DHS still faces substantial privacy assessment backlog: GAO

The Homeland Security Department's Privacy Office produced more than double the number of privacy impact assessments in 2006 than it did two years before, but it still has a huge backlog of programs to assess, according to a new report from the Government Accountability Office.

The privacy office produced 25 such assessments in 2006, up from 11 in 2004 and 19 in 2005. Even so, the numbers fall far short of the total DHS programs requiring such assessments, which was 46 in fiscal 2005, 143 in fiscal 2006 and 188 in fiscal 2007.

However, the GAO is mostly complimentary in its review of the privacy office, saying the office has made great strides in carrying out its responsibilities. Actually, the privacy office's success in setting up a framework for identifying DHS programs requiring privacy assessments has contributed substantially to the backlog of programs needing assessment, GAO said.

"The Privacy Office has made significant progress by establishing a compliance framework for conducting Privacy Impact Assessments," the GAO concluded. The process includes written guidance, training, and a process for identifying programs requiring assessment. The office also has moved forward to its goal of integrating privacy considerations into DHS decision-making, the GAO wrote.

However, the privacy office is making only limited gains in updating privacy notices for existing DHS databases, and is not issuing its reports to the public in a timely fashion, GAO wrote. For example, a report on the Multi-state Anti-Terrorism Information Exchange Program was not issued until long after the project was terminated.