The Implementing Recommendations of the 9/11 Commission Act of 2007 (also referred to as the “9/11 Commission Act”) included some important amendments and created new roles and responsibilities for privacy officials working within federal agencies. Specifically, the 9/11 Commission Act created the roles of Privacy and Civil Liberties Officers, which is the topic of discussion in this article.
Role of the Privacy and Civil Liberties Officers
Section 803 is of particular interest as it outlines the requirements of privacy and civil liberties officers. This section amends the National Security Intelligence Reform Act of 2004. According to the Act, the heads of federal departments, agencies, or any other element of the executive branch must designate at least one senior officer to be the privacy and civil liberties officers.
The Privacy and Civil Liberties Officers will carry out the following duties:
- Assist the head of the department, agency or element and other officials in appropriately considering privacy and civil liberties concerns when such officials are proposing, developing or implementing laws, regulations, policies, procedures or guidelines related to efforts to protect the nation against terrorism.
- Periodically investigate and review department, agency, or element actions, policies, procedures, guidelines and related laws and their implementation to ensure that such department, agency or element is adequately considering privacy and civil liberties in its actions.
- Ensure that such department, agency or element has adequate procedures to receive, investigate, respond to, and redress complaints from individuals who allege such department, agency, or element has violated their privacy or civil liberties.
- In providing advice, the Officer should ensure:
- That the need for power is balanced with the need to protect privacy and civil liberties.
- That there is adequate supervision of the use by such department, agency, or element of the power to ensure protection of privacy and civil liberties.
- That there are adequate guidelines and oversight to properly confine its use.
Privacy and civil liberties officers must report directly to the head of the department concerned and coordinate their activities with the Inspector General of such department to avoid duplication of effort.
On a periodic basis, privacy and civil liberties officers are required to submit a report on their activities. These reports should include the following information:
- Information on the number of types of reviews undertaken.
- The type of advice provided and the response given to such advice.
- The number and nature of the complaints received by the department, agency, or element concerned for alleged violations.
- A summary of the disposition of such complaints, the reviews and inquiries conducted, and the impact of the activities of the officer.
Privacy and civil liberties officers are also required to make the reports available to the public, and inform the public of their activities, where appropriate. Examples of such reports are available here.
Fusion centers are essentially information sharing centers. The majority of these centers were created between 2003 and 2007 under the US Department of Homeland Security and the Office of Justice Programs in the US Department of Justice. Fusion centers are meant to promote and facilitate information sharing at the federal level, between high-profile agencies including the Central Intelligence Agency (CIA), Federal Bureau of Investigations (FBI) and the US Department of Justice, to name a few.
The fusion process describes an overarching method for information flow management. It oversees intelligence sharing across levels and sectors of government to allow for analysis. Fusion centers and associated privacy issues are discussed in more detail in another article.
This article takes a look at Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (or the 9/11 Commission Act). This section creates new roles for Privacy and Civil Liberties Officers within federal agencies.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/ US Government (CIPP/G), a privacy professional should be comfortable with topics related to this post, including:
- Requirements under Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (I.C.g.)