DHS Privacy Impact Assessment Publication Change

DHS published a notice in today’s Federal Register (78 FR 12337-12343) announcing a change in the availability status of 38 Privacy Impact Assessments (PIA) that were published between June 1^st and November 30^th, 2012. Those PIAs are currently published on various Department web sites, but after April 23, 2013, they will only be available upon request from the issuing agency.

PIAs of Interest

These PIAs are required by government regulation because the Department collects, stores and uses personally identifiable information (PII) in the supported programs and the PIAs outline the steps the Department takes to protect that information. Four of the programs listed in this notice may be of specific interest to readers of this blog; they are [Note: links are to the description of the PIA in this notice]:

• DHS/OPS/PIA-008 Homeland Security Information Network R3 User Accounts (HSIN);

• DHS/OPS/PIA-007 Homeland Security Information Network 3.0 Shared Spaces;

• DHS/NPPD/PIA-009 Chemical Facility Anti-Terrorism Standards (CFATS);

• DHS/USCG/PIA-001(b) Homeport Internet Portal.

There is no centralized location for finding these PIA’s on the DHS web site. Each organization maintaining PIAs has a separate web site where the current links can be found to the actual PIA. The above listed PIAs can be found at the listed links:

• HSIN R3 User Accounts;

• HSIN 3.0 Shared Spaces;

• CFATS

• Homeport

According to the Office of Operations Coordination and Planning web site the HSIN 3.0 Shared Spaces PIA was updated in January of this year. I suppose that the updated PIA is not going to be removed from the site this April.

Interestingly the NPPD , the  Office of Operations Coordination and Planning, and the Coast Guard PIA web sites all provide links to a number of PIAs that predate the June 1^st, 2012 start of the period covered by this notice. Why the particular PIAs listed in this notice will be removed from the web site and not the earlier ones is not clear.

Why?

Actually, the whole purpose of removing the PIAs from the DHS web site is not clear. In fact, it appears to me to be counterproductive to the whole PIA process. PIAs are produced to ensure, and document for the public, that PII collected by the government is collected for legitimate purposes and is appropriately protected by the collecting agencies. Making these documents less available inevitably leads to questions of the need for collecting the data and the viability of the measures to protect that data.

This is especially confusing since no reason or justification is provided for the action.