1 Sept Think Before You Dig: Privacy Implications of Data Mining & Aggregation Background Data mining is generally part of a larger business intelligence or knowledge management initiative. Since state governments are complex organizations that collect and process massive amounts of information, data mining can help provide value to state government operations and taxpayers by extracting useful information out of mountains of collected data. In addition, data mining can be predictive and uncover hidden patterns that states can strategically use to reduce costs, increase business expansion opportunities, and detect fraud, waste and abuse that drains away taxpayer dollars. With the proliferation of privacy concerns raised by the mere mention of the term data mining, defining what data mining is and is not has become increasingly important. As recently defined by the U.S. Government Accountability Office (formerly the U.S. General Accounting Office) (GAO), data mining is the application of database technology and techniques such as statistical analysis and modeling to uncover hidden patterns and subtle relationships in data and to infer rules that allow for the prediction of future results. 1 However, data warehousing, ad hoc inquiries/reporting, software agents, online analytical processes (OLAP), and data visualization alone do not constitute data mining. 2 GAO acknowledges that the term data mining is ambiguous and, according to some experts in the field, overlaps with other types of analytical activities, such as data profiling, data warehousing, online analytical processing, and enterprise analytical applications. 3 Examples of analytical approaches that fall within the generally accepted definition of data mining are decision trees, nearest neighbor classification, neural networks, rule induction, and k-means clustering. 4 A common misconception is that data mining and data aggregation are interchangeable terms. Data aggregation is considered to be any process in which information is 1 U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May 2004, <http://www.gao.gov/new.items/d04548.pdf>. 2 Kurt Thearling, Ph.D., An Introduction to Data Mining, September 2004, <http://www.thearling.com/dmintro/dmintro.htm>. 3 U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May Kurt Thearling, Ph.D., An Introduction to Data Mining, September 2004.
2 Think Before You Dig: The Privacy Implications of Data Mining and Integration 2 gathered and expressed in a summary form, for purposes such as statistical analysis. 5 Note, though, that data aggregation may be used to prepare data for subsequent mining. Other important terms related to data mining are: Data Mart: An extract of the data warehouse which is established for separate purposes, such as for security, performance or special content. 6 Data Warehouse: A repository that combines data from existing databases into one database so that the data can be analyzed or mined. Data Augmentation: The use of information from other sources, such as commercial databases, in order to add to information that an entity already has in its possession. Purpose and Uses of Data Mining The purpose of data mining is to identify patterns in order to make predictions from information contained in databases. It allows the user to be proactive in identifying and predicting trends with that information. Common uses of data mining in government include knowledge discovery, fraud detection, analysis of research, decision support, and website personalization. The most common federal government uses of data mining as identified by GAO include: Improving service or performance Detecting fraud, waste, and abuse Analyzing scientific and research information Managing human resources Detecting criminal activities or patterns Analyzing intelligence and detecting terrorist activities. 7 State government data mining efforts include programs to ensure that the proper beneficiaries of state benefits programs receive the correct amount of benefits. Such uses can save states substantial amounts of money that otherwise would be erroneously paid out in the form of state benefits. 8 Moreover, in a recent report, GAO found that twentyone states are using data mining software to look for unusual patterns in claims, provider, and beneficiary information stored in data warehouses in order to identify potential provider abuse. 9 Privacy Implications As data mining has evolved, its impact on privacy has become increasingly complex and controversial. Data mining technologies initially assisted the user in accessing and 5 Tech Target Network, <http://searchdatabase.techtarget.com/sdefinition/0,,sid13_gci532310,00.html>. 6 Wikipedia, September, 2004, <http://en.wikipedia.org/wiki/data_mart>. 7 U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May National Association of State Auditors, Comptrollers and Treasurers (NASACT), Using Data Mining to Make Audits More Efficient and Effective, 2004 National State Auditors Association (NSAA) Middle Management Conference Presentations, <http://www.nasact.org/onlineresources/downloads/2004_mm/2004_mm.htm>. 9 U.S. Government Accountability Office (GAO), Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments, GAO , July 2004, <http://www.gao.gov/new.items/d04707.pdf>.
3 Think Before You Dig: The Privacy Implications of Data Mining and Integration 3 reducing large amounts of information. However, the factors listed below have made addressing privacy in relation to data mining much more difficult: Increased availability and decreased cost of data mining tools (for example, the data mining market is expected to grow from $540 million in 2002 to $1.5 billion in 2005) 10 Increased digitization of data and consequential increase in the amount of data available and inability of humans to manually process relationships in data without computer assistance Increased data aggregation Increased ability of data mining tools to extract patterns that go beyond actual data and that attempt to predict repetitive behavior and data value patterns Increased use of data warehouses as central repositories for multiple applications. Personal Information: The privacy implications of data mining technologies tend to be two-fold. First, the mining of personal information has raised privacy concerns. For purposes of its data mining study, GAO considered personal information to be all information associated with an individual and includes both identifying and nonidentifying information. Examples of identifying information which can be used to locate or identify an individual include an individual s name, aliases, Social Security Number, address, driver s license number, and agency-assigned case number. Non-identifying personal information includes an individual s age, education, finances, criminal history, physical attributes, and gender. 11 The main concern with aggregating such personal information and mining it is that profiles of individuals can be created using information held in disparate systems located both in the commercial and government sectors. Identification of Terrorists and Criminals: Another set of privacy issues are raised when data mining is used to identify individuals involved in terrorist or criminal activity or to determine if an already-identified suspect has a pattern of being involved in criminal or terrorist activities. Since data mining can be used to predict which individual might commit a crime, those using data mining for that purpose must be careful to put in place requirements that detail when action may be taken against an individual as the result of data mining activities and what is done with mined information that is subsequently determined not to be relevant to an investigation. Lessons Learned: The privacy implications of data mining recently have become much more high profile with controversies over TIA (Terrorism Information Awareness) program, CAPPS II (Computer Assisted Passenger Prescreening System), and MATRIX (Multistate Anti-Terrorism Information Exchange). These programs have raised concerns about the collection of personal information by the government and the subsequent mining of that information. The concerns of the privacy advocacy community appear to focus on the following issues: 10 Kurt Thearling, Ph.D., An Introduction to Data Mining, September U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May 2004.
4 Think Before You Dig: The Privacy Implications of Data Mining and Integration 4 Whether there is a clear description of a program s collection of personal information, including how the collected information will serve the program s purpose Whether information collected for one purpose will then be used for additional, secondary purposes in the future Whether privacy protections are built-in to systems in the developmental stage Whether the information will be mined after collection (and possibly combined with other information from government and/or private sector sources) and used to create dossiers on individuals in order to identify potential terrorists or criminals What type of action will be taken by the government on the basis of information gleaned from a data mining program Whether there is an adequate redress system for individuals to review and correct their personal information that is collected and maintained in order to avoid repeated false positives resulting from a data mining program Whether there are proper disposal procedures for collected personal information that has been determined to be irrelevant to an investigation. A lesson learned from TIA, CAPPS II, and MATRIX is that transparency as to a data mining program s purpose, the reason why information is collected, how it will be used, who will have access to the information, how it will be secured, and whether individuals can access and correct their personal information are key. These considerations are based upon the Fair Information Principles (FIPs), which are the core underpinnings of information privacy. While public policy concerns, such as national security, may necessitate a lesser level of openness regarding the details of programs that have data mining potential, forthrightness with the public and privacy advocates in the beginning stages of a data mining program (or a program that might appear to the public to have data mining potential) can help to avoid a myriad of public scrutiny once a program is underway. See Appendix A for more on TIA, CAPPS II, and MATRIX. In addition to the lessons learned from programs like TIA, CAPPS II and MATRIX, an important issue that has been raised within the data mining debate is the existence of an inherent tension between limiting the secondary use of information and mining information that was collected for purposes other than data mining. A common tenet of the FIPs is to limit the use of information to the purposes for which it was originally collected. Because information that is mined may not have been collected with the original purpose of being mined, those conducting data mining activities should examine whether the mining of data is consistent with the purposes for which it was originally collected. A Reality Check on Current Federal Data Mining Efforts: Examining federal government data mining efforts can assist in putting some privacy concerns in perspective. Initially, data mining was used by the federal government to detect financial fraud and abuse, such as through GAO audits and investigations of federal government
5 Think Before You Dig: The Privacy Implications of Data Mining and Integration 5 purchase and credit card programs. 12 However, based upon GAO s 2004 study of current and planned federal data mining efforts, NASCIO has identified three major points: Data mining efforts can involve information that is not personal in nature There is a wide range of purposes for which data mining can be conducted and not all purposes involve the analysis of intelligence and detection of terrorist activities Data mining efforts do not necessarily involve information from multiple sources. According to GAO s survey of 128 federal agencies, 199 data mining efforts are either operational or in the planning stages. Of those, 122, or approximately 61%, involve personal information. An example of a data mining effort that not does not involve personal information is a NASA (National Aeronautics and Space Administration) program that mines large earth data sets to find patterns and relationships to detect hidden events. The most common federal uses of data mining programs identified by GAO are for: Improving service or performance (65 data mining programs) Detecting fraud, waste and abuse (24) Analyzing scientific and research information (23) Managing human resources (17) Detecting criminal activities or patterns (15) Analyzing intelligence and detecting terrorist activities (14). Of the data mining programs using personal information, the most common purposes of those programs are improving service or performance (33 programs) and detecting fraud, waste and abuse (24). A smaller number of projects were used to manage human resources (15), detect criminal activities or patterns (15), analyze intelligence and detect terrorist activities (10), and increase tax compliance (7). Regarding the use of information from the private sector or other federal agencies, only 54 of the federal data mining efforts use data from the private sector and only 36 of those projects use personal information. Seventy-seven of the total 199 data mining efforts use data from other federal agencies and 46 of those efforts involve personal information. The GAO report ultimately concluded that data mining allows agencies to analyze massive volumes of data and that data mining is increasingly being used for a variety of purposes that range from service or performance improvement to the detection of terrorist activities or patterns. GAO stated that it plans to examine selected data mining efforts and their implications U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May Ibid.
6 Think Before You Dig: The Privacy Implications of Data Mining and Integration 6 State Government Privacy Implications Since data mining efforts are emerging at the federal level for a broad range of uses, this may serve as an indicator for how data mining will continue to emerge at the state level. Some states are using data mining to analyze electronic tax filings to discover patterns with the goal of increasing tax compliance. In pursuing these and other similar projects, states should consider the following to avoid privacy problems encountered at the federal level with TIA, CAPPS II and MATRIX: Be transparent early-on about a data mining or aggregation project s purpose Build privacy protections into data mining and aggregation technologies at the beginning. NASCIO-Identified Best Practices: The following considerations may assist states in pursuing data mining and aggregation projects that protect individual privacy. See also Appendix B for a 19-item data mining checklist developed by the Technology and Privacy Advisory Committee (TAPAC). 14 Clearly state up-front the state business benefits that will be achieved by data mining Educate on what data mining and aggregation are and on their privacy implications Build-in privacy considerations up-front in a data mining or aggregation project Bring in all stakeholders at the beginning, including privacy advocates, to get input Clearly state the primary purpose of the project and, if possible, identify possible secondary purposes that might emerge in the future Ensure that any new purpose of a project is consistent with the project s original purpose Determine whether personal information will be involved in a project Provide notice to individuals of the collection and use of their personal information Determine whether an individual should have a choice in the collection of information Determine whether a project will involve information from other governmental agencies or from the private sector and, if so, provide notice of the combining of the information Ensure the accuracy of data entry, cleansing and standardization to improve the quality of inferences from the mined data and make the correction of such data easier Implement role-based permissions granting access only to those with a need to know Where appropriate, anonymize personal information Create audit requirements for each query of mined data and its justification Maintain oversight of data mining or aggregation projects 14 TAPAC, Letter from Newton N. Minnow, Chairman of TAPAC, to the Hon. Donald H. Rumsfeld, Secretary of Defense, Safeguarding Privacy in the Fight Against Terrorism, March 2004.
7 Think Before You Dig: The Privacy Implications of Data Mining and Integration 7 Limit the actions that may be taken as a result of unverified findings from data mining Create a system where individuals can ensure that any incorrect personal information can be corrected to avoid repeated false positives Destroy or anonymize data that no longer serves the original purpose of the project. What CIOs Need to Know Educate agencies, legislators, stakeholders, privacy advocates and the public upfront about any projects that entail data mining or aggregation or that could be perceived as including those types of activities. Remember that not all such projects involve personal information or are for terrorism-related purposes. Bake privacy into any new data mining or aggregation technologies during their development so that you will be able to clearly state how citizen privacy will be protected. The Fair Information Principles provide good guidance. Need to Dig Deeper? Additional Data Mining and Aggregation Resources U.S. Government Accountability Office (GAO), Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments, GAO , July 2004, <http://www.gao.gov/atext/d04707.txt>. U.S. General Accounting Office (GAO), Data Mining: Federal Efforts Cover a Wide Range of Uses, GAO , May 2004, <http://www.gao.gov/new.items/d04548.pdf>. Kurt Thearling, Ph.D., An Introduction to Data Mining, September 2004, <http://www.thearling.com/dmintro/dmintro.htm>. National Association of State Auditors, Comptrollers and Treasurers (NASACT), Using Data Mining to Make Audits More Efficient and Effective, 2004 National State Auditors Association (NSAA) Middle Management Conference Presentations, <http://www.nasact.org/onlineresources/downloads/2004_mm/2004_mm.htm>.
8 Think Before You Dig: The Privacy Implications of Data Mining and Integration 8 Appendix A: Background on TIA, CAPPS II & MATRIX The following provides some background on the purpose of these programs and the privacy concerns that they have raised. TIA (Terrorism Information Awareness) Program: TIA was created under the Defense Advanced Research Projects Agency (DARPA), which is a central research and development organization for the U.S. Department of Defense. After the September 11, 2001 terrorist attacks, DARPA created TIA to research and develop an experimental prototype network in order to combat terrorism through better decision-making. TIA was to include data searching and pattern recognition tools, which raised public concern that TIA would be used to create dossiers on U.S. citizens. In September 2003, Congress terminated funding for TIA with an exception for TIA s processing, analysis, and collaboration tools for counter-terrorism foreign intelligence. Two factors that may have contributed to TIA s demise were (1) DARPA s failure to clearly articulate TIA, its objectives and the data to which it would apply in a clear, consistent and coherent manner and (2) DARPA s failure to build privacy protections into TIA technologies at the development stage. 15 CAPPS II (Computer Assisted Passenger Prescreening System): The Department of Homeland Security (DHS) described CAPPS II as a limited, automated prescreening system authorized by Congress in the wake of the September 11, 2001 terrorist attacks. Its purpose was to authenticate travelers identities and perform risk assessments to detect individuals who may pose a terrorist-related threat or who have outstanding federal or state warrants for crimes of violence. CAPPS II would have asked passengers for an expanded amount of reservation information, including name, birth date, home address and phone number. With that information, the system would have verified passenger identity, performed a risk assessment using commercial data and current intelligence, and then would have categorized passengers as no risk, unknown, or elevated or high risk. A passenger s boarding pass would have included an encoded message indicating the appropriate screening level. 16 However, in 2004, GAO determined that the Transportation Security Administration (TSA) had not addressed a number of key areas of interest to Congress regarding CAPPS II, including privacy concerns that had been raised about the system. Among the concerns was TSA s failure to provide reasons for its proposed rule to exempt the system from the requirements of the Privacy Act of 1974, the law that governs the privacy of personal information held within federal systems of records. Other concerns included the possibility that more personal information than necessary would be collected and maintained, that such information could be used for new purposes in the future, and that passengers could not review all information about them that would have been accessed via the CAPPS II system. Though such concerns did not rise to the level of violations of law, they reflected a limit on the application of some of the Fair Information Principles. 15 Technology and Privacy Advisory Committee, (TAPAC), Safeguarding Privacy in the Fight Against Terrorism, March 2004, <http://www.sainc.com/tapac/tapac_report_final_ pdf>. 16 U.S. Department of Homeland Security, Fact Sheet: CAPPS II at a Glance, February 12, 2004, <http://www.dhs.gov/dhspublic/display?theme=43&content=3162&print=true>.
9 Think Before You Dig: The Privacy Implications of Data Mining and Integration 9 GAO commented that the limited application of the Fair Information Principles in those instances resulted from TSA s attempt to balance privacy with other public policy interests, including national security, and that policymakers would have the final determination as to whether TSA s balance was appropriate. 17 MATRIX (Multistate Anti-Terrorism Information Exchange): MATRIX emerged out of the September 11 attacks as a pilot project to leverage proven technology to assist criminal investigations by implementing factual data analysis from existing data sources and integrating disparate data from many types of Web-enabled storage systems. The pilot s purpose is to make it more efficient for law enforcement to access information such as criminal history records, drivers license data, vehicle registrations, corrections records, and other public data and to help law enforcement analyze terrorist activities and other crimes for investigative leads. 18 States participating in MATRIX submit data to the system to be included in the factual data analysis and provide updates to ensure the information is current. 19 The types of information submitted by the participating states are governed by each state s laws on access to public records. The MATRIX pilot emphasizes that the information available through the pilot has been accessible to law enforcement for many years, but that it will make access more efficient. The MATRIX website provides that no new information is collected via the pilot and that no criminal intelligence databases are being connected. 20 Lastly, its website states that MATRIX is not a data mining application. 21 Privacy advocates, though, have raised concerns that MATRIX is a data mining application 22 and that it creates dossiers on private citizens from government and private sector databases. 23 Originally, thirteen states participated in MATRIX. However, a number have since withdrawn from the pilot that now has five participating states (Connecticut, Florida, Michigan, Ohio and Pennsylvania) U.S. General Accounting Office (GAO), Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges, GAO , February 2004, <http://www.gao.gov/new.items/d04385.pdf>. 18 MATRIX, MATRIX Defined, September 2004, <http://www.matrix-at.org/matrix_defined.htm>. 19 MATRIX, Roles Defined, September 2004, <http://www.matrix-at.org/roles.htm>. 20 MATRIX, MATRIX Defined, September MARTIX, MATRIX Misconceptions, September 2004, <http://www.matrixat.org/misconceptions.htm> 22 New Documents Obtained by ACLU Raise Troubling Questions About Matrix Program, American Civil Liberties Union (ACLU), May 2004, <http://www.aclu.org/privacy/privacy.cfm?id=15830&c=130>. 23 What is The Matrix? ACLU Seeks Answers on New State-Run Surveillance Program, American Civil Liberties Union (ACLU), October 2003, <http://www.aclu.org/privacy/privacy.cfm?id=14257&c=130>. 24 New Documents Obtained by ACLU Raise Troubling Questions About Matrix Program, American Civil Liberties Union (ACLU), May 2004.
11 Think Before You Dig: The Privacy Implications of Data Mining and Integration Are personally identifiable data being left in place whenever possible? If such data are being acquired or transferred, is there a system in place for ensuring that they are returned or destroyed as soon as possible? The Impact of Data Mining 12. What are the likely effect(s) on individuals identified through the data mining i.e., will they be the subject of further investigation or will they be immediately subject to some adverse action? 13. Does the data mining tool yield a rate of false positives that is acceptable in view of the purpose of the search, the severity of the effect of being identified, and the likelihood of further investigation? 14. Is there an appropriate system in place for dealing with false positives (e.g., reporting false positives to developers to improve the system, correcting incorrect information if possible, etc.), including identifying the frequency and effects of false positives? Oversight of Data Mining 15. Are data secured against accidental or deliberate unauthorized access, use, or destruction, and access to the data mining tool restricted to persons with a legitimate need and protected by appropriate access controls taking into account the sensitivity of the data? 16. Does the data mining tool generate, to the extent technologically possible, an immutable audit trail showing which data have been accessed or transferred, by what users, and for what purpose? 17. Will the data mining tool be subject to continual oversight to ensure that it is used appropriately and lawfully, and that informational privacy issues raised by new developments or discoveries are identified and addressed promptly? 18. Are all persons engaged in developing or using data mining tools trained in their appropriate use and the laws and regulations applicable to their use? 19. Have determinations as to the efficacy and appropriateness of data mining been made or reviewed by an official other than those intimately involved with the development, acquisition, or use of the data mining tool?
TIA AND MATRIX: FUNCTIONS, BENEFITS, AND BARRIERS Joe Juidiciani Daniel Snyder BACKGROUND On September 11, 2001, our nation fell victim to the largest attack on United States soil since the birth of the
Data Mining Report Response to House Report 108-774 Report to Congress on the Impact of Data Mining Technologies on Privacy and Civil Liberties Respectfully submitted Maureen Cooney Acting Chief Privacy
GAO United States Government Accountability Office Report to Congressional Committees February 2005 AVIATION SECURITY Measures for Testing the Impact of Using Commercial Data for the Secure Flight Program
J. Howard Beales Chair, DHS Data Privacy and Integrity Advisory Committee Via Hand Delivery Secretary Janet Napolitano Department of Homeland Security Washington, DC 20528 Ms. Mary Ellen Callahan Chief
U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations
February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework
for the Physical Access Control System DHS/ALL 039 June 9, 2011 Contact Point David S. Coven Chief, Access Control Branch (202) 282-8742 Reviewing Official Mary Ellen Callahan Chief Privacy Officer (703)
TESTIMONY OF ZOË BAIRD, PRESIDENT, MARKLE FOUNDATION CHAIRMAN, TASK FORCE ON NATIONAL SECURITY IN THE INFORMATION AGE Select Committee on Homeland Security U.S. House of Representatives "Information Sharing
GAO For Release on Delivery Expected at 3:00 p.m. Tuesday, April 24, 2001 United States General Accounting Office Testimony Before the Subcommittee on Economic Development, Public Buildings, and Emergency
GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management
FIN-2014-A007 August 11, 2014 Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance BSA/AML shortcomings have triggered recent civil and criminal enforcement actions FinCEN seeks
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
INFO 1400 Koffka Khan Tutorial 6 Running Case Assignment: Improving Decision Making: Redesigning the Customer Database Dirt Bikes U.S.A. sells primarily through its distributors. It maintains a small customer
This article was published in the May 2008 issue of The Privacy Advisor. The Privacy Advisor is a membership benefit of the International Association of Privacy Professionals (IAPP). If you are interested
DEALERSHIP S COMPLIANCE WITH THE USA PATRIOT ACT, ITS IMPLEMENTING REGULATIONS AND OTHER ANTI-TERRORISM MEASURES By: Keith E. Whann Deanna L. Stockamp Whann & Associates On September 11, 2001, terrorists
United States Government Accountability Office Report to Congressional Committees April 2015 SMALL BUSINESS RESEARCH PROGRAMS Challenges Remain in Meeting Spending and Reporting Requirements GAO-15-358
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
for the Computer Linked Application Information Management System DHS/USCIS/PIA-015(a) August 31, 2011 Contact Point Donald Hawkins Privacy Officer United States Citizenship and Immigration Services (202)
for the Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) November 15, 2007 Contact Point Barbara M. Harrison, Acting Privacy
Report from the Technology Subcommittee to the Data Privacy and Integrity Advisory Committee Task On January 27, 2014, the DHS Data Privacy and Integrity Advisory Committee (DPIAC) received a request from
BILLING CODE: 4410-10 DEPARTMENT OF HOMELAND SECURITY Office of the Secretary DHS-2008-0052 Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection Electronic System for
Report 2014-02 of the Data Privacy and Integrity Advisory Committee on Privacy Recommendations regarding Auditing and Oversight of the DHS Data Framework Task As Approved in Public Session September 22,
GAO United States Government Accountability Office Report to the Chairman, Committee on Appropriations, House of Representatives February 2007 DATA MINING Early Attention to Privacy in Developing a Key
7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
White Paper Navigating OFAC demands a map. Access valuable information and key details to stay informed. February 2010 Risk Solutions Financial Services Introduction This white paper introduces the Office
for the Port Authority of New York/New Jersey Secure Worker Access Consortium Vetting Services DHS/TSA/PIA-040 November 14, 2012 Contact Point Joseph Salvator Office of Intelligence & Analysis Joseph.Salvator@tsa.dhs.gov
Data Integration Initiative Semi Annual Report April 2009 State of North Carolina Office of the State Controller David McCoy, State Controller April 1, 2009 Table of Contents I. Background... 1 II. BEACON
GAO s High-Risk Program Mountains and Plains Intergovernmental Audit Forum September 1, 2015 William Reinsberg U.S. Government Accountability Office Outline Why was the High-Risk Program needed and what
for the Crew Member Self Defense Training (CMSDT) Program February 6, 2008 Contact Point Michael Rigney Federal Air Marshal Service Flight Programs Division Michael.Rigney@dhs.gov Reviewing Officials Peter
Texas Fusion Center A. Purpose Statement  The powers and duties of the Texas Fusion Center (TxFC) are described in Texas Government Code Chapter 421, Subchapter E; in the Texas Homeland Security Strategic
THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE FORWARD I am pleased to introduce the mission and authorities of the Office of Inspector General for the Farm Credit Administration. I hope this
Appendix A Financial Crimes Enforcement Network Programs The Department of the Treasury established the Financial Crimes Enforcement Network in April 1990. 33 FinCEN s original mission was to establish
A Treatment of Data Mining Technologies 1 MetaTech Consulting, Inc. White Paper A Treatment of Data Mining Technologies Jim Thomas June 21, 2003 A Treatment of Data Mining Technologies 2 A Treatment of
Statement for the Record of The Electronic Privacy Information Center (EPIC) Marc Rotenberg, EPIC President Ginger McCall, Director, EPIC Open Government Project Hearing on "DHS Monitoring of Social Networking
Audit of Controls Over Contract Payments FINAL AUDIT REPORT ED-OIG/A07-A0015 March 2001 Our mission is to promote the efficient U.S. Department of Education and effective use of taxpayer dollars Office
Securing Homeland the Homeland Through Through Information Information Sharing Sharing and Collaboration and Collaboration Department of Homeland Security April 18, 2008 for the Department of Introduction
Making critical connections: predictive analytics in government Improve strategic and tactical decision-making Highlights: Support data-driven decisions using IBM SPSS Modeler Reduce fraud, waste and abuse
Setting the Record Straight: U.S. Department of Homeland Security Policies on Protecting Privacy Lauren Saadat and Shannon Ballard 1 As published in the November 2007 issue of Data Protection Law & Policy
Work Plan ongoing and planned audit and evaluation projects Current as of June 5, 2015 Overview The Work Plan presents the audits and evaluations that the Office of Inspector General (OIG) is conducting
for the ICE Pattern Analysis and Information Collection (ICEPIC) January 25, 2008 Contact Point Marcy Forman Director Office of Investigations U.S. Immigration and Customs Enforcement (202) 514-0078 Reviewing
1 LAWS of MINNESOTA 2015 Ch 67, s 2 CHAPTER 67--S.F.No. 86 An act relating to data practices; classifying data related to automated license plate readers and requiring a governing policy; requiring a log
for Threat Assessments for Access to Sensitive Security Information for Use in Litigation December 28, 2006 Contact Point Andrew Colsky Sensitive Security Information (SSI) Office SSI@dhs.gov Reviewing
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL ...The auditor general shall conduct post audits of financial transactions and accounts of the state and of
Identity Theft The Identity Theft Conundrum Identity theft presents an inherent conundrum: The very attributes of modern commerce that consumers value and expect rapid, easy, 24-hour access to a wide variety
for the Five Country Joint Enrollment and Information-Sharing Project (FCC) November 2, 2009 Contact Point Paul Hasson, Privacy Officer Program National Protection & Programs Directorate (202) 298-5200
for the Background Check Service Contact Point Elizabeth Gaffin USCIS Privacy Officer United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief Privacy Officer
Statement of Latanya Sweeney, PhD Associate Professor of Computer Science, Technology and Policy Director, Data Privacy Laboratory Carnegie Mellon University before the Privacy and Integrity Advisory Committee
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
for the NOC Patriot Report Database December 7, 2010 Contact Point Ashley Tyler Department of Homeland Security Office of Operations and Coordination and Planning Reviewing Official Mary Ellen Callahan
Fiscal Years 2008 2012 Financial Crimes Enforcement Network Table of Contents Message from the Director 1 Introduction 3 The Bank Secrecy Act 4 The Nation s Financial Intelligence Unit 5 Mission Statement
STATEMENT OF J. RICHARD BERMAN ASSISTANT INSPECTOR GENERAL FOR AUDITS OFFICE OF INSPECTOR GENERAL U. S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE SELECT COMMITTEE ON HOMELAND SECURITY U. S. HOUSE OF REPRESENTATIVES
Financial Action Task Force Groupe d action financière An introduction to the FATF and its work What is the FATF? What are the FATF Recommendations? What are the benefits of implementing the FATF Recommendations?
JOINT STATEMENT OF ELISEBETH COLLINS COOK ASSISTANT ATTORNEY GENERAL AND VALERIE CAPRONI GENERAL COUNSEL FEDERAL BUREAU OF INVESTIGATION BEFORE THE SELECT COMMITTEE ON INTELLIGENCE UNITED STATES SENATE
U.S. Department of Homeland Security Best Practices for Protecting Privacy, Civil Rights & Civil Liberties In Unmanned Aircraft Systems Programs U.S. Department of Homeland Security Privacy, Civil Rights
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL THE MEDICARE-MEDICAID (MEDI-MEDI) DATA MATCH PROGRAM Daniel R. Levinson Inspector General April 2012 OEI-09-08-00370 EXECUTIVE SUMMARY:
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
Espionage and Intelligence Debra A. Miller, Book Editor Intelligence... has always been used by the United States to support U.S. military operations, but much of what forms today s intelligence system
Testimony before the Subcommittee on Space Committee on Science, Space, and Technology United States House of Representatives For Release on Delivery expected at 10:00 a.m. on June 20, 2014 NASA Security:
for the 9/11 Heroes Stamp Act of 2001 File System Contact Point Elizabeth Edge US Fire Administration Federal Emergency Management Agency (202) 646-3675 Reviewing Official Nuala O Connor Kelly Chief Privacy
I. U.S. Government Privacy Laws A. Privacy Definitions and Principles a. Privacy Definitions i. Privacy and personally identifiable information (PII) b. Privacy Basics Definition of PII 1. Office of Management
Framework for Privacy Analysis of Programs, Technologies, and Applications This document is a recommended framework for analyzing programs, technologies, and applications in light of their effects on privacy
The False Claims Acts What you need to know Why have this training? Required by federal law Employees have a duty to identify and report fraud, waste and abuse By safeguarding Medi-Cal and Medicare funding,
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL ME DIC BENEFIT INTEGRITY ACTIVITIES IN MEDICARE PARTS C AND D Daniel R. Levinson Inspector General January 2013 OEI-03-11-00310 EXECUTIVE
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
IBM Content Analytics: Rapid insight for crime investigation Discover insights in structured and unstructured information to speed case and identity resolution Highlights Reduces investigation time from
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
Fall 2010 Boston Regional Intelligence Center Privacy, Civil Rights and Civil Liberties Protection Policy The Intelligence Reform and Terrorism Prevention Act of 2004, as amended by the Implementing Recommendations
White Paper An Overview of Complementary Approaches Identity fraud demands constantly evolving prevention strategies to thwart ever-shifting criminals. February 2010 Risk Solutions Financial Services Introduction
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Screening Tax-Exempt Organizations Filing Information Provides Minimal Assurance That Potential Terrorist-Related Activities Are Identified May 21, 2007
U.S. Department of Homeland Security STATEMENT OF PAUL M. KILCOYNE DEPUTY ASSISTANT DIRECTOR OF INVESTIGATIVE SERVICES DIVISION U.S. IMMIGRATION AND CUSTOMS ENFORCEMENT U.S. DEPARTMENT OF HOMELAND SECURITY
Order Code RS21283 Updated August 6, 2003 CRS Report for Congress Received through the CRS Web Homeland Security: Intelligence Support Richard A. Best, Jr. Specialist in National Defense Foreign Affairs,
Fusion Center SOP 1 9-23-2013 Dallas Police Department Fusion Center 300.00 DALLAS POLICE DEPARTMENT METRO OPERATIONS SUPPORT AND ANALYTICAL INTELLIGENCE CENTER Nationwide Suspicious Activity Report (SAR)
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
Foundations of Business Intelligence: Databases and Information Management Problem: HP s numerous systems unable to deliver the information needed for a complete picture of business operations, lack of
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits Seminar arranged by the Office
White Paper and New Ways to Fight It Stopping the Flow of Health Care Fraud with Technology, Data and Analytics January 2014 Health care costs are rising and everyone is being affected, including patients,