Report: DHS must do more to protect personal info

The Homeland Security Department is not doing enough to protect personal identifying information within its computer systems, according to a new report from DHS Inspector General Richard L. Skinner.

Personal identifying information is any information that can be used to identify a person. It includes, for example, full name, telephone number, e-mail address, credit card numbers and date of birth.

While the department has performed draft assessments of privacy impacts and risks to most of its 699 systems, the final validations and approvals by the DHS Privacy Office are not yet complete, the report said.

Of the 699 computer systems within the department, 95 percent or more had been subjected to a security plan, security categorization and draft privacy threshold assessment as of September 2006, the report said. Eighty-five percent had completed a risk assessment.

But only 155 systems, or 23 percent, of those assessments and plans were validated by the privacy office as of that date. Of the 52 systems required to be covered by a Privacy Impact Assessment, only 20 of those assessments were approved as of September 2006, the inspector general said.

'Until DHS completes and validates the security documentation, privacy threshold assessments and privacy impact assessments for its systems and programs, the department lacks assurance that the risks associated with sensitive data and personal identifying information have been determined and appropriate security controls have been identified,' the report said.

DHS also needs to complete encryptions of data on laptop computers and to strengthen protections of data during storage, and in transit, the 26-page report concludes.

Alice Lipowicz is a staff writer for Government Computer News' affiliate publication, Washington Technology.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected