In accordance with DHS Policy Directive, Privacy Policy & Compliance, the Chief Privacy Officer (CPO) has primary authority for issuing privacy policy for the Department. Pursuant to this policy, all DHS staff are required to follow all DHS privacy policy established by the CPO. Additionally, DHS Component heads are responsible for implementing DHS privacy policy and procedures, and for working with the Privacy Office to ensure Department activities follow DHS privacy policy and apply privacy protections across the Department in a consistent manner.
DHS privacy policy Directives and their related Instructions are organized below by topic or associated policy.
- Directive: A Directive articulates DHS policies, missions, programs, or activities of a continuing nature. Directives are often required or authorized by statute, rulemaking, the President, or the Secretary to initiate, govern or regulate actions or conduct by DHS Components, officers, and employees.
- Instruction: An Instruction explains how to implement the policies or requirements of a Directive, Executive Order, regulation, or Federal Register notice.
NOTICE: DHS strives to provide equal access to information and data to people with disabilities in accordance with Section 508 of the Rehabilitation Act of 1973. Not all of the documents on this page are fully Section 508 compliant. If you have problems with any of the documents on this page and need assistance, please contact the FOIA Office at 202-343-1743.
- Privacy Policy & Compliance Directive, 2011.This Directive applies throughout DHS regarding the collection, use, maintenance, disclosure, deletion, and destruction of Personally Identifiable Information (PII) and any other activity that impacts the privacy of individuals as determined by the Chief Privacy Officer. Most new privacy policies and instructions are derived from this Directive.
- Privacy Policy & Compliance Instruction, 2011
- Chief Privacy Officer Investigations Instruction, 2012
- Component Privacy Officers Instruction, 2017
- Mobile Applications Instruction, 2016
- Chief Privacy Officer Privacy Compliance Review Instruction, 2017
- Privacy Incident Handling Instruction, 2024
- Privacy Incident Responsibilities & Breach Response Team Instruction, 2017
- Social Security Number Collection & Use Reduction Instruction, 2019
- Handbook for Safeguarding Sensitive PII Directive, 2017
- Regarding the Collection, Use, Retention, and Dissemination of Personally Identifiable Information Directive, 2022
- Computer Matching Agreements Directive, 2011
- Federal Information Sharing Environment Privacy and Civil Liberties Protection Policy Directive, 2009
- Privacy Act Amendment Requests Directive, 2011
- Privacy Impact Assessment Directive, 2008
- Research Programs and Projects Directive, 2012
- Social Media Operational Use Directive, 2012
- 139-02 Information Quality Directive, Revision:01
- 140-01 Information Technology Security Program Directive
- 140-06 Privacy Policy for Research Programs and Projects, Revision:00
- 141-02 Forms Management, Revision:00
- 141-01 Records and Information Management, Revision:01
- 142-01 Information Collection Management Program, Revison:01
- 262-15 DHS Federal Information Sharing Environment Privacy and Civil Liberties Protection Policy
- 262-13 DHS Data Framework Terms and Conditions
- 262-11 Freedom of Information Act Compliance, Revision:00
- 262-08 Protected Critical Infrastructure Information Program, Revision: 00
- 262-05 Information Sharing and Safeguarding
- 262-04 DHS Web (Internet and Extranet Information), Revision: 00
- 262-03 DHS Information Sharing Environment Technology Program, Revision: 00
- 262-02 Disclosure of Asylum or Refugee Information for Counterterrorism and Intelligence Purposes, Revision: 00
- 262-01 Computer Matching Agreements and the Data Integrity Board, Revision: 00
- 262-07 Disclosure of Homeland Security Information, Revision: 00
- MD 4600.1 Personal Use of Government Office Equipment
- MD 4900 Individual Use and Operation of DHS Information Systems/Computers
- 140-05 Privacy Technology Implementation Guide
- 142-02 Information Technology Integration and Management
- 262-14 Roles & Responsibilities for Shared IT Services
Management Instructions and Directives
- 139-05 Accessible Systems and Technology Program Directive
- 140-02 Cybersecurity Workforce Management Support
- 142-03 Electronic Mail Usage Maintenance
- 262-06 Digital Government Strategy
- 262-09 Enterprise Information Technology Service Management, Revision: 00
- 262-10 DHS Digital Transformation
- 262-12 Lexicon Program and Standardization of Department Terminology, Revision: 00
- MD 4700-1 Personal Communications Device Distribution
- MD 4800 – Telecommunications Operations
The Fair Information Practice Principles (FIPP): Framework for Privacy Policy at the Department of Homeland Security, 2008. The FIPPs provide the foundational principles for privacy policy and guideposts for their implementation at DHS.
- Privacy Technology Implementation Guide, 2007
- Roles & Responsibilities for Shared IT Services, 2011
- Privacy Policy Guidance Memorandum 2008-02, DHS Policy Regarding Privacy Impact Assessments, 2008
- Privacy Policy Guidance Memorandum 2011-01, Privacy Act Amendment Requests, 2011
- Privacy Policy Guidance Memorandum 2011-02, Roles and Responsibilities for Shared IT Services
- DHS 4300-A, Sensitive Systems Handbook
- 4300A – Handbook – Attachment – Q1 – Sensitive – Wireless Systems (15)
- 4300A Handbook Attachment K – IT Contingency Plan Template
- 4300A Handbook Attachment P – Document Change Requests
- 4300A Handbook Attachment Q5 – Voice over IP
- 4300A Handbook Attachment Q6 – Bluetooth Security
- 4300A Handbook Attachment S – Compliance Framework for Remote Access to and Extracts from Privacy Sensitive Systems
- 4300A – Handbook Attachment – C- ISSO – Letter
- 4300A – Handbook- Attachment – D – Type Accreditation
- 4300A – Handbook – Attachment – E – FISMA – Reporting
- 4300A – Handbook – Attachment – G – Rules -of – Behavior
- 4300A – Handbook – Attachment – H – POAM – Guide
- 4300A – Handbook – Attachment – M – Tailoring – NIST – 800 – 53 – Security Controls
- 4300A- Handbook – Attachment N – Preparing Interconnection – Security – Agreements_0 Word Document
- 4300A – Handbook – Attachment – Q2 – Mobile – Devices
- 4300A – Handbook – Attachment – Q4 – Sensitive – RFID – System
- 4300A – Handbook – Attachment – R - Compliance-Framework-for-CFO-Designated-Systems
- 4300A-Handbook-Attachment-S1-Managing-CREs-Containing-SPII
- 4300A Handbook Attachment F - Incident Response
- 0550.1 Records Management Directive
- DHS Privacy Policy Regarding the Collection, Use, Retention, and Dissemination of Personally Identifiable Information, 2017
- Privacy Policy 2017-01 Questions and Answers
- Privacy Policy Guidance Memorandum 2007-02/Privacy Policy Directive 140-11, Regarding the use of Social Security numbers at DHS.
- Privacy Policy Guidance Memorandum 2007-01/Privacy Policy Directive 262-12, Regarding Collection, Use, Retention, and Dissemination of Information on Non-U.S. Persons.
- DHS Action Memorandum, Review of Safeguarding Policies and Procedures for Personnel-Related Data.