During her three-year tenure as the Homeland Security Department’s top privacy official, Karen Neuman said the biggest change and accomplishment is how privacy has become an integral part of all federal activities.
Neuman, who is leaving DHS at the end of the month to go back into private law practice, said the integration of privacy isn’t because of the rash of incidents, from the massive data breach suffered by the Office of Personnel Management to the leaks perpetrated by Edward Snowden, that the government has faced over the last five years.
Instead, Neuman said irrespective of the data leaks and revelations that came from these incidents, DHS, more specifically, hasn’t been impacted to the degree many would have thought.
“Even if you didn’t have any of the large scale incidents that we’ve seen, privacy is important because all agencies irrespective whether they are civilian, law enforcement, financial services or regulation or consumer protection, all agencies are data driven just like large organizations outside of the public sector,” Neuman said in an interview with Federal News Radio. “Certainly the Snowden and Wikileaks had a significant impact for others in the federal government, but I think in terms of privacy we continue to do our work irrespective of other developments. I don’t think we have been so significantly impacted from a privacy perspective. Certainly, we continue to do our work and the work of transparency, data integrity and data protection has always been a crucial and central focus of this office.”
Insight by Sonatype: Stephan Mitchev, acting CTO at USPTO, discusses how USPTO is looking at supply chain issues to address cybersecurity concerns. Dr. Stephen Magill, VP of product innovation at Sonatype, provides an industry perspective.
Over the last decade, and specifically over the last three years, Neuman said the understanding of privacy across DHS and how it intersects with the department’s missions has increased.
“Our components really understand that to win the public trust and maintain the public trust, we have to pay attention to privacy and I think that’s where we’ve forged a very strong relationship between the privacy office and the professionals throughout the components in the offices,” she said. “The privacy office is really quite mature and the privacy enterprise reaches throughout the department to work through embedded privacy professionals and has focused its attention on making sure that the component leadership and others throughout the department understand the importance of privacy on its own as a core value but also its importance to the success of the department’s mission and its ability to maintain the public trust.”
She said the Obama administration’s decision to stand up to the Federal Privacy Council further professionalizes the role as well as signals the need to strengthen the data protection efforts across the government.
Part of the reason for this greater understanding is the merging of technology and privacy where agencies no longer see one standing in the way of the other.
Neuman said she’s spent a lot of time working to ensure this integration and understanding of how privacy and technology are equally important.
“In a data-driven world, I’ve spent a lot of time flipping the notion that technology is privacy evasive to the notion that technology is being privacy protective,” she said. “We have a really vivid example of that, which is the DHS big data solution, which is an obvious way that we have used technology to promote privacy.”
DHS created the big data framework in 2013 with the goal of creating a systematic repeatable process for providing controlled access to DHS data across the department while ensuring built-in privacy protections.
DHS says in its 2014 Privacy Impact Assessment that “the framework will enable the implementation of efficient and cost-effective search and analysis across DHS databases in both classified and unclassified domains. The searches will identify key DHS data associated with an individual or identifier.”
In the 2016 PIA, DHS says it’s using two data lakes, called “Neptune” and “Cerberus” to receive, store and tag the data. Neptune is the unclassified data lake, while Cerberus is used to perform classified searches on the unclassified data sets.
“We have understood how to protect data, which is really currency in large and small and private and public organizations alike,” Neuman said. “We’ve understood how to use technology to protect data privacy.”
Neuman also highlights as a major accomplishment of her office over the last three years is both the privacy requirements for mobile applications DHS develops, and the focus on improving the Freedom of Information Act (FOIA) process and reducing the agency’s backlog of requests.
In March, Neuman signed off on a mobile app policy mandating the use of the carwash process to continuously test and manage the source code of mobile apps.
Neuman said DHS has put a lot of effort to improve its FOIA processing.
“The department continues to receive the most FOIA requests of any in the federal government. Rather than playing ‘whack-a-mole’ we really took a holistic look at what is the systemic problem, how do we devote resources to addressing the systemic problem while we are reducing the backlog?” she said. “The backlog was something that has confounded many for many years. We sat down and looked at where the backlog was concentrated, what are the reasons for the bump in the backlog and what could we do to reduce it? We implemented a combination of measures that proved to be very effective. As we speak, we’ve reduced the backlog by roughly 66 percent. We are focused now on trying to maintain that reduction while at the same time every new cycle, practically, there is enormous interest in what the department is doing and what can be gleaned by using FOIA to have a better understanding of the department’s activities and initiatives.”
DHS reported that it received 281,138 new FOIA requests and processed 348,878 FOIA requests in fiscal 2015.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
The steps the privacy office took to deal with the FOIA requests included deploying additional staff and contractors to assist with processing backlogged FOIA requests, and entering into a Memorandum of Understanding (MOU) with the Customs and Border Protection directorate for a support services contract with an experienced FOIA vendor to process CBP’s FOIA backlog.
DHS says the Immigration and Customs Enforcement directorate managed its own FOIA services support contract to assist with processing
These effort helped ICE decrease its backlog by more than 99 percent, and CBP reduced its backlog by 73 percent.
DHS isn’t alone in having to address a backlog of FOIA requests. Many agencies are struggling to deal with the increase of requests.
Part of how DHS is trying to ensure the backlog doesn’t return is with a new e-FOIA app.
Neuman’s office partnered with the Office of the Chief Information Officer to create the tool, which lets requesters submit FOIAs and check the status of existing requests anyplace, anytime as well as access existing documents and view any updates or changes to FOIA regulations.
“I leave DHS and the privacy office in an exceptionally good place to carry on really important work and to continue pursuing the priorities I set and we set as an office,” she said.