D
epartment of Homeland Security
DHS Directives System
Instruction Number:
110
-
01
-
001
Revision Number:
00
Issue Date:
6/8/2012
PRIVACY POLICY FOR
OPERATIONAL USE OF SOCIAL
MEDIA
I.
Purpose
Th
is
Instruction
implement
s
Department of Ho
meland Security (DHS) Directi
ve
110
-
01,
Privacy Policy for
Operational Use of Social Media
.
II.
Scope
This Instruction applies throughout DHS regarding the
access
to and collection, use,
maintenance
,
retention
, disclosure, deletion, and destruction of Personally Identifiable
Information
(PII) in relation to operational use of social media, with the exception
of
operational use of social media for
:
(a)
communications and
outreach
with the public
authorized by the Office of Public Affairs
;
(b) situational awareness
by the
National
Operatio
ns Center
;
(
c)
situational awareness
by
C
omponents
other than the
National
Operations Center, upon approval by the Chief Privacy Officer following completion of a
Social Media Operational Use Template
;
and (
d
)
the conduct of authorized intelligence
activit
ies carried out by the Office of Intelligence and Analysis, the intelligence and
counterintelligence elements of the United States Coast Guard, or any other
Component
performing authorized foreign intelligence or counterintelligence functions,
in accordance with the provisions of Executive Order 12333
, as amended
.
This
Instruction does not apply to the Office of the Inspector General; however, the OIG will
comply with the spirit of the Instruction.
III.
References
A.
Public Law 107
-
347, “E
-
Government Act of 200
2,
”
as amended
, Section
208 [44 U.S.C.
§
3501 note]
B.
Title 5, United States Code (U.S.C.), Section 552a, “Records maintained
on individuals” [The Privacy Act of 1974, as amended]
C.
Title 6, U.S.C., Section 142,
“
Privacy
o
fficer
”
D.
Title 44, U.S.C., Chapter 3
5, Subchapter III, “
I
nformation Security” [The
Federal Information Security Management Act of 2002, as amended
(FISMA)
]
-
1
Instruction #
110
-
01
-
001
Revision
#
00
E.
Title 6
,
C.F.R., Chapter 1, Part 5, “
Disclosure o
f
records and information”
F.
Directive 047
-
01, “Privacy Policy and Compliance”
G.
DHS Sen
sitive Systems Policy Directive 4300A
H.
Privacy
-
related memoranda issued by the Office of Management and
Budget
,
including:
1.
OMB Memorandum 10
-
22
, “Guidance for Online Use of Web
Measurement and Customization Technologies” (June 25, 2010)
2.
OMB Memorandum 10
-
23
, “Guidance for Agency Use of Third
-
Party Websites and Applications”
(June 25, 2010)
3.
OMB
Memorandum 07
-
16, “Safeguarding Against and Responding
to the Breach of Personally Identifiable Information" (May 22, 2007
)
4.
OMB
Memorandum 06
-
20, “FY 2006 Reporting Instructions
for
the
Federal Information Security Management Act and Agency Privacy
Management” (July 17, 2006)
5.
OMB
Memorandum 06
-
19, “Reporting Incidents Involving
Personally Identifiable Information and Incorporating the Cost for
S
ecurity
in Agency Information Technology Investments” (July 12, 2006)
6.
OMB
Memorandum 06
-
15, “Safeguarding Personally Identifiable
Information” (May 22, 2006)
7.
OMB
Circular No. A
-
130, “
Transmittal Memorandum #4,
Management of Federal Information Resources” (November 28, 2000
)
I.
Privacy policy guidance and requirements issued (as updated) by the
Chief Privacy Officer
and published on the Privacy Office website
, including:
1.
Privacy Policy Guidance Memorandum 2008
-
02,
DHS Policy
Regarding Privacy Impact Assessments
(December 30,
2008)
2.
Privacy Policy Guidance Memorandum 2008
-
01,
The Fair
Information Practice Principles: Framework for Privacy Policy at the
Department of Homeland Security
(December 29, 2008)
3.
Handbook for Safeguarding Sensitive Personally Identifiable
Information at
DHS (
March
20
12)
-
2
Instruction #
110
-
01
-
001
Revision
#
00
IV.
Definitions
A.
Counsel means the Office of the General Counsel attorney, from either the
Immediate Office of the General Counsel or component counsel, assigned to
provide legal advice to the component covered by this Instruction.
B.
Fair Inf
ormation Practice Principles
means the policy framework
adopted by the Department in
Directive
047
-
01
, Privacy Policy and Compliance,
regarding the
collection, use, maintenance
, disclosure
, deletion
, or destruction
of
Personally Identifiable Information.
C.
Individual
means a natural person, including a United States citizen,
Legal Permanent Resident, visitor to the United States,
alien,
DHS employee, or
DHS contractor.
D.
Operational Use
means
authorized use of social media to
collect
personally identifiable
i
nformation
for the purpose of enhancing situational
awareness, investigating an individual
in a criminal, civil, or administrative
context, making a benefit
determination about a person,
making
a personnel
d
etermination about a
Department employee
,
making
a suitability determination
about a prospective Department employee, or for any other
official Department
purpose that has the potential to affect the rights, privileges, or benefits of
an
individual
.
Operational use does not include the use of search eng
ines for
general Internet research, nor does it include the use of social media for
professional development such as training and continuing education
or for
facilitating
internal meetings
.
E.
Personally Identifiable Information (PII
)
means
any
i
nformation
that
permits the identity of an individual to be directly or indirectly inferred,
including
other information
that is
linked or linkable to
an
individual
.
For example, when linked or linkable to an individual, such information
includes a
name,
S
ocial
S
ecurity number, date and place of birth, mother’s maiden name,
Alien Registration
Number
,
account number, license number, vehicle identifier
number,
license plate
number
,
device identifier or serial number
, internet protocol
address,
biometric
identifier
(
e.g.,
facial recognition
photograph, fingerprint, iris
scan, voice print)
,
education
al information
, financial
information
, medical
information
, criminal or employment
information
,
information created specifically
to identify or authenticate an individual (
e.g.,
a random generated number)
.
F.
Privacy
Compliance Documentation
means any document required by
statute or by the Chief Privacy Officer that supports compliance with DHS privacy
policy, procedures, or requirements, including but not limited to the Social Media
Operational Use Template (Template)
, Privacy Impact Assessments
(PIAs)
,
System of Records Notices
(SORNs)
,
Notices of Proposed Rulemaking for
-
3
Instruction #
110
-
01
-
001
Revision
#
00
---
-
_JU
,
IL
Mary
Ellen
Callahan
Date
Chief
Privacy
O icer
2.
Components
complete
implementation
of
this
Instruction,
including
obtaining
approval
from
the
Chief
Privacy
O icer
of
Templates
for
categories
of
operational
use
of
social
media
in
existence
prior
to
this
Instruction,
within
120
days,
except
that
Compo
nents
complete
training
of
all
pe%inent
employees
within
165
days.
VII.
Questions
Address
any
questions
or
concerns
regarding
these
Instructions
to
the
DHS
Privacy
O ice
or
to
the
relevant
Component
Privacy
O icer
or
PPOC.
-
10
-
Instruction
#
110-01-001
Revision
#
00
No comments:
Post a Comment