CISA Office of Privacy
The Cybersecurity and Infrastructure Security Agency (CISA) Office of Privacy is a front-line office reporting to the Director of CISA. It is the mission of the CISA Office of Privacy to integrate full individual privacy protections into the management of a safe, secure, and resilient infrastructure. The Office supports CISA’s Privacy Officer, who is responsible for the privacy policy and compliance of the agency. By law, the Privacy Officer:
- Assures that technologies used by CISA sustain and do not erode privacy protections;
- Assures that personal information is handled in full compliance of the Privacy Act of 1974;
- Evaluates legislative and regulatory proposals involving the collection, use, and disclosure of personal information; and
- Conducts privacy impact assessments.
In addition to its statutory responsibilities, the CISA Office of Privacy ensures CISA also complies with numerous privacy laws, federal policies and Executive Orders, and DHS Privacy Policies. The Office accomplishes its duties through work streams related to Policy & Advice, Compliance, Oversight, Training & Outreach, and Incident Response.
Privacy Compliance Documentation
DHS conducts Privacy Impact Assessments (PIAs) when developing or procuring any new technology or system that handle or collect personal information; creates a new program, system, technology, or information collection that may have privacy implications; updates a system resulting in a new privacy risk; or issues new or updated rulemaking that entails the collection of personal information. The CISA Office of Privacy makes its Privacy Impact Assessments publicly available at https://www.dhs.gov/privacy-impact-assessments.
DHS produces System of Records Notices (SORNs) when it establishes a group of records under its control from which information is retrieved by the name of an individual person or by some identifying number, symbol, or assigned identifier, consistent with the Privacy Act of 1974. The Privacy Act requires each agency to publish a notice of its system of records in the Federal Register. Copies of CISA SORNs, and its final rules for exemptions, can be found in the Federal Register or the DHS website at https://www.dhs.gov/system-records-notices-sorns.
Submitting a Privacy Act/Redress Request
For individuals wishing to submit a Privacy Act/Redress Request, we highly encourage you to visit our PIA page to find detailed instruction on how to submit a Privacy Act Request for the specific program you are inquiring about. Privacy Act/Redress Requests include submitting requests for access to or correction of your personal record within a CISA system of records.
Alternatively, you may submit your Privacy Act/Redress Request to https://www.dhs.gov/dhs-foia-privacy-act-request-submission-form.
Freedom of Information Act (FOIA)
For information on how to submit a FOIA request to CISA, please visit https://www.dhs.gov/freedom-information-act-foia.
Privacy-Related Questions and Complaints
Individuals who wish to submit a privacy-related question or complaint may do so at:
Email: privacy@cisa.dhs.gov
or
Mail: CISA Office of Privacy
DHS Mail Stop 0380
245 Murray Lane
Washington, DC 20598
James Burd is the Chief Privacy Officer for CISA. He may be reached at james.burd@cisa.dhs.gov.