Homeland Security privacy officer pushes training efforts

The chief privacy officer for the Homeland Security Department said Monday she supports some secret law enforcement and intelligence activities of the department, but that such activities must be "narrowly and appropriately construed and not abused."

Nuala O'Connor Kelly said one of her greatest challenges is implementing common training about privacy issues across the department's 22 agencies, while not hampering the ability of employees to do their jobs. O'Connor Kelly, who was appointed in April as the first federal chief privacy officer, spoke at the Heritage Foundation Monday morning.

O'Connor Kelly said that since her appointment, she has had to intervene in certain policies and programs to protect privacy and safeguard civil liberties. She declined to specify which programs, saying instead that she makes recommendations on policy and programs on an almost daily basis.

Employees across the department have been receptive to her recommendations, according to O'Connor Kelly, but the challenge has been grappling with diverse technology, information systems and management practices at the different Homeland Security agencies.

To counter these challenges, her 300-person office is seeking best practices on training workers about privacy issues and civil rights protections. While all agencies have personnel who deal with privacy issues and requests that fall under the 1966 Freedom of Information Act, some agencies are better equipped and have better procedures than others, she said.

"I think one of the most important things is to not create new training where training programs already exist," O'Connor Kelly said.

For example, she said, the Customs and Border Protection agency is one of the best Homeland Security organizations at dealing with privacy issues, because it was founded in 1789 and has a long history of developing practices to safeguard civil rights. Customs uses technology that limits the number of employees who can access sensitive information, as well as the time that information can be viewed.

"What they have done is really leverage technology to formalize privacy protocols and privacy practices in a way that makes it almost second nature and part of their systems," O'Connor Kelly said.

However, she said she is concerned about how well privacy and civil liberties awareness issues being handled in newer agencies, projects and programs. Her office is analyzing Homeland Security's directorates of Information Analysis and Infrastructure Protection and Science and Technology to determine if improvements can be made in their operations.

"We want to make sure there are privacy and FOIA personnel in every department, but we also want to make sure that all employees are educated on issues of privacy," O'Connor Kelly said.

While O'Connor Kelly argues that Homeland Security should only be granted limited exceptions to disclosing information, she believes private companies should have more wiggle room.

Currently, companies can claim exemption to FOIA requests for what they deem "critical infrastructure," O'Connor Kelly said. She said firms have a "legitimate need" to withhold more information in order to protect proprietary rights and their ability to compete. However, she acknowledged that a significant portion of U.S. infrastructure is controlled by the private sector, which creates a strong need for information sharing.