NP Privacy Partner
Search Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody on Twitter Nixon Peabody on YouTube
Subscribe:Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody's Data Privacy and Cybersecurity blog
Share Print View
Department of Homeland Security issues “Best Practices for Protecting Privacy” in UAS Programs

Last month, the U.S. Department of Homeland Security (DHS) issued its “Best Practices for Protecting Privacy, Civil Rights & Civil Liberties in Unmanned Aircraft Systems Programs.” This guidance comes at a time when drone usage has exploded in both the public and private sectors.

It goes without saying that Unmanned Aircraft Systems (UAS) or drones are now an essential part of the nation’s security and defense missions. Among numerous other things, drones protect our borders, support law enforcement and fire and rescue operations, evaluate dangerous situations and conduct inspections. However, as the co-chairs of the DHS Privacy, Civil Rights & Civil Liberties UAS Working Group (DHS Working Group) state in their Joint Statement, “These best practices represent an optimal approach to protecting individual rights that is influenced by U.S. Customs and Border Protection’s (CBP) ten years of experience using unmanned aircraft systems as a tool in protecting and securing the Nation’s borders.”

While the White House on February 15, 2015, issued a Presidential Memorandum on “Promoting Economic Competitiveness While Safeguarding Privacy, Civil Rights, and Civil Liberties in Domestic Use of Unmanned Aircraft Systems,” the DHS Best Practices “are consistent with” but expand upon the Presidential Memorandum, providing to date the most significant and detailed guidance from the government on privacy issues related to and governmental use of drones.

The Best Practices are as follows:

  1. Consult Your Legal Counsel and Experts. Before establishing an unmanned aircraft program, agencies need to work closely with their legal counsel to confirm there is legal authority for UAS operations. Furthermore, agencies should involve privacy, civil rights, and civil liberties experts at every stage of their programs
  2. Clearly State the Purpose of the Unmanned Aircraft Program. Agencies should clearly articulate their primary purpose for establishing UAS programs. The public may better comprehend the reasons for establishing a program with a purpose described online in plain terms.
  3. Stay Focused on the Purpose of the Unmanned Aircraft Program. Understandably, the UAS program’s purpose may evolve over time. If it does, legal counsel and privacy, civil rights, and civil liberties experts should review any changes. Agencies should detail the changes clearly and publically.
  4. Designate an Individual Responsible for Privacy Compliance. Agencies should identify a senior level individual within their organization with knowledge of the relevant privacy, civil rights, and civil liberties laws and regulations.
  5. Stay Involved from Conception Throughout Deployment and Thereafter. Leaders in each agency’s UAS program should consult with legal counsel and privacy, civil rights, and civil liberties experts throughout the UAS program’s lifecycle, including when formulating concepts of operations, standard operating procedures, agreements, etc. Furthermore, agencies should set a routine program review process to determine if the program’s purpose is being met and whether modifications are required.
  6. Conduct a Privacy Impact Assessment and Document Privacy Compliance. Before using UAS, agencies should analyze whether there are potential privacy, civil rights, and civil liberties concerns and whether they are compliant with all applicable legal, regulatory, and policy requirements. At a minimum, the above-referenced Presidential Memorandum requires federal agencies review their existing UAS policies and procedures at least every three years. The DHS Working Group strongly recommended the use of a Privacy Impact Assessment (PIA) format for any review in order to identify any potential privacy risks and the steps to mitigate these risks.
  7. Limit Collection, Use, Dissemination, and Retention of UAS-Recorded Data. Agencies should limit the collection and use of any UAS-recorded data to data acquired legally and relevant to the agency’s operations. Recorded images should not be retained beyond a reasonable period as defined by agency policy, unless authorized by law.
  8. Respect Constitutionally Protected Activities. While utilizing the UAS to protect public safety, agencies may inadvertently capture images of individuals engaging in constitutionally protected activities. Agencies must establish guidelines to destroy or safeguard the misuse of such data. The DHS Working Group gave as an example the gathering of incidental images of identifiable individuals not needed for legal compliance or law enforcement purposes; these images should be deleted according to the agency’s established guidelines and within 180 days.
  9. Have a Redress Program for Individuals that Covers Unmanned Aircraft System Activities. An effective redress system will have adequate procedures in place to receive, investigate, and address, as appropriate, privacy, civil rights, and civil liberties complaints. Resolution of complaints should be done within a reasonable set time period and the process should be easily understood and publically available.
  10. Ensure Accountability in Management of Unmanned Aircraft Program. Accountability is the bedrock of any successful program, which includes UAS programs. Agencies should confirm that existing oversight procedures ensure compliance with policies and regulations. They should also supervise personnel and implement a process to report suspected cases of misuse or abuse.
  11. Properly Secure and Store Unmanned Aircraft System-Recorded Data. The agency should design its UAS program with the appropriate security safeguards to prevent any data loss or disclosure or any unauthorized access to data. Obviously, the agency must protect the physical security of the communication links and data storage centers and conduct background checks on the individuals who access the UAS.
  12. Review Agency Procurement Solicitations. In order to determine the impact on privacy or civil rights, agencies should consult their legal counsel and privacy, civil rights, and civil liberties experts when reviewing UAS sensor technology procurement solicitations.
  13. Transparency and Outreach. Any agency’s UAS program’s success depends on public support. Accordingly, transparency with information that does not compromise law enforcement or national security is essential for success, because the lack thereof may quickly erode public support and create misperceptions about the program’s intended purpose.
  14. Train Personnel. Agencies should require that all personnel receive training regarding privacy and civil liberties policies that may apply to UAS operations.
  15. Develop Procedures to Handle Unmanned Aircraft Systems Support Requests. Agencies should create standard operating procedures for handling requests by outside organizations seeking UAS support during both exigent and non-exigent circumstances. These standard operating procedures should be reviewed by legal counsel and privacy, civil rights, and civil liberties experts on an annual basis. Agencies should consider having a memorandum of understanding identifying agency responsibilities in fulfilling any requests.

The DHS Working Group made it clear that, while it “neither proposes nor intends that this document regulate any other government entity,” and while “these best practices are intended for DHS and our local state and federal government partners and grantees,” it believes that “the private sector may also find these recommendations valuable and instructive in creating their unmanned aircraft system programs.” Due to the growth of the UAS industry in both the public and private sector, certainly all federal agencies with UAS programs would be wise to adopt the Best Practices, as would private-sector companies given the broad applicability of the guidance.

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.
 
* indicates a required field

Title


Body *


Date *

Attachments
 

Privacy Policy | Terms of Use and Conditions | Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP
Categories
Sort by AttachmentsParentCategory