DHS rings its privacy policy bell in 2015

The past 12 months were the year of the cyberattack. Government agencies, infrastructure, private companies and citizens were all impacted by cyber breaches.

In its year-end privacy review, the Department of Homeland Security’s Privacy Office is touting its privacy and security policies and initiatives to protect its federal workers and the United States from future cyber hacks.

In one of the initiatives, the department drafted a privacy policy for DHS mobile applications to ensure that appropriate privacy protections are incorporated into mobile applications developed by or for DHS.

The report states that while DHS has a framework to provide app privacy policy, this instruction addresses the unique privacy concerns of mobile apps and helps ensure existing policies are applied consistently to mobile.

Advertisement

The instruction is currently undergoing a review process.

The Privacy Office is also participating in the Automated Indicator Sharing Initiative to develop an automated, near-real-time capability and process for the Department of Cybersecurity and Communications Integration Center, to send and receive cyber threat indicators from government and private organizations, the report stated.

The integration center is DHS’ cyber awareness and incident response center and is the nexus of cyber and communications integration for the government and law enforcement.

Congress and the President recently passed a law that will increase the amount of data the center can take in.

The Cyber Information Sharing Act eases restrictions on private companies when sharing cyber threat intelligence with the government.

Critics of cyber sharing worry that private citizen data will be shared with the government, giving the government more information on its citizens. The theory doesn’t bode well after the National Security Agency admitted it collected phone records on U.S. citizens.

In addition to sharing cyber information with private entities and other government components, the Privacy Office is providing subject matter expertise to DHS in its negotiation and implementation of international information sharing agreements, the report stated.

In 2015, the Privacy Office assisted in concluding negotiations of the U.S.-European Union Data Protection and Privacy Agreement (DPPA).

“The DPPA seeks to achieve a binding umbrella agreement for sharing law enforcement information pursuant to baseline standards for protecting [personal identifying information] exchanged between the United States and the EU for law enforcement, criminal justice, and public security purposes,” the report states.

Other international efforts include helping in the DHS International Governance Board, which works to strengthen the international affairs enterprise in support of DHS missions.

The office also gave advice on projects under the U.S.-Canada Beyond the Boarder Action Plan.

While the Privacy Office is creating standards for its traditional data, it is also making a framework for less traditional types of data like biometrics.

The recently completed DHS biometrics strategic framework is aiming to inform the manner in which biometrics are and will be acquired, maintained, used and shared by DHS partners on an enterprise level.

The framework emphasizes categorizing information according to the purpose of its original collection and creating an internal DHS governance structure to prioritize and manage biometric portfolio objectives, the report states.