In accordance with DHS Policy Directive, Privacy Policy & Compliance, the Chief Privacy Officer (CPO) has primary authority for issuing privacy policy for the Department. Pursuant to this policy, all DHS staff are required to follow all DHS privacy policy established by the CPO. Additionally, DHS Component heads are responsible for implementing DHS privacy policy and procedures, and for working with the Privacy Office to ensure Department activities follow DHS privacy policy and apply privacy protections across the Department in a consistent manner.
DHS privacy policy Directives and their related Instructions are organized below by topic or associated policy.
- Directive: A Directive articulates DHS policies, missions, programs, or activities of a continuing nature. Directives are often required or authorized by statute, rulemaking, the President, or the Secretary to initiate, govern or regulate actions or conduct by DHS Components, officers, and employees.
- Instruction: An Instruction explains how to implement the policies or requirements of a Directive, Executive Order, regulation, or Federal Register notice.
- Privacy Policy & Compliance, 2011. This Directive applies throughout DHS regarding the collection, use, maintenance, disclosure, deletion, and destruction of Personally Identifiable Information (PII) and any other activity that impacts the privacy of individuals as determined by the Chief Privacy Officer. Most new privacy policies and Instructions are derived from this Directive.
- The Fair Information Practice Principles (FIPP): Framework for Privacy Policy at the Department of Homeland Security, 2008. The FIPPs provide the foundational principles for privacy policy and guideposts for their implementation at DHS.
- DHS Privacy Policy Regarding the Collection, Use, Retention, and Dissemination of Personally Identifiable Information, 2022.
- Privacy Policy & Compliance Instruction, 2011
- Chief Privacy Officer Investigations Instruction, 2012
- Component Privacy Officers Instruction, 2017
- Handbook for Safeguarding Sensitive PII, 2017
- Mobile Applications Instruction, 2016
- Privacy Compliance Review Instruction, 2017
- Privacy Incident Handling Guidance, 2017
- Privacy Incident Responsibilities & Breach Response Team Instruction, 2017
- Social Security Number Collection & Use Reduction Instruction, 2019
- Collection, Use, Retention, and Dissemination of Personally Identifiable Information, 2022
- Computer Matching Agreements Directive, 2011
- Federal Information Sharing Environment Privacy and Civil Liberties Protection Policy Directive, 2009
- Privacy Act Amendment Requests Directive, 2011
- Privacy Impact Assessment Directive, 2008
- Privacy Technology Implementation Guide, 2007
- Research Programs and Projects Directive, 2012
- Roles & Responsibilities for Shared IT Services, 2011
- Social Media Operational Use Directive, 2012
- DHS Privacy Policy Regarding the Collection, Use, Retention, and Dissemination of Personally Identifiable Information, 2017.
- Privacy Policy Guidance Memorandum 2007-02/Privacy Policy Directive 140-11, Regarding the use of Social Security numbers at DHS.
- Privacy Policy Guidance Memorandum 2007-01/Privacy Policy Directive 262-12, Regarding Collection, Use, Retention, and Dissemination of Information on Non-U.S. Persons.
- DHS Action Memorandum, Review of Safeguarding Policies and Procedures for Personnel-Related Data.