For your eyes only: DHS develops privacy guidelines for Science and Technology Directorate

The Homeland Security Department has developed new privacy guidelines for its Science and Technology Directorate.

DHS’ "Principles for Implementing Privacy Protections in S&T Research" will incorporate privacy protections into sensitive research conducted by the directorate, while allowing it to provide advanced tools, technologies and systems related to homeland security. DHS also has established a Privacy Office to address these concerns. An example of research affected by the new privacy rules is the development of new physical screening technologies.

Key principles of the guidelines include a privacy assessment, to be conducted jointly by the directorate and the Privacy Office. The privacy assessment “will be an integral part of the design, development and implementation of any S&T research project that is privacy-sensitive or involves or impacts personally identifiable information,” according to the agency. Other principles include purpose specification, transparency, data quality and integrity, data minimization, use limitation, data security, training, audit, and redress.

Purpose specification addresses the scope and purpose of any directorate project, which will be created through a review of both internal and external experts. Transparency addresses privacy impact. For transparency, privacy impact assessments will be made in conjunction with the Privacy Office for all research projects potentially impacted by privacy issues, and the group will publish privacy impact assessments for all nonclassified research.

The group will attempt to use only accurate and appropriate data for the project (data quality and integrity) and will use the least amount of private data consistent with the purpose of the project (data minimization). Projects will only use data in a manner consistent with disclosures in privacy impact assessments and Privacy System of Records Notices, consistent with privacy notices and policies that apply to data originally collected by the private sector (use limitation). Additionally, researchers will maintain data security, receive training on DHS’ privacy policy and protections built into individual research projects, and use audit procedures to ensure compliance. The Privacy Office and the directorate’s privacy officer will develop and administer a redress program to handle inquiries, complaints and provide relief.

The principles appear in an appendix to “Data Mining: Technology and Policy,” the Privacy Office’s 2008 report to Congress on DHS data mining activities. The report is available on the Privacy Office’s Web site.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.