The Department of Homeland Security Privacy Office is proud to present its seventh Annual Report, summarizing its achievements during the period from July 2010 through June 2011.

As I move into my third year as the DHS Chief Privacy Officer, I’m pleased with the improvements my office has made in strengthening privacy protections across the Department’s operations while simultaneously fulfilling the Administration’s goals of transparency, public participation, and collaboration. We strive diligently to create an environment where privacy and security are not traded or balanced, but integrated in a manner that keeps this country safe and honors the principles on which the country was founded.

In support of the Administration’s efforts to promote openness, transparency, and public participation we have instituted our Proactive Disclosure Policy. This policy means that certain categories of documents are now published on the headquarters and component websites, eliminating the need for the public to file Freedom of Information Act requests for those documents.

In addition, we actively lead privacy policy development across the federal government through leadership positions in all of the federal privacy organizations. When issues arise that affect the federal government as an enterprise, the DHS Privacy Office serves as a voice for privacy protections. This year, we have tackled privacy issues related to the use of cloud computing technology, social media, identity management, and other developing areas with privacy implications.

The scope of DHS’s mission also demands that the DHS Privacy Office take a leading role in the international privacy dialogue. In the past year, we conducted significant outreach efforts with our international partners to enhance their understanding of the U.S. privacy framework and DHS privacy policy and procedures.

I look forward to continuing to lead the effort to enhance privacy protections and promote government transparency and accountability not only in the Department but also in the federal government and international community, and foresee an even more productive future.

Read the DHS Privacy Office 2011 Annual Report and visit the DHS Privacy Office website.

DHS Builds Privacy Protections into Operations, Policies and Technology from the Outset
Posted by Mary Ellen Callahan, DHS Chief Privacy Officer

This is part of a series of blog posts exploring the progress we’ve made in implementing the 9/11 Commission Recommendations. Read previous posts.

The Department of Homeland Security (DHS) is committed to implementing the 9/11 Commission recommendations regarding the protection of privacy and civil liberties and we ensure robust privacy, civil rights, and civil liberties safeguards are in place through the work we do every day.

The 9/11 Commission Recommendations progress report recently released by DHS highlights some of the steps we have taken to ensure privacy.

DHS has the first statutorily required privacy office of any federal agency, and the Department builds privacy and civil rights and civil liberties protections into its operations, policies, programs, and technology deployments from the outset of their development. The DHS Privacy Office partners with every DHS component to assess policies, programs, systems, technologies, and rule-makings for privacy risks, and recommends privacy protections and methods for handling personally identifiable information. At DHS we work hard to create an environment where privacy and security go hand in hand, helping to secure our nation while honoring the principles on which the country was founded.

My goal has always been to “operationalize” privacy throughout the department. Through training, guidance, and oversight, we are helping employees better understand and identify privacy risks, mitigate those risks, and take steps to safeguard personal information.

Today we are also looking to the future. We are striving to balance our use of technology, such as social media, cloud computing, identity management, and personal location devices with the need to protect privacy.

Learn more about the 9/11 Commission Progress Report and the DHS Privacy Office .

All 71 fusion centers now have an approved privacy policy
By Mary Ellen Callahan, Chief Privacy Officer, DHS and Bart R. Johnson, Deputy Under Secretary for Intelligence and Analysis, DHS

State and major urban area fusion centers serve as focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information between the federal government and state, local, tribal, territorial (SLTT) and private sector partners.

Located in states and major urban areas throughout the country, fusion centers are uniquely situated to empower front-line homeland security and law enforcement partners to understand local implications of national intelligence, thus enabling local officials to better protect their communities.

A Milestone for Privacy, Civil Rights and Civil Liberties

Both fusion center directors and the federal government have identified the protection of privacy, civil rights, and civil liberties as a key priority and an important enabling capability to ensure fusion centers protect the legal rights of Americans while supporting homeland security efforts. It is critical that fusion center personnel not only receive training to understand the need to protect privacy, civil rights and civil liberties, but also have a policy in place clearly outlining how this will be achieved.

To help with these efforts, the DHS Privacy Office, working in collaboration with the DHS Office of Intelligence and Analysis (I&A) and the Program Manager of the Information Sharing Environment, began an independent review in November 2009 of fusion center privacy policies. Today, we are pleased to announce that all 71 officially designated fusion centers have successfully completed this important step and received letters from the DHS Chief Privacy Officer stating that these policies have been determined to be at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines.

The completion of these privacy policies by all fusion centers is a milestone to support the sharing of terrorism and other homeland security information between the federal government and fusion centers during situations involving time-sensitive and emerging threats.

Protecting Privacy While Sharing Information

Established by the Intelligence Reform and Terrorism Prevention Act of 2004, the ISE provides analysts, operators, and investigators with integrated and synthesized terrorism, weapons of mass destruction, and homeland security information needed to enhance national security and help keep our people safe.

The law required the President to issue Guidelines to protect privacy and civil liberties. From this, the ISE Privacy Guidelines were established to help ensure that ISE sharing partners sufficiently protect Americans’ privacy and civil liberties while sharing important terrorism and homeland security information.

These guidelines require that ISE participants - such as the National Network of Fusion Centers - have a written privacy protection policy that is “at least as comprehensive” as the ISE Privacy Guidelines. For example, within each privacy policy, fusion centers must identify a privacy officer and clearly articulate the security measures in place to protect personally identifiable information.

Next Steps

The DHS Privacy Office remains engaged with the fusion centers as they work to implement their privacy policies. In partnership with the DHS Office for Civil Rights and Civil Liberties, I&A, and DOJ, we will continue to provide support to the National Network of Fusion Centers to help ensure that these policies are adhered to, as well as to provide customized privacy, civil liberties and civil rights training to those working in this arena including:

1. DHS intelligence officers assigned to a fusion center;
2. state and major urban area fusion center personnel; and
3. individuals serving as the privacy officer in each fusion center.

More information:
Fusion center privacy policies
Read more on fusion centers
DHS Privacy Office website

Today, the Secretary joined her Spanish counterpart, Minister of Interior Alfredo Perez Rubalcaba, in giving keynote addresses to the International Conference of Data Protection and Privacy Commissioners in Madrid, Spain. This is the 31st annual data protection commissioner conference, but one of the few times when policy makers shared their views on data collection AND protections.

The conference hall was packed this morning, as privacy professionals from around the world crammed together to hear from royalty - the Prince of Asturias, the Spanish heir to the throne - and politicians alike.

The Secretary and the Minister both made clear that their vision of information sharing had to be consistent with privacy and civil liberties protection. Minister Rubalcaba began his speech with an emphatic statement - security and privacy are common principles, and can co-exist! He also warmly welcomed Secretary Napolitano, recognizing that her presence at this conference demonstrated the shared will of Europe and the US to work together.

Secretary Napolitano specifically acknowledged the completion of the work of the High Level Contact Group in crafting data protection principles, and encouraged movement towards a binding data protection agreement, stressing "what unites us far outweighs what divides us - including a long-standing respect for human rights and individual liberties."

As a privacy professional, this interaction between privacy leaders and policy leaders heralded a new era in transparency, one of the hallmarks of the Obama Administration; personally, it was heartening to witness this important dialogue. As both the Minister and Secretary Napolitano made clear, security and privacy can reinforce each other. At the Department of Homeland Security's Privacy Office, we try to implement this principle every day.

Mary Ellen Callahan is the Chief Privacy Officer for the Department of Homeland Security