Skip to main content
Content Starts Here GSA Federal Advisory Committee Act (FACA) Database Skip to main content

Committee Detail

Hide Section - GENERAL INFORMATION

GENERAL INFORMATION

Committee NameData Privacy and Integrity Advisory CommitteeAgency NameDepartment of Homeland Security
Fiscal Year2019Committee Number21492
Original Establishment Date4/26/2004Committee StatusChartered
Actual Termination Date Committee URLhttps://www.dhs.gov/privacy-advisory-committee
New Committee This FYNoPresidential Appointments*No
Terminated This FYNoMax Number of Members*16 or more
Current Charter Date6/4/2018Designated Fed Officer Position Title*Deputy Chief of Staff
Date Of Renewal Charter6/4/2020Designated Federal Officer PrefixMs.
Projected Termination Date Designated Federal Officer First Name*Sandra
Exempt From Renewal*NoDesignated Federal Officer Middle NameL
Specific Termination AuthorityDesignated Federal Officer Last Name*Taylor
Establishment Authority*Agency AuthorityDesignated Federal Officer Suffix
Specific Establishment Authority*Secretarial MemorandumDesignated Federal Officer Phone*(202) 343-1731
Effective Date Of Authority*4/26/2004Designated Federal Officer Fax*202-343-4010
Committee Type*ContinuingDesignated Federal Officer Email*sandra.taylor@hq.dhs.gov
Presidential*No
Committee Function*Other Committee
Hide Section - RECOMMENDATION/JUSTIFICATIONS

RECOMMENDATION/JUSTIFICATIONS

Agency Recommendation*Continue
Legislation to Terminate RequiredNot Applicable
Legislation StatusNot Applicable
How does cmte accomplish its purpose?*The Committee provides advice at the request of the Secretary and the Chief Privacy Officer of the Department of Homeland Security (DHS) (hereinafter “the Chief Privacy Officer”) on programmatic, policy, operational, security, administrative, and technological issues within DHS that relate to personally identifiable information (PII), as well as data integrity, transparency, openness, and other privacy-related matters.
How is membership balanced?*As the Committee Charter requires, members must be specially qualified to serve on the Committee by virtue of their education, training, and experience in the fields of data protection, privacy, and/or emerging technologies. Membership is balanced among individuals from the following fields:(A) Individuals who are currently working in the areas of higher education or research in public (except Federal) or not-for-profit institutions; and(B) Individuals currently working in non-governmental industry or commercial interests, including at least one who must be familiar with the data concerns of small to medium enterprises.
How frequent & relevant are cmte mtgs?*The Committee typically holds at least one public meeting per fiscal year. Meeting agendas include presentations to the Committee on cutting-edge privacy issues affecting the Department of Homeland Security (DHS) and on DHS programs that collect and/or use Personally Identifiable Information, including the steps taken to address privacy and challenges faced in providing those protections. These presentations are intended to inform members on the department's activities so they can better assess privacy best practices in their recommendations.
Why advice can't be obtained elsewhere?*The establishment of this Committee and the subject matter experts appointed therein demonstrate the Department’s commitment and efforts to increase transparency and to protect the privacy of individuals and protect the personal data held by the Department. The Committee remains relevant and necessary as it has provided advice on a variety of Department programs and proposals from the Department and the impact of those programs on individual privacy. Public hearings would not be an appropriate venue for obtaining this type of expert advice, and there is no other committee within the Department that addresses privacy and data integrity issues.
Why close or partially close meetings?Subcommittee meetings were closed.
Recommendation RemarksSince its inception, the DHS Data Privacy and Integrity Advisory Committee has provided relevant and timely guidance on implementing privacy in a variety of DHS programs and systems, and on best practices for the Department’s collection, use, sharing, and retention of personally identifiable information (PII). The Committee has set out its guidance in 18 public reports posted on the Committee’s webpage at https://www.dhs.gov/privacy-advisory-committee.
The Committee’s work is integral the Department of Homeland Security’s mission to secure America while protecting constitutional rights and American values. The Committee has a significant impact by providing guidance on programmatic, policy, operational, security, administrative, and technological issues within DHS that relate to personally identifiable information (PII), as well as data integrity, transparency, openness, and other privacy-related matters.

The Committee serves to enhance the transparency of DHS programs, and public trust, by publicly discussing privacy, security, and data integrity issues associated with DHS programs and identifying steps the Department can take to mitigate any negative effects those programs may have on privacy. The Committee’s meetings also provide the public an opportunity to hear how the Department has acted on Committee recommendations.

The Committee has had a direct impact on Department operations in a number of ways. The Committee’s guidance has informed the Department’s efforts generally to ensure that DHS programs and systems are operated consistent with the Privacy Act of 1974, the E-Government Act of 2002, and OMB guidance related to the privacy and security of personal information. More specifically, the Committee’s recommendations on the Secure Flight and E-Verify Programs (Report Nos. 2005-02 and 2008-02, respectively) led directly to changes in how those programs use personal information – and, in the case of E-Verify, how program users’ identities are authenticated – that have streamlined the Department’s interactions with program users.

In response to the Committee’s two reports on the use of commercial data (Report Nos. 2005-01 and 2006-03), the Department amended its Privacy Impact Assessment (PIA) template – used to analyze the potential effects on privacy of every DHS program, system, technology, or rulemaking that involves PII – to include a section on risks to privacy related to the collection and use of commercial data and how those risks have been mitigated. The Committee’s report on Radio Frequency Identification (RFID)-enabled credentials (Report No. 2006-02) includes a framework for analyzing how RFID can affect privacy and a set of best practices for using RFID in a privacy-protective manner, both of which have been implemented by the Department.

During FY 2010, the Department considered a number of the recommendations included in the Committee’s May 2009 report on privacy protections for personal information shared with external organizations pursuant to DHS Information Sharing Access Agreements (ISAAs) (Report No. 2009-01) to build privacy protections into a 3-part governance process for DHS ISAAs with external entities.

The Department has also benefited significantly from the Committee’s recommendations in Report No. 2010-02 (“Recommendations for the PIA Process for Enterprise Services Bus Development”). The DHS Privacy Office used the Committee’s recommendations to develop DHS Privacy Policy Guidance Memorandum No. 2011-02, entitled “Roles and Responsibilities for Shared IT Services” (June 30, 2011), which provides guidance on privacy protections for shared IT services within the Department. The DHS Privacy Office also plans to use the Committee’s recommendations on improving the Privacy Impact Assessment (PIA) process for Service Oriented Architecture to create (1) a new Privacy Threshold Analysis (PTA) to conduct initial assessments of the privacy impacts of Department Enterprise Service Buses (ESB) and (2) a template PIA to standardize privacy protections for ESBs used across the Department.

Throughout FY 2011-14 the Committee engaged in an extended, intensive effort to provide the Department advice on building privacy protections into infrastructure to support intra-departmental information sharing. This effort led to publication of a report and recommendations entitled “Privacy Policy and Technology Recommendations for a Federated Information-Sharing System” (DPIAC Report 2011-01) posted December 2011. As the report was being drafted, the attendant consultations shaped the Department’s work on infrastructure. DHS gave intensive consideration to the report’s recommendations and continues to take them into account as its work in this area continues. This guidance continued to inform the department’s discussions and decisions in this area throughout FY 2013 and 2014. The department is actively incorporating DPIAC recommendations on access and use controls; applicable privacy policies (including completing PIAs – four pending – and SORNs throughout the pilot process); data integrity; audit trails; data security and retention; and redress. DPIAC Reports numbered 2014-01 and 2014-02, submitted September 22, 2014, provide the department with recommendations to improve public notice and transparency as well as to improve auditing and oversight of the DHS Data Framework (“big data”). These recommendations will be considered in FY2015.

The Department also continues to take into account the Committee’s other FY 2010 report, entitled “The Elements of Effective Redress Programs” (Report No. 2010-01), as it works to streamline and enhance its redress programs. The Report includes nine recommendations focusing on: accountability; effective notice; employee training; assuring appropriate correction or annotation of personal information, where warranted; auditing; and transparent, impartial appeals processes.

The Committee submitted DPIAC Recommendations Paper 2012-01 on November 7, 2012 that set forth recommendations for DHS to consider when evaluating the effectiveness of cybersecurity pilots, and for specific privacy protections DHS can consider when sharing information from a cybersecurity pilot with other agencies. The report included 41 recommendations for DHS to consider. The Privacy Office parsed the recommendations into a list of discrete actions DHS could take to implement the recommendations – according to four categories (which match the privacy organization within the department). We continue to work through the recommendations and are coordinating with the Component Privacy Offices throughout the Department.

DPIAC Recommendations Paper 2012-02, submitted on November 7, 2012, sets forth recommendations for DHS to consider when determining whether the collection and use of a biometric is warranted, and recommends specific privacy protections for DHS to consider when using biometrics for identification purposes. The report included 15 recommendations for DHS to consider and we continue to work through the recommendations by coordinating with the Component Privacy Offices throughout the Department.

In FY 2013, the Department received Recommendations Paper 2013-01 that makes twelve recommendations for DHS to consider when considering the use of live data in research, testing or training, and for specific privacy protections DHS can consider when that live data includes personally identifiable information. While the Department has already implemented many of these recommendations, the Privacy Office continues to assess the feasibility of implementing others to continue to build privacy best practices into DHS programs.

During the September 2014 full Committee meeting, the Chief Privacy Officer tasked the Committee to provide written guidance on privacy best practices for DHS retention of data and access related to behavioral analysis in cybersecurity initiatives. Specifically, the Committee was asked to consider and address how long such data can be retained, who can access the data collected by these programs and under what circumstances these individuals are permitted access, and what should be included in any human review of indicators or outputs. The tasking was assigned to the Committee's Cyber Subcommittee who should issue a deliverable in January 2016.

Because the Department continues to evaluate its risk-based approach to passenger prescreening programs, in October 2014, the Committee was tasked to provide guidance on privacy best practices for developing an algorithm to develop low risk based on services from commercial vendors in the TSA Pre-Check Program. Specifically, because TSA was considering contracting with a commercial provider to develop an algorithm that would manipulate commercial data to assist in determining risk factors, the Department determined to leverage the resources of the DPIAC to provide privacy best practices. The Department requested written guidance with respect to the use of data algorithms using commercial risk criteria to determine whether an individual poses a low risk to aviation security. The Committee provided draft recommendations, but the tasker was cancelled in January 2015.

On January 16, 2015, the DHS Chief Privacy Officer requested that the Committee provide guidance on how best to address privacy protection in the conduct of “behavioral analytics” in cybersecurity programs. More specifically, “how best to protect privacy while achieving the cybersecurity goals of such analysis across the various stages of the information lifecycle … and what should be included in any human review of indicators or outputs”. The Committee provided the Department with recommendations on how to better define what is Algorithmic Analytics; key considerations on algorithmic analytics; how to collect; encrypt; store and share the information obtained.

In September 2015, Department of Homeland Security (DHS) Chief Privacy Officer asked the Data Privacy and Integrity Advisory Committee to provide written guidance on best practices for notifying individuals impacted by a large-scale data breach. In February 2017, the Committee provided four recommendations to the Department to consider. Those recommendations are useful and will be included in our updated Privacy Incident Handling Guide.

In September 2017, the Department of Homeland Security (DHS) Chief Privacy Officer asked the Data Privacy and Integrity Advisory Committee to identify best practices for protecting data linked for statistical purposes,
including "crosswalk" files containing identifiers, from both an Information Technology and policy perspectives; and identify data disclosure methods, and whether it is advisable to considerable variable controls for releases to different audiences/mediums. If such controls were utilized, what policy controls should be considered? Recommendations are forthcoming.

In September 2017, the Department of Homeland Security (DHS) Chief Privacy Officer asked the Data Privacy and Integrity Advisory Committee to provide best practices for the use of biometrics, specifically facial recognition technology. Recommendations are forthcoming.
Hide Section - PERFORMANCE MEASURES

PERFORMANCE MEASURES

Outcome Improvement To Health Or Safety*NoAction Reorganize Priorities*Yes
Outcome Trust In GovernmentYesAction Reallocate ResourcesYes
Outcome Major Policy ChangesYesAction Issued New RegulationsNo
Outcome Advance In Scientific ResearchNoAction Proposed LegislationNo
Outcome Effective Grant MakingNoAction Approved Grants Or Other PaymentsNo
Outcome Improved Service DeliveryYesAction OtherNo
Outcome Increased Customer SatisfactionYesAction CommentAs noted in response to earlier questions, the Committee’s recommendations on the Secure Flight and E-Verify Programs (Report Nos. 2005-02 and 2008-02, respectively) led directly to changes in how those programs use personal information and, in the case of E-Verify, how program users’ identities are authenticated. The Committee’s two reports on the use of commercial data (Report Nos. 2005-01 and 2006-03) changed the Department’s approach to how it analyzes its use of commercial data not only in screening programs but in DHS programs generally. The Department amended its Privacy Impact Assessment (PIA) template - used to analyze the potential effects on privacy of every DHS program, system, technology or rulemaking – to operationalize this new approach throughout the Department. The Committee’s report on Radio Frequency Identification (RFID)-enabled credentials (Report No. 2006-02) led the Department to refine its method of analyzing how RFID can affect privacy and to adopt the Committee’s recommended best practices for using RFID in a privacy-protective manner. During FY 2010, the Department took into consideration recommendations included in the Committee’s May 2009 report on privacy protections for personal information shared with external organizations pursuant to DHS Information Sharing Access Agreements (ISAAs) (Report No. 2009-01) to build a 3-part governance process for negotiating and implementing DHS ISAAs.The Department has taken into account the recommendations included in Committee Report No. 2010-02 (“Recommendations for the PIA process for Enterprise services Bus Development”). The DHS Privacy office used the Committee’s recommendations to develop DHS Privacy Policy Guidance Memorandum No. 2011-02, entitled “Roles and Responsibilities for Shared IT Services,” which provides guidance on privacy protections for shared IT services within the Department. As a direct result of the Committee’s recommendations in Report No. 2008-01 (“Recommendations on Addressing Privacy Impacts in Department of Homeland Security Grants to State, Local, and Tribal Governments and other Organizations”) (September 17, 2008), the Privacy Office worked closely with FEMA to update the May 2011 GPD Preparedness Grant Programs Guidance and Application Kit, which includes a recommendation that all grantees who collect PII have a publicly-available privacy policy that describes what PII they collect, how they use the PII, whether they share PII with third parties, and how individuals may have their PII corrected where appropriate. PIA guidance is available on the Privacy Office website. Further in FY12, the Department took the lead in the Federal government on developing governance and technical standards for data aggregation systems. The Committee’s Report No. 2011-01 (“Privacy Policy and Technology Recommendations for a Federated Information-Sharing System”) (December 6, 2011) continues to serve as one of the primary source documents for the Department’s use of “big data”. The Department is currently taking the lead in the Federal government on developing governance and technical standards for data aggregation systems. As the report was being drafted, the attendant consultations shaped the Department’s work on infrastructure. DHS gave intensive consideration to the report’s recommendations and continues to take them into account as its work in this area continues. This guidance continued to inform the department’s discussions and decisions in this area throughout FY 2013-2014. The department is actively incorporating DPIAC recommendations on access and use controls; applicable privacy policies; data integrity; audit trails; data security and retention; and redress. Implementation of recommendations from Reports No. 2014-01 (notice and transparency) and 2014-02 (audit and oversight), submitted to DHS on September 22, 2014, are not accounted for in this FY2014 report.
Outcome Implement Laws/Reg RequirementsYesGrants Review*No
Outcome OtherYesNumber Of Grants Reviewed0
Outcome CommentThe Committee serves to enhance the transparency of DHS programs, and public trust, by publicly discussing privacy issues associated with DHS programs and identifying steps the Department can take to mitigate any negative effects those programs may have on privacy. The Committee’s meetings also provide the public an opportunity to hear how the Department has acted on Committee recommendations.Number Of Grants Recommended0
Cost Savings*Unable to DetermineDollar Value Of Grants Recommended$0.00
Cost Savings CommentN/AGrants Review CommentNot Applicable
Number Of Recommendations*197Access Contact Designated Fed. Officer*Yes
Number Of Recommendations CommentSince its inception in 2005, the Committee has issued approximately 193 recommendations, as follows:Report No. 2005-01 (“The Use of Commercial Data to Reduce False Positives in Screening Programs”) (September 28, 2005) recommends that the Department use commercial data in screening programs only where enumerated privacy and security criteria are satisfied. Report No. 2005-02 (“Recommendations on the Secure Flight Program”) (December 6, 2005) includes five recommendations to enhance the transparency of the Secure Flight Program and to protect the privacy of individuals whose personal information is collected under the Program’s auspices.Report No. 2006-01 (“Framework for Privacy Analysis of Programs, Technologies, and Applications”) (March 7, 2006) recommends a five-step process for (1) identifying and assessing current or potential privacy impacts of Department systems and programs, and (2) developing ways to mitigate identified privacy impacts.Report No. 2006-02 (“The Use of RFID for Human Identity Verification”) (December 6, 2006) recommends (1) an analytical framework for evaluating the use of Radio Frequency Identification (RFID)-enabled credentials at border crossings and (2) best practices for using RFID-enabled credentials to identify individuals.Report No. 2006-03 (“The Use of Commercial Data”) (December 6, 2006) includes seven recommendations for using commercial data in a privacy-protective manner in Department programs generally, building upon the specific guidance for use of commercial data in screening programs set out in Report No. 2005-01.Report No. 2007-01 (“Notice of Proposed Rulemaking for Implementation of the REAL ID Act”) includes twelve recommended changes in or additions to the proposed REAL ID Rule, submitted in response to the Department’s Notice of Proposed Rulemaking. The recommendations focus on security issues, accountability for personal information, notice, individual access to information, and the types of information required to be stored in the machine-readable zone on REAL-ID-compliant driver’s licenses and identification cards.Report No. 2008-01 (“Recommendations on Addressing Privacy Impacts in Department of Homeland Security Grants to State, Local, and Tribal Governments and other Organizations”) (September 17, 2008) recommends that certain enumerated questions concerning prospective grantees’ collection and use of personal information be added to Department grant application forms.Report No. 2008-02 (“Options for Verifying the EIN or Otherwise Authenticating the Employer in the E-Verify Program”) (December 3, 2008) includes seven recommendations on enhancing the DHS E-Verify Program’s ability to authenticate the identity of employers who use the E-Verify system.Letter to DHS Secretary Napolitano and Acting Chief Privacy Officer John W. Kropf (February 3, 2009) includes sixteen recommendations for the Obama Administration on DHS Privacy Office operations and structure, as well as current and proposed privacy initiatives for the Department.Report No. 2009-01 (“A White Paper: DHS Information Sharing and Access Agreements”) (May 14, 2009) includes seven recommendations on DHS oversight of Information Sharing Access Agreements (ISAA), ISAA preparation and review, communications supporting ISAAs, and audit procedures related to the information sharing process and ISAA terms.Report No. 2010-01 (“The Elements of effective Redress Programs”) (March 28, 2010) includes nine recommendations on developing, deploying, and monitoring effective privacy redress programs. The recommendations focus on accountability; effective notice; employee training; assuring appropirate correction or annotation of personal information, where warranted; auditing; and transparent, impartial appeals processes.Report No. 2010-02 (“Recommendations for the PIA Process for Enterprise Services Bus Development”) (March 18, 2010) includes six recommendations for taking privacy considerations into account in the development, implementation, and deployment of an Enterprise Service Bus.Report No. 2011-01 (“Privacy Policy and Technology Recommendations for a Federated Information-Sharing System) (December 6, 2011) includes 16 recommendations that provide advice and analysis regarding a federated information-sharing program that has yet to be built.Report No. 2012-01 (“Recommendations on Privacy in Cybersecurity Pilot Programs”) (November 7, 2012) sets forth 41 recommendations for DHS to consider when evaluating the effectiveness of cybersecurity pilots, and for specific privacy protections DHS can consider when sharing information from a cybersecurity pilot with other agencies.Report No. 2012-02 (“Recommendations on Privacy in the Department’s Collection and Use of Biometrics”) (November 7, 2012) sets forth 15 recommendations for DHS to consider when determining whether the collection and use of a biometric is warranted, and recommends specific privacy protections for DHS to consider when using biometrics for identification purposes.Report No. 2013-01 (“Recommendations on the Use of Live Data in Research, Testing, or Training”) (September 12, 2013) sets forth 12 recommendations for DHS to consider when considering the use of live data in research, testing or training, and for specific privacy protections DHS can consider when that live data includes personally identifiable information.Report No. 2014-01 (“Guidance on Transparency and Notice in the Department of Homeland Security Data Framework”) (September 22, 2014) sets forth three recommendations for DHS to consider regarding notice and transparency related to use of the DHS Data Framework, including information sharing with other agencies.Report No. 2014-02 (“Privacy Recommendations Regarding Auditing and Oversight of the DHS Data Framework”) (September 22, 2014) sets forth 20 recommendations for DHS to consider when conducting oversight and audits of the DHS Data Framework.Report No. 2016-01 (Algorithmic Analytics and Privacy) (February 17, 2016) sets forth recommendations on privacy best practices for DHS retention of data and access related to behavioral analysis in cybersecurity initiatives.Access Agency WebsiteYes
% of Recs Fully Implemented*75.00%Access Committee WebsiteYes
% of Recs Fully Implemented CommentReport No. 2005-01 (“The Use of Commercial Data to Reduce False Positives in Screening Programs”): the Department has fully implemented the Committee’s recommended approach to the use of commercial data in screening programs.Report No. 2005-02 (“Recommendations on the Secure Flight Program”): The Department has fully implemented all five recommendations in this report aimed at building transparency and privacy-protective practices into the Secure Flight Program.Report No. 2006-02 (“The Use of RFID for Human Identity Verification”) (December 6, 2006): The Department employs the recommended analytical framework for evaluating the use of Radio Frequency Identification (RFID)-enabled credentials and has implemented the best practices set forth in the Report for using RFID-enabled credentials to identify individuals.Report No. 2006-03 (“The Use of Commercial Data”): The Department has fully implemented six of the recommendations for using commercial data in a privacy-protective manner in Department programs.Report No. 2008-02 (“Options for Verifying the EIN or Otherwise Authenticating the Employer in the E-Verify Program”): the Department has implemented, or is in the process of implementing, all seven recommendations set out in this Report.Letter to DHS Secretary Napolitano and Acting Chief Privacy Officer John W. Kropf (February 3, 2009): the Department has fully implemented of thirteen of the sixteen recommendations set out in this letter, and the Chief Privacy Officer referred to all of the recommendations as she developed her 2009 goals for the DHS Privacy Office and systematizing privacy throughout the Department in the coming year.Report No. 2009-01 (“A White Paper: DHS Information Sharing and Access Agreements”) (May 14, 2009). The Department has developed a 3-part process for managing the information sharing access agreement (ISAA) lifecycle that incorporates the recommendations provided in the this report by embedding privacy protections in the Department’s ISAAs.Access GSA FACA WebsiteYes
% of Recs Partially Implemented*25.00%Access PublicationsYes
% of Recs Partially Implemented CommentReport No. 2006-01 (“Framework for Privacy Analysis of Programs, Technologies, and Applications”): The DPIAC employs the Framework set forth in this report to provide transparency to the public on how it reviews Department programs and systems.Report No. 2007-01 (“Notice of Proposed Rulemaking for Implementation of the REAL ID Act”): Some of the Committee’s recommendations regarding state security policies and procedures are addressed in guidance provided to the States by the Department pursuant to the Final Real ID Rule.Report No. 2008-01 (“Recommendations on Addressing Privacy Impacts in Department of Homeland Security Grants to State, Local, and Tribal Governments and other Organizations”) (September 17, 2008): As a direct result of the Committee’s recommendations, the Privacy Office worked closely with FEMA to update the May 2011 GPD Preparedness Grant Programs Guidance and Application Kit, which includes a recommendation that all grantees who collect PII have a publicly-available privacy policy that describes what PII they collect, how they use the PII, whether they share PII with third parties, and how individuals may have their PII corrected where appropriate. PIA guidance is available on the Privacy Office website. Report No. 2010-01 (“The Elements of effective Redress Programs”) (March 28, 2010) includes nine recommendations on developing, deploying, and monitoring effective privacy redress programs. In response, the Department has (1) clarified lines of authority and accountability for its traveler redress process; (2) refined its process for ensuring that corrected personal information is disseminated to those with a need to know it; and (3) improved its website for the Traveler Redress Inquiry Program (DHS TRIP),which provides transparency by explaining the process in plain language and in an easy to read format, as well as linking to the Privacy Impact Assessment and System of Records Notice for the Department’s redress and response records system. The Report remains a valuable resource for the Department’s ongoing efforts to enhance its redress programs.Report No. 2010-02 (“Recommendations for the PIA Process for Enterprise Services Bus Development”) (March 18, 2010) includes six recommendations for taking privacy considerations into account in the development, implementation, and deployment of an Enterprise Service Bus. Privacy Policy Guidance Memorandum Number: 2011-02 (June 30, 2011) establishes a formal Department-wide approach to the roles and responsibilities accompanying cross-component sharing of IT services, including some recommendations from the DPIAC report. The Department continues to review the recommendations included in this report. While the technology of the Enterprise Service Bus has not been fully implemented in the Department, the Privacy Office has applied the recommendations to similar IT projects including the Homeland Security Information Network (HSIN) to ensure privacy protections are built into technology that allows a greater number of users access to data. Report No. 2011-01 (“Privacy Policy and Technology Recommendations for a Federated Information-Sharing System”) (December 6, 2011): The Department is currently taking the lead in the Federal government on developing governance and technical standards for data aggregation systems. As the report was being drafted, the attendant consultations shaped the Department’s work on infrastructure. DHS gave intensive consideration to the report’s recommendations and continues to take them into account as its work in this area continues. This guidance continued to inform the department’s discussions and decisions in this area throughout FY 2013. The department is actively incorporating DPIAC recommendations on access and use controls; applicable privacy policies (including completing PIAs – four pending – and SORNs throughout the pilot process); data integrity; audit trails; data security and retention; and redress.Report No. 2012-01 (“Recommendations on Privacy in Cybersecurity Pilot Programs”) (November 7, 2012): The DHS Privacy Office parsed the report into a list of discrete actions DHS could take to implement the recommendations – according to four categories (that match the privacy organization within the department). We continue to work through the 41 recommendations and coordinate with the Component Privacy Offices throughout the Department.Report No. 2012-02 (“Recommendations on Privacy in the Department’s Collection and Use of Biometrics”) (November 7, 2012): two recommendations are still being considered including further analysis of the PTA and PIA processes to make certain they sufficiently focus on biometric data sets and review of audit processes to ensure that they are consistent with policy.Report No. 2013-01 (“Recommendations on the Use of Live Data in Research, Testing, or Training”) (September 12, 2013) sets forth 12 recommendations for DHS to consider when considering the use of live data in research, testing or training, and for specific privacy protections DHS can consider when that live data includes personally identifiable information. At this time, DHS is still considering the recommendations and feasibility of implementing program or policy changes.Access OtherNo
Agency Feedback*YesAccess CommentPursuant to the Federal Advisory Committee Act, the DPIAC posts all materials presented to the Committee. All Committee reports and recommendations, and minutes of all Committee meetings and transcripts of most are on its web page on the DHS Privacy Office website, http://www.dhs.gov/privacy-office-dhs-data-privacy-and-integrity-advisory-committee. Due to a unique fiscal year - inclusive of leadership changes - the Committee produced several materials that flowed into the following fiscal year.
Agency Feedback CommentThe Committee regularly invites representatives of DHS programs that are the subjects of Committee reports to appear before the Committee during its public meetings to discuss progress in the implementation of the Committee’s recommendations. This occurred most recently during the Committee’s September 19, 2017 public meeting, when two taskers were issued to the Committee to provide recommendations on facial recognition and immigration statistics, a representative from an advocacy community responded CBP has not provided a good reason to collect American biometrics and that they do not allow individuals to opt out. The Committee will take this feedback into consideration when providing recommendations to the Department.Narrative Description*The DHS Data Privacy and Integrity Advisory Committee (DPIAC) advises the Secretary of the Department of Homeland Security (DHS) and the DHS Chief Privacy Officer on programmatic, policy, operational, administrative, and technological issues within DHS that relate to personally identifiable information (PII), as well as data integrity and other privacy-related matters. Since its inception, the DPIAC has provided relevant and timely guidance on implementing privacy in a variety of DHS programs and systems, and on best practices for the Department’s collection, use, sharing, and retention of PII. The Committee has set out its guidance in seventeen public reports posted on the Committee’s webpage at http://www.dhs.gov/privacy-office-dhs-data-privacy-and-integrity-advisory-committee.The Committee’s work is integral to implementation of the Department of Homeland Security’s core missions, as delineated in the Quadrennial Homeland Security Review (QHSR). Protecting constitutional rights and American values is one of the Guiding Principles set out in the Department’s 2014-2018 Strategic Plan, which states that the Department “will always respect and preserve the individual rights enshrined in our Constitution and protect the privacy of our citizens and visitors.” The Committee has made a significant impact on the Department’s adherence to this Principle by providing guidance on building privacy into Department programs and systems without compromising the Department’s efforts to protect the homeland.
Hide Section - COSTS

COSTS

Payments to Non-Federal Members* Est Payments to Non-Fed Members Next FY* 
Payments to Federal Members* Est. Payments to Fed Members Next FY* 
Payments to Federal Staff* Estimated Payments to Federal Staff* 
Payments to Consultants* Est. Payments to Consultants Next FY* 
Travel Reimb. For Non-Federal Members* Est Travel Reimb Non-Fed Members nextFY* 
Travel Reimb. For Federal Members* Est Travel Reimb For Fed Members* 
Travel Reimb. For Federal Staff* Est. Travel Reimb to Fed Staff Next FY* 
Travel Reimb. For Consultants* Est Travel Reimb to Consultants Next FY* 
Other Costs Est. Other Costs Next FY* 
Total Costs$0.00Est. Total Next FY*$0.00
Federal Staff Support (FTE)* Est. Fed Staff Support Next FY* 
Hide Section - MEMBERS,MEETINGS AND ADVISORY REPORTS

MEMBERS,MEETINGS AND ADVISORY REPORTS

To View all the members, meetings and advisory reports for this committee please click here
Hide Section - SUBCOMMITTEES

SUBCOMMITTEES

Committee

Subcommittees

 
ActionCommittee System IDSubcommittee NameFiscal Year
 COM-032388Cybersecurity Subcommittee2019
 COM-031664The Policy Subcommittee2019
 COM-030159The Technology Subcommittee2019
Hide Section - CHARTERS AND RELATED DOCS

CHARTERS AND RELATED DOCS

No Documents Found
Hide Section - DATA FROM PREVIOUS YEARS

DATA FROM PREVIOUS YEARS

Committee

Data from Previous Years

  
ActionCommittee System IDCommittee NameFiscal Year
 COM-032819Data Privacy and Integrity Advisory Committee2018
 COM-001270Data Privacy and Integrity Advisory Committee2017
 COM-003002Data Privacy and Integrity Advisory Committee2016
 COM-003403Data Privacy and Integrity Advisory Committee2015
 COM-005135Data Privacy and Integrity Advisory Committee2014
 COM-005523Data Privacy and Integrity Advisory Committee2013
 COM-007285Data Privacy and Integrity Advisory Committee2012
 COM-007620Data Privacy and Integrity Advisory Committee2011
 COM-009420Data Privacy and Integrity Advisory Committee2010
 COM-009716Data Privacy and Integrity Advisory Committee2009
 COM-011363Data Privacy and Integrity Advisory Committee2008
 COM-011589Data Privacy and Integrity Advisory Committee2007
 COM-013216Data Privacy and Integrity Advisory Committee2006
 COM-013378Data Privacy and Integrity Advisory Committee2005
 COM-015132Data Privacy and Integrity Advisory Committee2004