The Privacy Office serves as both an advisor and oversight body for the Department’s privacy-sensitive programs and systems.
The Privacy Compliance Review (PCR) is a collaborative effort to help improve a program’s ability to comply with existing privacy compliance documentation, including Privacy Impact Assessments (PIA), System of Records Notices (SORN), formal agreements such as Memoranda of Understanding or Memoranda of Agreements, or at the Chief Privacy Officer’s discretion. A PCR may result in a public report or internal recommendations, depending upon the sensitivity of the program under review.
The Privacy Office tracks implementation of PCR recommendations based on supporting evidence provided by the Component Privacy Office and/or Program reviewed.
- There are no open PCR recommendations at this time.
PCRs in alphabetical order:
- Analytical Framework for Intelligence
- February 2019 Update: CBP satisfactorily implemented all PCR recommendations.
- Countering Violent Extremism Grant Program
- July 2020 Update: FEMA and the Office for Targeted Violence and Terrorism Prevention satisfactorily implemented all PCR recommendations.
- DHS Use of Social Media for Communications and Outreach
- EINSTEIN
- August 2014 Update: NPPD satisfactorily implemented all PCR recommendations.
- Electronic System for Travel Authorization
- September 2024 Update: CBP satisfactorily implemented all PCR recommendations.
- Enhanced Cybersecurity Services Program
- July 2016 Update: NPPD satisfactorily implemented all PCR recommendations.
- FEMA's Information Sharing Practices
- April 2025 Update: FEMA satisfactorily implemented all PCR recommendations.
- ICE Pattern Analysis and Information Collection Law Enforcement Information Sharing Service
- Media Monitoring Initiative
- September 2024 Update: OSA satisfactorily implemented all PCR recommendations.
- Office of the Chief Human Capital Officer Privacy Practices
- April 2020 Update: OCHCO satisfactorily implemented all PCR recommendations.
- Passenger Name Records Reviews
- February 2025 Update: CBP satisfactorily implemented all PCR recommendations.
- Science and Technology Directorate Privacy Practices
- September 2024 Update: S&T satisfactorily implemented all PCR recommendations.
- Section 1367 Privacy Incidents
- April 2025 Update: CBP, ICE, USCG, USCIS, and OBIM satisfactorily implemented all PCR recommendations.
- Southwest Border Pedestrian Exit Field Test
- October 2017 Update: CBP satisfactorily implemented all PCR recommendations.
- USCIS Customer Profile Management Service & National Appointment Scheduling System
- October 2020 Update: USCIS satisfactorily implemented all PCR recommendations.
- U.S. Secret Service Privacy Practices
- September 2024 Update: USSS satisfactorily implemented all PCR recommendations.
Although the PCR is designed as a proactive and constructive mechanism, it is possible that potentially egregious behavior could be uncovered during the PCR. Should this occur, the Privacy Office will either refer the matter to the DHS Office of Inspector General to investigate, or convert the PCR into a formal investigation conducted under the Chief Privacy Officer’s investigative authority. The Chief Privacy Officer is authorized to conduct investigations and issue reports relating to the administration of the programs and operations of the Department as are, in the senior official’s judgment, necessary or desirable.
Investigations: