HSIN-Intelligence Portal - Center for Investigative Reporting

FOROFFICIALUSEONLYPrivacy Impact AssessmentIntelligence&Analysis,HSINIntelligencePage269.2 Describe how data integrity, privacy, and security were analyzed aspart of the decisions made for your system.System developers of HSIN-Intelligence recognized from the beginning the need to ensure theintegrity, privacy, and security of the sensitive information to be collected, used, and disseminated on thesystem. All decisions about system design were based on the need to ensure data integrity, embed strongprivacy controls, and implement robust security features.(b)(2) High9.3 What design choices were made to enhance privacy?(b)(2) High, in order to bolsterprivacy protections, HSIN-Intelligence requires that a “minimization” process be employed whereby allreports, analyses, assessments, and other products, prior to dissemination by I&A (i.e., posted onto the HSSLIC compartment), are reviewed to assess and determine whether the specific U.S. person identityinformation is necessary for the use of or understanding of the product by the intended recipients. Thus,for documents disseminated by I&A within the HS SLIC where the U.S. Person information or identity isnot necessary to understand the product, the identity information will be “masked” by removing andreplacing it with “a U.S. Person,” “USPER,” or some similar marking, as appropriate. Where an I&Aproduct on the HS SLIC will include U.S. person identifying information, the product itself will carry awarning stating that “This product contains U.S. Person Information” or words to that effect. This is donein accordance with I&A’s Intelligence Oversight obligations and policies, and the I&A Information HandlingGuidelines.As discussed above, (b)(2) High technology was selected because it provides the programmanagement staff the tools necessary for I&A to comply, not only with the Intelligence Community’soversight responsibilities uniquely applicable within HSIN Intelligence to I&A, but to facilitate compliancewith the Privacy framework (e.g., 28 CFR Part 23) for any other organization with access to, including thecapability to post and exchange its own information within, certain portions of the portal. This was aspecific design choice made to enhance accountability surrounding the possible use of personallyidentifiable information in the HS SLIC portion of HSIN-Intelligence.ConclusionHSIN-Intelligence was deployed as an Internet-based platform to ensure compatibility andinteroperability among interrelated communities of users securely exchanging critical sensitive informationrelevant to their official domestic security missions while also ensuring that the integrity and privacy ofindividuals’ data was maintained consistent with their own applicable standards, laws, policies, andprocedures. For the HS SLIC compartment of the portal, U.S. person identifying information is routinelyminimized unless the information is required for understanding the specific intelligence report, analysis,assessment or other product. This significantly mitigates the privacy risks for information accessiblethrough HSIN Intelligence. For those documents that do contain personally identifiable information, anumber of safeguards are in place to protect the privacy and integrity of the information. The registrationFOROFFICIALUSEONLY