DHS says it hopes the guide will help others understand its privacy program, which it describes as “one of the leading . . . programs within the federal government.”
The Chief Information Officer’s Council published DHS’s privacy handbook last week on its site in an effort to share it with a broader community.
The guidebook outlines the numerous strategies DHS employs to minimize its impacts on citizens’ privacy, such as frequent certifications to ensure that all personally identifiable information (PII) is secure and “accurate, relevant, timely, complete and reduced to the minimum necessary.”
“Privacy and information security are closely linked, and strong practices in one area typically support the other,” the document states.
The department’s efforts also include mandatory trainings on privacy for all employees and contractors. DHS has also made multiple additional training sessions available to instill workers with what they call a “culture of privacy.”
In addition to privacy protection policies, the guidebook also spells out the department’s response to complaints of privacy breaches. DHS has a dedicated Complaint Tracking System (CTS) that documents “the name of the complainant, type of complaint, and other pertinent data” for each individual grievance. Complaints are then categorized, reviewed and acted upon when necessary.
The tracking systems is completely self-contained and accessible only by DHS’s Privacy Office, according to DHS’s Privacy Impact Assessment of the system. The PIA states that access to the system must go through an approved encryption scheme, and remote access is strictly-monitored.
“Privacy considerations are woven directly into business processes throughout the department,” DHS says. This ensures that “privacy is integrated into decision making from the very beginning.”