DHS Privacy Office Wants More Ways to Protect Data
The department’s Chief Privacy Officer is hoping to build systems designed to prioritize the protection and confidentiality of consumer information by design.
Weeks after establishing its first Cyber Safety Review Board (CSRB), the U.S. Department of Homeland Security is hoping to make some more strides by baking privacy into more of what it does.
The department’s Chief Privacy Officer recently told Washington D.C.'s Federal News Network that she wants the department to implement privacy-ready systems that emphasize the protection and confidentiality of information from the get go.
Lynn Parker Dupree, who was appointed as the department's Chief Privacy Officer one year ago next month, previously worked at Capital One, governing the implementation of the California Consumer Privacy Act. She also serves as the DHS' Chief FOIA Officer.
The role of the DHS' Privacy Office is to apply privacy protections and transparency to the department's activities. Any data that contains personally identifiable information that flows through DHS systems is subject to the Chief Privacy Officer’s oversight.
The DHS Data Privacy and Integrity Advisory Committee and Dupree met on Tuesday to discuss efforts around the project, specifically "best practices to ensure the effective implementation of privacy requirements for information sharing across the DHS enterprise."
Dupree told Tom Temin, the host of radio show Federal Drive, last week that the department should implement and design systems with technologies to protect the confidentiality and integrity of information in the first place. This would involve prioritizing how data is safeguarded in early technical designs, something which would run counter to how things are usually done, by applying privacy principles after things are said and done, or in this case, built and implemented.
While there's no timeline for the project or even a guarantee it will move forward, it makes sense that Dupree and the DHS would want to see something like this through.
Adhering to rigorous data privacy principles has become a business imperative for organizations and agencies worldwide to work towards both as a way to earn customers’ trust but also to meet ever-changing data privacy regulations.
While privacy hasn’t caught on across the board on a federal level – the lack of movement around a federal data privacy law for one speaks to this - the DHS likely wants to catch up with other agencies, like the Federal Trade Commission and the Securities and Exchange Commission, which in recent years have warmed to embrace data privacy rules.
According to Dupree, for the DHS to advance this project would involve working with the DHS' Office of the Chief Information Officer, the department's research and development advisor, the Science and Technology Directorate and DHS' procurement officials.
It's worth noting that Dupree didn't mention anything about using facial recognition to meet the department's privacy needs.
After weeks of pushback, from Congress to the public, the Internal Revenue Service announced this week that it wouldn't be pursuing a previously announced plan to let taxpayers use their face, through biometrics, to verify their identity for online account registration. The IRS said Monday it will let users create online accounts without facial recognition and verify their identities through a live, virtual interview.