SlideShare ist ein Scribd-Unternehmen logo

Icjia c abernathy_dgraskibgoggins_130124

Als PPTX, PDF herunterladen
I
ICJIA Webmaster
1 von 42
United States Department of Justice 2013 Criminal Justice Information Forum on Data Exchange and Information Sharing Standards and Models Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February 5, 2013 Cabell Cropper Christina M. Abernathy National Criminal Justice Association Institute for Intergovernmental Research Diana Graski Becki Goggins National Center for State Courts State of Alabama
United States Department of Justice Topics • Privacy overview • Global privacy resources • Illinois privacy resources • Global success stories • Keys to success • Technical privacy case studies and success stories 2
United States Department of Justice Privacy Overview What is privacy? • Privacy refers to individuals’ interests in preventing the inappropriate collection, storage, use, and release of personally identifiable information • Privacy, as it relates to information sharing, concerns information whose confidentiality is enforceable by law or social norms 3
United States Department of Justice Privacy Overview Civil Liberties Are Civil Rights Are The fundamental individual rights or The rights and privileges of citizenship and freedoms, such as the freedom of equal protection that the state is speech, press, assembly, and religion, the constitutionally bound to guarantee all right to due process and a fair trial, as well citizens regardless of race, religion, sex, or as the right to privacy and other other characteristics unrelated to the limitations on the power of the worth of the individual government to restrain or dictate the actions of individuals Involve restrictions on government Civil rights involve positive or affirmative government action Together, they are the legal protections that safeguard individual freedom and ensure equal treatment under the law! 4
United States Department of Justice Privacy Overview What Is a Privacy Policy? What Is the Purpose of a Privacy Policy? 5
United States Department of Justice Privacy Overview What Is the Difference Between a Privacy Policy and a Security Policy? 6
United States Department of Justice Privacy Overview Why do you need a privacy policy? • “the public’s acceptance of an integrated justice information system is related to its confidence that the government is taking measures to protect individual’s privacy interests” • There is “a need to educate the public as to what information about citizens is available in the justice system and what is available to the public” • “Privacy issues are raised when the government collects information about individuals for investigatory purposes absent any suspicion of criminal wrongdoing . . . mere collection of personally identifiable victim and witness information raises genuine privacy concerns . . . factors should be identified to balance the amount of data collected to address privacy concerns while still meeting legitimate law enforcement needs” • “A sound privacy policy should clearly identify appropriate uses of the information contained in the information system” ‒ IIJIS’ Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment 7
United States Department of Justice Privacy Overview Reasons for Having a Privacy Policy It’s the Right Thing to Do! 8
United States Department of Justice What Can Happen Without a Privacy Policy? • Effects of Improper Practices – Tarnish an individual’s reputation – Personal or financial injury to individuals – Loss of ability to share information – Lawsuits and paying settlements or judgments – Loss of public support and confidence – Loss of funding and resources – Getting shut down – Decline in morale 9
United States Department of Justice From Privacy to Information Quality • The collection and sharing of poor quality information raises serious privacy concerns because the two concepts are inherently linked • Quality information plays an extremely important role in the protection of the privacy rights of individuals • Through cross-collaboration among local, state, tribal, and federal justice entities, information is shared to form the records that underlie justice decision-making • As cross-collaboration increases, it is imperative that justice entities address the quality of the information shared 10
United States Department of Justice From Privacy to Information Quality How Can You Develop and Implement Privacy and Information Quality Policies and Procedures? 11
United States Department of Justice Global Privacy Resources
United States Department of Justice Global Justice Information Sharing Initiative—or “Global” • Federal advisory body to nation’s chief law enforcement officer, the U.S. Attorney General (AG) • Supported by the Bureau of Justice Assistance (BJA) and the Office of Justice Programs (OJP), U.S. Department of Justice (DOJ) • Representatives from across the justice landscape, affecting the work of more than 1.2 million justice professionals • Global’s Advisory Committee (GAC) working groups, councils, and task teams are formed around timely justice issues: – Intelligence – Infrastructure, standards, security – Business solutions – Privacy and information quality 13
United States Department of Justice Global Privacy Resources Booklet • A road map to help justice entities navigate the diverse privacy resources available today • Structured to help determine which products to use when and for what purpose • Products are grouped according to their use at each step of a Privacy Program Cycle • All Global Privacy Resources are available online at www.it.ojp.gov/privacy 14
United States Department of Justice Global Privacy Resources • Step 1. Educate and Raise Awareness – Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development – 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy 15
United States Department of Justice Global Privacy Resources • Step 2. Assess Agency Privacy Risks – Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (or “PIA Guide”) 16
United States Department of Justice Global Privacy Resources • Step 3. Develop the Privacy Policy – Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Global Privacy Guide) – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template) 17
United States Department of Justice Global Privacy Resources • Step 4. Perform a Policy Evaluation – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 18
United States Department of Justice Global Privacy Resources • Step 5. Implement and Train – Coming Soon! Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training – The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or “Line Officer Video” 19
United States Department of Justice Global Privacy Resources • Step 5. Implement and Train – Implementing Privacy Policy in Justice Information Sharing: A Technical Framework – Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise – Recommendations for First Amendment- Protected Events for State and Local Law Enforcement Agencies (and reference card) – Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training 20
United States Department of Justice Global Privacy Resources • Step 6. Conduct an Annual Review – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 21
United States Global’s Information Quality Department of Justice (IQ) Series – Information Quality: The Foundation for Justice Decision Making – 9 Elements of an Information Quality Program – Information Quality Self-Assessment Tool – Information Quality Program Guide – Available online at www.it.ojp.gov/IQ_Resources 22
United States Department of Justice Illinois Privacy Resources • Where do I look for existing privacy policies? – Employee handbooks – Concept of operations manuals – Standard operating procedures – Security manuals – Memoranda of understanding – User agreements – State and federal statutes 23
United States Department of Justice Illinois Privacy Resources • Local examples of privacy standards and recommendations: • IIJIS’ Privacy Policy Guidance, www.icjia.state.il.us/iijis/ • Illinois State Police Academy curriculum 24
United States Department of Justice Illinois Privacy Resources IIJIS Privacy Policy Subcommittee’s charge: “Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy” 25
United States Department of Justice Illinois Privacy Resources Excerpt from IIJIS’ Mission: “Through integrated justice information sharing we will enhance the safety, security, and quality of life in Illinois; improve the quality of justice, the effectiveness of programs, and the efficiency of operations; and ensure informed decision-making, while protecting privacy and confidentiality of information” Strategic Issue 3: Serve justice, public safety, and homeland security needs while protecting privacy, preventing unauthorized disclosures of information, and allowing appropriate public access 26
United States Department of Justice Illinois Privacy Resources • July 27, 2010—Illinois Statewide Terrorism Intelligence Center, Illinois State Police, successfully finalized its comprehensive privacy policy, fully meeting all ISE Privacy Guidelines and DHS standards 27
United States Department of Justice Illinois Privacy Resources • March 11, 2011—Chicago Crime Prevention and Information Center, Chicago Police Department, finalized a comprehensive privacy policy that fully met the Information Sharing Environment (ISE) Privacy Guidelines and federal standards set by the U.S. Department of Homeland Security (DHS) 28
United States Department of Justice Global Success Stories
United States Department of Justice Global Success Stories Connect South Dakota—NGA Privacy TA Effort “Using Global Resources, such as the SLT Policy Development Template, we were able to ‘Connect South Dakota’ (Connect SD) law enforcement in a statewide data exchange project, while ensuring the privacy rights and civil liberties of the citizens we serve. Upon completion of the Connect SD privacy policy, it was important to ensure our officers were trained on privacy protections. To accomplish this goal, we utilized Global’s line officer training video and First Amendment-protected event resources” —Bryan Gortmaker, Director South Dakota Division of Criminal Investigation 30
United States Department of Justice Global Success Stories CONNECT Consortium—NGA Privacy TA Effort “For several years, the Alabama Criminal Justice Information Center (ACJIC) has been involved in a multi-state initiative—called CONNECT—which has served as a proof-of-concept for sharing rich criminal justice information across state lines. Since its inception, the CONNECT leadership has recognized the importance of adopting a strong privacy and civil liberties policy to govern usage of CONNECT. Thanks to the Global SLT Policy Development Template and the Global Privacy Impact Assessment Guide, CONNECT was able to craft a model policy to meet the needs of the member states (Alabama, Kansas, Nebraska and Wyoming). Despite the fact that each state has its own set of governing laws and policies concerning the sharing of criminal justice information, the Global templates were robust enough to allow for the creation of a single policy to govern CONNECT usage” —Maury Mitchell, Director, Alabama Criminal Justice Information Center 31
United States Department of Justice Global Success Stories • Hawaii Integrated Justice Information Sharing (HIJIS) Program—NGA Privacy TA Effort • Indiana Data Exchange (IDEx) • 77 DHS Designated Fusion Centers and 15 Regional Nodes 32
United States Department of Justice Global Success Stories Alabama Fusion Center “DOJ’s OJP Web site pertaining to Global Privacy Resources, www.it.ojp.gov/privacy, is an amazing resource and I highly recommend it to anyone that wants to learn more about privacy, civil rights, and civil liberties. The site is designed to help with all aspects of the Privacy Program Cycle, including providing all the materials necessary to develop a comprehensive privacy policy or to evaluate an existing policy. As a relatively new Fusion Center Director, privacy was one of the first areas that I focused on and this site provided all the materials necessary to help create our program. Thanks to the DOJ subject matter experts who developed this site!” —Joe B. Davis, Ph.D., Director, Alabama Fusion Center 33
United States Department of Justice Keys to Success • Executive sponsorship • Input from stakeholders • Designation of privacy officer • Ongoing training and review 34
United States Department of Justice Technical Privacy: Resources and Success Stories • Business drivers for technical privacy enforcement: – From user’s perspective, too many user IDs and rules to manage – From technologist’s perspective, too many users and rule changes to manage – From enterprise’s perspective, policy experts cannot manage policy’s implementation in applications and cannot reasonably audit for compliance • Solution: Global’s Privacy Policy Technical Framework 35
United States Department of Justice 36
United States Department of Justice 37
United States Department of Justice Benefits of External Authentication • From a user’s perspective, single sign-on • From a technologist’s perspective, application no longer contains user sign-on logic, and user tables are managed elsewhere • From the enterprise’s perspective, trusted, shared standards for identity proofing and provisioning and deprovisioning users 38
United States Department of Justice 39
United States Department of Justice Benefits of External Authentication • From a user’s perspective, not much impact • From a technologist’s perspective, application no longer contains authorization logic • From the enterprise’s perspective, policy experts now manage access-control policies, revised policies are implemented immediately across the suite of applications, and compliance tools can be implemented on audit data 40
United States Department of Justice Learn More: TechnicalPrivacyTraining.org • Executive briefing video • Interactive primer (seven 15-minute modules) • Readiness assessment (with case studies, surveys, and tailored recommendations for next steps) • Implementation Guide (for your developers, with XACML lessons and a virtual machine) • Resources • Request for technical assistance 41
United States Department of Justice Questions?

Empfohlen

Adler nurani
Adler nurani Adler nurani
Adler nurani Mediabistro
 
Gao privacy updates
Gao privacy updatesGao privacy updates
Gao privacy updatesInes Mergel
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Cyber Security from MN Government perspective
Cyber Security from MN Government perspectiveCyber Security from MN Government perspective
Cyber Security from MN Government perspectiveAnn Treacy
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonPatton Boggs LLP
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...ICJIA Webmaster
 
Police executive workshop icjia september 2012 leadership
Police executive workshop icjia september 2012 leadershipPolice executive workshop icjia september 2012 leadership
Police executive workshop icjia september 2012 leadershipICJIA Webmaster
 

Empfohlen

Adler nurani
Adler nurani Adler nurani
Adler nurani Mediabistro
 
Gao privacy updates
Gao privacy updatesGao privacy updates
Gao privacy updatesInes Mergel
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Cyber Security from MN Government perspective
Cyber Security from MN Government perspectiveCyber Security from MN Government perspective
Cyber Security from MN Government perspectiveAnn Treacy
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonPatton Boggs LLP
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...
Making the Most Out of Researcher-Practitioner Partnerships and Collaborative...ICJIA Webmaster
 
Police executive workshop icjia september 2012 leadership
Police executive workshop icjia september 2012 leadershipPolice executive workshop icjia september 2012 leadership
Police executive workshop icjia september 2012 leadershipICJIA Webmaster
 
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013ICJIA Webmaster
 
Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12ICJIA Webmaster
 
Federal grant funding
Federal grant fundingFederal grant funding
Federal grant fundingICJIA Webmaster
 
Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)ICJIA Webmaster
 
Gra implementations perbix_search
Gra implementations perbix_searchGra implementations perbix_search
Gra implementations perbix_searchICJIA Webmaster
 
20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspin20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspinICJIA Webmaster
 
Future icjia 201302
Future icjia 201302Future icjia 201302
Future icjia 201302ICJIA Webmaster
 
Il cjis forum presentation
Il cjis forum presentationIl cjis forum presentation
Il cjis forum presentationICJIA Webmaster
 
Police workforce planning in a dynamic environment
Police workforce planning in a dynamic environmentPolice workforce planning in a dynamic environment
Police workforce planning in a dynamic environmentICJIA Webmaster
 
Youth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overviewYouth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overviewICJIA Webmaster
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingICJIA Webmaster
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandHector Dominguez
 
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxurvashipundir04
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesAdam Thierer
 
Finding balance in the age of open data
Finding balance in the age of open dataFinding balance in the age of open data
Finding balance in the age of open dataCaribbean Open Data Conference & Code Sprint
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible DataTom Walker
 
John Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data StandardsJohn Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data StandardsJohn Blue
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata EraSrinath Perera
 

Weitere ähnliche Inhalte

Andere mochten auch

Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013ICJIA Webmaster
 
Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12ICJIA Webmaster
 
Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)ICJIA Webmaster
 
Gra implementations perbix_search
Gra implementations perbix_searchGra implementations perbix_search
Gra implementations perbix_searchICJIA Webmaster
 
20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspin20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspinICJIA Webmaster
 
Il cjis forum presentation
Il cjis forum presentationIl cjis forum presentation
Il cjis forum presentationICJIA Webmaster
 
Police workforce planning in a dynamic environment
Police workforce planning in a dynamic environmentPolice workforce planning in a dynamic environment
Police workforce planning in a dynamic environmentICJIA Webmaster
 
Youth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overviewYouth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overviewICJIA Webmaster
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingICJIA Webmaster
 

Andere mochten auch (11)

Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
Illinois Criminal Justice Information Authority - JAG Funding Scenarios 2013
 
Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12Jag allocations bypurposearea_01jun12
Jag allocations bypurposearea_01jun12
 
Federal grant funding
Federal grant fundingFederal grant funding
Federal grant funding
 
Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)Id ex overview to icjia (2013 02-05)
Id ex overview to icjia (2013 02-05)
 
Gra implementations perbix_search
Gra implementations perbix_searchGra implementations perbix_search
Gra implementations perbix_search
 
20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspin20130206 illinois infosharing_nyspin
20130206 illinois infosharing_nyspin
 
Future icjia 201302
Future icjia 201302Future icjia 201302
Future icjia 201302
 
Il cjis forum presentation
Il cjis forum presentationIl cjis forum presentation
Il cjis forum presentation
 
Police workforce planning in a dynamic environment
Police workforce planning in a dynamic environmentPolice workforce planning in a dynamic environment
Police workforce planning in a dynamic environment
 
Youth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overviewYouth Violence Prevention and Intervention: An overview
Youth Violence Prevention and Intervention: An overview
 
Transforming our Nation’s Information Sharing
Transforming our Nation’s Information SharingTransforming our Nation’s Information Sharing
Transforming our Nation’s Information Sharing
 

Ähnlich wie Icjia c abernathy_dgraskibgoggins_130124

Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandHector Dominguez
 
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxurvashipundir04
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesAdam Thierer
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible DataTom Walker
 
John Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data StandardsJohn Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data StandardsJohn Blue
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata EraSrinath Perera
 
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIOR
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIORCOMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIOR
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIORLauren Bradshaw
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadowsbrentcarey
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Designgloriakt
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul LanoisAIIM International
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityARDC
 
FWA Partners Summit Key Note
FWA Partners Summit Key NoteFWA Partners Summit Key Note
FWA Partners Summit Key NoteJames Kane
 

Ähnlich wie Icjia c abernathy_dgraskibgoggins_130124 (20)

Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing persons
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of Portland
 
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptxETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
ETHICAL ISSUES RELATED TO DATA COLLECTION.pptx
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key Issues
 
Finding balance in the age of open data
Finding balance in the age of open dataFinding balance in the age of open data
Finding balance in the age of open data
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
 
John Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data StandardsJohn Picanso - Update on Electronic CVI Data Standards
John Picanso - Update on Electronic CVI Data Standards
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
Privacy in Bigdata Era
Privacy in Bigdata EraPrivacy in Bigdata Era
Privacy in Bigdata Era
 
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIOR
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIORCOMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIOR
COMPLETE GUIDE ON WRITING A STELLAR RESEARCH PAPER ON CRIMINAL BEHAVIOR
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadows
 
4-Privacy1.pptx
4-Privacy1.pptx4-Privacy1.pptx
4-Privacy1.pptx
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Design
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research community
 
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
Donna Gitter, "Informed Consent and Privacy of De-Identified and Estimated Da...
 
FWA Partners Summit Key Note
FWA Partners Summit Key NoteFWA Partners Summit Key Note
FWA Partners Summit Key Note
 
EDI 2009- Government Investigations
EDI 2009- Government InvestigationsEDI 2009- Government Investigations
EDI 2009- Government Investigations
 

Mehr von ICJIA Webmaster

Court and case management path to excellence 02 06-13
Court and case management path to excellence 02 06-13Court and case management path to excellence 02 06-13
Court and case management path to excellence 02 06-13ICJIA Webmaster
 
Police Executive Leadership Workshop Police Resource Allocation 2012
Police Executive Leadership Workshop Police Resource Allocation 2012Police Executive Leadership Workshop Police Resource Allocation 2012
Police Executive Leadership Workshop Police Resource Allocation 2012ICJIA Webmaster
 
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...Police Leadership, Supervision, and Public Accountability: New Measures of Ag...
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...ICJIA Webmaster
 
Data Trends for Program Planning
Data Trends for Program PlanningData Trends for Program Planning
Data Trends for Program PlanningICJIA Webmaster
 
Fsgu overview mc_24_may12
Fsgu overview mc_24_may12Fsgu overview mc_24_may12
Fsgu overview mc_24_may12ICJIA Webmaster
 

Mehr von ICJIA Webmaster (8)

Court and case management path to excellence 02 06-13
Court and case management path to excellence 02 06-13Court and case management path to excellence 02 06-13
Court and case management path to excellence 02 06-13
 
Ilcjia2013 iowa panel
Ilcjia2013 iowa panelIlcjia2013 iowa panel
Ilcjia2013 iowa panel
 
Niem icjia final
Niem icjia finalNiem icjia final
Niem icjia final
 
Strategies for success
Strategies for successStrategies for success
Strategies for success
 
Police Executive Leadership Workshop Police Resource Allocation 2012
Police Executive Leadership Workshop Police Resource Allocation 2012Police Executive Leadership Workshop Police Resource Allocation 2012
Police Executive Leadership Workshop Police Resource Allocation 2012
 
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...Police Leadership, Supervision, and Public Accountability: New Measures of Ag...
Police Leadership, Supervision, and Public Accountability: New Measures of Ag...
 
Data Trends for Program Planning
Data Trends for Program PlanningData Trends for Program Planning
Data Trends for Program Planning
 
Fsgu overview mc_24_may12
Fsgu overview mc_24_may12Fsgu overview mc_24_may12
Fsgu overview mc_24_may12
 

Icjia c abernathy_dgraskibgoggins_130124

  • 1. United States Department of Justice 2013 Criminal Justice Information Forum on Data Exchange and Information Sharing Standards and Models Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February 5, 2013 Cabell Cropper Christina M. Abernathy National Criminal Justice Association Institute for Intergovernmental Research Diana Graski Becki Goggins National Center for State Courts State of Alabama
  • 2. United States Department of Justice Topics • Privacy overview • Global privacy resources • Illinois privacy resources • Global success stories • Keys to success • Technical privacy case studies and success stories 2
  • 3. United States Department of Justice Privacy Overview What is privacy? • Privacy refers to individuals’ interests in preventing the inappropriate collection, storage, use, and release of personally identifiable information • Privacy, as it relates to information sharing, concerns information whose confidentiality is enforceable by law or social norms 3
  • 4. United States Department of Justice Privacy Overview Civil Liberties Are Civil Rights Are The fundamental individual rights or The rights and privileges of citizenship and freedoms, such as the freedom of equal protection that the state is speech, press, assembly, and religion, the constitutionally bound to guarantee all right to due process and a fair trial, as well citizens regardless of race, religion, sex, or as the right to privacy and other other characteristics unrelated to the limitations on the power of the worth of the individual government to restrain or dictate the actions of individuals Involve restrictions on government Civil rights involve positive or affirmative government action Together, they are the legal protections that safeguard individual freedom and ensure equal treatment under the law! 4
  • 5. United States Department of Justice Privacy Overview What Is a Privacy Policy? What Is the Purpose of a Privacy Policy? 5
  • 6. United States Department of Justice Privacy Overview What Is the Difference Between a Privacy Policy and a Security Policy? 6
  • 7. United States Department of Justice Privacy Overview Why do you need a privacy policy? • “the public’s acceptance of an integrated justice information system is related to its confidence that the government is taking measures to protect individual’s privacy interests” • There is “a need to educate the public as to what information about citizens is available in the justice system and what is available to the public” • “Privacy issues are raised when the government collects information about individuals for investigatory purposes absent any suspicion of criminal wrongdoing . . . mere collection of personally identifiable victim and witness information raises genuine privacy concerns . . . factors should be identified to balance the amount of data collected to address privacy concerns while still meeting legitimate law enforcement needs” • “A sound privacy policy should clearly identify appropriate uses of the information contained in the information system” ‒ IIJIS’ Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment 7
  • 8. United States Department of Justice Privacy Overview Reasons for Having a Privacy Policy It’s the Right Thing to Do! 8
  • 9. United States Department of Justice What Can Happen Without a Privacy Policy? • Effects of Improper Practices – Tarnish an individual’s reputation – Personal or financial injury to individuals – Loss of ability to share information – Lawsuits and paying settlements or judgments – Loss of public support and confidence – Loss of funding and resources – Getting shut down – Decline in morale 9
  • 10. United States Department of Justice From Privacy to Information Quality • The collection and sharing of poor quality information raises serious privacy concerns because the two concepts are inherently linked • Quality information plays an extremely important role in the protection of the privacy rights of individuals • Through cross-collaboration among local, state, tribal, and federal justice entities, information is shared to form the records that underlie justice decision-making • As cross-collaboration increases, it is imperative that justice entities address the quality of the information shared 10
  • 11. United States Department of Justice From Privacy to Information Quality How Can You Develop and Implement Privacy and Information Quality Policies and Procedures? 11
  • 12. United States Department of Justice Global Privacy Resources
  • 13. United States Department of Justice Global Justice Information Sharing Initiative—or “Global” • Federal advisory body to nation’s chief law enforcement officer, the U.S. Attorney General (AG) • Supported by the Bureau of Justice Assistance (BJA) and the Office of Justice Programs (OJP), U.S. Department of Justice (DOJ) • Representatives from across the justice landscape, affecting the work of more than 1.2 million justice professionals • Global’s Advisory Committee (GAC) working groups, councils, and task teams are formed around timely justice issues: – Intelligence – Infrastructure, standards, security – Business solutions – Privacy and information quality 13
  • 14. United States Department of Justice Global Privacy Resources Booklet • A road map to help justice entities navigate the diverse privacy resources available today • Structured to help determine which products to use when and for what purpose • Products are grouped according to their use at each step of a Privacy Program Cycle • All Global Privacy Resources are available online at www.it.ojp.gov/privacy 14
  • 15. United States Department of Justice Global Privacy Resources • Step 1. Educate and Raise Awareness – Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development – 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy 15
  • 16. United States Department of Justice Global Privacy Resources • Step 2. Assess Agency Privacy Risks – Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (or “PIA Guide”) 16
  • 17. United States Department of Justice Global Privacy Resources • Step 3. Develop the Privacy Policy – Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Global Privacy Guide) – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template) 17
  • 18. United States Department of Justice Global Privacy Resources • Step 4. Perform a Policy Evaluation – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 18
  • 19. United States Department of Justice Global Privacy Resources • Step 5. Implement and Train – Coming Soon! Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training – The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or “Line Officer Video” 19
  • 20. United States Department of Justice Global Privacy Resources • Step 5. Implement and Train – Implementing Privacy Policy in Justice Information Sharing: A Technical Framework – Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise – Recommendations for First Amendment- Protected Events for State and Local Law Enforcement Agencies (and reference card) – Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training 20
  • 21. United States Department of Justice Global Privacy Resources • Step 6. Conduct an Annual Review – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 21
  • 22. United States Global’s Information Quality Department of Justice (IQ) Series – Information Quality: The Foundation for Justice Decision Making – 9 Elements of an Information Quality Program – Information Quality Self-Assessment Tool – Information Quality Program Guide – Available online at www.it.ojp.gov/IQ_Resources 22
  • 23. United States Department of Justice Illinois Privacy Resources • Where do I look for existing privacy policies? – Employee handbooks – Concept of operations manuals – Standard operating procedures – Security manuals – Memoranda of understanding – User agreements – State and federal statutes 23
  • 24. United States Department of Justice Illinois Privacy Resources • Local examples of privacy standards and recommendations: • IIJIS’ Privacy Policy Guidance, www.icjia.state.il.us/iijis/ • Illinois State Police Academy curriculum 24
  • 25. United States Department of Justice Illinois Privacy Resources IIJIS Privacy Policy Subcommittee’s charge: “Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy” 25
  • 26. United States Department of Justice Illinois Privacy Resources Excerpt from IIJIS’ Mission: “Through integrated justice information sharing we will enhance the safety, security, and quality of life in Illinois; improve the quality of justice, the effectiveness of programs, and the efficiency of operations; and ensure informed decision-making, while protecting privacy and confidentiality of information” Strategic Issue 3: Serve justice, public safety, and homeland security needs while protecting privacy, preventing unauthorized disclosures of information, and allowing appropriate public access 26
  • 27. United States Department of Justice Illinois Privacy Resources • July 27, 2010—Illinois Statewide Terrorism Intelligence Center, Illinois State Police, successfully finalized its comprehensive privacy policy, fully meeting all ISE Privacy Guidelines and DHS standards 27
  • 28. United States Department of Justice Illinois Privacy Resources • March 11, 2011—Chicago Crime Prevention and Information Center, Chicago Police Department, finalized a comprehensive privacy policy that fully met the Information Sharing Environment (ISE) Privacy Guidelines and federal standards set by the U.S. Department of Homeland Security (DHS) 28
  • 29. United States Department of Justice Global Success Stories
  • 30. United States Department of Justice Global Success Stories Connect South Dakota—NGA Privacy TA Effort “Using Global Resources, such as the SLT Policy Development Template, we were able to ‘Connect South Dakota’ (Connect SD) law enforcement in a statewide data exchange project, while ensuring the privacy rights and civil liberties of the citizens we serve. Upon completion of the Connect SD privacy policy, it was important to ensure our officers were trained on privacy protections. To accomplish this goal, we utilized Global’s line officer training video and First Amendment-protected event resources” —Bryan Gortmaker, Director South Dakota Division of Criminal Investigation 30
  • 31. United States Department of Justice Global Success Stories CONNECT Consortium—NGA Privacy TA Effort “For several years, the Alabama Criminal Justice Information Center (ACJIC) has been involved in a multi-state initiative—called CONNECT—which has served as a proof-of-concept for sharing rich criminal justice information across state lines. Since its inception, the CONNECT leadership has recognized the importance of adopting a strong privacy and civil liberties policy to govern usage of CONNECT. Thanks to the Global SLT Policy Development Template and the Global Privacy Impact Assessment Guide, CONNECT was able to craft a model policy to meet the needs of the member states (Alabama, Kansas, Nebraska and Wyoming). Despite the fact that each state has its own set of governing laws and policies concerning the sharing of criminal justice information, the Global templates were robust enough to allow for the creation of a single policy to govern CONNECT usage” —Maury Mitchell, Director, Alabama Criminal Justice Information Center 31
  • 32. United States Department of Justice Global Success Stories • Hawaii Integrated Justice Information Sharing (HIJIS) Program—NGA Privacy TA Effort • Indiana Data Exchange (IDEx) • 77 DHS Designated Fusion Centers and 15 Regional Nodes 32
  • 33. United States Department of Justice Global Success Stories Alabama Fusion Center “DOJ’s OJP Web site pertaining to Global Privacy Resources, www.it.ojp.gov/privacy, is an amazing resource and I highly recommend it to anyone that wants to learn more about privacy, civil rights, and civil liberties. The site is designed to help with all aspects of the Privacy Program Cycle, including providing all the materials necessary to develop a comprehensive privacy policy or to evaluate an existing policy. As a relatively new Fusion Center Director, privacy was one of the first areas that I focused on and this site provided all the materials necessary to help create our program. Thanks to the DOJ subject matter experts who developed this site!” —Joe B. Davis, Ph.D., Director, Alabama Fusion Center 33
  • 34. United States Department of Justice Keys to Success • Executive sponsorship • Input from stakeholders • Designation of privacy officer • Ongoing training and review 34
  • 35. United States Department of Justice Technical Privacy: Resources and Success Stories • Business drivers for technical privacy enforcement: – From user’s perspective, too many user IDs and rules to manage – From technologist’s perspective, too many users and rule changes to manage – From enterprise’s perspective, policy experts cannot manage policy’s implementation in applications and cannot reasonably audit for compliance • Solution: Global’s Privacy Policy Technical Framework 35
  • 38. United States Department of Justice Benefits of External Authentication • From a user’s perspective, single sign-on • From a technologist’s perspective, application no longer contains user sign-on logic, and user tables are managed elsewhere • From the enterprise’s perspective, trusted, shared standards for identity proofing and provisioning and deprovisioning users 38
  • 40. United States Department of Justice Benefits of External Authentication • From a user’s perspective, not much impact • From a technologist’s perspective, application no longer contains authorization logic • From the enterprise’s perspective, policy experts now manage access-control policies, revised policies are implemented immediately across the suite of applications, and compliance tools can be implemented on audit data 40
  • 41. United States Department of Justice Learn More: TechnicalPrivacyTraining.org • Executive briefing video • Interactive primer (seven 15-minute modules) • Readiness assessment (with case studies, surveys, and tailored recommendations for next steps) • Implementation Guide (for your developers, with XACML lessons and a virtual machine) • Resources • Request for technical assistance 41
  • 42. United States Department of Justice Questions?

Hinweis der Redaktion

  1. A privacy and civil liberties policy is a written, published statement that articulates an agency’s policy position on how it handles the personally identifiable information it gathers and uses. The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy decisions that enable gathering and sharing of information to occur in a manner that protects personal privacy and civil liberties interests.A privacy policy addresses the handling of PII which, depending on the agency, may include criminal history records, public records, wants and warrants, sentencing, adjudication and disposition information, intelligence information, tips and leads, suspicious activity reports (or “SARs”), terrorism-related information, and others.A comprehensive privacy policy will address:GovernanceInformation CollectionInformation QualityCollation and AnalysisMerging RecordsAccess and DisclosureRedressSecurityRetention and DestructionAccountability and EnforcementTraining
  2. Privacy and security both relate to the handling of data and information, but they have different implications. Security relates to how an organization protects information during and after collection, whereas Privacy addresses why and how information is collected, handled, and disclosed and is also concerned with providing reasonable quality control. Security policies alone do not adequately address the privacy, civil rights, civil liberties, and IQ issues. A security policy implements privacy policies by ensuring compliance.A security policy, therefore, may be incorporated within a privacy policy, but by itself, does not adequately address the protection of personally identifiable information or the requirements of a privacy policy in its entirety.
  3. Why do you need a privacy policy? Here are a few reasons, as stated in Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment, by the Illinois Integrated Justice Information System.
  4. A privacy policy allows agencies to be proactiveand to traintheir personnel on the issues that might arise in the gathering and sharing of information.A privacy policy helps build public trust. A privacy policy that is available to the public helps ensure public confidence in the handling of personal information.Having a good privacy and civil liberties policy and ensuring adherence to its protections is important because of the law enforcement oath to support and uphold the Constitution.It is the right thing to do.
  5. Justice Example – Errors in the recording of a defendant’s record may adversely affect: court decisions, restitution and treatment options, and if a juvenile, can also transfer into adult records, if applicable.Good privacy policies address the quality of the information the entity handles through information quality processes and policies, such as:Data quality reviewsProcedures for error correctionProcess for error reporting to agencies that originate and receive information
  6. .
  7. The Global Justice Information Sharing Initiative – or Global- serves as a Federal Advisory Committee (FAC) and advises the U.S. Attorney General on justice information sharing and integration initiatives. Global is a “group of groups,” representing more than 32 independent organizations, of law enforcement, judicial, correctional, and related bodies. Its mission is the efficient sharing of data among justice entities, which is at the very heart of modern public safety and law enforcement.GAC’s efforts have a direct impact on the work of more than 1.2 million justice professionals.Global was created to:support the broad scale exchange of pertinent justice and public safety information. promote standards-based electronic information exchange provide the justice community with timely, accurate, complete, and accessible information in a secure and trusted environment.The GAC facilitates working groups/councils/task teams consisting of GAC members and SMEs to develop solutions to timely justice issues: intelligence, infrastructure, standards, security, business solutions, privacy, and information technology.
  8. Writing a privacy policy is important but it isn’t the only step an entity needs to take to protect privacy. It’s just one in a series of steps comprising an entity’s privacy protection efforts—or Privacy Program Cycle, as illustrated here, whose steps are: Educate and raise awarenessAssess agency privacy risksDevelop the privacy policyPerform a policy evaluationImplement and trainConduct an annual reviewGlobal developed a Global Privacy Resources booklet (available on the resource table here today) as a useful road map to help justice entities navigate the privacy awareness, risk assessment, policy drafting, and implementation and training products available today.The booklet is structured to help the reader determine which products to use when and for what purpose.All of these resources, and more, are featured online at www.it.ojp.gov/privacy.
  9. The Executive Summary for Justice Decision Makers can be used as an awareness overview or as a training tool, for understanding the importance of privacy protections within justice agencies, learning basic privacy concepts and privacy risks, and clarifying steps needed to establish privacy protections.The 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy resource is designed for both justice executives and agency personnel to educates readers on the seven basic steps associated with preparing for, drafting, and implementing a privacy policy. Also featured is an overview of the core concepts (or chapters) that an agency should include in the written provisions of a privacy policy.
  10. The Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Information Sharing Initiatives—or PIA Guide—was developed to assist practitioners in examining the privacy implications of their information systems and information sharing collaborations. Completing a PIA will help practitioners identify vulnerabilities that need to be addressed in privacy protection policies and procedures.Privacy policies emerge as a result of the analysis performed during the PIA process.
  11. Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities—or the Privacy Guide: Is a practical resource for SLT justice practitioners. Provides well-rounded instruction for the planning, education, development, and implementation of agency privacy protections to protect the justice agency, the individual, and the public.  It educates readers on foundational privacy concepts. Helps clarify an agency’s information exchanges. Provides guidance on how to perform a legal analysis. Includes policy drafting tools, such as a policy template (described next), a glossary, legal citations, and sample policies.Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities—or the SLT Policy Development Template: Is contained in the Privacy Guide describe above. Is a tool designed specifically to walk policy authors through each step of the policy language drafting process.  The policy language (or “provisions”) suggested are grouped according to policy concepts, each representing a fundamental component of a comprehensive policy. Sample language is also provided for each recommended provision.
  12. The Policy Review Checklist is a companion resource to the SLT Policy Development Template.This checklist: Provides privacy policy authors, project teams, and agency administrators with tool to evaluate whether the provisions contained within an agency privacy policy has met the core recommendations in the privacy template. May be used during the drafting process to check work on the draft policy or during the final review of the policy. May also be used to perform the policy’s annual review (discussed in Stage 6) to determine if revisions are needed.
  13. An implementation “focused” deliverable which includes:“Do I Need a Privacy Officer Function” discussion with real-world examples,Alternatives for smaller agencies that cannot establish a full-time privacy officer,Suggested qualifications for privacy officers,Recommended responsibilities, andA listing of available education/awareness products and training resources.The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or Line Officer Video—is an 8-minute roll call video to educate line officers on the privacy issues they may confront
  14. The following are only “some” of the implementation and training resources featured in the Global Privacy Resources series:Implementing Privacy Policy in Justice Information Sharing: A Technical Framework helps technical practitioners convert privacy policies into computer and software language. Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise: Assists intelligence enterprises in complying with privacy policies by evaluating compliance with those policies, uncovering any gaps that exist.Recommendations for First Amendment-Protected Events for State and Local Law Enforcement Agencies—Provides guidance to law enforcement on their roles and responsibilities in First Amendment-protected events. (Both the guide and pocket reference card are available on the resource table here today.)The Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training was developed to facilitate greater understanding of 28 CFR Part 23 and includes topics such as compliance, privacy, inquiry, and dissemination requirements; storage requirements; and review-and-purge requirements.
  15. Applying the guidance described in the Privacy Guide, justice entities are encouraged to review and update the provisions protecting privacy, civil rights, and civil liberties contained in the privacy policy at least annually using the annual review portion of the Policy Review Checklist,referenced earlier in Stage 4. This update will ensure that appropriate changes are made in response to changes in applicable laws, technology, the purpose and use of the information systems, and public expectations. Once the policy is updated, entities should revisit the resources listed in each stage of the privacy program cycle. This will ensure that systems and individuals comply with the most current protections established in the entity privacy policy.
  16. Good information quality is the cornerstone for sound agency decision making and inspires trust in both the justice system and the law enforcement entities that use information.In addition to Global’s Privacy Resources, Global also developed an information quality series which follows a similar sequential approach: raise awareness, perform an assessment, and policy and program development—these resources are:Information Quality: The Foundation for Justice Decision Making9 Elements of an Information Quality ProgramInformation Quality Self-Assessment ToolInformation Quality Program GuideAn overview flyer is available on the resource table here today.
  17. In preparation for writing a privacy policy, it is important to determine what policies, rules, and regulations already exist.For example, policies on the handling of personally identifiable information that may be accessed in an agency database may be described in an employee handbook, as well as sanctions for violations.Rules for building security and the security of computer systems and the assignment and use of user IDs, and other system access protocols may be described in ConOps, SOPs, and security manuals.Conditions for sharing or exchanging information from an agency database with external entities may be listed in MOUs or user agreements.As always, state and federal statutes should be consulted for regulations on public records, (such as sunshine and open records law), criminal histories, intelligence information, rules regarding redress and correction of information.
  18. In a report for Illinois justice agencies, the Illinois Integrated Justice Information System—or “IIJIS”—developed Privacy Policy Guidance to help Illinois justice agencies develop privacy policies for their integrated justice information systems. This report describes the public's privacy concerns and provides recommendations to justice practitioners and system designers about how to address those concerns. Another area where privacy, civil rights, and civil liberties instruction is provided is in the curriculum for the Illinois State Police Academy’s Cadet Class whose topics include: Civil Rights and Civil LibertiesCriminal LawEthical Conduct in a Diverse WorkplaceFacing Moral Decisions, andRights of the Accused
  19. IIJIS’ Planning and Policy Committee established the Privacy Policy Subcommittee to develop guidance and policies that would govern the sharing of justice information both among justice agencies and with the public. The subcommittee is charged with:“Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy.”
  20. It’s important to note that when developing a privacy policy, peer assistance can be of utmost value. Here in Illinois two entities successfully developed comprehensive privacy policies that fully met the U.S. Department of Homeland Security’s (DHS) requirements and were determined by DHS to be “at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines.” These entities used Global’s Privacy Policy Development Template to draft their policies and would be excellent sources for peer assistance.The first, the Illinois Statewide Terrorism Intelligence Center, which is part of the Illinois State Police. On July 27, 2010 this center successfully finalized their privacy policy and received full approval through the U.S. Department of Justice (DOJ)/DHS Fusion Center Privacy TA Program, complying with all ISE Privacy Guidelines and DHS standards.The Global Privacy Policy Development Template encompasses all DHS and ISE requirements.
  21. The second is the Chicago Crime Prevention and Information Center, part of the Chicago Police Department. On March 11, 2011 CPIC’s policy also received full approval that the policy was in compliance with federal requirements.
  22. HIJIS:Is a statewide justice information sharing system which integrated their state court systemReceived privacy TA from NGA’s Center for Best Practices through a Policy AcademyUsed the PIA Guide and the SLT Privacy Policy Development TemplateIDEx:Is managed by the Indiana Department of Homeland Security (IDHS)Received privacy TA sponsored by the Bureau of Justice AssistanceUsed the PIA Guide and the SLT Policy Development Template, as well as many of the Global technical solutions and the National Information Exchange Model (NIEM)Fusion Centers:Received privacy TA and policy review assistance through the DOJ/DHS collaborated Fusion Process Technical Assistance Program92 fusion center policies were completed (77 being DHS-designated fusion centers, and 15 are regional nodes). These were determined by DHS to be “at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines”Utilized the Fusion Center Privacy Policy Development Template which addresses intelligence information, tips and leads, as well as suspicious activity reporting information.
  23. You need leadership to make this happen & you need buy-in from users of the system. You also need to have a person tasked with getting the policy done! Finally, you need to engage in ongoing training and awareness efforts and you need to constantly review policies to make sure they account for new systems, laws and technologies.
  24. Traditional legacy application: all user authentication and authorization logic is hard-wired inside and must be maintained inside. Audit logs are silo’ed – one per application.
  25. First milestone is external user authentication. Treat identity credentialing and authenticating as a service that all of the applications in the information-sharing enterprise can share. This can take several forms. For example, the 4-state Connect project created a federation, meaning that each information-sharing partner maintains its own user tables and then passes those credentials to the other partners. In Orange County, California, user tables are maintained centrally, and then each application in the County pings that Identity Manager. Identity management tools are widely available. Are you familiar with the use of Active Directory in Illinois?
  26. Second milestone is external authorization: