- advise the D/CIA, the DD/CIA, the EXDIR or an appropriate designee and Heads of Directorates and Independent Offices on the development of:
- procedures to safeguard personal information acquired through SIGINT activities; and
- privacy and civil liberties training in support of PPD-28 principles;
- produce privacy and civil liberties reports, in coordination with the affected Directorates and Independent Offices;
- report significant compliance issues involving personal information acquired through SIGINT activities to the D/CIA and DNI; and
- coordinate on requests for extended retention of personal information concerning foreign persons acquired through SIGINT activities for privacy and civil liberties issues.
The Heads of CIA Directorates and Independent Offices shall:
- implement the policies, procedures, and guidance established by this regulation in coordination with the EXDIR or designee;
- provide training to personnel who require access in the performance of their duties to personal information acquired through SIGINT activities in the performance of their duties;
- initiate requests to the EXDIR or designee, in coordination with the PCLO, for extended retention of personal information of foreign persons acquired through SIGINT activities;
- on an annual basis, review SIGINT priorities and requirements identified by respective offices and advise the EXDIR or designee on whether these should be maintained;
- working with the EXDIR or designee, participate in the policy review process for SIGINT activities, to include sensitive SIGINT collection activities and permissible uses of bulk SIGINT;
- assist the EXDIR or designee, IG, and PCLO in conducting oversight and periodic assessments of SIGINT collection activities containing personal information; and
- consult with the EXDIR or designee and PCLO on novel or unique SIGINT collection activities and significant changes to existing SIGINT collection activities, to ensure that appropriate safeguards are in place to protect personal information acquired through such activities.
Agency personnel shall:
- comply with the principles, policies, and procedures of this regulation and any implementing guidance; and
- report compliance issues to the appropriate Head of Directorate or Independent Office and the PCLO.
8
