DHS Fair Information Practice Principles

Background

The Department of Homeland Security Fair Information Practice Principles (FIPPs) were codified in 2008 by Chief Privacy Officer Hugo Teufel. They guide DHS’s compliance with the Privacy Act of 1974, and the Homeland Security Act of 2002, which includes “assuring that the use of technologies sustains and does not erode, privacy protections relating to the use, collection, and disclosure of personal information….”

Principles

  • Transparency: DHS should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of personally identifiable information (PII). (Inflection Principle 1)
  • Individual Participation: DHS should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII. DHS should also provide mechanisms for appropriate access, correction, and redress regarding DHS’s use of PII. (Inflection Principle 4)
  • Purpose Specification: DHS should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used. (Inflection Principle 3)
  • Data Minimization: DHS should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s). (Inflection Principle 3)
  • Use Limitation: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the Department should be for a purpose compatible with the purpose for which the PII was collected. (Inflection Principle 3)
  • Data Quality and Integrity: DHS should, to the extent practicable, ensure that PII is accurate, relevant, timely, and complete. (Inflection Principle 2)
  • Security: DHS should protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure. (Inflection Principle 5)
  • Accountability and Auditing: DHS should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements (Inflection Principle 6, Inflection Principle 7)

Further Reading

Link: DHS Privacy Policy Memorandum