Donate now through Network for Good   Electronic Privacy Information Center  

Privacy Report Held Hostage

Background | News | Resources

 

Latest News/Events

Background

EPIC is calling on the Chief Privacy Officer of the Department of Homeland Security to release its overdue annual report to Congress. Though an annual report is required by law, the Privacy Office has not issued one since February of last year, and that one covered events only up through June of 2004.

Although the Executive Office of Homeland Security established by President Bush in 2001 included no mention of individual privacy or a privacy office, the earliest versions of the House bill creating the Department of Homeland Security ("DHS") included provisions for the creation of a Chief Privacy Officer within the Department. The Homeland Security Act of 2002, § 222, gave the Secretary of DHS the responsibility to "appoint a senior official in the Department to assume primary responsibility for privacy policy." The responsibilities of the CPO include:

  1. assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
  2. assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
  3. evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
  4. conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and
  5. preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.
6 U.S.C. § 142.

Despite the clear mandate from Congress, the Chief Privacy Officer has delivered only one annual report since its creation in April 2003. That report covered activities by the Department through June 2004 and it was released in February 2005. The 112-page report covers the first year of the Department's operation, including studies and evaluations the privacy office undertook as well as evaluations of the entire Department's compliance with the Privacy Act and other laws.

In September of 2005, Chief Privacy Officer Nuala O'Connor Kelly said she hoped the next annual privacy report would be released in the following quarter. At the same meeting she announced that she was leaving the office. Maureen Cooney became acting Chief Privacy Officer, and she left the government in July of 2006, without having delivered the annual report. Hugo Teufel, III, was appointed to be the next Chief Privacy Officer on July 21, 2006.

On September 26, 2006, EPIC sent a letter to Teufel asking when the overdue privacy report will be published. To date, EPIC has not received a response to its inquiry, and the Privacy Office has not published its report. Notably, the DHS Inspector General regularly has filed its reports with Congress.

EPIC has recently published an article discussing the DHS Chief Privacy Officer, the President's Civil Liberties and Privacy Oversight Board, and the Civil Liberties Protection Officer of the Office of the National Intelligence Director. The article makes specific recommendations for how each office might be more effective. In almost all instances, more transparency, regular reporting, frequent public consultation, and great independence are necessary. The article concludes that "in the absence of effective oversight within federal agencies for the new powers created after September 11," the effective checks and balances are likely to be the courts and the Congress. Since the DHS Chief Privacy Officer's power to require changes to DHS policies is unclear, his annual report to Congress is essential for meaningful oversight of the Department.

In the latest appropriations bill for DHS, Congress said that the only person allowed to alter or delay the annual report is the Chief Privacy Officer, but President Bush in his signing statement accompanying that bill said that he would interpret that provision to be consistent with the theory of the "unitary Executive Branch," effectively reserving for the President the power to direct changes to the report.

The constitutionality and force of Presidential signing statements are still a matter of debate, though, and the White House regularly issues the statements when signing bills. When the President signs bills that contain provisions directing or restricting actions of members of the Executive Branch, the President usually issues a signing statement saying that the provisions will be interpreted as consistent with the theory of the unitary Executive Branch so that the President retains control. These statements have not been tested in court, but Congress has grown increasingly concerned with the President offering his interpretation of legislation written by Congress. When Senator McCain's amendment outlawing cruel, inhuman, or degrading treatment of detainees was signed, the President issued a signing statement saying that he would construe the law as consistent with his power as Commander-in-Chief and his duty to protect the country. Some observers saw that statement as undermining the purpose of the bill. Senator Specter earlier this year introduced a bill that would have prevented courts from using the signing statements in statutory interpretation and would have allowed Congressmen to intervene in court cases in which the interpretation of a statute was an issue.

News

EPIC Resources

DHS Resources

EPIC Privacy Page | EPIC Home Page

Last Updated: February 6, 2008
Page URL: http://www.epic.org/privacy/oversight/default.html