[House Report 110-755]
[From the U.S. Government Publishing Office]
110th Congress Report
HOUSE OF REPRESENTATIVES
2d Session 110-755
======================================================================
DEPARTMENT OF HOMELAND SECURITY COMPONENT PRIVACY OFFICER ACT OF 2008
_______
July 10, 2008.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Thompson of Mississippi, from the Committee on Homeland Security,
submitted the following
R E P O R T
[To accompany H.R. 5170]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security, to whom was referred the
bill (H.R. 5170) to amend the Homeland Security Act of 2002 to
provide for a privacy official within each component of the
Department of Homeland Security, and for other purposes, having
considered the same, report favorably thereon with an amendment
and recommend that the bill as amended do pass.
CONTENTS
Page
Purpose and Summary.............................................. 3
Background and Need for Legislation.............................. 3
Hearings......................................................... 3
Committee Consideration.......................................... 3
Committee Votes.................................................. 4
Committee Oversight Findings..................................... 4
New Budget Authority, Entitlement Authority, and Tax Expenditures 4
Congressional Budget Office Estimate............................. 4
Statement of General Performance Goals and Objectives............ 5
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits....................................................... 6
Federal Mandates Statement....................................... 6
Advisory Committee Statement..................................... 6
Constitutional Authority Statement............................... 6
Applicability to Legislative Branch.............................. 6
Section-by-Section Analysis of the Legislation................... 6
Changes in Existing Law Made by the Bill, as Reported............ 7
The amendment is as follows:
Strike all after the enacting clause and insert the
following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Department of Homeland Security
Component Privacy Officer Act of 2008''.
SEC. 2. ESTABLISHMENT OF PRIVACY OFFICIAL WITHIN EACH COMPONENT OF
DEPARTMENT OF HOMELAND SECURITY.
(a) In General.--Subtitle C of title II of the Homeland Security Act
of 2002 (6 U.S.C. 141 et seq.) is amended by inserting after section
222 the following new section:
``SEC. 222A. PRIVACY OFFICIALS.
``(a) Designation.--
``(1) In general.--For each component of the Department under
paragraph (2), the Secretary shall, in consultation with the
head of the component, designate a full-time privacy official,
who shall report directly to the senior official appointed
under section 222. Each such component privacy official shall
have primary responsibility for its component in implementing
the privacy policy for the Department established by the senior
official appointed under section 222.
``(2) Components.--The components of the Department referred
to in this subparagraph are as follows:
``(A) The Transportation Security Administration.
``(B) The Bureau of Citizenship and Immigration
Services.
``(C) Customs and Border Protection.
``(D) Immigration and Customs Enforcement.
``(E) The Federal Emergency Management Agency.
``(F) The Coast Guard.
``(G) The Directorate of Science and Technology.
``(H) The Office of Intelligence and Analysis.
``(I) The Directorate for National Protection and
Programs.
``(b) Responsibilities.--Each privacy official designated under
subsection (a) shall report directly to both the head of the official's
component and the senior official appointed under section 222, and
shall have the following responsibilities with respect to the
component:
``(1) Serve as such senior official's main point of contact
at the component to implement the polices and directives of
such senior official in carrying out section 222.
``(2) Advise the head of that component on privacy
considerations when any law, regulation, program, policy,
procedure, or guideline is proposed, developed, or implemented.
``(3) Assure that the use of technologies by the component
sustain or enhance privacy protections relating to the use,
collection, and disclosure of personal information within the
component.
``(4) Identify privacy issues related to component programs
and apply appropriate privacy policies in accordance with
Federal privacy law and Departmental policies developed to
ensure that the component protects the privacy of individuals
affected by its activities.
``(5) Monitor the component's compliance with all applicable
Federal privacy laws and regulations, implement corrective,
remedial, and preventive actions and notify the senior official
appointed under section 222 of privacy issues or non-
compliance, whenever necessary.
``(6) Ensure that personal information contained in Privacy
Act systems of records is handled in full compliance with
section 552a of title 5, United States Code.
``(7) Assist in drafting and reviewing privacy impact
assessments, privacy threshold assessments, and system of
records notices, in conjunction with and under the direction of
the senior official appointed under section 222, for any new or
substantially changed program or technology that collects,
maintains, or disseminates personally identifiable information
within the official's component.
``(8) Assist in drafting and reviewing privacy impact
assessments, privacy threshold assessments, and system of
records notices in conjunction with and under the direction of
the senior official appointed under section 222, for proposed
rulemakings and regulations within the component.
``(9) Conduct supervision of programs, regulations, policies,
procedures, or guidelines to ensure the component's protection
of privacy and, as necessary, promulgate guidelines and conduct
oversight to ensure the protection of privacy.
``(10) Implement and monitor privacy training for component
employees and contractors in coordination with the senior
official appointed under section 222.
``(11) Provide the senior official appointed under section
222 with written materials and information regarding the
relevant activities of the component, including privacy
violations and abuse, that are needed by the senior official to
successfully prepare the reports the senior official submits to
Congress and prepares on behalf of the Department.
``(12) Any other responsibilities assigned by the Secretary
or the senior official appointed under section 222.
``(c) Role of Component Heads.--The head of a component identified in
subsection (a)(2) shall ensure that the privacy official designated
under subsection (a) for that component--
``(1) has the information, material, and resources necessary
to fulfill the responsibilities of such official under this
section;
``(2) is advised of proposed policy changes and the
development of new programs, rules, regulations, procedures, or
guidelines during the planning stage and is included in the
decision-making process; and
``(3) is given access to material and personnel the privacy
official deems necessary to carry out the official's
responsibilities.
``(d) Limitation.--Nothing in this section shall be considered to
abrogate the role and responsibilities of the senior official appointed
under section 222.''.
(b) Clerical Amendment.--The table of contents in section 1(b) of
such Act is amended by inserting after the item related to section 222
the following new item:
``Sec. 222A. Privacy officials.''.
Purpose and Summary
The purpose of H.R. 5170 is to amend the Homeland Security
Act of 2002 to provide for a privacy official within each
component of the Department of Homeland Security, and for other
purposes.
Background and Need for Legislation
Under the current structure, the Chief Privacy Officer
works closely with other departmental components, such as the
General Counsel's Office, the Policy Office and the Office for
Civil Rights and Civil Liberties in addressing privacy issues;
however, many of the Department Components operate without an
on-site full time privacy professional.
Additionally, components with a designated privacy officer
have generally produced more Privacy Impact Assessments (PIAs)
than components without privacy officers. In fact, of the
eleven DHS components that have published PIAs, only three have
designated privacy officers. Yet these three components account
for 57 percent of all published DHS PIAs. Moreover, according
to the DHS Office of Privacy 2007 Annual Report to Congress
``establishing and increasing the number of well-trained
privacy officers at the component level helps to ensure that
privacy is built into new and existing programs at the
beginning of the development process.'' Additionally, the
presence of a full-time Component Privacy Officer would ensure
that privacy considerations are integrated into the decision-
making process at all of the DHS Components.
Hearings
No hearings were held on H.R. 5170.
Committee Consideration
H.R. 5170 was introduced in the House on January 29, 2008,
by Mr. Carney and Mr. Thompson of Mississippi and referred
solely to the Committee on Homeland Security. Within the
Committee H.R. 5170 was referred to the Subcommittee on
Management, Investigations, and Oversight.
On June 26, 2008, the Chairman discharged the Subcommittee
on Management, Investigations, and Oversight from further
consideration of H.R. 5170. The Committee then proceeded to the
consideration of H.R. 5170 and ordered the measure to be
reported to the House favorably, as amended, by voice vote.
The Committee adopted the measure, as amended, by unanimous
consent.
The following amendment was offered:
An Amendment in the Nature of a Substitute offered by Mr.
Carney (#1); was AGREED TO by unanimous consent.
Committee Votes
Clause 3(b) of rule XIII of the Rules of the House of
Representatives requires the Committee to list the recorded
votes on the motion to report legislation and amendments
thereto.
No recorded votes were requested during Committee
consideration.
Committee Oversight Findings
Pursuant to clause 3(c)(1) of rule XIII of the Rules of the
House of Representatives, the Committee has held oversight
hearings and made findings that are reflected in this report.
New Budget Authority, Entitlement Authority, and Tax Expenditures
In compliance with clause 3(c)(2) of rule XIII of the
Rules of the House of Representatives, the Committee finds that
H.R. 5170, the Department of Homeland Security Component
Privacy Officer Act of 2008, would result in no new or
increased budget authority, entitlement authority, or tax
expenditures or revenues.
Congressional Budget Office Estimate
The Committee adopts as its own the cost estimate prepared
by the Director of the Congressional Budget Office pursuant to
section 402 of the Congressional Budget Act of 1974.
U.S. Congress,
Congressional Budget Office,
Washington, DC, July 8, 2008.
Hon. Bennie G. Thompson,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 5170, the
Department of Homeland Security Component Privacy Officer Act
of 2008.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Mark
Grabowicz.
Sincerely,
Robert A. Sunshine
(For Peter R. Orszag, Director).
Enclosure.
H.R. 5170--Department of Homeland Security Component Privacy Officer
Act of 2008
CBO estimates that implementing H.R. 5170 would cost about
$1 million annually, assuming the availability of appropriated
funds. Enacting the bill would not affect direct spending or
revenues. H.R. 5170 contains no intergovernmental or private-
sector mandates as defined in the Unfunded Mandates Reform Act
and would impose no costs on state, local, or tribal
governments.
H.R. 5170 would direct the Department of Homeland Security
(DHS) to designate full-time officials to oversee privacy
considerations and policies for each of the department's nine
components, including the Federal Emergency Management Agency,
the Coast Guard, and the other agencies specified in the bill.
Those individuals would coordinate all privacy matters for
their respective agencies, including training and compliance,
and would report to the Chief Privacy Officer of DHS.
According to DHS, four of the nine department components
already have full-time privacy officials, so implementing H.R.
5170 would require filling five positions. We expect that each
new official would be compensated at level 14 or 15 of the
General Schedule. CBO estimates that the costs for those
positions would total about $1 million annually, including
salaries and benefits for those officials and for the costs of
any support staff.
The CBO staff contact for this estimate is Mark Grabowicz.
This estimate was approved by Peter H. Fontaine, Assistant
Director for Budget Analysis.
Statement of General Performance Goals and Objectives
Pursuant to clause 3(c)(4) of rule XIII of the Rules of
the House of Representatives, H.R. 5170 contains the following
general performance goals and objectives, including outcome
related goals and objectives authorized.
The purpose of this legislation is to create Component
Privacy Officers in the Department of Homeland Security
component agencies. Unfortunately, public trust in the
Department's ability to protect personal privacy rights is
abysmally low. This bill should aid in improving the manner in
which the Department handles privacy related issues and should
also foster the Department's mandate to sustain privacy
protections. In turn, public trust with respect to the
Department should improve. H.R. 5170 adds a new section 222A to
the Homeland Security Act of 2002 (6 U.S.C. 361 et seq.), which
requires the Secretary of Homeland Security, in consultation
with the Component Head, to create Component Privacy Officers
at the following Department of Homeland Security components:
The Transportation Security Administration; The Bureau of
Citizenship and Immigration Services; Customs and Border
Protection; Immigration and Customs Enforcement; The Federal
Emergency Management Agency; The Coast Guard; The Directorate
of Science and Technology; The Office of Intelligence and
Analysis; and The Directorate for National Protection and
Programs.
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits
In compliance with rule XXI of the Rules of the House of
Representatives, this bill, as reported, contains no
congressional earmarks, limited tax benefits, or limited tariff
benefits as defined in clause 9(d), 9(e), or 9(f) of the rule
XXI.
Federal Mandates Statement
The Committee adopts as its own the estimate of Federal
mandates prepared by the Director of the Congressional Budget
Office pursuant to section 423 of the Unfunded Mandates Reform
Act.
Advisory Committee Statement
No advisory committees within the meaning of section 5(b)
of the Federal Advisory Committee Act were created by this
legislation.
Constitutional Authority Statement
Pursuant to clause 3(d)(1) of rule XIII of the Rules of the
House of Representatives, the Committee finds that the
Constitutional authority for this legislation is provided in
Article I, section 8, clause 1, which grants Congress the power
to provide for the common Defense of the United States.
Applicability to Legislative Branch
The Committee finds that the legislation does not relate
to the terms and conditions of employment or access to public
services or accommodations within the meaning of section
102(b)(3) of the Congressional Accountability Act.
Section-by-Section Analysis of the Legislation
Section 1. Short title
This section designates the short title as the ``Department
of Homeland Security Component Privacy Act of 2008.''
Section 2. Establishment of privacy official within each component of
Department of Homeland Security
The Homeland Security Act of 2002 (P. L. 107-296) is
amended by inserting after Section 222, which creates the
``senior official'' at the Department that is responsible for
privacy policy, a new section 222A, which will govern the
component privacy officers.
Section 222A. Privacy officials
This section indicates that the Secretary, in consultation
with the head of each Component, shall designate a full-time
privacy official in certain components of the Department of
Homeland Security.
This section states that the components referred to in the
bill are: The Transportation Security Administration; the
Bureau of Citizenship and Immigration Services; Customs and
Border Protection; Immigration and Customs Enforcement; the
Federal Emergency Management Agency; the Coast Guard; the
Directorate of Science and Technology; the Office of
Intelligence and Analysis; and the Directorate for National
Protection and Programs.
Responsibilities. This section states that the Component
Privacy Officers shall have primary responsibility for
implementing the Department's privacy policy in the Component
Privacy Officer's component agency. Additionally, it indicates
that the Component Privacy Officers shall report directly to
the senior official appointed under section 222, hereinafter
referred to for clarification purposes as the ``DHS Chief
Privacy Officer.''
This section also states that in addition to the directly
reporting to the DHS Chief Privacy Officer, each Component
Privacy Officer shall also report directly to the head of that
officer's component. This section also lists the
responsibilities of the Component Privacy Officers and
describes in detail the manner in which they will monitor and
exercise oversight over privacy matters within their respective
components. This section also indicates that in addition to the
responsibilities enumerated in the bill, the Component Privacy
Officers shall also execute any other responsibilities assigned
by the Secretary or the DHS Chief Privacy Officer.
This section states that the head of the components shall
assist the Component Privacy Officers in carrying out their
duties by ensuring that the officers have the information,
material, and resources necessary to fulfill their
responsibilities. This section also provides that the head of
the components shall make certain that the Component Privacy
Officers are advised of proposed policy changes and the
development of new programs, rules, regulations, procedures, or
guidelines during the planning stage. This section also states
that the Component Privacy Officers shall be included in the
component's decision-making process and be given access to the
necessary material and personnel to carry out the
responsibilities set forth in the bill.
This section states that it is not the intention of this
bill to abrogate the current role and responsibilities of the
DHS Privacy Officer.
Changes in Existing Law Made by the Bill, as Reported
In compliance with clause 3(e) of rule XIII of the Rules of
the House of Representatives, changes in existing law made by
the bill, as reported, are shown as follows (new matter is
printed in italic and existing law in which no change is
proposed is shown in roman):
HOMELAND SECURITY ACT OF 2002
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) * * *
(b) Table of Contents.--The table of contents for this Act is
as follows:
* * * * * * *
TITLE II--INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION
* * * * * * *
Subtitle C--Information Security
* * * * * * *
Sec. 222A. Privacy officials.
* * * * * * *
TITLE II--INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION
* * * * * * *
Subtitle C--Information Security
* * * * * * *
SEC. 222A. PRIVACY OFFICIALS.
(a) Designation.--
(1) In general.--For each component of the Department
under paragraph (2), the Secretary shall, in
consultation with the head of the component, designate
a full-time privacy official, who shall report directly
to the senior official appointed under section 222.
Each such component privacy official shall have primary
responsibility for its component in implementing the
privacy policy for the Department established by the
senior official appointed under section 222.
(2) Components.--The components of the Department
referred to in this subparagraph are as follows:
(A) The Transportation Security
Administration.
(B) The Bureau of Citizenship and Immigration
Services.
(C) Customs and Border Protection.
(D) Immigration and Customs Enforcement.
(E) The Federal Emergency Management Agency.
(F) The Coast Guard.
(G) The Directorate of Science and
Technology.
(H) The Office of Intelligence and Analysis.
(I) The Directorate for National Protection
and Programs.
(b) Responsibilities.--Each privacy official designated under
subsection (a) shall report directly to both the head of the
official's component and the senior official appointed under
section 222, and shall have the following responsibilities with
respect to the component:
(1) Serve as such senior official's main point of
contact at the component to implement the polices and
directives of such senior official in carrying out
section 222.
(2) Advise the head of that component on privacy
considerations when any law, regulation, program,
policy, procedure, or guideline is proposed, developed,
or implemented.
(3) Assure that the use of technologies by the
component sustain or enhance privacy protections
relating to the use, collection, and disclosure of
personal information within the component.
(4) Identify privacy issues related to component
programs and apply appropriate privacy policies in
accordance with Federal privacy law and Departmental
policies developed to ensure that the component
protects the privacy of individuals affected by its
activities.
(5) Monitor the component's compliance with all
applicable Federal privacy laws and regulations,
implement corrective, remedial, and preventive actions
and notify the senior official appointed under section
222 of privacy issues or non-compliance, whenever
necessary.
(6) Ensure that personal information contained in
Privacy Act systems of records is handled in full
compliance with section 552a of title 5, United States
Code.
(7) Assist in drafting and reviewing privacy impact
assessments, privacy threshold assessments, and system
of records notices, in conjunction with and under the
direction of the senior official appointed under
section 222, for any new or substantially changed
program or technology that collects, maintains, or
disseminates personally identifiable information within
the official's component.
(8) Assist in drafting and reviewing privacy impact
assessments, privacy threshold assessments, and system
of records notices in conjunction with and under the
direction of the senior official appointed under
section 222, for proposed rulemakings and regulations
within the component.
(9) Conduct supervision of programs, regulations,
policies, procedures, or guidelines to ensure the
component's protection of privacy and, as necessary,
promulgate guidelines and conduct oversight to ensure
the protection of privacy.
(10) Implement and monitor privacy training for
component employees and contractors in coordination
with the senior official appointed under section 222.
(11) Provide the senior official appointed under
section 222 with written materials and information
regarding the relevant activities of the component,
including privacy violations and abuse, that are needed
by the senior official to successfully prepare the
reports the senior official submits to Congress and
prepares on behalf of the Department.
(12) Any other responsibilities assigned by the
Secretary or the senior official appointed under
section 222.
(c) Role of Component Heads.--The head of a component
identified in subsection (a)(2) shall ensure that the privacy
official designated under subsection (a) for that component--
(1) has the information, material, and resources
necessary to fulfill the responsibilities of such
official under this section;
(2) is advised of proposed policy changes and the
development of new programs, rules, regulations,
procedures, or guidelines during the planning stage and
is included in the decision-making process; and
(3) is given access to material and personnel the
privacy official deems necessary to carry out the
official's responsibilities.
(d) Limitation.--Nothing in this section shall be considered
to abrogate the role and responsibilities of the senior
official appointed under section 222.
* * * * * * *
�