FB pixel

Is data privacy a priority for DHS? Policy compliance looks an afterthought — watchdog report

Is data privacy a priority for DHS? Policy compliance looks an afterthought — watchdog report
 

A fairly damning report by a federal watchdog agency puts in doubt the lip service given by Department of Homeland Security agencies that the privacy of the governed is a government priority.

DHS’ inspector general office issued a report this week saying that the department “does not yet have effective oversight to ensure consistent execution” of its own internal privacy program.

The department created the program as part of its dedicated privacy office. According to the inspector general’s report, DHS has done too little to make sure citizen privacy is respected to the greatest extent practical as agents act to protect against domestic and foreign threats.

No controls have been created by the privacy office to guarantee that mandated compliance documentation and information sharing agreements be completed much less submitted. Nor have Homeland Security officials bothered to see if required privacy training has been completed, according to the report.

The result, says the inspector general’s office, is that DHS could be missing privacy risks in programs and systems. And the “inappropriate dissemination” of individuals’ personal information could be happening unabated.

Personally-identifiable information (PII) held by DHS includes the second-largest biometrics databases in the world, which contains at least 230 million biometric records, with new biometric records collected for immigration purposes expected to spike from just under 4 million to 6 million a year following a recent policy change.

Without privacy controls, the federal government might find itself alienating the growing number of citizens realizing how valuable their personal data is to them and how devastating it can be when that data is lost, stolen or misused.

Inspector general staff suggested three remedies, all of which they concur with, according to the report.

The department must create autonomous processes that schedule “timely and periodic reviews” of its privacy threshold analyses and privacy impact assessments.

Officials also must develop and deploy ways to guarantee reviews of all planned information sharing access agreements that involve personally identifiable data. And they have to formally communicate to personnel the necessity to perform the reviews.

Last, methods have to be implemented to make sure personnel are completing mandatory privacy training. The percentage of staff not completing annual training has dropped from 19 percent in 2017 to 12 percent in 2019, but that still means that more than one in 10 employees assigned to take training are not complying.

The Transportation Security Administration had the best record of compliance in 2019 — just four percent had not completed privacy awareness training. But fully 51 percent of staff working at DHS’ headquarters had not undergone training that year.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

World Economic Forum looks to get a GRIP on global regulatory environment

A new piece written by the World Economic Forum (WEF)’s head of digital inclusion, Kelly Ommundsen, looks at the gap…

 

Respected legal authority frames age assurance legislation as segregation, suppression

Language plays a fundamental role in how concepts and technologies are introduced into and evolve alongside society. The debate over…

 

New high scores in fingerprint biometrics accuracy for Dermalog, ROC, Innovatrics

New algorithms submitted to the U.S. National Institute of Standards and Technology for its Proprietary Fingerprint Template (PFT) Evaluation have…

 

Australia’s safety code for search tools takes effect, with age verification rules

Like its counterparts in the EU and UK, Australia’s digital regulator is beginning to formalize its online safety codes. The…

 

Age verification coming to major video game mod site in EU, UK

Want to make sweet love to that frost giant who lives in the fjord? You may have to prove your…

 

Ecuador upgrades border ID verification with Regula forensic devices

Ecuador is upgrading its border identity verification systems by deploying a range of Regula’s ID document examination devices. The deployment…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events