DHS Policy and Procedures for Managing Computer-Readable Extracts Containing Sensitive PII

Citation: DHS Privacy Office, DHS Policy and Procedures for Managing Computer-Readable Extracts Containing Sensitive PII.

Overview
The DHS Privacy Office, DHS Policy and Procedures for Managing Computer-Readable Extracts Containing Sensitive PII outlines DHS requirements for documenting, tracking, and validating computer-readable extracts. The DHS CRE Policy permits personnel to create and use CREs only for authorized official purposes and to share CREs only as authorized by the Privacy Act of 1974 and other applicable federal law and policy.

DHS requires that CREs be appropriately secured during storage and transmission in accordance with DHS Sensitive Systems Policy Directive 4300A and the Handbook for Safeguarding Sensitive Personally Identifiable Information at the Department of Homeland Security. DHS also requires that ad hoc CREs, or non-routine CREs, be documented, tracked, and validated.