The 9/11 Commission Act included a section called The Federal Agency Data Mining Reporting Act of 2007, which requires the DHS Privacy Office, led by the Chief Privacy Officer, to report to Congress on its implementation of the Act. The Privacy Office just released its report. The new report, “Data Mining: Technology and Policy,” discusses current data mining activities, as well as those under development in the Department. It covers the following ground:
• How DHS programs satisfy the Act’s definition of “data mining”
• The Privacy Office’s public workshop, Implementing Privacy Protections in Government Data Mining (July 24-25, 2008)
• The Principles for Implementing Privacy Protections in S&T Research Projects, which are the newly-announced privacy principles, including those that involve data mining
The report focuses on three major programs:
1. Automated Targeting System (ATS) Inbound, Outbound, and Passenger modules (CBP)
2. the Data Analysis and Research for Trade Transparency System, (ICE)
3. Freight Assessment System, (TSA)
The report provides each program’s purpose and methodology, technology, legal authority, and sources of data, along with an assessment of how well the program is doing.
A challenge for the homeland security community has been the reactive nature of the privacy-related efforts undertaken. Often the Privacy Impact Assessments and other measures are conducted after a technology is developed. Many in the broader policy community and industry have begun suggesting that privacy protections be made a part of technologies, or that technologies be developed for the sole purpose of protecting privacy.
The Privacy Office’s public workshop on Implementing Privacy Protections in Government Data Mining assembled academics, government researchers, policy and technology experts, and privacy advocates this summer to discuss the privacy issues associated with government data mining. One of the outcomes of the workshop was an effort by the Privacy Office and DHS S&T to develop privacy principles that could be embedded in S&T’s research and development projects involving data mining.
This effort led to a set of Principles for Implementing Privacy Protections in S&T Research, which S&T has agreed will govern “new research performed at S&T laboratories, S&T-sponsored research conducted in cooperation with other Federal government entities, and research conducted by external performers under a contract with S&T.”
Many thanks to reader WRC for sending in the notice about this report’s release.