Report: DHS must complete privacy assessments

While privacy implications of most systems have been assessed, only a quarter have been approved by privacy office.

The Homeland Security Department is not doing enough to protect personal information within its computer systems, Government Computer News reports on DHS Inspector General Richard L. Skinner's report.

The department has performed draft assessments of most of its computer systems, but only 23 percent of those assessments of privacy risks have been validated by the department's privacy office, Skinner says. There are 52 systems that are required to be covered by a Privacy Impact Assessment, but only 20 of those have been approved.

“Until DHS completes and validates the security documentation, privacy threshold assessments and privacy impact assessments for its systems and programs, the department lacks assurance that the risks associated with sensitive data and personal identifying information have been determined and appropriate security controls have been identified,” the report said.

DHS also needs to complete encryptions of data on laptop computers and to strengthen protections of data during storage, and in transit, the 26-page report concludes.