The U.S. Department of Homeland Security's information sharing activities with its external partners including other Federal agencies, State, local, Tribal entities, international partners, or the private sector that involve PII must be formally documented in an Information Sharing Access Agreement (ISAA). ISAAs are defined as any memorandum of understanding (MOU), memorandum of agreement (MOA), letter of understanding (LOU), letter of agreement (LOA), or any form of agreement that is used to facilitate the exchange of information between two or more parties.
The ISAAs should address, at a minimum:
- applicable authorities for providing the information to the external recipient;
- applicable authorities for the recipient to collect the information;
- compliance with both DHS and ISE recipient privacy documentation, including PIAs and SORNs;
- implementation of the DHS FIPPs; and
- acknowledge the parties are members of the ISE and that the parties’ collection, use, maintenance and dissemination of PII under the agreement is consistent with each agency’s written privacy and civil liberties protection policy.
In addition, all ISAAs that include sharing of PII must be reviewed by the DHS Privacy Office, the Office for Civil Rights and Civil Liberties, and the Office of the General Counsel, and other relevant offices.