(US & Canada) | I Always Put Myself in Customers’ Shoes When it Comes to Sharing Information — US Citizenship and Immigration Services CDO

Elizabeth Puchek, the Chief Data Officer at U.S. Citizenship and Immigration Services, speaks with Michael Hughes, Chief Business Officer at Duality Technologies, in a video interview about the importance of governance in immigration data, the process to ensure governance, the role of the CDO office, and the need for data cataloging.

The U.S. Citizenship and Immigration Services (USCIS) is responsible for processing immigration and naturalization applications and establishing policies regarding immigration services.

Immigration data is extremely sought after, both within the federal space and outside, says Puchek. Therefore, the US Immigration and Citizenship Services takes a collaborative approach to data access.

Elaborating, Puchek states there is solid internal infrastructure to manage the large access need since all the employees require continuous data access to do the job. External access, however, is granted to authorized users on a need-to-know basis, she adds.

Shedding light on governance, Puchek affirms adhering to the Fair Information Practice Principles (FIPS). It serves as the bedrock for the DHS and USCIS privacy-compliance policies and how the agency governs the use of sensitive PII (Personal Identifiable Information) and standard PII.

Adding on, Puchek states that the FIPS enables USCIS to assess and enhance privacy protections by analyzing the nature and purpose of SPII collection. Further, she lays down the eight principles of FIPS in the order that the USCIS follows:

1. Transparency

2. Individual participation

3. Purpose specification

4. Data collection minimization

5. Use limitation

6. Data quality

7. Security

8. Accountability and auditing

According to Puchek, it starts with being transparent, as USCIS informs an individual about how it will collect, use, share, and maintain their PII. Next, the agency seeks consent for data usage, usually through statements on application forms.

Then, through purpose specification, USCIS states its legal authority to collect the PII, says Puchek. With collection and usage limitations, there are limits to the collection of personal data, and the data used is limited according to the specified purpose.

Apart from that, USCIS follows data quality and integrity while providing security and safeguarding the access and use of data in motion, notes Puchek. The last step to ensure proper governance includes accountability and auditing, which involves system audits, operational protocols, formal training, and record retention.

When asked about the process to ensure data quality and integrity, Puchek assures that it all boils down to trust and transparency. She reiterates that the agency makes sure that the customer is comfortable with the collected and shared data.

Puchek maintains that USCIS establishes that all data sharing and collaboration are rooted in statutory purposes apart from FIPS. Also, a system of records covers the data, and wherever the data is collected from and lives, there is a privacy threshold analysis or privacy impact assessment.

Moving forward, Puchek states that the role of the office of the CDO is to ensure all the teams, from legal to IT, have a seat at the table to discuss new data-sharing efforts.

The USCIS has developed a data-sharing policy and process to ensure consistency, and there are mission leads that engage the oversight teams and key stakeholders. The office of the CDO at USCIS religiously works with the designated privacy leads to use data appropriately to support both the agency’s and federal partners’ missions.

Stressing transparency, Puchek states that she always puts herself in customers’ shoes when it comes to sharing information.

Highlighting how the data is made available, she maintains that, as a data-rich organization, USCIS collects data from a variety of special protected classes. Collecting data from people belonging to the special protected class demands enhanced data protection.

Therefore, data cataloging is crucial while leveraging data for wider enterprise usage and sharing, states Puchek. She adds that proper tagging of PII and SPII with the appropriate caveats becomes critical.

In certain cases, if the statutorily protected data is accidentally mishandled, it poses life-threatening risks to the public and increases liabilities for USCIS personnel. Therefore, the CDO office works closely with Office of Information Technology (OIT) partners and system owners to catalog the data and examine the associated risks.

Furthermore, Puchek states that USCIS has been successful because everyone in the agency understands the importance of data protection and gets an A+ in data literacy. However, technologically, USCIS plans to work hard on the data tagging effort with a massive investment and the right technology.

In conclusion, Puchek confirms that until that stage is reached, the agency will continue to promote awareness around data protection and collaborate with cross-functional teams to ensure all the shared data elements are safeguarded.

CDO Magazine appreciates Elizabeth Puchek for sharing her insights with our global community.