Ari Schwartz of the CDT just posted a framework on what the Department of Homeland Security needs to do to protect personally identifiable information.

“Considering the government’s increasing reliance on commercial data, and the harms that can occur when the government makes decisions about individuals based on inaccurate or irrelevant data, it is imperative that DHS develop rules for use of commercial data, regardless of whether the data is brought into government computers. While the principles of the Privacy Act remain viable, DHS will have to go beyond narrow interpretations of the Act in order to ensure that adequate privacy protections are built into its projects. There are increasing calls to update the Privacy Act, but, in the meantime, DHS can take administrative steps to apply the Act’s principles to all its uses of personal information.”

(Thanks to beSpacific.)