On May 14, the Department of Homeland Security (DHS) Data Privacy and Integrity
Advisory Committee approved a final white paper on information sharing and access agreements (pdf). From the Recommendations section:
- The Secretary direct all components to utilize ISAAs [Information Sharing and Access Agreements] when sharing personal information between DHS and other Federal agencies, as well as other external parties.
- The Secretary establish an Information Sharing Review Board (ISRB) to develop, manage, and oversee a Department-wide information sharing process, including guidance for threshold analysis, agreement requirements, communications, and audit procedures.
II. Threshold Analysis
- The Secretary require all component CPO’s [component privacy officers], or responsible parties in components lacking a CPO, to complete an information sharing threshold analysis (ISTA) whenever they receive an inquiry for information sharing to organizations external to DHS. Also, the DHS Privacy Office should include a question in the template Privacy Impact Assessment to trigger the determination of whether an ISTA is necessary.
III. Sharing Agreements
- DHS prepare and document components of the ISAA itself, including a template, with robust information privacy and security provisions based on the FIPPs [Fair Information Practice Principles Policy Framework] policy framework.
- DHS Privacy Office develop and implement a comprehensive information sharing training program for component CPO’s and other parties responsible for sharing agreements.
- DHS Privacy Office develop and implement a communications protocol designed to support CPO’s and other responsible parties in communicating the terms and compliance requirements of ISAAs to affected individuals.
V. Audit Procedures
- DHS prepare, document, and apply auditing standards and protocols to measure compliance with the information sharing process and ISAA terms.
- The Committee desires expedient creation of ISAAs, a coordinated ISAA approach by all DHS components, and removal of unwarranted information barriers between components. At the same time, we support the Privacy Office’s efforts to assure that all personal data handled by DHS components has the protections outlined in FIPPs.
The Committee desires expedient creation of ISAAs, a coordinated ISAA approach by all DHS components, and removal of unwarranted information barriers between components. At the same time, we support the Privacy Office’s efforts to assure that all personal data handled by DHS components has the protections outlined in FIPPs.
If the abundance of acronyms doesn’t give you a headache, you can try to read the whole paper.