DHS Privacy Office - Reports and Statements

DHS Privacy Policy Guidance

• Privacy Policy Guidance Memorandum 2008-02, DHS Policy Regarding Privacy Impact Assessments, December 30, 2008 (PDF, 6 pages – 101 KB)
• Privacy Policy Guidance Memorandum 2008-01, The Fair Information Practice Principles: Framework for Privacy Policy at the Department of Homeland Security, December 29, 2008 (PDF, 4 pages - 101 KB)
• DHS Action Memorandum, Review of Safeguarding Policies and Procedures for Personnel-Related Data, June 13, 2007 with attachments. (PDF, 10 pages - 118 KB)
  • Attachment 1: Review of Personnel-Related Data Policies and Procedures and Self-Assessment (PDF, 13 pages - 113 KB)
  • Attachment 2: Protecting & Handling Personnel-Related Data – Quick Reference Guide (PDF, 2 pages – 14 KB)
  • Attachment 3: Verification and Confirmation Memorandum Templates (Self-Assessment and Training Certifications), (PDF, 2 pages – 17 KB)
  • Attachment 4: DHS Employee Communication from Scott Charbo and Maureen Cooney regarding Data Security and Privacy, June 8, 2006 (PDF, 2 pages – 294 KB)
  • Attachment 5: DHS Deputy Secretary Memo, April 26, 2007 regarding Advance Notice to Leadership on Unintentional Release of Privacy Act Protected Information
  • Attachment 6: OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007 (PDF, 22 pages – 228 KB )
• Privacy Policy Guidance Memorandum 2007-02, Regarding Use of Social Security Numbers at the Department of Homeland Security, June 4, 2007 (PDF, 4 pages - 118 KB)
• Privacy Policy Guidance Memorandum 2007-01, Regarding Collection, Use, Retention, and Dissemination of Information on Non-U.S. Persons, January 7, 2009 (As amended from January 19, 2007) (PDF, 6 pages - 164 KB)
• Privacy Technology Implementation Guide (PTIG), August 2007 (PDF, 36 pages – 358 KB) The Privacy Office developed a new general guide for technology managers and developers to integrate privacy protections into operational IT systems. This new guide, the Privacy Technology Implementation Guide (PTIG) combines elements of privacy protection from disparate privacy compliance requirements, as well as a administrative policies and procedures into a single document, contextualized for managers and developers of operational systems. The PTIG is designed to allow each Component the flexibility to adapt privacy considerations to the way that Component does business while retaining a common DHS approach. The result is a new guide that provides early awareness of privacy issues and the aspects of systems that can be managed and developed to address privacy issues and streamline the process of complying with existing privacy protection requirements.
• Privacy Incident Handling Guidance (PIHG), September 2007 (PDF, 109 pages – 4.25 MB) The Department of Homeland Security (DHS) has a duty to safeguard personally identifiable information (PII) in its possession and to prevent the breach of PII in order to maintain the public’s trust. The Privacy Incident Handling Guidance (PIHG) serves this purpose by informing DHS organizations, employees, senior officials, and contractors of their obligation to protect PII and by establishing procedures delineating how they must respond to the potential loss or compromise of PII.
• Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS, October 2008 (PDF, 21 pages – 314 KB) The DHS Privacy Office Handbook for Safeguarding Sensitive PII at DHS applies to every DHS employee, contractor, detailee and consultant. The document sets minimum standards for how personnel should handle Sensitive PII in paper and electronic form during their everyday work activities at DHS.

Back To Top

Privacy Office Annual Reports

• Annual Privacy Report to Congress, July 2007 to July 2008 (PDF, 100 pages – 908 KB)
• Annual Privacy Report to Congress, July 2006 to July 2007 (PDF, 58 pages – 417 KB)
• Annual Privacy Report to Congress, July 2004 to July 2006 (PDF, 38 pages – 338 KB)
• Annual Privacy Report to Congress, April 2003 to June 2004 (PDF, 112 pages – 2.2 MB)

Back To Top

Freedom of Information Act (FOIA) Reports

Freedom of Information Act/Privacy Act (FOIA/PA) Reports for the Department of the Homeland Security.

• FOIA Annual Report for 2008 (PDF, 31 pages  - 101 MB)
• FOIA Annual Report for 2007 (PDF, 94 pages  - 1.48 MB)
• FOIA Annual Report for 2006 (PDF, 61 pages - 1.5 MB)
• FOIA Annual Report for 2005 (PDF, 40 pages - 1912 KB)
• FOIA Annual Report for 2004 (PDF, 16 pages - 653 KB)
• FOIA Annual Report for 2003 (PDF, 13 pages - 702 KB)

Back To Top

Section 803 Reports

In support of Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, The Privacy Officer will submit a report covering all privacy protection activities of the Department.

• Quarterly Report, October - December 2007 (PDF, 3 pages - 20 KB) - provides an overview of the reporting requirement.
• Quarterly Report, December 2007 - February 2008 (PDF, 5 pages - 40 KB) - contains 2nd quarter findings for 2008.
• Quarterly Report, March 2008 - May 2008 (PDF, 5 pages - 69 KB) - contains 3rd quarter findings for 2008.
• Quarterly Report, June 2008 to August 2008 (PDF, 5 pages - 52 KB ) - contains 4th quarter findings for 2008.
• Quarterly Report, September 2008 to November 2008 (PDF, 6 pages - 61 KB ) - contains 1st quarter findings for 2009.
• Quarterly Report, December 2008 to February 2009 (PDF, 9 pages - 176 KB ) - contains 2nd quarter findings for 2009.

Back To Top

DHS Datamining Reports

• 2008 Data Mining Report (PDF, 47 pages – 467 KB ). This report describes DHS programs that meet the definition of data mining required by the Congress in Section 804 of the 9/11 Commission Act, entitled the Federal Agency Data Mining Reporting Act, and summarizes the Privacy Office’s public workshop, Implementing Privacy Protections in Government Data Mining, which was held on July 24-25, 2008. The Report also presents principles for implementing privacy protections in research projects conducted by the DHS Science and Technology Directorate (S&T), the Department’s primary research and development arm. The Principles, which were developed jointly by the Privacy Office and S&T, provide guidance for incorporating privacy protections into privacy-sensitive S&T research and development projects in a manner that supports the DHS mission.
• 2008 Data Mining Letter Report (PDF, 46 pages - 441 KB). This is the third report by the Privacy Office to Congress on data mining. This letter report identifies the data mining activities deployed or under development within DHS, as defined by the Data Mining Reporting Act, and describes the framework the Department will use to report on such activities in the future pursuant to Section 804 of the Implementing Recommendations of the 9/11 Commission Act of 2007,1 entitled, “The Federal Agency Data Mining Reporting Act of 2007” (Data Mining Reporting Act).
• 2007 Data Mining Report (PDF, 42 pages - 446 KB). This is the second report by the Privacy Office to Congress on data mining. This report describes data mining activities deployed or under development within the Department that meet the definition of data mining as mandated in House Report No. 109-699 - Making Appropriations for the Department of Homeland Security for the Fiscal Year Ending September 30, 2007, and for Other Purposes.
• 2006 Data Mining Report, July 6, 2006 (PDF, 36 pages - 340 KB ). This report is prepared pursuant to the requirements of "House Report 108-774 - Making Appropriations for the Department of Homeland Security for the Fiscal Year ending September 30, 2005, and for Other Purposes." This report provides information related to the status, issues, and programs related to DHS data mining activities.

Back To Top

Other Homeland Security Privacy Reports

The following are public Reports issued by the DHS Privacy Office:

• Interim Report on the EU Approach to the Commercial Collection of Personal Data for Security Purposes: The Special Case of Hotel Guest Registration Data, conducted pursuant to Section 222(b)(1)(B) of the Homeland Security Act, in order to enforce the provisions of Article 5 of the 2007 Passenger Name Records (PNR) Agreement. January 16, 2009 (PDF 43 pages – 1.19 MB)
• CCTV: Developing Best Practices, Report on the DHS Privacy Office Public Workshop, December 17 and 18, 2007  (PDF, 66 pages – 523 KB) Report summarizing the CCTV workshop panels and resources to help identify and address privacy concerns, including Best Practices for Government Use of CCTV (Appendix B); Template for Privacy Impact Assessment for the Use of CCTV by DHS Program (Appendix C); Template for Privacy Impact Assessment for the Use of CCTV by State and Local Entities (Appendix D); and Template for Civil Liberties Impact Assessments (CLIA) (Appendix E).
• ADVISE Report, (PDF, 25 pages - 411 KB) Review of the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) Program including recommendations.
• Secure Flight Report, December 2006 (PDF, 18 pages - 694.60 KB) DHS Privacy Office Report to the Public on the Transportation Security Administration’s Secure Flight Program and Privacy Recommendations.
• MATRIX Report, December 2006 (PDF, 9 pages – 386.97KB) DHS Privacy Office Report to the Public Concerning the Multistate Anti-Terrorism Information Exchange (MATRIX) Pilot Project.
• Report Assessing the Impact of the Automatic Selectee and No Fly Lists, April 27, 2006 (PDF, 29 pages - 242 KB).
• Report Concerning Passenger Name Record Information Delivered From Flights Between the U.S. and European Union, September 19, 2005 (PDF, 46 pages - 391 KB)
• Report to the Public on Events Surrounding jetBlue Data Transfer February 20, 2004 (PDF, 10 pages - 65 KB)

Back To Top

Homeland Security Component Privacy Statements

The following are official Privacy Statements of the U.S. Department of Homeland Security:

• US-VISIT Program Privacy Policy. September 14, 2004 (PDF, 5 pages - 150 KB). The United States Visitor Immigrant Status Indicator Technology (US-VISIT) is a United States Department of Homeland Security (DHS) program that enhances the country's entry and exit system. It enables the United States to record the entry into and exit out of the United States of foreign nationals requiring a visa to travel to the U.S., creates a secure travel record, and confirms their compliance with the terms of their admission. The US-VISIT initiative involves collecting biographic and travel information and biometric identifiers (fingerprints and a digital photograph) from covered individuals to assist border officers in making admissibility decisions. The identity of covered individuals will be verified upon their arrival and departure.

• Passenger Name Record Data for Flights Between the U.S. and E.U. (PDF, 3 pages - 142 KB). United States law requires airlines operating flights to or from the United States to provide the Department of Homeland Security, Bureau of Customs and Border Protection (CBP), with certain passenger reservation information ("passenger name record data" or PNR) for purposes of preventing and combating terrorism, and other serious criminal offences, that are transnational in nature. Answers to Frequently Asked Questions (PDF, 5 pages - 27 KB) are available for your convenience.

• ACLU letter regarding Federal Air Marshal requirements for Surveillance Detection Reports and DHS Privacy Office and TSA response. (PDF, 3 pages - 134 KB) Outlines concerns regarding allegations that Federal Air Marshals must meet a monthly quota for filing Surveillance Detection Reports.
  • DHS Privacy Office and TSA Response (PDF, 2 pages - 87KB)

Back To Top