Executive Orders 13636 and 13691 Privacy and Civil Liberties Assessment Reports

Executive Order 13636, Improving Critical Infrastructure Cybersecurity, and Presidential Policy Directive 21 (PPD-21), Critical Infrastructure Security and Resilience, issued on February 12, 2013, require federal agencies to develop and incentivize participation in a technology-neutral cybersecurity framework, and to increase the volume, timeliness, and quality of the cyber threat information they share with the private sector.

Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing, issued on February 13, 2015, further acknowledges that organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States. This Executive Order encourages the formation of such information sharing organizations, establishes mechanisms to improve their capabilities, and enables them to better partner with the Federal Government on a voluntary basis.

Section 5 of both Executive Orders requires that federal agencies coordinate with their respective senior agency privacy and civil liberties officials (“Senior Officials”) to ensure that appropriate protections for privacy and civil liberties are incorporated into any activities conducted under the Executive Orders. The Senior Officials are also required to annually assess and report upon the privacy and civil liberties impacts of their respective agencies’ activities undertaken pursuant to each Executive Order. The Senior Officials must submit those assessments to the DHS Office for Civil Rights and Civil Liberties and the DHS Privacy Office for inclusion in the annual Privacy and Civil Liberties Assessment reports provided below.