House panel debates Homeland Security's privacy policy

The Homeland Security Department's privacy officer on Tuesday told a House subcommittee about her performance even as the surrounding witnesses offered praise and found fault.

During a hearing before the Judiciary Commercial and Administrative Law Subcommittee, Nuala O'Connor Kelly told lawmakers that there is "no more compelling public policy issue" than the sharing of information between the government and the private sector.

Her main tenet in addressing privacy concerns in the pursuit of security is to have clear, identifiable legal and policy protections and rules that everyone understands and obeys, she said.

Kelly said her role is "absolutely not" at odds with the mission of the department because its mission extends to protecting people's liberties and way of life.

James Dempsey, executive director of the Center for Democracy and Technology, praised Kelly's work in her 10 months on the job but raised criticisms. He and Sally Katzen, a visiting professor at the University of Michigan law school, said the assessment of the privacy impact of an immigrant-tracking system should have been issued before implementation began. Dempsey said the impact statement was "deficient" on redress for individuals with complaints and should have been more specific on data quality and data retention.

Dempsey also called for every federal agency to have a statutory privacy officer with authorities similar to those held by Kelly. The key to such officers' effectiveness is that their positions be created by law, that they have enough staff and that they be included in senior-level policy deliberations, he said.

In addition, Dempsey said further privacy reforms are needed because most agencies have not made their mandated impact assessments publicly available and because greater government awareness of new privacy laws is needed. Finally, he said the nation's privacy laws need updating -- to reflect the current data-oriented environment in which much information useful to government is held by the private sector, for instance.

Former Virginia Gov. James Gilmore, now the president of USA Secure and the former chairman of a panel on terrorism that called on President Bush to establish a civil-liberties oversight board, urged Congress to ensure that citizens' freedoms and values are preserved.

"We may be entering into a historic time in which bad decisions now may have consequences to the freedoms of the American people throughout their future," he said in written testimony. He noted that methods of monitoring the personal activities of citizens have always been utilized more by some other countries than the United States but said that might be changing.

Katzen praised Kelly for improving a privacy notice on the department's upcoming system for pre-screening airline passengers but said there was some "backsliding." For instance, the second notice stretched the potential use of the information from fighting terrorism to any violation of criminal or immigration law. The document also was vague on individuals' access to the data and their ability to correct mistakes.

After the hearing, the subcommittee was scheduled to vote on a bill, H.R. 338, that would incorporate privacy protections into the operations of federal agencies.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.