FACA Committee Purpose & Justification The information in this plan was imported from the Federal Advisory Committee Act (FACA) database and transformed into StratML Part 1, Strategic Plan, format. Fiscal Year:2011 Committee Type: Other Data Privacy and Integrity Advisory Committee DHS 44d3fc03-e8af-4ccd-b6c0-8d1d76a2c0b8 [21492]: http://www.dhs.gov/privacy Department of Homeland Security [654]: http://www.dhs.gov Sponsoring Agency Beneficiary Ana Anton Professor of Computer Science, North Carolina State University Committee Member Special Government Employee (SGE) Performer Ramon Barquin President, Barquin International Committee Member Special Government Employee (SGE) Performer J. Howard Beales III Professor of Stategic Management and Public Policy; George Washington University School of Business Committee Member Special Government Employee (SGE) Performer Renard Francois Attorney, Data Protection and Data Privacy, Caterpillar, Inc. Committee Member Special Government Employee (SGE) Performer A. Michael Froomkin Professor of Law, University of Miami School of Law Committee Member Special Government Employee (SGE) Performer Joanna Grama Information Security Policy and Compliance Director, Purdue University Committee Member Special Government Employee (SGE) Performer David Alfred Hoffman Director of Security Policy and Global Privacy Officer, Intel Corporation Committee Member Special Government Employee (SGE) Performer Lance Hoffman Distinguished Research Professor, Engineering and Applied Science, George Washington University Committee Member Special Government Employee (SGE) Performer Joanne McNabb Chief, Office of Privacy Protection, California Department of Consumer Affairs Committee Member Special Government Employee (SGE) Performer Lisa S. Nelson Assistant Professor, University of Pittsburgh Graduate School of Public and International Affairs and School of Law Committee Member Special Government Employee (SGE) Performer Gregory Nojeim Senior Counsel, Center for Democracy and Technology Committee Member Special Government Employee (SGE) Performer Charles Palmer Chief Technology Officer, Security and Privacy, IBM Corporation Committee Member Special Government Employee (SGE) Performer Lydia Parnes Partner, Wilson Sonsini Goodrich & Rosati, P.C. Committee Member Special Government Employee (SGE) Performer Christopher Pierson Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc. (Royal Bank of Scotland-RBS) Committee Member Special Government Employee (SGE) Performer Jules Polonetsky Co-Chair and Director, Future of Privacy Forum Committee Member Special Government Employee (SGE) Performer Richard Vincent Purcell Chief Executive Officer, Corporate Privacy Group Committee Member Special Government Employee (SGE) Performer John Thomas Sabo Director, Security and Privacy Initiatives, Computer Associates Committee Member Special Government Employee (SGE) Performer Ho Sik Shin General Counsel and Chief Privacy Officer, Millenial Media, Inc. Committee Member Special Government Employee (SGE) Performer Lisa J. Sotto Partner, Head of Privacy and Information Management Practice, Hunton and Williams, LLP Committee Member Special Government Employee (SGE) Performer Barry Steinhardt Senior Advisor, Privacy International Committee Member Special Government Employee (SGE) Performer Not Available 00543fe1-20be-4df8-b35b-61cabd108113 The DHS Data Privacy and Integrity Advisory Committee advises the Secretary of the Department of Homeland Security and the DHS Chief Privacy Officer on programmatic, policy, operational, administrative, and technological issues within the DHS that relate to personally identifiable information (PII), as well as data integrity and other privacy-related matters. Since its inception, the DPIAC has provided relevant, timely guidance on implementing privacy in a variety of DHS programs and systems, and on best practices for the Department’s collection, use, sharing, and retention of PII. The Committee has set out its guidance in nine public reports posted on the Committee’s webpage at www.dhs.gov/privacy.The Committee’s work is integral to implementation of the Department of Homeland Security’s mission to secure America. Protecting constitutional rights and American values is one of the Guiding Principles set out in the Department’s 2008-2013 Strategic Plan, which states that the Department “will always respect and preserve the individual rights enshrined in our Constitution and protect the privacy of our citizens and visitors.” The Committee has a significant impact on the Department’s adherence to this Principle by providing guidance on building privacy into Department programs and systems without compromising the Department’s efforts to protect the homeland. af162231-f848-4e16-8e35-fe81d5340a07 Recommandations Not Available 32e35e10-a50f-4f1f-b1c4-b43f009d9b38 Make, Accept, Implement a544d989-9067-4795-b5b0-d61a768cdd3a 807d1841-fae1-4398-b6b1-ef5fd644955d Recommendations Made Number Data Privacy and Integrity Advisory Committee Department of Homeland Security Unspecified n/a 2010-10-01 2011-09-30 Since its inception in 2005, the Committee has issued approximately 75 recommendations, as follows:Report No. 2005-01 (“The Use of Commercial Data to Reduce False Positives in Screening Programs”) (September 28, 2005) recommends that the Department use commercial data in screening programs only where enumerated privacy and security criteria are satisfied. Report No. 2005-02 (“Recommendations on the Secure Flight Program”) (December 6, 2005) includes five recommendations to enhance the transparency of the Secure Flight Program and to protect the privacy of individuals whose personal information is collected under the Program’s auspices.Report No. 2006-01 (“Framework for Privacy Analysis of Programs, Technologies, and Applications”) (March 7, 2006) recommends a five-step process for (1) identifying and assessing current or potential privacy impacts of Department systems and programs, and (2) developing ways to mitigate identified privacy impacts.Report No. 2006-02 (“The Use of RFID for Human Identity Verification”) (December 6, 2006) recommends (1) an analytical framework for evaluating the use of Radio Frequency Identification (RFID)-enabled credentials at border crossings and (2) best practices for using RFID-enabled credentials to identify individuals.Report No. 2006-03 (“The Use of Commercial Data”) (December 6, 2006) includes seven recommendations for using commercial data in a privacy-protective manner in Department programs generally, building upon the specific guidance for use of commercial data in screening programs set out in Report No. 2005-01.Report No. 2007-01 (“Notice of Proposed Rulemaking for Implementation of the REAL ID Act”) includes twelve recommended changes in or additions to the proposed REAL ID Rule, submitted in response to the Department’s Notice of Proposed Rulemaking. The recommendations focus on security issues, accountability for personal information, notice, individual access to information, and the types of information required to be stored in the machine-readable zone on REAL-ID-compliant driver’s licenses and identification cards.Report No. 2008-01 (“Recommendations on Addressing Privacy Impacts in Department of Homeland Security Grants to State, Local, and Tribal Governments and other Organizations”) (September 17, 2008) recommends that certain enumerated questions concerning prospective grantees’ collection and use of personal information be added to Department grant application forms.Report No. 2008-02 (“Options for Verifying the EIN or Otherwise Authenticating the Employer in the E-Verify Program”) (December 3, 2008) includes seven recommendations on enhancing the DHS E-Verify Program’s ability to authenticate the identity of employers who use the E-Verify system.Letter to DHS Secretary Napolitano and Acting Chief Privacy Officer John W. Kropf (February 3, 2009) includes sixteen recommendations for the Obama Administration on DHS Privacy Office operations and structure, as well as current and proposed privacy initiatives for the Department.Report No. 2009-01 (“A White Paper: DHS Information Sharing and Access Agreements”) (May 14, 2009) includes seven recommendations on DHS oversight of Information Sharing Access Agreements (ISAA), ISAA preparation and review, communications supporting ISAAs, and audit procedures related to the information sharing process and ISAA terms.Report No. 2010-01 ("The Elements of effective Redress Programs")(March 28, 2010) includes nine recommendations on developing, deploying, and monitoring effective privacy redress programs. The recommendations focus on accountability; effective notice; employee training; assuring appropirate correction or annotation of personal information, where warranted; auditing; and transparent, impartial appeals processes.Report No. 2010-02 ("Recommendations for the PIA Process for Enterprise Services Bus Development")(Marh 18, 2010) includes six recommendations for taking privacy considerations into account in the development, implementation, and deployment of an Enterprise Service Bus.Report N0.2011-01 (Privacy Policy and Technology Recommendations for a Federated Information-Sharing System)(TBD) The Committee is in the process of completing this report. It will be issued to the Department in early FY2012. 75 2010-10-01 2011-09-30 b29f90bb-b72c-4dc8-81ab-2047cb86641f Recommendations Fully Accepted Percentage Data Privacy and Integrity Advisory Committee Department of Homeland Security For a variety of its own reasons not applicable to the Committee, the agency may implement all/most of the recommendations, but few times recommendations are not implemented. n/a 2010-10-01 2011-09-30 Report No. 2005-01 (“The Use of Commercial Data to Reduce False Positives in Screening Programs”): the Department has fully implemented the Committee’s recommended approach to the use of commercial data in screening programs.Report No. 2005-02 (“Recommendations on the Secure Flight Program”):The Department has fully implemented all five recommendations in this report aimed at building transparency and privacy-protective practices into the Secure Flight Program.Report No. 2006-02 (“The Use of RFID for Human Identity Verification”) (December 6, 2006): The Department employs the recommended analytical framework for evaluating the use of Radio Frequency Identification (RFID)-enabled credentials and has implemented the best practices set forth in the Report for using RFID-enabled credentials to identify individuals.Report No. 2006-03 (“The Use of Commercial Data”): The Department has fully implemented six of the recommendations for using commercial data in a privacy-protective manner in Department programs.Report No. 2008-02 (“Options for Verifying the EIN or Otherwise Authenticating the Employer in the E-Verify Program”): the Department has implemented, or is in the process of implementing, all seven recommendations set out in this Report.Letter to DHS Secretary Napolitano and Acting Chief Privacy Officer John W. Kropf (February 3, 2009): the Department has fully implemented of thirteen of the sixteen recommendations set out in this letter, and the Chief Privacy Officer referred to all of the recommendations as she developed her 2009 goals for the DHS Privacy Office and systematizing privacy throughout the Department in the coming year.Report No. 2009-01 (“A White Paper: DHS Information Sharing and Access Agreements”) (May 14, 2009). The Department has developed a 3-part process for managing the information sharing access agreement (ISAA) lifecycle that incorporates the recommendations provided in the this report by embedding privacy protections in the Department's ISAAs.Report No. 2010-01 (“The Elements of effective Redress Programs”) (March 28, 2010): In response to this report, the Department has issued policy directives to facilitate the sharing of corrected traveler data with those who need to know it, in order to prevent misidentifications based on inaccurate data from producing an adverse impact on travelers in the future. 73 2010-10-01 2011-09-30 02af224b-81e1-4d40-9cf3-e151e0a06113 Recommendations Partially Accepted Percentage Data Privacy and Integrity Advisory Committee Department of Homeland Security There are sometimes a few proposals which were not funded in their entirety, those few being scaled back from their original level of requested funding (allowable under the program). n/a 2010-10-01 2011-09-30 Report No. 2006-01 (“Framework for Privacy Analysis of Programs, Technologies, and Applications”): The DPIAC employs the Framework set forth in this report to provide transparency to the public on how it reviews Department programs and systems.Report No. 2007-01 (“Notice of Proposed Rulemaking for Implementation of the REAL ID Act”): Some of the Committee’s recommendations regarding state security policies and procedures are addressed in guidance provided to the States by the Department pursuant to the Final Real ID Rule.Report No. 2010-01 (“The Elements of effective Redress Programs”) (March 28, 2010) includes nine recommendations on developing, deploying, and monitoring effective privacy redress programs. In response, the Department has (1) clarified lines of authority and accountability for its traveler redress process; (2)refined its process for ensuring that corrected personal information is disseminated to those with a need to know it; and (3) improved its website for the Traveler Redress Inquiry Program (DHS TRIP),which provides transparency by explaining the process in plain language and in an easy to read format, as well as linking to the Privacy Impact Assessment and System of Records Notice for the Department’s redress and response records system. The Report remains a valuable resource for the Department’s ongoing efforts to enhance its redress programs.Report No. 2010-02 ("Recommendations for the PIA Process for Enterprise Services Bus Development") (March 18, 2010) includes six recommendations for taking privacy considerations into account in the development, implementation, and deployment of an Enterprise Service Bus. The Department's review and implementation of these recommendations is ongoing. The DHS Privacy Office plans to use the Committee’s recommendations on improving the Privacy Impact Assessment (PIA) process for Service Oriented Architecture to (1)create a new Privacy Threshold Analysis (PTA) document to conduct initial assessments of the privacy impacts of Department Enterprise Service Buses and (2) a template PIA to standardize privacy protections for ESBs used across the Department. 24 2010-10-01 2011-09-30 2010-10-01 2011-09-30 2013-07-09 http://explore.data.gov/resource/datasets/c5i3-bb9j Gannon (J.) Dick gannon_dick@yahoo.com Submit error.