What the Passenger Name Record Report Really Says

The DHS Privacy Office works overtime to ensure privacy protections at the department for Americans and those who travel to the U.S.  News of our efforts doesn’t always get out.  Recently, my office issued the Passenger Name Record (PNR) Data Report (download PDF), a public document that is a requirement of the joint U.S./EU agreement on PNR.  In fact, I encourage you to check out a previous Leadership Journal where I discussed this. On December 18, I pointed out that the department, including U.S. Customs and Border Protection (CBP), actually complied with the agreement and privacy documentation issued by my office.  Any statements to the contrary are mischaracterizations. I invite you to read the report for the truth.

Yes, the Privacy Office review did find areas for operational and policy improvement – I would be remiss in my statutory duties had I overlooked areas where privacy protections could be better integrated into DHS operations. Specifically, CBP needs to improve its handling of Freedom of Information Act/Privacy Act requests, a key component of redress generally, and with respect to PNR data.  I note, however, that for every recommendation made in the report, there was a concrete and actionable response that CBP began to implement before the report was even issued.  As with any program, improvements can always be made and so is the case here.  CBP did not fail in meeting its commitments to the Agreement and Letters between DHS and the Council of European Union.  CBP actively contributed to the review, opening itself up to criticism while still trying to operationally meet the requirements of the 2007 Agreement and Letters.  Moreover, CBP and the Privacy Office have been working together closely to improve CBP’s handling of FOIA and Privacy Act requests.  I am proud of my office’s hard work and I commend CBP for its efforts and its improvements.

The other half of the story is the one that has been ignored, so I will make it quite clear. The U.S. has upheld its commitments, but the Europeans, to date, have not.  On July 25, 2008, the European Commission vice president wrote to Secretary Chertoff suggesting the first review take place in "late 2008" and that questionnaires be exchanged beforehand.  The Secretary confirmed our intent to participate in order to review "the effective operation and privacy protection" of both U.S. and European systems.

My report was originally intended to provide the basis for a Joint Review in December 2008, which the European Commission unfortunately postponed for unknown reasons. The Joint Review is meant to illustrate the effective oversight and to promote further transparency of activities in both the U.S. and the EU. This is particularly important given that the EU is now considering use of PNR as a screening tool, and some Member States have already begun national PNR programs.

Only through effective oversight and real transparency, here and in Europe, can we truly gauge the effectiveness and impact on individual freedoms resulting from any single approach.

Hugo Teufel III
Chief Privacy Officer

Principles for Implementing Privacy Protections in Research Projects

The Department is often in the headlines for our high-profile efforts to protect the nation, but there are mission-critical activities going on behind the scenes to advance homeland security—including a recent achievement of our Science and Technology Directorate (S&T) and the Privacy Office. Although many of S&T’s activities, such as our work to develop vaccines for dangerous animal diseases, do not impact personal privacy, some of our efforts—like the development of new physical screening technologies—have potential privacy implications.

As we carry out the S&T mission to encourage innovation in the development and use of new technologies in support of homeland security, we have made it a priority to protect the privacy of individuals. To ensure that goal, the Privacy Office and S&T have just developed "Principles for Implementing Privacy Protections in S&T Research." Working together on this new guidance has been a natural fit, enabling us both to contribute our particular expertise. These Principles enable us to provide advanced tools, technologies, and systems to those working to protect our nation while incorporating privacy protections into privacy-sensitive S&T research.

Key Principles

• Privacy Assessment. An assessment of privacy impacts, conducted jointly by S&T and the Privacy Office, will be an integral part of the design, development and implementation of any S&T research project that is privacy-sensitive or involves or impacts personally identifiable information (PII).
• Purpose Specification. The scope and purpose of any specific S&T project will be clearly articulated and documented through a process that includes reviews of its effectiveness by internal experts (S&T staff other than the project’s proponents) and external experts (with appropriate security clearances).
• Transparency. S&T will conduct Privacy Impact Assessments (PIAs) in conjunction with the Privacy Office, as required by the E-Government Act of 2002, for all research projects that involve or impact PII, and will publish PIAs for all non-classified research.
• Data Quality and Integrity. Projects will endeavor to use only data that is reasonably considered both accurate and appropriate for the project’s documented purpose(s).
• Data Minimization. Projects will use the least amount of PII consistent with their documented purpose(s). Where practicable, S&T will use data minimization techniques to accomplish this goal.
• Use Limitation. Projects will only use data in a manner that is consistent with disclosures in all applicable PIAs and Privacy Act System of Records Notices, and consistent with privacy notices and policies that apply to data originally collected by the private sector.
• Data Security. Researchers will take all reasonable steps necessary to maintain the security of the data they use.
• Training. Personnel involved in a project will receive training on DHS privacy policy and on the privacy protections built into individual research projects.
• Audit. Projects will use automated or non-automated audit procedures to ensure compliance with project access and data usage rules.
• Redress. The Privacy Office, together with S&T’s Privacy Officer, will develop and administer a redress program to handle inquiries and complaints regarding any S&T research project and to provide relief where warranted.

The Principles appear in an appendix to Data Mining: Technology and Policy, the Privacy Office’s 2008 report to Congress on Department data mining activities. The report is available on the Privacy Office website.

We are proud of the collaborative work that led to the creation of these principles, and look forward to continuing to work together in our common mission to protect the American people and our homeland.

Hugo Teufel III
Chief Privacy Officer

Jay M. Cohen
Under Secretary, Science and Technology Directorate

Winter Fire Safety

As we change seasons from fall to winter and progress into the holiday season, the United States Fire Administration, a component of the Federal Emergency Management Agency, asks you to take a few minutes to review the following fire safety tips to help ensure you and your family remain fire safe.


Video demonstration showing how flammable a dry Christmas tree can be as opposed to a tree watered regularly.

The cold weather brings with it the need for heating at around the same time the holiday season starts; along with the celebrations comes an increase in home fires, fire deaths and fire related injuries. Each year, an estimated 3,700 Americans die in fires and about 20,000 are injured. Approximately, eighty percent of all fire deaths occur in the home. Not including arson-related deaths, from April 2007 through September 2007 at least 589 people were killed in home fires and when it became cooler, from October 2007 through March 2008, at least 982 people were killed in home fires. Many of those killed might still be alive today if they had known how to prevent a fire and how to survive once a fire starts.

According to the Consumer Product Safety Commission (CPSC), dried out Christmas trees are involved in an estimated 200 fires, 10 deaths and $10 million in property damage each year. CPSC also estimates that there are about 14,000 candle-related fires annually, resulting in 170 deaths and $350 million in property damage. Following some simple fire safety tips can boost survival rates dramatically.

• Install and maintain smoke alarms. These are the single most effective tool for protecting you should fire occur.
• Keep your holiday decorations away from heat sources, including fire places and space heaters. If using a live tree, keep it watered; when the tree dries out, discard it.
• Inspect holiday lights each year for frayed wires, bare spots, gaps in the insulation, broken or cracked sockets, and excessive kinking or wear.
• Do not leave lit holiday lights unattended. If your holiday celebrations involve the use of lit candles, never leave them unattended.
• Chimneys, furnaces and wood stoves should be inspected and cleaned annually by a professional. When using indoor fireplaces or wood stoves, use only seasoned hardwood.
• Always use a metal mesh or glass screen in front of your fireplace. Never use flammable liquids to start a fire. Extinguish the fire in the fireplace before going to bed or leaving the house. Soak hot ashes in water and place them in a metal container outside your home. Stack firewood outdoors at least 30 feet away from your home, and not in a garage.
• Use only space heaters evaluated by a nationally recognized laboratory, such as Underwriters Laboratories (UL). Make sure heaters have an automatic switch to turn them off if the heater falls over. Leave at least three feet of space around all sides of your space heater.
• Have your furnace inspected annually by a professional. Keep trash and other combustibles away from the heating system.

Fire departments respond to numerous house fires daily, and all firefighters know most of these fires could have been prevented. As America’s Fire and Emergency services leader, the USFA provides a wide range of safety information, checklists and pamphlets to ensure a fire safe nation. For more information, visit www.usfa.dhs.gov.

Gregory B. Cade
Fire Administrator, U.S. Fire Administration (USFA)

Passenger Name Record Data and Privacy

In July 2007, the U.S. Department of Homeland Security (DHS) and the Council of the European Union (Council) signed an agreement and exchanged letters regarding the transfer of Passenger Name Record (PNR) data to DHS by air carriers operating flights between the U.S. and the European Union (EU). Included was a provision to “periodically review the implementation of this agreement, the DHS letter, and U.S. and EU PNR policies and practices” to assess the “effective operation and privacy protection of their systems.” In a series of communications between the European Commission and the Department, the parties agreed that a Joint Review would be conducted this December.

In preparation for the Joint Review, my team conducted a review of DHS PNR processing practices, the results of which are published in A Report Concerning Passenger Name Record Information Derived From Flights Between The U.S. And The European Union, posted on the privacy website. In short, we found that the Department complies with the representations made in the Agreement and Letters, as well as those representations made in the System of Records Notice for the Automated Targeting System (published in the Federal Register on August 6, 2007), the system where PNR resides.

I am proud that our team was able to complete this important task in my final days as Chief Privacy Officer, but I am disappointed that our European counterparts chose to postpone participation in this exercise. The Joint Review is meant to illustrate a common commitment to effective oversight and to promote further transparency. The review DHS hopes to hold with the European Commission in early 2009 will be of considerable value to DHS, as it will identify areas for improvement and confirmed best practices.

The EU is now considering use of PNR as a screening tool, and some Member States have begun national PNR programs. In the spirit of reciprocity and transparency, and to contribute to our shared goals of protection of citizens and their personal information, we look forward to a comparable review of European PNR systems.

Hugo Teufel III
Chief Privacy Officer

Community Prep: Emergency Operating Centers

Today’s roll-out of the grant application guidance for building or renovating emergency operating centers (EOC) around the country was personally satisfying for me. I know that EOCs are an integral part of disaster preparedness and response. A well-equipped EOC with a trained staff provides the coordination and communication needed to knit resources together during a disaster.

Last year, $14.6 million was made available by appropriators for 22 EOCs in 19 states and the District of Columbia. And this year, we had a breakthrough. Congress appropriated approximately $34 million for the EOC grant program, enough to build or renovate more than 40 EOCs around the country.

Over the past two years, FEMA has found that, to do our job really well, we have to rely on tribal, state and local, public and private partnerships. The better prepared those partners are, the better our response will be.

Thanks to the EOC grants, a lot of places in the country are going to be better prepared to deal with disasters in their communities.

R. David Paulison
Administrator, FEMA