The DHS National Protection and Programs Directorate (NPPD), National Cyber Security Division (NCSD) conducted a Privacy Impact Assessment of the EINSTEIN 3 system. The PIA found NPPD/NCSD generally compliant with the requirements outlined in the EINSTEIN 2 PIA and Initiative 3 Exercise PIA. Specifically, NPPD/NCSD is fully compliant on collection of information, use of information, internal data sharing and external data sharing with federal agencies, and accountability requirements.
PRIV identified actions taken to address retention and training requirements as outlined in the relevant Einstein PIAs, but additional actions by the program are needed to bring them into full compliance with these requirements. The DHS Privacy Office is making five recommendations to strengthen program oversight, external sharing, and bring NPPD/NCSD into full compliance with retention and training requirements.