Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Published byMarshall Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program."— Presentation transcript:

1 Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program

2  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 1 A Couple of Observations

3  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 2 “Widespread reliance on computers to store and convey information generates, along with manifold benefits, new possibilities of error, due to both computer malfunctions and operator mistakes… Computerization greatly amplifies an error’s effect, and correspondingly intensifies the need for prompt correction; for inaccurate data can infect not only one agency, but the many agencies that share access to the database.” Justice Ginsburg, U.S. Supreme Court, noted in Arizona v. Evans that….

4  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 3 The bulk of the criminal justice information maintained in the U.S. is maintained at the State and local level; Therefore most, but not all, of the legislation on governing this information is found at the State level.

5  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 4 Fair Information Practices

6  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 5 1. Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

7  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 6 2. Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

8  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 7 3. Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

9  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 8 4. Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

10  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 9 5. Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

11  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 10 6. Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

12  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 11 7. Individual Participation Principle. An individual should have the right: a)to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b)to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

13  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 12 7. Individual Participation Principle. An individual should have the right: c)to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and d)to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

14  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 13 8. Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

15  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 14 Failing to address privacy in the planning and design of a information sharing system risks project failure: Threatens public support for your agency Political support for what you are trying to accomplish Financial support Operational ability Owen’s 9 th Privacy Principle

16  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 15 PRIVACY POLICY DEVELOPMENT

17  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 16 Global Privacy and Information Quality Working Group (GPIQWG)

18  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 17 Global Privacy and Information Quality Working Group (GPIQWG)

19  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 18 Step One: GOVERNANCE Step Two: PLANNING Step Three:PROCESS Step Four:PRODUCT Step Five:IMPLEMENTATION

20  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 19 Governance – Planning Stage PROJECT CHAMPION OR SPONSOR RESOURCES Empower with Authority TEAM FORMATION Advocate & Defend FINAL TEAM LEADER & MEMBERS IDENTIFY TEAM LEADER BUILD TEAM & STAKEHOLDERS

21  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 20 Privacy Policy Development Templates (From Privacy, Civil Rights, and Civil Liberties, Policy Templates for Justice Information Systems) The privacy policy development templates suggest language for drafting a policy or inter-agency agreement. In order to select the correct template or combination of templates, the agency must first identify the type of information sharing system covered by the privacy policy.

22  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 21 Privacy Policy Development Templates What type of information sharing system will be covered by the privacy policy? □ Incident or event-based records management system (RMS) □ Case management system (CMS) □ Integrated criminal justice information system (IJIS or CJIS) □ Criminal history record information system (CHRI) □ Criminal intelligence gathering system (CIS) □ Justice information sharing network

23  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 22 Privacy Policy Development Templates Which of the following best describes the privacy effort involved? □ LOCAL SYSTEMS □ STATEWIDE SYSTEMS □ STATEWIDE NETWORK INTEGRATING LOCAL SYSTEMS □ REGIONAL INFORMATION SHARING SYSTEMS □ AD HOC SYSTEMS

24  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 23 Process Stage UNDERSTANDING INFORMATION EXCHANGES Collection Dissemination & Access Use Maintenance & Retention

25  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 24 ANALYZING THE LEGAL REQUIREMENTS Focus Sources of Legal Authority Principles –FIP Perform Information Analysis Process Stage

26  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 25 Process Stage IDENTIFY CRITICAL ISSUES & POLICY GAPS Laws & Policies Team Privacy Concerns Build from Existing Laws & Policies

27  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 26 Product Stage VISION & SCOPE Team Members Organizational Structure & Policy Outline REVISED DRAFT POLICY DRAFT SHARE Stakeholders Constituents

28  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 27 PROJECT TEAM Implementation Stage Formal Adoption of Privacy Policy GOVERNING BOARD PUBLICATION OUTREACH TRAINING Ongoing Evaluation & Monitoring Legislative Efforts Revisions

29  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 28 Depending upon the need, the privacy policy will consist of one or more of the following policy three templates: TEMPLATE A – Privacy and civil rights protections for inclusion in enabling legislation or authorization for the justice information system This enabling authority would be included in the statute, ordinance, resolution, executive order or other document that authorizes or creates the entity overseeing the information system. Alan Carlson’s Privacy Policy Development Templates

30  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 29 Alan Carlson’s Privacy Policy Development Templates TEMPLATE B – A basic privacy and civil rights protection policy template covering day-to-day operation of the justice information system This basic system operation would be included in a general policy applicable to the system, or it would provide the central provisions of a stand-alone policy covering protection of privacy, civil rights and civil liberties.

31  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 30 TEMPLATE C – Privacy and civil rights protections for an inter- agency agreement between agencies participating in an information sharing network or system. Alan Carlson’s Privacy Policy Development Templates

32  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 31 ADDITIONAL RESOURCES

33  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 32 ADDITIONAL RESOURCES www.it.ojp.gov/topic.jsp?topic_id=55

34  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 33 Homeland Security Publications: Privacy Threshold Analysis Privacy Impact Assessments- Official Guidance (2006) Privacy Impact Assessments for various industries

35  2004 SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 34 Owen@search.org

Download ppt "Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program."

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Privacy policy development efforts Presentation to the National Governors Association Center for Best Practices October 23, 2006.

Privacy policy development efforts Presentation to the National Governors Association Center for Best Practices October 23, 2006.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
1 Nevada Offense Code (NOC) Governance Model Presented by Scott Sosebee and Julie Butler Department of Public Safety and Administrative Office of the Courts.

1 Nevada Offense Code (NOC) Governance Model Presented by Scott Sosebee and Julie Butler Department of Public Safety and Administrative Office of the Courts.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Data Protection.

Data Protection.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Department of Transportation Support Services Branch ODOT Procurement Office Intergovernmental Agreements 455 Airport Rd. SE, Bldg K Salem, OR 97301-5348.

Department of Transportation Support Services Branch ODOT Procurement Office Intergovernmental Agreements 455 Airport Rd. SE, Bldg K Salem, OR
 Main Benefit: › The main benefit that is occurred by introducing a new system to work with or instead of the old system, is the forms of cost saving.

 Main Benefit: › The main benefit that is occurred by introducing a new system to work with or instead of the old system, is the forms of cost saving.
Developing Privacy and Security Standards Allen Briskin Allen Briskin

Developing Privacy and Security Standards Allen Briskin Allen Briskin
Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.

Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.
Understanding Boards Building Connections: Community Leadership Program.

Understanding Boards Building Connections: Community Leadership Program.
IS Audit Function Knowledge

IS Audit Function Knowledge
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Privacy and Data Protection Issues for UCLA Christine Borgman, Professor Information Studies.

Privacy and Data Protection Issues for UCLA Christine Borgman, Professor Information Studies.
Global Justice Information Sharing Initiative. www.it.ojp.gov/global Overview The Global Justice Information Sharing Initiative (Global) operates under.

Global Justice Information Sharing Initiative. Overview The Global Justice Information Sharing Initiative (Global) operates under.
Purpose of the Standards

Purpose of the Standards
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Similar presentations

Ads by Google