Embed Size (px)
Citation preview
Privacy: Understanding the Needs, Policy, and Approach
Innovations in Justice: Information Sharing Strategies
and Best PracticesBJA Regional Information Sharing
ConferenceJune 5, 2007
Jacksonville, Florida
2
Session Objectives
• Importance of privacy to information sharing
• Discuss strategies for developing privacy policies
• Learn about reference tools for implementing privacy protections
3
Privacy and Civil Rights Policies Benefits of Information Sharing
• Information sharing is critical both from a strategic and tactical perspective• One of 9/11 Commission findings was a lack of
information sharing among agencies• More accurate and more timely information
improves decision making• Information sharing means better use of
limited public resources• Improved public safety, individual safety, and
officer safety
4
Privacy Policies What has changed?
• More information in electronic form• Most of the information is in state and local
databases• Blurring of distinction between systems
• RMS/CMS vs. criminal history vs. intelligence
• Vastly greater sharing of information• Increased risk of injury from disclosure• Concerns about public support
5
Privacy Policies Why do we need them?
What is the biggest threat to sensitive or confidential data?• Employee Negligence – 42%• Broken business processes – 33%• Malicious employees – 15%• Hackers – 10%
Ponemon Institute survey of corporate IT professionals, 2006
6
Privacy Policies Why do we need them?
Judge Limits New York Police Taping
The New York Times
A federal judge ruled that the police must stop the routine videotaping of people at public gatherings unless there is an indication that unlawful activity may occur.
• Failure to address privacy may inhibit your operations
7
Privacy Policies Why do we need them?
Report Details Missteps in Data CollectionThe Washington Post
The FBI collected intimate information about the lives 52,000 people and stored it in an intelligence database accessible to about 12,000 federal, state, and local law enforcement authorities and to certain foreign governments without full legal authority to do so, without ensuring that the data it retained met its needs or requests, and without ferreting out all of its abuses and reporting them to an intelligence oversight board.
• Failure to address privacy may reduce public support for law enforcement activities
8
Privacy Policies Why do we need them?
U.S. Settles Suit Filed by Ore. LawyerThe Washington Post
The government paid $2 million to settle a lawsuit filed by someone who was arrested and jailed for two weeks after a bungled a fingerprint match mistakenly linked him to a terrorist attack.
• Inaccurate data can cost your agency money
9
Privacy Policies Why do we need them?
Error Left Man with Label of 'molester'Mistake Took Decades to FixSan Jose Mercury News
A person was the victim of a simple, but critical, clerical error 28 years ago that changed his misdemeanor conviction into child molestation charge. As a result, he spent more than a year in state prison, a flier with his picture that labeled him a molester was distributed at his daughter's elementary school, and his picture appeared in a newspaper accompanying an article on high-risk sex offenders.
• Sharing inaccurate data can ruin someone’s life as well as waste public resources
10
Privacy PoliciesWhat is their scope?
The goal of privacy policies and practices is:To protect:
• Privacy • Civil rights• Civil liberties
While promoting:• Public safety• Individual safety
When fighting crime and terrorism
11
PRIVACY POLICY
DEVELOPMENT
12
Global Privacy and Information Quality
Working Group (GPIQWG)
• Step One: GOVERNANCE• Step Two: PLANNING• Step Three: PROCESS• Step Four: PRODUCT• Step Five: IMPLEMENTATION
13
Governance – Planning Stage
PROJECT CHAMPION
OR SPONSOR
RESOURCES
Empower withAuthority
TEAM FORMATIONTEAM FORMATIONAdvocate
&Defend
FINAL TEAMLEADER &MEMBERS
IDENTIFY TEAM LEADER
BUILD TEAM & STAKEHOLDERS
14
Process StageUNDERSTANDING
INFORMATIONEXCHANGES
• Collection• Dissemination & Access• Linking and analyzing• Use• Maintenance & Retention
15
ANALYZING THELEGAL
REQUIREMENTS
• Focus• Sources of Legal
Authority• Principles –FIP• Perform Information
Analysis
Process Stage
16
Process StageIDENTIFYCRITICALISSUES &
POLICY GAPS
• Laws & Policies • Team Privacy Concerns• Build from Existing Laws & Policies
17
Privacy and Civil Rights TemplatesWhy were templates developed?
• Provide an organized approach to the critical issues
• Suggest language for drafting a policy or inter-agency agreement
• Make explicit the rules governing the collection and use of information
• Clarify when and how information will be shared or distributed
• Articulate the expectations regarding conduct of agency personnel
18
Product StageVISION
&SCOPE
Team Members
OrganizationalStructure &
Policy Outline
REVISEDDRAFT
POLICYDRAFTSHARESHARE
Stakeholders
Constituents
19
PROJECTTEAM
Implementation StageFormal
Adoption ofPrivacy Policy
GOVERNINGBOARD
PUBLICATIONOUTREACH TRAINING
OngoingEvaluation &MonitoringLegislative
Efforts Revisions
20
ADDITIONAL
RESOURCES
21
Global Initiative – generallyhttp://www.it.ojp.gov/index.jsp
Global Privacy and Information Quality Work Grouphttp://www.it.ojp.gov/topic.jsp?topic_id=55
Privacy Policy Development Guide and Templateshttp://it.ojp.gov/privacy206/ or
https://it.ojp.gov/documents/Privacy_Guide_Final.pdf
ADDITIONAL RESOURCES
22
Privacy and Civil Rights PoliciesResources
Other places to find information:• Department of Homeland Security Privacy Office
• http://www.dhs.gov/xinfoshare/publications/editorial_0514.shtm
• Department of Justice Privacy and Civil Liberties Office• http://www.usdoj.gov/pclo/
• Information Sharing Environment Privacy Guidelines
• http://www.ise.gov
23
• Homeland Security• Publications:
• Privacy Threshold • Analysis
• Privacy Impact • Assessments-• Official Guidance (2006)
• Privacy Impact • Assessments for various • industries
