http://www.house.gov/judiciary/kelly021004.htm
TESTIMONY OF NUALA O’CONNOR KELLY
CHIEF PRIVACY OFFICER
U.S. DEPARTMENT OF HOMELAND SECURITY
BEFORE THE SUBCOMMITTEE ON COMMERCIAL AND ADMINISTRATIVE LAW OF
THE JUDICIARY COMMITTEE OF THE U.S. HOUSE OF REPRESENTATIVES
FEBRUARY 10, 2004
Chairman Cannon, Ranking Member Watt, Members of the subcommittee,
and distinguished colleagues on this panel, it is an honor to
testify before you today on the activities of the United States
Department of Homeland Security’s Privacy Office, which I
am privileged to lead as the first Chief Privacy Officer of the
Department of Homeland Security.
The protection of privacy, of the dignity of the individual,
is not a value that can be added on to this or any other organization
later, and that is why I am so pleased to have been here from
almost the very beginning. This value is one that must be embedded
in the very culture and structure of the organization. I know
that we can and will succeed in this—not only because our
leadership believes in protecting the sanctity of the individual,
but also because our over 180,000 employees are also great Americans,
who believe in and act on these values—for themselves, their
neighbors, and their children—each day.
Establishment of the DHS Privacy Office
The creation of the Department of Homeland Security and its many
programs raise no shortage of important privacy and civil liberties
issues for this nation to address. This Department, led by Secretary
Tom Ridge, and this Administration, led by President Bush, are
committed to addressing these critical issues as they seek to
strengthen our homeland. A crucial part of this commitment is
support for the creation and the mission of the Privacy Office
at the Department of Homeland Security. Secretary Ridge articulated
his vision for this office, stating that the privacy office “will
be involved from the very beginning with every policy initiative
and every program initiative that we consider,” to ensure
that our strategy and our actions are consistent with not only
the federal privacy safeguards already on the books, but also
“with the individual rights and civil liberties protected
by our laws and our Constitution.”
As Members of this subcommittee are uniquely aware, the enabling
statute for the Department of Homeland Security contains Section
222, which directs the Secretary to appoint a senior official
in the Department to assume primary responsibility for privacy
policy. This includes conducting and oversight of formal Privacy
Impact Assessments to “assure that the use of technologies
sustain, and do not erode, privacy protections relating to the
use, collection, and disclosure of personal information.”
This office also oversees the Department’s compliance with
the Privacy Act of 1974 and the Privacy Impact Assessment requirements
of the Electronic Government Act of 2002, and is directed to “evaluate
legislative and regulatory proposals involving collection, use,
and disclosure of personal information by the Federal Government.”
Uniquely and importantly, under the enabling statute, the DHS
Chief Privacy Officer provides an annual report to Congress on
the activities of the Department that affect privacy, including
complaints of privacy violations, implementation of the Privacy
Act, internal controls, and other matters.
Key Legal Frameworks enforced by the Privacy Office
One of the primary legal frameworks underlying the mission of
the DHS Privacy Office is, obviously, the federal Privacy Act
of 1974. The Privacy Act, 5 U.S.C. § 552a, provides a code
of fair information practices that governs the collection, maintenance,
use, and dissemination of personal information by federal agencies.
Emanating from concerns about the ability to aggregate personal
information--partly due to new technologies like mainframe computers
of that day--this law provides substantial notice, access, and
redress rights for citizens and legal residents of the United
States whose information is held by some part of the executive
branch of the federal government. The law provides robust advance
notice, through detailed "system of records" notices,
about the creation of new technological or other systems containing
personal information. The law also provides the right of access
to one’s own records, the right to know and to limit other
parties with whom the information has been shared, and the right
to appeal determinations regarding the accuracy of those records
or the disclosure of those records. The Privacy Act is our country’s
articulation of Fair Information Principles; the Act both protects
the information of our citizens and also provides our citizens
rights to access that data.
Under the Freedom of Information Act, 5 U.S.C. § 552, the
principle that persons have a fundamental right to know what their
government is doing is enforced on a daily basis. Almost any person
at any time has the right to query a federal agency for documents
and records. Our government and our agency are grounded on principles
of openness and accountability, tempered, of course, by the need
to preserve the confidentiality of sensitive personal, commercial,
and governmental information. The Freedom of Information Act is
the primary statute that attempts to balance these countervailing
public concerns. A robust FOIA/PA program is a critical part of
any agency's fundamental processes; it helps to provide assurance
to the public that, in pursuing its mission, an agency will also
pursue balanced policies of transparency and accountability while
preserving personal privacy. The U.S. federal government will
spend hundreds of millions of dollars processing and responding
to FOIA requests next year, and thousands of federal workers will
spend all or part of their day compiling responses to those requests.
Our agency alone has over 300 staff members across the Department
who work full or part-time on Privacy Act and FOIA issues.
This past fall, the Office of Management and Budget released its
guidance under Section 208 of the E-Government Act of 2002—which
mandates Privacy Impact Assessments for all federal agencies when
there are new collections of, or new technologies applied to,
personally identifiable information. This, really a third pillar
of the privacy framework at the federal level reflects, once again,
a growing reliance on technology to move data--both in government
spaces and on the Internet. With the addition of the privacy provisions
of the E-Government Act to existing privacy protections, our citizens
now benefit from a comprehensive framework within which government
considers privacy in the ordinary course of business. The Act
and underlying guidance synthesize numerous prior statements and
guidance on privacy practices and notices, and will assist privacy
practitioners in prioritizing their efforts. In particular, the
guidance provides direction on the content of privacy policies
and on the machine-readability of privacy policies.
Further, the act outlines the parameters for privacy impact assessments.
Although in use by some agencies already, generally privacy impact
assessments are a new and important tool in the toolbelt of privacy
practitioners across the federal government. These new requirements
formalize an important principle: that data collection by the
government should be scrutinized for its impact on the individual
and that individual’s data…and ideally before that data
collection is ever implemented. The process, the very exercise
of such scrutiny, is a crucial step towards narrowly tailoring
and focusing data collection towards the core missions of government.
This practice should provide even greater awareness, both by those
seeking to collect the data and those whose data is collected,
of the impact on the individual and the purpose of the collection.
I am pleased to have been a small part of the discussions towards
the development of guidance on privacy impact assessments. These
new requirements set the bar high for privacy practitioners. These
requirements also reflect, I believe, a growing sensitivity and
awareness on the part of our citizens regarding personal data
flows in the public and private sectors. I believe that this guidance
will allow federal agencies to respond to citizens’ concerns
about these activities and also to be current with, or perhaps
even slightly ahead of, the evolution of privacy practices in
the private sector.
Under the Privacy Act, in concert with the Freedom of Information
Act and the E-Government Act, citizens, legal residents, and visitors
to the United States have been afforded almost unequalled transparency
into the federal government’s activities and the federal
government’s use of personal information about them. A robust
FOIA/PA program is imperative to provide the public with assurances
that any information DHS collects is being maintained consistent
with all legal and regulatory requirements.
Operationalizing Privacy Throughout the Department of Homeland
Security
Best Practices through Management Leadership
The DHS Privacy Office works to promote best practices with respect
to privacy and infuse respectful information privacy principles
and practices for all employees into the DHS culture. A major
and substantial goal at the outset for my tenure is to ‘operationalize’
privacy awareness and best practices throughout DHS, working not
only with Secretary Ridge and our senior policy leadership of
the various agencies and directorates of the department, but also
with our Privacy Act and FOIA teams, as well as operational staff
across the Department.
Consistent Policies and Education Efforts
Through internal educational outreach and the establishment of
internal clearance procedures, we are sensitizing DHS directorates
and components to consider privacy whenever developing new programs
or revising existing ones. We are reviewing new technologies to
ensure that privacy protections are incorporated in the development
and implementation of these new systems. Our headquarters staff
has been reviewing all Privacy Impact Assessments being conducted
throughout the Department. In this process,DHS professionals have
become educated about to the need to consider--and the framework
for considering--the privacy impact of their technology decisions.
We are reviewing Privacy Act systems notices before they are sent
forward and ensuring that we collect only those records that are
necessary to support our mission. We also guide DHS agencies in
developing appropriate privacy policies for their programs and
serve as a resource for any question that may arise concerning
privacy, information collection or disclosure. We work closely
with various DHS policy teams, the Office of the General Counsel,
and the Chief Information Officers to ensure that the mission
of the Privacy Office is reflected in all DHS initiatives. And
of course we also work in concert with the Department’s Office
for Civil Rights and Civil Liberties, which is the other statutorily
mandated office at DHS Headquarters with an individual liberties
focus.
Integrated Privacy and Disclosure Mandates
The work of the Privacy Office includes not only the statutory
Privacy Act and Privacy Impact Assessement work, but also integrates
Freedom of Information Act oversight for the Department. This
additional responsibility was redelegated to the Privacy Office
last summer by Secretary Ridge, in recognition of the close connection
between privacy and disclosure laws, and the functional synergies
of the work of our Privacy Act and FOIA specialists across the
Department.
Transparency and Outreach to the Public
The DHS Privacy Office also seeks to anticipate and satisfy public
needs and expectations, by providing a crucial link between those
outside DHS who are concerned about the privacy impact of the
Department's initiatives, and those inside the Department who
are diligently working to achieve the Department’s mission.
Our role is not only to inform, educate, and lead privacy practice
within the Department, but also to serve as listeners and as a
receptive audience to those outside the Department who have questions
or concerns about the Department’s operations. To that end,
my office has engaged in consistent and substantial outreach efforts
to members of the advocacy community, industry representatives,
other U.S. agencies, foreign governments, and most importantly,
the American public, not only to inform and educate those constituencies,
but also, even more importantly, to hear their concerns, to share
those concerns with the Department’s leadership, and to see
that those concerns are addressed in our programs and in the development
of our policies. Recent coverage of our privacy program, in particular
our Privacy Impact Assessment, or PIA, of the US-VISIT program,
demonstrated how information-collection efforts, especially those
employing new or unfamiliar technology, can be done in a privacy-sensitive
way. Operationally, this particular PIA demonstrated an effective
internal system whereby staff from across the department worked
together to create a document that was at once technologically
detailed and also reader-friendly.
Key Policy Challenges
The Use of Private-Sector Data
I can think of no more compelling public policy issue, particularly
one that affects the privacy of our citizens and visitors to this
country, than the sharing of personal information between the
public and private sector. It is one that has been successfully—and
less successfully—navigated by other agencies within the
Federal government, and it is one that we examine and grapple
with in programs within every single directorate and agency within
the Department of Homeland Security almostevery day.
It is the Privacy Office’s role to facilitate this conversation
about and this examination of the responsible uses of information
by government agencies within DHS. That role sometimes requires
us to encourage, and even force conversation between those who
label themselves as being concerned only with privacy, and those
who consider themselves all about security. I challenge those
who feel the need to be one or the other. It is, in fact, possible,
to achieve both responsible privacy practices and achieve the
mission of the Department of Homeland Security. Issues of privacy
and civil liberties are most successfully navigated when the necessary
legal and policy protections are built in to the systems or programs
from the very beginning—both in the intelligent use of technology,
and in the responsible execution of programs. Further, clear rules—both
in the private sector and in the public sector—are necessary
to ensure that such information sharing is done in a legitimate,
respectful, and limited fashion.
International Cooperation
A key focus of the Privacy Office’s work has been to engage
the data protection authorities internationally. Privacy professionals
the world over share a common interest in assuring public trust
in government operations by encouraging transparency, as well
as respect for fair information principles such as collection
limitation, purpose specification, use limitation, data quality,
security safeguards, openness, participation, and accountability.
Our office has participated in the meetings of the International
Association of Data Protection and Privacy Commissioners, although
the office is not recognized at this time as an accredited data
protection authority. We have also worked cooperatively with data
protection authorities, or DPAs, to enable cross-border dispute
resolution of personal data issues. Our office is both a point
of appeals for complaints about our various directorates’
programs, and also a point of contact for our international counterparts,
whether acting to communicate policy concerns or individual citizens’
complaints.
Balancing the Need for Transparency and the Need for Security
in Operations
Perhaps the most difficult issue in a law enforcement or counter-terrorism
context is the need to afford transparency and access to information
for individuals, while also safeguarding information that is essential
to an ongoing investigation of some type. Our office seeks to
assist the agency in achieving this balance in a number of ways.
First, rules and procedures for accessing information must be
clear, easily attainable by individuals, and easily understood.
Second, determinations that information is sensitive or otherwise
protected must be narrowly tailored and well grounded. Third,
systems must be in place whereby individuals can be assisted in
correcting information that may impact them in some way, even
when that information is deemed protected. An example of this
is the use of citizen advocates or ombudsmen, where by government
employees who have security clearance or access to information
act on behalf of individuals to correct misidentifications or
incorrect information that is associated with an individual. In
addition, these processes must be efficient and minimally burdensome
on the individual, and must provide for an appeal or further redress
process that is adequately independent to ensure fairness for
the individual. These processes exist in certain places within
our Department, and should be implemented where personal information
is collected by the government and used in a way that impacts
the individual. The DHS Privacy Office plays a role in performing
that independent review and appeal process for our directorates
and citizens.
The Defense of Privacy Act
The DHS Privacy Office applauds the subcommittee for its interest
in privacy issues, and even more, privacy practices across the
federal government. We in government are often quick to point
to private-sector lapses in privacy policy, and we should be equally
vigilant about our own use of personal data. While the federal
government benefits from the requirements of the Privacy Act of
1974, it is also true that new technologies have allowed data
sharing in new and perhaps unexpected ways. The Privacy Impact
Assessment requirements of the E-Government Act of 2002 recognize
these new technological challenges and seek to provide reader-friendly
information about such data collections in a new and perhaps more
technologically savvy fashion.
The proposed Defense of Privacy Act shares many similarities with
the PIA requirements under the E-Government Act, ones that are
worth noting, such as the need for a “senior agency official
with primary responsibility for privacy policy.” While the
need for a statutory privacy officer at DHS may be virtually unique
in the federal government, given the agency’s size and the
co-mingling of parts of more than 22 former federal agencies,
the need for senior policy leadership at any agency that affects
public data is certainly recognized.
Further, the Act does clarify the timing of PIAs, to be both a
prospective document, issued at the NPRM stage, and a final document,
issued in response to public comments. We at DHS have, and fully
intend to continue to publish PIAs for public comment and we believe
that this public dialogue is essential to our understanding of
public concerns about DHS programs. I should note that the Administration
continues to review this legislation, and we may have additional
comments at a later time.
Internal and External Role
I am often asked whether I view my job as a privacy advocate and
thus at odds with the activities of the Department. The answer
is absolutely not. As Secretary Ridge has articulated on many
occasions, the Department of Homeland Security’s mission
is more than just counter-terrorism, more than just the protection
of people and places and things. It is also the protection of
our liberties and our way of life, and that includes the ability
to engage in public life with dignity, autonomy, and a general
expectation of respect for personal privacy. Thus, the protection
of privacy is neither an adjunct nor the antithesis to the mission
of the Department of Homeland Security. Privacy protection, in
fact, is at the core of that mission.
I am very much in agreement with the statutory definition of my
office's position as being both "within" and "without"
the Department of Homeland Security. As part of the department,
we are able to serve as educators, as leaders, and as full participants
in the policy direction of important programs. And as outsiders,
we are able to turn a critical eye on the most controversial and
the most mundane aspects of the Department's operations.
But I do not position my office as the enemy of the mission of
this department. Rather, I see it as crucial, fundamental to successfully
achieving that mission.
On a daily basis, I am aware of what it means to set parameters
for the federal government’s use of personal information—information
that has been given to us in our capacity as the provider of services,
as the caretaker of the public’s physical security, and,
most importantly, the custodian of the public's trust. Secretary
Ridge has said that “Fear of governmentabuse of information…is
understandable, but we cannot let it stop us from doing what is
right and responsible.” The antidote to fear, as he has said,
“is an open, fair, and transparent process that guarantees
the protection and the privacy of that data.” I commit to
this Committee, to the American people whom we serve, and to our
neighbors around the globe, that the Privacy Office is implementing
this philosophy on a daily basis at the Department of Homeland
Security.
I thank you for your time, and for your interest in and support
of the Department of Homeland Security Privacy Office.
