Presentation is loading. Please wait.

Presentation is loading. Please wait.

United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February.

Similar presentations


Presentation on theme: "United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February."— Presentation transcript:

1 United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February 5, 2013 Cabell CropperChristina M. Abernathy National Criminal Justice Association Institute for Intergovernmental Research Diana GraskiBecki Goggins National Center for State CourtsState of Alabama 2013 Criminal Justice Information Forum on Data Exchange and Information Sharing Standards and Models

2 United States Department of Justice 2 Topics Privacy overview Global privacy resources Illinois privacy resources Global success stories Keys to success Technical privacy case studies and success stories

3 United States Department of Justice 3 Privacy Overview What is privacy? Privacy refers to individuals’ interests in preventing the inappropriate collection, storage, use, and release of personally identifiable information Privacy, as it relates to information sharing, concerns information whose confidentiality is enforceable by law or social norms

4 United States Department of Justice 4 Privacy Overview Civil Liberties AreCivil Rights Are The fundamental individual rights or freedoms, such as the freedom of speech, press, assembly, and religion, the right to due process and a fair trial, as well as the right to privacy and other limitations on the power of the government to restrain or dictate the actions of individuals The rights and privileges of citizenship and equal protection that the state is constitutionally bound to guarantee all citizens regardless of race, religion, sex, or other characteristics unrelated to the worth of the individual Involve restrictions on governmentCivil rights involve positive or affirmative government action Together, they are the legal protections that safeguard individual freedom and ensure equal treatment under the law!

5 United States Department of Justice 5 Privacy Overview What Is a Privacy Policy? What Is the Purpose of a Privacy Policy?

6 United States Department of Justice 6 Privacy Overview What Is the Difference Between a Privacy Policy and a Security Policy?

7 United States Department of Justice 7 Privacy Overview Why do you need a privacy policy? “the public’s acceptance of an integrated justice information system is related to its confidence that the government is taking measures to protect individual’s privacy interests” There is “a need to educate the public as to what information about citizens is available in the justice system and what is available to the public” “Privacy issues are raised when the government collects information about individuals for investigatory purposes absent any suspicion of criminal wrongdoing... mere collection of personally identifiable victim and witness information raises genuine privacy concerns... factors should be identified to balance the amount of data collected to address privacy concerns while still meeting legitimate law enforcement needs” “A sound privacy policy should clearly identify appropriate uses of the information contained in the information system” ‒ IIJIS’ Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment

8 United States Department of Justice 8 Privacy Overview Reasons for Having a Privacy Policy It’s the Right Thing to Do!

9 United States Department of Justice 9 What Can Happen Without a Privacy Policy? Effects of Improper Practices –Tarnish an individual’s reputation –Personal or financial injury to individuals –Loss of ability to share information –Lawsuits and paying settlements or judgments –Loss of public support and confidence –Loss of funding and resources –Getting shut down –Decline in morale

10 United States Department of Justice 10 From Privacy to Information Quality The collection and sharing of poor quality information raises serious privacy concerns because the two concepts are inherently linked Quality information plays an extremely important role in the protection of the privacy rights of individuals Through cross-collaboration among local, state, tribal, and federal justice entities, information is shared to form the records that underlie justice decision-making As cross-collaboration increases, it is imperative that justice entities address the quality of the information shared

11 United States Department of Justice 11 From Privacy to Information Quality How Can You Develop and Implement Privacy and Information Quality Policies and Procedures?

12 United States Department of Justice Global Privacy Resources

13 United States Department of Justice 13 Global Justice Information Sharing Initiative—or “Global” Federal advisory body to nation’s chief law enforcement officer, the U.S. Attorney General (AG) Supported by the Bureau of Justice Assistance (BJA) and the Office of Justice Programs (OJP), U.S. Department of Justice (DOJ) Representatives from across the justice landscape, affecting the work of more than 1.2 million justice professionals Global’s Advisory Committee (GAC) working groups, councils, and task teams are formed around timely justice issues: –Intelligence –Infrastructure, standards, security –Business solutions –Privacy and information quality

14 United States Department of Justice 14 Global Privacy Resources Booklet A road map to help justice entities navigate the diverse privacy resources available today Structured to help determine which products to use when and for what purpose Products are grouped according to their use at each step of a Privacy Program Cycle All Global Privacy Resources are available online at www.it.ojp.gov/privacy

15 United States Department of Justice 15 Global Privacy Resources Step 1. Educate and Raise Awareness –Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development –7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy

16 United States Department of Justice 16 Global Privacy Resources Step 2. Assess Agency Privacy Risks –Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (or “PIA Guide”)

17 United States Department of Justice 17 Global Privacy Resources Step 3. Develop the Privacy Policy –Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Global Privacy Guide) –Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template)

18 United States Department of Justice 18 Global Privacy Resources Step 4. Perform a Policy Evaluation –Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist

19 United States Department of Justice 19 Global Privacy Resources Step 5. Implement and Train –Coming Soon! Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training –The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or “Line Officer Video”

20 United States Department of Justice 20 Global Privacy Resources Step 5. Implement and Train –Implementing Privacy Policy in Justice Information Sharing: A Technical Framework –Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise –Recommendations for First Amendment- Protected Events for State and Local Law Enforcement Agencies (and reference card) –Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training

21 United States Department of Justice 21 Global Privacy Resources Step 6. Conduct an Annual Review –Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist

22 United States Department of Justice 22 Global’s Information Quality (IQ) Series –Information Quality: The Foundation for Justice Decision Making –9 Elements of an Information Quality Program –Information Quality Self-Assessment Tool –Information Quality Program Guide –Available online at www.it.ojp.gov/IQ_Resources

23 United States Department of Justice 23 Illinois Privacy Resources Where do I look for existing privacy policies? –Employee handbooks –Concept of operations manuals –Standard operating procedures –Security manuals –Memoranda of understanding –User agreements –State and federal statutes

24 United States Department of Justice 24 Illinois Privacy Resources Local examples of privacy standards and recommendations: IIJIS’ Privacy Policy Guidance, www.icjia.state.il.us/iijis/ Illinois State Police Academy curriculum

25 United States Department of Justice 25 Illinois Privacy Resources IIJIS Privacy Policy Subcommittee’s charge: “Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy”

26 United States Department of Justice 26 Illinois Privacy Resources Excerpt from IIJIS’ Mission: “Through integrated justice information sharing we will enhance the safety, security, and quality of life in Illinois; improve the quality of justice, the effectiveness of programs, and the efficiency of operations; and ensure informed decision-making, while protecting privacy and confidentiality of information” Strategic Issue 3: Serve justice, public safety, and homeland security needs while protecting privacy, preventing unauthorized disclosures of information, and allowing appropriate public access

27 United States Department of Justice 27 Illinois Privacy Resources July 27, 2010—Illinois Statewide Terrorism Intelligence Center, Illinois State Police, successfully finalized its comprehensive privacy policy, fully meeting all ISE Privacy Guidelines and DHS standards

28 United States Department of Justice 28 Illinois Privacy Resources March 11, 2011—Chicago Crime Prevention and Information Center, Chicago Police Department, finalized a comprehensive privacy policy that fully met the Information Sharing Environment (ISE) Privacy Guidelines and federal standards set by the U.S. Department of Homeland Security (DHS)

29 United States Department of Justice Global Success Stories

30 United States Department of Justice 30 Global Success Stories Connect South Dakota—NGA Privacy TA Effort “Using Global Resources, such as the SLT Policy Development Template, we were able to ‘Connect South Dakota’ (Connect SD) law enforcement in a statewide data exchange project, while ensuring the privacy rights and civil liberties of the citizens we serve. Upon completion of the Connect SD privacy policy, it was important to ensure our officers were trained on privacy protections. To accomplish this goal, we utilized Global’s line officer training video and First Amendment-protected event resources” — Bryan Gortmaker, Director South Dakota Division of Criminal Investigation

31 United States Department of Justice 31 Global Success Stories CONNECT Consortium—NGA Privacy TA Effort “For several years, the Alabama Criminal Justice Information Center (ACJIC) has been involved in a multi-state initiative—called CONNECT—which has served as a proof-of-concept for sharing rich criminal justice information across state lines. Since its inception, the CONNECT leadership has recognized the importance of adopting a strong privacy and civil liberties policy to govern usage of CONNECT. Thanks to the Global SLT Policy Development Template and the Global Privacy Impact Assessment Guide, CONNECT was able to craft a model policy to meet the needs of the member states (Alabama, Kansas, Nebraska and Wyoming). Despite the fact that each state has its own set of governing laws and policies concerning the sharing of criminal justice information, the Global templates were robust enough to allow for the creation of a single policy to govern CONNECT usage” —Maury Mitchell, Director, Alabama Criminal Justice Information Center

32 United States Department of Justice 32 Global Success Stories Hawaii Integrated Justice Information Sharing (HIJIS) Program—NGA Privacy TA Effort Indiana Data Exchange (IDEx) 77 DHS Designated Fusion Centers and 15 Regional Nodes

33 United States Department of Justice 33 Global Success Stories Alabama Fusion Center “DOJ’s OJP Web site pertaining to Global Privacy Resources, www.it.ojp.gov/privacy, is an amazing resource and I highly recommend it to anyone that wants to learn more about privacy, civil rights, and civil liberties. The site is designed to help with all aspects of the Privacy Program Cycle, including providing all the materials necessary to develop a comprehensive privacy policy or to evaluate an existing policy. As a relatively new Fusion Center Director, privacy was one of the first areas that I focused on and this site provided all the materials necessary to help create our program. Thanks to the DOJ subject matter experts who developed this site!” —Joe B. Davis, Ph.D., Director, Alabama Fusion Center

34 United States Department of Justice 34 Keys to Success Executive sponsorship Input from stakeholders Designation of privacy officer Ongoing training and review

35 United States Department of Justice 35 Technical Privacy: Resources and Success Stories Business drivers for technical privacy enforcement: –From user’s perspective, too many user IDs and rules to manage –From technologist’s perspective, too many users and rule changes to manage –From enterprise’s perspective, policy experts cannot manage policy’s implementation in applications and cannot reasonably audit for compliance Solution: Global’s Privacy Policy Technical Framework

36 United States Department of Justice 36

37 United States Department of Justice 37

38 United States Department of Justice 38 Benefits of External Authentication From a user’s perspective, single sign-on From a technologist’s perspective, application no longer contains user sign-on logic, and user tables are managed elsewhere From the enterprise’s perspective, trusted, shared standards for identity proofing and provisioning and deprovisioning users

39 United States Department of Justice 39

40 United States Department of Justice 40 Benefits of External Authentication From a user’s perspective, not much impact From a technologist’s perspective, application no longer contains authorization logic From the enterprise’s perspective, policy experts now manage access-control policies, revised policies are implemented immediately across the suite of applications, and compliance tools can be implemented on audit data

41 United States Department of Justice 41 Learn More: TechnicalPrivacyTraining.org Executive briefing video Interactive primer (seven 15-minute modules) Readiness assessment (with case studies, surveys, and tailored recommendations for next steps) Implementation Guide (for your developers, with XACML lessons and a virtual machine) Resources Request for technical assistance

42 United States Department of Justice Questions?


Download ppt "United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February."

Similar presentations


Ads by Google