DHS needs to improve executive oversight of its counterterrorism data mining systems, GAO has said.
As part of a systematic evaluation framework for data mining systems, agency policies should ensure organizational competence, evaluations of a system’s effectiveness and privacy protections, executive review, and appropriate transparency throughout the system’s life cycle, according to GAO-11-742.
It said while DHS components have established policies that address most of these elements, policies are not comprehensive. For example, DHS policies do not fully ensure executive review and transparency, and the component agencies’ policies do not sufficiently require evaluating system effectiveness.
While evaluations of six data mining systems from a mix of DHS component agencies showed that all of their program offices took steps to evaluate their system’s effectiveness and privacy protections, none performed all of the key activities associated with an effective evaluation framework, GAO said.
It said DHS faces key challenges in implementing a framework to ensure systems are effective and that they provide privacy protections, including reviewing and overseeing systems once they are in operation, stabilizing and implementing acquisition policies throughout the department, and ensuring that privacy-sensitive systems have timely and up-to-date privacy reviews.
DHS agreed to address gaps in agency evaluation policies and to require component agency officials address shortfalls in their system evaluations.
