The Department of Homeland Security (DHS) has updated its privacy impact assessment for the Insider Threat Program (ITP) by expanding ITP’s scope to include all persons who have or had access to DHS’ information, networks, facilities, equipment and related systems.
The ITP originally focused on the prevention, mitigation and detection of unauthorized disclosure of classified data by DHS employees with active security clearances, DHS said in the updated PIA dated June 16.
“Therefore, the expanded scope increases the popultion covered by the program to include all those with past or current access to DHS facilities, information, equipment, networks, or systems, regardless of security clearance,” DHS wrote.
The update allows the program to collect information from any DHS component, program, office or source; “lawfully obtained” data from any U.S. agency, foreign government entity or private sector organization. It also expands data elements to include contract information, current employment and performance data, personnel files about adverse actions and misconduct and security clearance status.
DHS has identified six privacy risks associated with the update and ways to mitigate such risks, including over collection of employee data and use of collected data for a different purpose.