through active participation in interagency fora;
* Conducting outreach to the Department's international partners to promote understanding of the U.S. privacy framework generally and the Department’s role in protecting individual privacy; and
* Ensuring transparency to the public through published materials, reports, formal notices, public workshops, and meetings. File:Snapshot 2009-09-28 09-32-18.gif The DHS Privacy Office promotes the growth of privacy programs within the DHS components as a means of addressing privacy. Further, the DHS Privacy Office is implementing a privacy framework that establishes the roles and responsibilities for component privacy offices. Figure 2 illustrates the DHS privacy framework. File:Snapshot 2009-10-18 22-58-56.jpg Also part of the privacy framework are five functional areas that promote a culture of privacy and compliance with legal requirements.
* Organizational Commitment to Privacy: Establish organizational oversight and implement privacy activities.
* Policies for Proper Handling of PII: Define and promote privacy policies and procedures.
* Privacy Compliance Management: Implement tools and processes to ensure privacy compliance (including reporting requirements, privacy impact assessments, systems of records notices, privacy incident handling, and privacy rules of conduct).
* Notice, Complaints, and Redress for Individuals: Establish processes for notices, complaints, and redress for individuals.
* Privacy Awareness and Training: Support privacy requirements through privacy awareness and training.
|
