[Congressional Record (Bound Edition), Volume 154 (2008), Part 1]
[Extensions of Remarks]
[Page 1142]
[From the U.S. Government Publishing Office, www.gpo.gov]




 INTRODUCTION OF THE DEPARTMENT OF HOMELAND SECURITY COMPONENT PRIVACY 
                          OFFICER ACT OF 2008

                                 ______
                                 

                       HON. CHRISTOPHER P. CARNEY

                            of pennsylvania

                    in the house of representatives

                       Tuesday, January 29, 2008

  Mr. CARNEY. Madam Speaker, I rise today to introduce the Department 
of Homeland Security Component Privacy Officer Act of 2008.
  In the Homeland Security Act of 2002 Congress created within the 
Department of Homeland Security a Chief Privacy Officer.
  The Privacy Officer is responsible for ensuring that an individual's 
privacy rights are not infringed upon by the creation of Department of 
Homeland Security policies and programs.
  The DHS Chief Privacy Officer is unique within the structure of the 
Federal government insofar as it is a statutory position that is 
intended to be involved at all levels of the Department's activities--
from policy formation to its implementation.
  However, time has shown that the Chief Privacy Officer needs help in 
achieving this goal.
  This bill will create Privacy Officers that will report directly to 
the Chief Privacy Officer in the following DHS Components: TSA, the 
Bureau of Citizenship and Immigration Services, CBP, ICE, FEMA, the 
Coast Guard, the Science and Technology Directorate, the Intelligence 
and Analysis Directorate, and the National Protections and Programs 
Directorate.
  The level of public confidence and trust in the Department's handling 
of privacy matters remains abysmally low.
  Moreover, there is also a major concern regarding the Privacy 
Office's involvement at the outset of the policymaking process, as 
intended by Congress.
  This was made clear in testimony before the Committee on Homeland 
Security when it was revealed that the Privacy Officer was not brought 
into the development of a new National Applications Office, NAO, that 
would monitor the use of spy satellites for homeland security purposes, 
until almost 2 years after the development stage began.
  Bringing in the Privacy Office at the 11th hour is not the proper way 
to blend in privacy protections and appropriate safeguards before 
policies and programs are underway.
  Placing Privacy Officers in the component agencies that make up the 
Department of Homeland Security is the first step to ensuring that 
privacy protections are in place at the beginning of the process.
  The Component agencies are the pulse of the Homeland Security 
Department. Most homeland security efforts stem from Component Agency 
actions.
  Privacy Officers need to be where the action is happening, not 
waiting for a phone call after decisions have already been made.
  Under the current structure, the Privacy Office has to rely on 
Component Agencies for information concerning programs and policies 
that impact privacy rights. Sometimes this happens; sometimes it does 
not.
  When it does not happen, the risk is clear:
  Recently, the Department's Inspector General determined that the 
Science & Technology Directorate's ADVISE program should be cancelled 
due to privacy concerns.
  This determination was made after the Department spent $42 million on 
the program.
  It was also determined that the Chief Privacy Office was not brought 
into the process until almost 2 years after the system had been 
deployed.
  This bill would put a Privacy Officer in the Science & Technology 
Directorate.
  Moreover, the Automated Targeting System, which is a Customs & Border 
Protection program, has been heavily criticized by privacy advocates, 
and after two separate requests for public comments, the future of this 
program remains unclear. Again, this was a program that had operated 
for some time in the dark without proper safeguards and departmental 
oversight.
  Pursuant to this bill, CBP would get a Privacy Officer as well.
  Quite frankly, there has been a litany of DHS programs that have been 
cancelled, delayed, or discontinued due to privacy concerns. Almost all 
of these were the products of Department Component Agencies that do not 
have a Privacy Officer within their ranks.
  Additionally, the DHS Privacy Officer is responsible for conducting 
Privacy Impact Assessments on DHS programs and policies affecting 
privacy.
  There are currently over 150 Privacy Impact Assessments that need to 
be completed. To put this number in perspective, in all of 2006, the 
Privacy Office only published 25.
  This bill will help in decreasing that overload.
  I urge my colleagues to join me in supporting this legislation that 
is critical to not only the privacy rights but the security of our 
country as well.

                          ____________________