The Federal Agency Data Mining Reporting Act of 2007, 42 U.S.C. § 2000ee-3, requires DHS to report annually to Congress on DHS activities that meet the Act’s definition of data mining. For each identified activity, the Act requires DHS to provide:
1) a thorough description of the activity;
2) the technology and methodology used;
3) the sources of data used;
4) an analysis of the activity’s efficacy;
5) the legal authorities supporting the activity; and
6) an analysis of the activity’s impact on privacy and the protections in place to protect privacy.
This is the sixth comprehensive DHS Data Mining Report, and the fourth report prepared pursuant to the Act. Two Annexes to this report that include Law Enforcement Sensitive Information and Sensitive Security Information, respectively, are being provided separately to Congress as required by the Act.
The 2011 Data Mining Report, was recently provided to Congress and describes Department of Homeland Security (DHS) programs, both operational and in development, that involve data mining as defined by the Federal Agency Data Mining Reporting Act of 2007.
Mary Ellen Callahan, Chief Privacy Officer, U.S. Department of Homeland Security states in this report, “…when it created DHS, Congress authorized the Department to engage in data mining and other analytical tools in furtherance of Departmental goals and objectives. Consistent with the rigorous compliance process applied to all DHS programs and systems, the DHS Privacy Office has worked closely with the programs discussed in this report to ensure that they employ data mining in a manner that both supports the Department’s mission to protect the homeland and protects privacy. “
This year’s report also includes a new section on the Land module of the Automated Targeting System (ATS-Land), which now uses vehicle licensing information and ATS risk-based rules to assess the risk posed by vehicles and their occupants at U.S. land borders, and a brief summary of U.S. Customs and Border Protection (CBP’s) Analytical Framework for Intelligence (AFI), a strategic intelligence program currently in development.
In addition, and as part of this reports process, the DHS Privacy Office’s compliance process requires systems and programs using Personally Identifiable Information (PII) to complete federally-mandated privacy documentation, consisting of a Privacy Impact Assessment (PIA), as required by the E-Government Act, and a System of Records Notice (SORN), as required by the Privacy Act, before they become operational. With the exception of AFI, all programs discussed in this report have issued PIAs and are covered by SORNs. AFI, which is not yet operational, is currently working with the Office to complete its PIA and SORN.
There is also an Acronym Listing on Page 27 of the report which might be a good tool to add to your organizations’ HR privacy issues related resource library.
Click here to read the full report. Please pass this information along to those information security, privacy control and risk assessment or management teams in your organization.
If applicable, it might also be good additional reading materials for business continuity and PS-Prep strategy planning groups.
Inquiries relating to this report may be directed to the DHS Office of Legislative Affairs at 202-447-5890.