|
Adopt Protections to Guide Info Sharing, Advisors Say |
|
|
|
|
by Mickey McCarter
|
|
Monday, 06 July 2009 |
Paper recommends guidelines for protecting data within and outside DHS
When sharing information with agencies outside the Department of Homeland Security (DHS), the department should craft information-sharing agreements to protect the privacy of personal data information relayed to those agencies, recommended an advisory committee on data privacy in a recent white paper.
DHS is compelled to share law enforcement and homeland security data with other agencies under the aegis of the Information Sharing Environment (ISE), as mandated by the Intelligence Reform and Terrorism Prevention Act (IRTPA) (Public Law 108-458), noted the DHS Data Privacy and Integrity Advisory Committee in a white paper titled "DHS Information Sharing and Access Agreements."
But in doing so, DHS should follow a policy to require information-sharing and access agreements (ISAAs) for information shared with other agencies, recommended the paper, released publicly on July 2.
"The ISAAs must be a critical element of the Department's data governance model and must include central controls for managing the risks of unauthorized use, uncontrolled sharing, and non-compliant information processes," the paper stated.
Protecting the privacy of personal information becomes important when that information leaves the agency that collected it, the paper said, but DHS has valid reasons for sharing information to the ISE and across the department under the One DHS initiative. Generally, this process involves a determination as to whether sharing information is appropriate and then a determination as to how the data should be shared--the type and volume of the data in addition to the method of sharing it.
The report endorses the use of these determinations in every case of information sharing but also suggests the extra step of reviewing whether personal data would be shared and protected as appropriate once it is shared.
Adopting privacy protections for personal data is important because "IRTPA and the One DHS policy could potentially lead to widespread sharing of personal data, not only within DHS, but also between DHS and other US federal agencies, as well as between DHS and other non-federal government agencies, including those of other countries," the report cautioned.
The DHS Data Privacy and Integrity Advisory Committee also made a number of specific recommendations, which it broke down into five categories: oversight, threshold analysis, sharing agreements, communications, and audit procedures.
The recommendations to the secretary of Homeland Security include:
- Direct DHS components to use ISAAs and setting up a review board to assure privacy protection;
- Require chief privacy officers to conduct a threshold analysis when they receive a request for information sharing;
- Document components of an ISAA based on privacy policy;
- Develop and implement an information sharing training program for chief privacy officers and a communications protocol to support those officers; and
- Measure complains with the process of information sharing and an ISAA's terms through auditing standards and protocols.
"Implementation of this information sharing process has the potential to substantially mitigate risk to individuals," the paper concluded.
|
Mickey McCarter |
| About the author: |
| eNewsletter Editor/Senior Washington Correspondent,
is a journalist with more than a decade of experience in reporting
on
military affairs and information technology.
|
| Read More >> | |
Columns 
