New DHS requirements raise eyebrows

From FCW:

Privacy advocates are puzzled and dismayed by the Homeland Security Department’s recent addition of new categories of personal information it plans to collect and store for all employees, contractors and volunteers who regularly access DHS facilities. The new categories of information include mother’s maiden name and financial history, according to a June 25 Federal Register notice.

[…]

Asking for financial history information, for example, “could be benign, depending on what information is being requested. Or is bad credit now a security risk?” asked Christopher Calabrese, counsel for the American Civil Liberties Union’s Technology and Liberty Program. “And why does DHS need to know [someone’s] mother’s maiden name? It seems strange.”

Amy Kudwa, a DHS spokeswoman, said the “financial history” data element refers to a credit history check, which she says is standard for government employees. “We are simply moving forward with HSPD-12,” Kudwa said.

Jim Dempsey, vice president of public policy at the Center for Democracy and Technology, agreed that requesting and storing data on mother’s maiden name and financial history is risky and unusual. That kind of information would seem more appropriate for a background check or security clearance than a building access identification program, he said.

“This information collection is odd, particularly financial history,” Dempsey said. “A general principle is that the [agency] collecting the information becomes responsible for protecting it. This is sensitive information, and it looks unnecessary. They have not justified why they need this information.”

Jim Harper, director of information policy studies at the Cato Institute, said the expanded data collection seems to increase the risks of possible identity theft and privacy loss for employees and contractors.

Read more on FCW.