Page:Signals Intelligence Activities.pdf/7

 advance, the ODNI and the National Security Division (NSD) of the Department of Justice (DOJ).

The Deputy Director of Central Intelligence Agency (DD/CIA) or designee shall oversee the annual review of SIGINT priorities and requirements identified by the Agency and advise the D/CIA, for subsequent passage to the DNI and APNSA, on whether such activities should be maintained; manage the Agency’s participation in the policy review process for reviewing SIGINT collection activities, to include sensitive SIGINT collection activities and the use of bulk SIGINT.

The Executive Director of the Central Intelligence Agency (EXDIR) or designee shall:


 * Establish CIA policies, procedures, and guidance for the implementation of this regulation to include;
 * Training;
 * Limitations on the use of bulk SIGINT;
 * Review of SIGINT collection activities;
 * Procedures to minimize the retention and dissemination of personal information acquired through SIGINT activities; and
 * Other issues, as required;


 * In coordination with the Privacy and Civil Liberties Officer (PCLO),
 * Coordinate on novel or unique collection activities, or significant changes to existing collection activities, to ensure that appropriate safeguards are in place to protect personal information acquired through such activities;
 * Establish procedures to receive, evaluate, and report significant compliance incidents for this regulation to the DNI; and
 * Review requests for extended retention of personal information concerning foreign persons acquired through SIGINT activities and advise the DD/CIA and the D/CIA whether they should be transmitted to the DNI;


 * Monitor implementation and compliance with the established policies, procedures, and guidance for PPD-28.

The Inspector General shall as part of the IG’s statutory responsibilities, conduct audits, inspections, and investigations of CIA programs and operations to determine compliance with applicable laws and regulations.

The PCLO shall:


 * provide compliance advice and assistance regarding the requirements of PPD-28, this regulation, or any additional procedures or guidance for PPD-28;
 * coordinate on novel or unique collection activities, or significant changes to existing collection activities, to ensure that appropriate safeguards are in place to protect personal information acquired through such activities;
 * conduct periodic oversight and assessments of personal information acquired through SIGINT activities to ensure compliance with privacy and civil liberties;