CISA Office of Privacy

The Cybersecurity and Infrastructure Security Agency (CISA) Office of Privacy is a front-line office reporting to the Director of CISA. It is the mission of the CISA Office of Privacy to integrate full individual privacy protections into the management of a safe, secure, and resilient infrastructure. The Office supports CISA’s Privacy Officer, who is responsible for the privacy policy and compliance of the agency. By law, the Privacy Officer:

  • Assures that technologies used by CISA sustain and do not erode privacy protections;
  • Assures that personal information is handled in full compliance of the Privacy Act of 1974;
  • Evaluates legislative and regulatory proposals involving the collection, use, and disclosure of personal information; and
  • Conducts privacy impact assessments.

In addition to its statutory responsibilities, the CISA Office of Privacy ensures CISA also complies with numerous privacy laws, federal policies and Executive Orders, and DHS Privacy Policies. The Office accomplishes its duties through work streams related to Policy & Advice, Compliance, Oversight, Training & Outreach, and Incident Response.

Privacy Compliance Documentation

DHS conducts Privacy Impact Assessments (PIAs) when developing or procuring any new technology or system that handle or collect personal information; creates a new program, system, technology, or information collection that may have privacy implications; updates a system resulting in a new privacy risk; or issues new or updated rulemaking that entails the collection of personal information. The CISA Office of Privacy makes its Privacy Impact Assessments publicly available at https://www.dhs.gov/privacy-impact-assessments

DHS produces System of Records Notices (SORNs) when it establishes a group of records under its control from which information is retrieved by the name of an individual person or by some identifying number, symbol, or assigned identifier, consistent with the Privacy Act of 1974. The Privacy Act requires each agency to publish a notice of its system of records in the Federal Register. Copies of CISA SORNs, and its final rules for exemptions, can be found in the Federal Register or the DHS website at https://www.dhs.gov/system-records-notices-sorns

Submitting a Privacy Act/Redress Request

For individuals wishing to submit a Privacy Act/Redress Request, we highly encourage you to visit our PIA page to find detailed instruction on how to submit a Privacy Act Request for the specific program you are inquiring about. Privacy Act/Redress Requests include submitting requests for access to or correction of your personal record within a CISA system of records.

Alternatively, you may submit your Privacy Act/Redress Request to https://www.dhs.gov/dhs-foia-privacy-act-request-submission-form

Freedom of Information Act (FOIA)

For information on how to submit a FOIA request to CISA, please visit https://www.dhs.gov/freedom-information-act-foia

Privacy-Related Questions and Complaints

Individuals who wish to submit a privacy-related question or complaint may do so at:

Email: privacy@cisa.dhs.gov

or

Mail: CISA Office of Privacy

          DHS Mail Stop 0380

          245 Murray Lane

          Washington, DC 20598

James Burd is the Chief Privacy Officer for CISA. He may be reached at james.burd@cisa.dhs.gov.

Other Relevant Links