D

epartment of Homeland Security

DHS Directives System

Instruction Number:

110

-

01

-

001

Revision Number:

00

Issue Date:

6/8/2012

PRIVACY POLICY FOR

OPERATIONAL USE OF SOCIAL

MEDIA

I.

Purpose

Th

is

Instruction

implement

s

Department of Ho

meland Security (DHS) Directi

ve

110

-

01,

Privacy Policy for

Operational Use of Social Media

.

II.

Scope

This Instruction applies throughout DHS regarding the

access

to and collection, use,

maintenance

,

retention

, disclosure, deletion, and destruction of Personally Identifiable

Information

(PII) in relation to operational use of social media, with the exception

of

operational use of social media for

:

(a)

communications and

outreach

with the public

authorized by the Office of Public Affairs

;

(b) situational awareness

by the

National

Operatio

ns Center

;

(

c)

situational awareness

by

C

omponents

other than the

National

Operations Center, upon approval by the Chief Privacy Officer following completion of a

Social Media Operational Use Template

;

and (

d

)

the conduct of authorized intelligence

activit

ies carried out by the Office of Intelligence and Analysis, the intelligence and

counterintelligence elements of the United States Coast Guard, or any other

Component

performing authorized foreign intelligence or counterintelligence functions,

in accordance with the provisions of Executive Order 12333

, as amended

.

This

Instruction does not apply to the Office of the Inspector General; however, the OIG will

comply with the spirit of the Instruction.

III.

References

A.

Public Law 107

-

347, “E

-

Government Act of 200

2,

”

as amended

, Section

208 [44 U.S.C.

§

3501 note]

B.

Title 5, United States Code (U.S.C.), Section 552a, “Records maintained

on individuals” [The Privacy Act of 1974, as amended]

C.

Title 6, U.S.C., Section 142,

“

Privacy

o

fficer

”

D.

Title 44, U.S.C., Chapter 3

5, Subchapter III, “

I

nformation Security” [The

Federal Information Security Management Act of 2002, as amended

(FISMA)

]

-

1

Instruction #

110

-

01

-

001

Revision

#

00

­

E.

Title 6

,

C.F.R., Chapter 1, Part 5, “

Disclosure o

f

records and information”

F.

Directive 047

-

01, “Privacy Policy and Compliance”

G.

DHS Sen

sitive Systems Policy Directive 4300A

H.

Privacy

-

related memoranda issued by the Office of Management and

Budget

,

including:

1.

OMB Memorandum 10

-

22

, “Guidance for Online Use of Web

Measurement and Customization Technologies” (June 25, 2010)

2.

OMB Memorandum 10

-

23

, “Guidance for Agency Use of Third

-

Party Websites and Applications”

(June 25, 2010)

3.

OMB

Memorandum 07

-

16, “Safeguarding Against and Responding

to the Breach of Personally Identifiable Information" (May 22, 2007

)

4.

OMB

Memorandum 06

-

20, “FY 2006 Reporting Instructions

for

the

Federal Information Security Management Act and Agency Privacy

Management” (July 17, 2006)

5.

OMB

Memorandum 06

-

19, “Reporting Incidents Involving

Personally Identifiable Information and Incorporating the Cost for

S

ecurity

in Agency Information Technology Investments” (July 12, 2006)

6.

OMB

Memorandum 06

-

15, “Safeguarding Personally Identifiable

Information” (May 22, 2006)

7.

OMB

Circular No. A

-

130, “

Transmittal Memorandum #4,

Management of Federal Information Resources” (November 28, 2000

)

I.

Privacy policy guidance and requirements issued (as updated) by the

Chief Privacy Officer

and published on the Privacy Office website

, including:

1.

Privacy Policy Guidance Memorandum 2008

-

02,

DHS Policy

Regarding Privacy Impact Assessments

(December 30,

2008)

2.

Privacy Policy Guidance Memorandum 2008

-

01,

The Fair

Information Practice Principles: Framework for Privacy Policy at the

Department of Homeland Security

(December 29, 2008)

3.

Handbook for Safeguarding Sensitive Personally Identifiable

Information at

DHS (

March

20

12)

-

2

Instruction #

110

-

01

-

001

Revision

#

00

­

IV.

Definitions

A.

Counsel means the Office of the General Counsel attorney, from either the

Immediate Office of the General Counsel or component counsel, assigned to

provide legal advice to the component covered by this Instruction.

B.

Fair Inf

ormation Practice Principles

means the policy framework

adopted by the Department in

Directive

047

-

01

, Privacy Policy and Compliance,

regarding the

collection, use, maintenance

, disclosure

, deletion

, or destruction

of

Personally Identifiable Information.

C.

Individual

means a natural person, including a United States citizen,

Legal Permanent Resident, visitor to the United States,

alien,

DHS employee, or

DHS contractor.

D.

Operational Use

means

authorized use of social media to

collect

personally identifiable

i

nformation

for the purpose of enhancing situational

awareness, investigating an individual

in a criminal, civil, or administrative

context, making a benefit

determination about a person,

making

a personnel

d

etermination about a

Department employee

,

making

a suitability determination

about a prospective Department employee, or for any other

official Department

purpose that has the potential to affect the rights, privileges, or benefits of

an

individual

.

Operational use does not include the use of search eng

ines for

general Internet research, nor does it include the use of social media for

professional development such as training and continuing education

or for

facilitating

internal meetings

.

E.

Personally Identifiable Information (PII

)

means

any

i

nformation

that

permits the identity of an individual to be directly or indirectly inferred,

including

other information

that is

linked or linkable to

an

individual

.

For example, when linked or linkable to an individual, such information

includes a

name,

S

ocial

S

ecurity number, date and place of birth, mother’s maiden name,

Alien Registration

Number

,

account number, license number, vehicle identifier

number,

license plate

number

,

device identifier or serial number

, internet protocol

address,

biometric

identifier

(

e.g.,

facial recognition

photograph, fingerprint, iris

scan, voice print)

,

education

al information

, financial

information

, medical

information

, criminal or employment

information

,

information created specifically

to identify or authenticate an individual (

e.g.,

a random generated number)

.

F.

Privacy

Compliance Documentation

means any document required by

statute or by the Chief Privacy Officer that supports compliance with DHS privacy

policy, procedures, or requirements, including but not limited to the Social Media

Operational Use Template (Template)

, Privacy Impact Assessments

(PIAs)

,

System of Records Notices

(SORNs)

,

Notices of Proposed Rulemaking for

-

3

Instruction #

110

-

01

-

001

Revision

#

00

­

---

-

_JU

,

IL

Mary

Ellen

Callahan

Date

Chief

Privacy

O icer

2.

Components

complete

implementation

of

this

Instruction,

including

obtaining

approval

from

the

Chief

Privacy

O icer

of

Templates

for

categories

of

operational

use

of

social

media

in

existence

prior

to

this

Instruction,

within

120

days,

except

that

Compo

nents

complete

training

of

all

pe%inent

employees

within

165

days.

VII.

Questions

Address

any

questions

or

concerns

regarding

these

Instructions

to

the

DHS

Privacy

O ice

or

to

the

relevant

Component

Privacy

O icer

or

PPOC.

-

10

-

Instruction

#

110-01-001

Revision

#

00