The DHS Privacy Office established a comprehensive framework to administer its privacy program. However, it does not yet have effective oversight to ensure consistent execution of its privacy program across DHS components. Specifically, the DHS Privacy Office has not established controls to ensure that privacy compliance documentation and Information Sharing Access Agreements are completed and submitted as required. The DHS Privacy Office did not monitor completion of required privacy training across the Department. These shortfalls existed because the DHS Privacy Office did not have sufficient measures in place to ensure DHS components adhered to its privacy program. Without such measures, DHS may not be able to identify and address new privacy risks in existing systems and programs or prevent inappropriate dissemination of personally identifiable information. We made three recommendations to the DHS Privacy Office to improve oversight of privacy compliance, information sharing access agreements, and privacy training. DHS concurred with all three recommendations.
Report File
Date Issued
Submitting OIG
Department of Homeland Security OIG
Other Participating OIGs
Department of Homeland Security OIG
Agencies Reviewed/Investigated
Department of Homeland Security
Components
Office of Privacy (Privacy)
Report Number
OIG-21-06
Report Description
Report Type
Audit
Number of Recommendations
3
Open Recommendations
This report has 1 open recommendations.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 2 | No | $0 | $0 | ||
| Develop, implement, and formally communicate a process to ensure review of all proposed Information Sharing Access Agreements involving personally identifiable information. | |||||
