EO 13388 PDF

If you would like to not see this alert again, please click the "Do not show me this again" check box below. Establishing an Information Sharing Environment The ISE adopted a distributed, decentralized model which, instead of relying on a central database of terrorism information, requires an ISE that connects existing systems, a model which enables cooperation across federal agencies and among state, local, tribal, private sector and international partners. This model also lessens the risks of privacy abuses, compromise, or data breaches. The next major development in ISE history concerns safeguarding shared information.

Author:Goltishicage Nera
Country:Costa Rica
Language:English (Spanish)
Published (Last):2 June 2004
PDF File Size:18.48 Mb
ePub File Size:20.33 Mb
Price:Free* [*Free Regsitration Required]

OpenNet use is restricted to unclassified or sensitive but unclassified information. ClassNet may process unclassified information, classified information up to and including SECRET, and information that has distribution restrictions.

The requirements of E. Marking the classification of each portion is particularly important for CLASSNET web postings, including unclassified portions, because users may copy or paraphrase information from web sites in new documents that require the correct derivative classification markings. Refer to the definition of "information" in E. An Information Sharing Environment ISE has been created by Executive Order and Congressional statute to promote and improve the sharing of terrorism-related information.

The Intelligence Reform and Terrorism Prevention Act of IRTPA , section d , as amended, calls for the issuance of guidelines to protect privacy and civil liberties in the development and use of information sharing activities. This policy applies to all Department of State personnel, as well as vendors, contractors, researchers, grant recipients, and others who have access to Department of State information or systems. This policy may also apply to other information that the U.

Government expressly determines by executive order, international agreement, or other similar instrument should fall into this category. Breach - The loss of control, compromise, unauthorized disclosure, acquisition, access, or any similar term referring to situations in which persons other than authorized users, for an other than authorized purpose, have access or potential access to PII, whether physical or electronic.

Civil liberties - fundamental individual rights such as freedom of speech, press, or religion; due process of law; and other limitations on the power of the Government to restrain or dictate the actions of individuals.

They are the freedoms that are guaranteed by the Bill of Rights—the first ten Amendments—to the Constitution of the United States. Civil liberties offer protection to individuals from improper Government action and arbitrary Governmental interference as defined by the ISE Frequently Asked Questions.

Civil rights- those rights and privileges of citizenship and equal protection that the State is constitutionally bound to guarantee all citizens regardless of race, religion, sex, or other characteristics unrelated to the worth of the individual. Protection of civil rights imposes an affirmative obligation upon Government to promote equal protection under the law. These civil rights to personal liberty are guaranteed to all U.

Generally, the term civil rights involves positive or affirmative Government action to protect against infringement as defined by the ISE Frequently Asked Questions. Homeland security information - homeland security information defined by the Homeland Security Act of , Public Law , Section f 1 codified at 6 U. Information pertaining to an actual or potential criminal, civil, or administrative investigation or a foreign intelligence, counterintelligence, or counter terrorism investigation;.

The existence, organizations, capabilities, plans, intentions, vulnerabilities, means, methods, or activities of individuals or groups involved or suspected of involvement in criminal or unlawful conduct or assisting or associated with criminal or unlawful conduct;.

The existence, identification, detection, prevention, interdiction, or disruption of, or response to criminal acts and violations of the law;. Identification, apprehension, prosecution, release, detention, adjudication, supervision, or rehabilitation of accused persons or criminal offenders; or. Data quality - the accuracy, timeliness, relevance, and completeness of information about individuals. Information Sharing Environment ISE - an approach that facilitates the sharing of terrorism and homeland security information.

Protected information - information about U. Constitution and Federal laws of the United States. Routine use - the use, sharing, or disclosure of protected information for a purpose compatible with the purpose for which the information was collected. Weapons of mass destruction information - The term weapons of mass destruction information, defined in Section a 6 , IRTPA, means information that could reasonably be expected to assist in the development, proliferation, or use of a weapon of mass destruction including a chemical, biological, radiological, or nuclear weapon that could be used by a terrorist or a terrorist organization against the United States, including information about the location of any stockpile of nuclear materials that could be exploited for use in such a weapon that could be used by a terrorist or a terrorist organization against the United States.

Within the ISE structure, the Secretary of State is specifically responsible for: a the collection overtly or through public sources of information relevant to U. Missions abroad; and d the support of Chiefs of U. Missions in discharging their responsibilities under law and Presidential direction. In the event of a suspected or confirmed data breach involving PII, the CRG will assist the relevant bureau or office with the development and implementation of an appropriate response to the breach incident.

The Privacy Division identifies all Department of State records systems from which information is retrieved by the name or personal identifier of an individual and publishes a system of records notice SORN for these record systems in the Federal Register. Within the ISE, the Privacy Division is responsible for coordinating and disseminating ISE requirements concerning privacy and coordinating implementation of these requirements within the Department.

The ISE Privacy Guidelines Committee should request legal or policy guidance on questions relating to the implementation of these Guidelines from those agencies having responsibility or authorities for issuing guidance on such questions; any such requested guidance must be provided promptly by the appropriate agencies. Domestically, the system owner is the bureau-designated senior executive responsible for the system. Abroad, the system owner is the Charge, Deputy Chief of Mission, Consul General, Principal Officer or equivalent, or the bureau-designated senior executive responsible for the system.

The system owner is responsible for performance, privacy, and security issues for the system throughout its lifecycle see 5 FAM Protected information that may be shared with another Federal agency, a State, local, or tribal agency, with the private sector, or a foreign partner is subject to three basic requirements:.

These requirements will enable ISE participants to handle the shared information in accordance with applicable legal requirements. Identification and Prior Review. See 5 FAM Notice - In accordance with existing regulations or any regulations established in the future, the Department of State will give notice of the nature of the individual records, data, databases, or Systems of Records which it creates, maintains, or makes available to other agencies through the ISE by providing a header, cover sheet, electronic caption, or appropriate portion mark, which must State if the information provided:.

Such information must include, at a minimum, the name of the originating department, component, or subcomponent and the title and contact information for the person to whom questions regarding the information should be directed. In compliance with the development and use of the ISE, the Department of State must, without exception, comply with the U. Constitution and all applicable laws and executive orders relating to protected information. Prior to entering into information sharing agreements, system owners will follow the review procedures for data holdings as containing protected information.

If an appropriate resolution is still not developed, the Standing Committee must bring the restriction to the attention of the Attorney General and the Director of National Intelligence, through the Secretary of State. The Department of State will work with non-Federal entities seeking access to protected information through the ISE and ensure that such non-Federal entities have appropriate policies and procedures that provide protections at least as comprehensive as this FAM chapter prior to sharing protected information.

Privacy Act policies aimed at preventing errors in protected information are set forth in 5 FAM and in frequent reminders to employees through Department Notices. Renewed emphasis on these programs improves the quality of the data collected and stimulates awareness of PII in State Department records and systems. Accuracy - Bureaus that engage in information collection must ensure that protected information meets the standards of accuracy, completeness, and consistency required to further the purpose s for which the information is collected and used see 5 FAM on Data Management.

Quality checks are conducted against the submitted documentation at every stage, and administrative policies must be established to minimize instances of inaccurate data see generally, 7 FAM , Passport Services, and specifically 7 FAM , Identity of the Passport Applicant SBU.

Notice of Errors - If the Department of State engages in the matching or merging of protected information about an individual from two or more sources, the Department must ensure the following actions occur:. In the event the Department determines that protected information originating from another agency may be erroneous, includes incorrectly merged information, or lacks adequate context such that the rights of the individual may be affected, the following actions will occur:. In the event the Department determines that protected information originating within the Department and shared with the ISE community is or may be erroneous and knows or has reason to believe based on logs or other audit function that the information was accessed by another agency, the originating Bureau must take the following steps:.

When it is not certain that the protected information is erroneous, delete the report in its entirety or note known limitations on accuracy in the data field containing the protected information. It is the policy of the Department of State to establish and maintain an effective automated information system AIS security program for the protection of Department information see 12 FAM These bureaus are responsible for the administration and management of the information security program for the Department of State, domestically and abroad, and for other Federal agencies under the authority of a chief of mission or principal officer as defined in this section.

The policies and procedures that address breaches involving protected information collected, processed, or maintained by the Department are set forth in 5 FAM , Breach Response Policy. All Department of State employees and contractors are responsible for knowing, understanding, and following these policies and procedures, including the requirement to promptly report any suspected breach of PII.

The possible penalties for failure to follow these policies and procedures are described in 5 FAM The combined information security policies and procedures of DS and IRM ensure the use of appropriate physical, technical, and administrative measures to safeguard protected information shared through the ISE. These measures protect against the unauthorized access, disclosure, modification, use, or destruction of information and maintain the overall data security of the Department. The Privacy Division will also incorporate training in the development and use of ISE in its existing and future training programs.

The Bureau of Information Resource Management is responsible for incorporating PII protection and privacy-enhancing technologies into the design, development, and acquisition of new information systems and into the operation of existing systems. All Department of State bureaus, which participate in the sharing of information, are responsible for cooperating with all ISE protected information audits and reviews conducted by officials.

Any U. Execution - the ISE Privacy Official is responsible for ensuring that privacy protections dictated by this FAM chapter are implemented as appropriate through training, business process changes, and system designs. Training - Training is a critical component of the ISE effort. This training will also serve as guidance and a model for State, local, and tribal Government and private sector officials.

Government agencies; promote information sharing activities; and. Department of State direct hire employees who are charged with sharing terrorism-related information or supporting such sharing. Technology - As privacy-enhancing technologies arise, the Department will consider them in light of their effect on the privacy protections required by the ISE. When reasonably feasible and appropriate, the Department will implement new privacy-enhancing technologies.

The Privacy Division should make publicly available information regarding procedures for complaints implicating protected information shared in the ISE, to include the following:.


2005 Executive Orders Disposition Tables

Privacy Policy. Legal Policies and Disclaimers. Notice of Federal Funding and Federal Disclaimer. This page provides links to Web sites that contain information regarding the development and utilization of policies and standards as they relate to law enforcement intelligence. Criminal Intelligence File Guidelines.


Executive Order 13388

EOs are published in the Federal Register, and they may be revoked by the President at any time. Although executive orders have historically related to routine administrative matters and the internal operations of federal agencies, recent Presidents have used Executive Orders more broadly to carry out policies and programs. This site, which also has a "search" capacity, can be used to determine if a particular Order has been amended, repealed, superseded, or otherwise changed. Under section 2. The Center was established in order to "protect the security of the United States through strengthened analysis and strategic planning and intelligence support to operations to counter transnational terrorist threats…" This includes the "interchange of terrorism information between agencies and appropriate authorities of States and local governments….



Related Articles