Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
New privacy handbook brings consistency to DHS
Monday - 12/8/2008, 7:06am EST
The Homeland Security Department no longer has multiple policies that instruct different components how to address privacy issues.
The department's privacy office issued a handbook in October that streamlines and makes consistent how DHS as a whole addresses privacy.
"What's new here is this is one document that provides uniformity across the department," says Hugo Teufel, DHS chief privacy officer. "It sets a floor from which all components can start from."
He adds the 19-page handbook brings together existing policies, agency directives and Office of Management and Budget policy in one place.
By putting privacy issues together in one place, Teufel says training becomes easier and more consistent as well.
"This document is far more concise and readable and more accessible to the average employee," he says. "You get a better sense of what you are supposed to do and can more easily understand what needs to be safeguarded."
The handbook addresses what sensitive data is, how to protect it, what should an employee do if they suspect an incident.
It also addresses 16 frequently asked questions (FAQs), including how employees can minimize the use of sensitive data and how should an employee dispose of sensitive data.
The handbook also shows employees how to encrypt data through pictures of drop down menus and step-by-step directions.
Teufel says the ability to encrypt data is important because many employees use e-mail or take data that may be sensitive out of the building because DHS is split up among several locations around Washington.
"The most significant to me on the list of FAQs is the discussion of securing data on portable devices," he says. "It is not common for someone at DHS to walk down the hallway to discuss a matter. Mostly we use electronic means of communications."
Additionally, the handbook addresses paper documents and how to ensure they are kept private and secure.
"People need to be cognizant of the danger of not locking paper documents up in a safe when they are not in use," he says. "If you can't encrypt it, put it under lock and key."
Teufel says DHS is just now issuing this handbook for two main reasons: the first is they are complying with a 2007 OMB memo on safeguarding personal identifiable information; and second the maturity of the department's privacy processes.
Teufel points to his office's progress in updating almost 300 legacy system of records notices (SORNs) as an example of that maturity. When Congress put DHS together, the privacy office inherited a significant number of SORNs that needed to be updated.
Agencies must update their SORNs every three years or anytime there is a major change to a system. Agencies must write a SORN for any system that contains public records, what the agency is using the information for and how long it will it retain it.
Over the last two years, Teufel says his office has made it a priority to get them done.
He says his office in the final stages of sending all of its legacy SORNs to OMB for approval.
Teufel says the handbook is the latest in a number of guidances that his office has issues around privacy.
"We really have advanced the agenda of the department," he says. "We've done a good job with training. We haven't done everything we've wanted to do. I think training will be one of those areas that will see significant growth in the coming year."
On the Web:
FederalNewsRadio - Army Shuts Down Site for Scrubbing
FederalNewsRadio - FedTalk: A look into the Privacy Act
Homeland Security Department - Handbook for Safeguarding Sensitive Personally Identifiable Information (pdf)
(Copyright 2008 by FederalNewsRadio.com. All Rights Reserved.)