We recommend that the Chief Privacy Officer, DHS Privacy Office ensure compliance with its privacy policies or revise them to include the guidance necessary for program offices to meet the intent of the privacy requirements when, with due diligence, the technology needs to be procured and tested to complete the Privacy Impact Assessment process. The additional guidance, if developed, should address justification for deviating from Privacy Impact Assessment–related privacy policies and restrictions on the operational use of privacy-sensitive information; the guidance should also ensure Privacy Impact Assessments are completed before privacy-sensitive information is collected and used operationally.