GAO report: DHS data mining needs privacy oversight

07.10.2011
Data-mining programs at the U.S. Department of Homeland Security are not fully reviewed by the agency for their effectiveness and, in some cases, for their compliance with privacy protection mandates, according to a report from the U.S. Government Accountability Office.

, made public Friday, raises questions about the effect of DHS data mining on the privacy of U.S. residents, said two Democratic lawmakers.

DHS policies don't sufficiently require that the agency evaluate the effectiveness of the data-mining programs, although the agency is planning more intensive reviews of IT investments, the GAO report said. "Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy," the report said.

DHS has not completed privacy impact assessments for two of the six data-mining programs the GAO reviewed, the report said.

In addition, DHS violated its own privacy rules by sharing information from the Immigration and Customs Enforcement Pattern Analysis and Information Collection (ICEPIC) program with state and local law enforcement agencies, said Representatives Brad Miller of North Carolina and Donna Edwards of Maryland, both Democratic members of the House Science, Space and Technology Committee.

One of the "most disturbing findings" by the GAO was that ICEPIC rolled out its law enforcement sharing component before it was approved by the DHS privacy office, Miller and Edwards said in a press release. The program violates the DHS privacy impact assessment created for the program, the GAO report said.