Icjia c abernathy_dgraskibgoggins_130124

249 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
249
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • A privacy and civil liberties policy is a written, published statement that articulates an agency’s policy position on how it handles the personally identifiable information it gathers and uses. The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy decisions that enable gathering and sharing of information to occur in a manner that protects personal privacy and civil liberties interests.A privacy policy addresses the handling of PII which, depending on the agency, may include criminal history records, public records, wants and warrants, sentencing, adjudication and disposition information, intelligence information, tips and leads, suspicious activity reports (or “SARs”), terrorism-related information, and others.A comprehensive privacy policy will address:GovernanceInformation CollectionInformation QualityCollation and AnalysisMerging RecordsAccess and DisclosureRedressSecurityRetention and DestructionAccountability and EnforcementTraining
  • Privacy and security both relate to the handling of data and information, but they have different implications. Security relates to how an organization protects information during and after collection, whereas Privacy addresses why and how information is collected, handled, and disclosed and is also concerned with providing reasonable quality control. Security policies alone do not adequately address the privacy, civil rights, civil liberties, and IQ issues. A security policy implements privacy policies by ensuring compliance.A security policy, therefore, may be incorporated within a privacy policy, but by itself, does not adequately address the protection of personally identifiable information or the requirements of a privacy policy in its entirety.
  • Why do you need a privacy policy? Here are a few reasons, as stated in Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment, by the Illinois Integrated Justice Information System.
  • A privacy policy allows agencies to be proactiveand to traintheir personnel on the issues that might arise in the gathering and sharing of information.A privacy policy helps build public trust. A privacy policy that is available to the public helps ensure public confidence in the handling of personal information.Having a good privacy and civil liberties policy and ensuring adherence to its protections is important because of the law enforcement oath to support and uphold the Constitution.It is the right thing to do.
  • Justice Example – Errors in the recording of a defendant’s record may adversely affect: court decisions, restitution and treatment options, and if a juvenile, can also transfer into adult records, if applicable.Good privacy policies address the quality of the information the entity handles through information quality processes and policies, such as:Data quality reviewsProcedures for error correctionProcess for error reporting to agencies that originate and receive information
  • .
  • The Global Justice Information Sharing Initiative – or Global- serves as a Federal Advisory Committee (FAC) and advises the U.S. Attorney General on justice information sharing and integration initiatives. Global is a “group of groups,” representing more than 32 independent organizations, of law enforcement, judicial, correctional, and related bodies. Its mission is the efficient sharing of data among justice entities, which is at the very heart of modern public safety and law enforcement.GAC’s efforts have a direct impact on the work of more than 1.2 million justice professionals.Global was created to:support the broad scale exchange of pertinent justice and public safety information. promote standards-based electronic information exchange provide the justice community with timely, accurate, complete, and accessible information in a secure and trusted environment.The GAC facilitates working groups/councils/task teams consisting of GAC members and SMEs to develop solutions to timely justice issues: intelligence, infrastructure, standards, security, business solutions, privacy, and information technology.
  • Writing a privacy policy is important but it isn’t the only step an entity needs to take to protect privacy. It’s just one in a series of steps comprising an entity’s privacy protection efforts—or Privacy Program Cycle, as illustrated here, whose steps are: Educate and raise awarenessAssess agency privacy risksDevelop the privacy policyPerform a policy evaluationImplement and trainConduct an annual reviewGlobal developed a Global Privacy Resources booklet (available on the resource table here today) as a useful road map to help justice entities navigate the privacy awareness, risk assessment, policy drafting, and implementation and training products available today.The booklet is structured to help the reader determine which products to use when and for what purpose.All of these resources, and more, are featured online at www.it.ojp.gov/privacy.
  • The Executive Summary for Justice Decision Makers can be used as an awareness overview or as a training tool, for understanding the importance of privacy protections within justice agencies, learning basic privacy concepts and privacy risks, and clarifying steps needed to establish privacy protections.The 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy resource is designed for both justice executives and agency personnel to educates readers on the seven basic steps associated with preparing for, drafting, and implementing a privacy policy. Also featured is an overview of the core concepts (or chapters) that an agency should include in the written provisions of a privacy policy.
  • The Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Information Sharing Initiatives—or PIA Guide—was developed to assist practitioners in examining the privacy implications of their information systems and information sharing collaborations. Completing a PIA will help practitioners identify vulnerabilities that need to be addressed in privacy protection policies and procedures.Privacy policies emerge as a result of the analysis performed during the PIA process.
  • Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities—or the Privacy Guide: Is a practical resource for SLT justice practitioners. Provides well-rounded instruction for the planning, education, development, and implementation of agency privacy protections to protect the justice agency, the individual, and the public.  It educates readers on foundational privacy concepts. Helps clarify an agency’s information exchanges. Provides guidance on how to perform a legal analysis. Includes policy drafting tools, such as a policy template (described next), a glossary, legal citations, and sample policies.Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities—or the SLT Policy Development Template: Is contained in the Privacy Guide describe above. Is a tool designed specifically to walk policy authors through each step of the policy language drafting process.  The policy language (or “provisions”) suggested are grouped according to policy concepts, each representing a fundamental component of a comprehensive policy. Sample language is also provided for each recommended provision.
  • The Policy Review Checklist is a companion resource to the SLT Policy Development Template.This checklist: Provides privacy policy authors, project teams, and agency administrators with tool to evaluate whether the provisions contained within an agency privacy policy has met the core recommendations in the privacy template. May be used during the drafting process to check work on the draft policy or during the final review of the policy. May also be used to perform the policy’s annual review (discussed in Stage 6) to determine if revisions are needed.
  • An implementation “focused” deliverable which includes:“Do I Need a Privacy Officer Function” discussion with real-world examples,Alternatives for smaller agencies that cannot establish a full-time privacy officer,Suggested qualifications for privacy officers,Recommended responsibilities, andA listing of available education/awareness products and training resources.The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or Line Officer Video—is an 8-minute roll call video to educate line officers on the privacy issues they may confront
  • The following are only “some” of the implementation and training resources featured in the Global Privacy Resources series:Implementing Privacy Policy in Justice Information Sharing: A Technical Framework helps technical practitioners convert privacy policies into computer and software language. Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise: Assists intelligence enterprises in complying with privacy policies by evaluating compliance with those policies, uncovering any gaps that exist.Recommendations for First Amendment-Protected Events for State and Local Law Enforcement Agencies—Provides guidance to law enforcement on their roles and responsibilities in First Amendment-protected events. (Both the guide and pocket reference card are available on the resource table here today.)The Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training was developed to facilitate greater understanding of 28 CFR Part 23 and includes topics such as compliance, privacy, inquiry, and dissemination requirements; storage requirements; and review-and-purge requirements.
  • Applying the guidance described in the Privacy Guide, justice entities are encouraged to review and update the provisions protecting privacy, civil rights, and civil liberties contained in the privacy policy at least annually using the annual review portion of the Policy Review Checklist,referenced earlier in Stage 4. This update will ensure that appropriate changes are made in response to changes in applicable laws, technology, the purpose and use of the information systems, and public expectations. Once the policy is updated, entities should revisit the resources listed in each stage of the privacy program cycle. This will ensure that systems and individuals comply with the most current protections established in the entity privacy policy.
  • Good information quality is the cornerstone for sound agency decision making and inspires trust in both the justice system and the law enforcement entities that use information.In addition to Global’s Privacy Resources, Global also developed an information quality series which follows a similar sequential approach: raise awareness, perform an assessment, and policy and program development—these resources are:Information Quality: The Foundation for Justice Decision Making9 Elements of an Information Quality ProgramInformation Quality Self-Assessment ToolInformation Quality Program GuideAn overview flyer is available on the resource table here today.
  • In preparation for writing a privacy policy, it is important to determine what policies, rules, and regulations already exist.For example, policies on the handling of personally identifiable information that may be accessed in an agency database may be described in an employee handbook, as well as sanctions for violations.Rules for building security and the security of computer systems and the assignment and use of user IDs, and other system access protocols may be described in ConOps, SOPs, and security manuals.Conditions for sharing or exchanging information from an agency database with external entities may be listed in MOUs or user agreements.As always, state and federal statutes should be consulted for regulations on public records, (such as sunshine and open records law), criminal histories, intelligence information, rules regarding redress and correction of information.
  • In a report for Illinois justice agencies, the Illinois Integrated Justice Information System—or “IIJIS”—developed Privacy Policy Guidance to help Illinois justice agencies develop privacy policies for their integrated justice information systems. This report describes the public's privacy concerns and provides recommendations to justice practitioners and system designers about how to address those concerns. Another area where privacy, civil rights, and civil liberties instruction is provided is in the curriculum for the Illinois State Police Academy’s Cadet Class whose topics include: Civil Rights and Civil LibertiesCriminal LawEthical Conduct in a Diverse WorkplaceFacing Moral Decisions, andRights of the Accused
  • IIJIS’ Planning and Policy Committee established the Privacy Policy Subcommittee to develop guidance and policies that would govern the sharing of justice information both among justice agencies and with the public. The subcommittee is charged with:“Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy.”
  • It’s important to note that when developing a privacy policy, peer assistance can be of utmost value. Here in Illinois two entities successfully developed comprehensive privacy policies that fully met the U.S. Department of Homeland Security’s (DHS) requirements and were determined by DHS to be “at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines.” These entities used Global’s Privacy Policy Development Template to draft their policies and would be excellent sources for peer assistance.The first, the Illinois Statewide Terrorism Intelligence Center, which is part of the Illinois State Police. On July 27, 2010 this center successfully finalized their privacy policy and received full approval through the U.S. Department of Justice (DOJ)/DHS Fusion Center Privacy TA Program, complying with all ISE Privacy Guidelines and DHS standards.The Global Privacy Policy Development Template encompasses all DHS and ISE requirements.
  • The second is the Chicago Crime Prevention and Information Center, part of the Chicago Police Department. On March 11, 2011 CPIC’s policy also received full approval that the policy was in compliance with federal requirements.
  • HIJIS:Is a statewide justice information sharing system which integrated their state court systemReceived privacy TA from NGA’s Center for Best Practices through a Policy AcademyUsed the PIA Guide and the SLT Privacy Policy Development TemplateIDEx:Is managed by the Indiana Department of Homeland Security (IDHS)Received privacy TA sponsored by the Bureau of Justice AssistanceUsed the PIA Guide and the SLT Policy Development Template, as well as many of the Global technical solutions and the National Information Exchange Model (NIEM)Fusion Centers:Received privacy TA and policy review assistance through the DOJ/DHS collaborated Fusion Process Technical Assistance Program92 fusion center policies were completed (77 being DHS-designated fusion centers, and 15 are regional nodes). These were determined by DHS to be “at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines”Utilized the Fusion Center Privacy Policy Development Template which addresses intelligence information, tips and leads, as well as suspicious activity reporting information.
  • You need leadership to make this happen & you need buy-in from users of the system. You also need to have a person tasked with getting the policy done! Finally, you need to engage in ongoing training and awareness efforts and you need to constantly review policies to make sure they account for new systems, laws and technologies.
  • Traditional legacy application: all user authentication and authorization logic is hard-wired inside and must be maintained inside. Audit logs are silo’ed – one per application.
  • First milestone is external user authentication. Treat identity credentialing and authenticating as a service that all of the applications in the information-sharing enterprise can share. This can take several forms. For example, the 4-state Connect project created a federation, meaning that each information-sharing partner maintains its own user tables and then passes those credentials to the other partners. In Orange County, California, user tables are maintained centrally, and then each application in the County pings that Identity Manager. Identity management tools are widely available. Are you familiar with the use of Active Directory in Illinois?
  • Second milestone is external authorization:
  • Icjia c abernathy_dgraskibgoggins_130124

    1. 1. United States Department of Justice 2013 Criminal Justice Information Forum on Data Exchange and Information Sharing Standards and ModelsPrivacy for Practitioners—Real Case StudiesIllustrating Privacy Policy Development and Impact Assessment February 5, 2013Cabell Cropper Christina M. AbernathyNational Criminal Justice Association Institute for Intergovernmental ResearchDiana Graski Becki GogginsNational Center for State Courts State of Alabama
    2. 2. United States Department of JusticeTopics• Privacy overview• Global privacy resources• Illinois privacy resources• Global success stories• Keys to success• Technical privacy case studies and success stories 2
    3. 3. United States Department of JusticePrivacy OverviewWhat is privacy?• Privacy refers to individuals’ interests in preventing the inappropriate collection, storage, use, and release of personally identifiable information• Privacy, as it relates to information sharing, concerns information whose confidentiality is enforceable by law or social norms 3
    4. 4. United States Department of JusticePrivacy Overview Civil Liberties Are Civil Rights AreThe fundamental individual rights or The rights and privileges of citizenship andfreedoms, such as the freedom of equal protection that the state isspeech, press, assembly, and religion, the constitutionally bound to guarantee allright to due process and a fair trial, as well citizens regardless of race, religion, sex, oras the right to privacy and other other characteristics unrelated to thelimitations on the power of the worth of the individualgovernment to restrain or dictate theactions of individualsInvolve restrictions on government Civil rights involve positive or affirmative government action Together, they are the legal protections that safeguard individual freedom and ensure equal treatment under the law! 4
    5. 5. United States Department of JusticePrivacy Overview What Is a Privacy Policy?What Is the Purpose of a Privacy Policy? 5
    6. 6. United States Department of JusticePrivacy Overview What Is the Difference Between a Privacy Policy and a Security Policy? 6
    7. 7. United States Department of JusticePrivacy OverviewWhy do you need a privacy policy?• “the public’s acceptance of an integrated justice information system is related to its confidence that the government is taking measures to protect individual’s privacy interests”• There is “a need to educate the public as to what information about citizens is available in the justice system and what is available to the public”• “Privacy issues are raised when the government collects information about individuals for investigatory purposes absent any suspicion of criminal wrongdoing . . . mere collection of personally identifiable victim and witness information raises genuine privacy concerns . . . factors should be identified to balance the amount of data collected to address privacy concerns while still meeting legitimate law enforcement needs”• “A sound privacy policy should clearly identify appropriate uses of the information contained in the information system” ‒ IIJIS’ Privacy Issues Confronting the Sharing of Justice Information in an Integrated Justice Environment 7
    8. 8. United States Department of JusticePrivacy Overview Reasons for Having a Privacy Policy It’s the Right Thing to Do! 8
    9. 9. United States Department of JusticeWhat Can Happen Without a Privacy Policy?• Effects of Improper Practices – Tarnish an individual’s reputation – Personal or financial injury to individuals – Loss of ability to share information – Lawsuits and paying settlements or judgments – Loss of public support and confidence – Loss of funding and resources – Getting shut down – Decline in morale 9
    10. 10. United States Department of JusticeFrom Privacy to Information Quality• The collection and sharing of poor quality information raises serious privacy concerns because the two concepts are inherently linked• Quality information plays an extremely important role in the protection of the privacy rights of individuals• Through cross-collaboration among local, state, tribal, and federal justice entities, information is shared to form the records that underlie justice decision-making• As cross-collaboration increases, it is imperative that justice entities address the quality of the information shared 10
    11. 11. United States Department of JusticeFrom Privacy to Information QualityHow Can You Develop and Implement Privacy and Information Quality Policies and Procedures? 11
    12. 12. United States Department of JusticeGlobal Privacy Resources
    13. 13. United States Department of JusticeGlobal Justice Information Sharing Initiative—or “Global”• Federal advisory body to nation’s chief law enforcement officer, the U.S. Attorney General (AG)• Supported by the Bureau of Justice Assistance (BJA) and the Office of Justice Programs (OJP), U.S. Department of Justice (DOJ)• Representatives from across the justice landscape, affecting the work of more than 1.2 million justice professionals• Global’s Advisory Committee (GAC) working groups, councils, and task teams are formed around timely justice issues: – Intelligence – Infrastructure, standards, security – Business solutions – Privacy and information quality 13
    14. 14. United States Department of JusticeGlobal Privacy Resources Booklet• A road map to help justice entities navigate the diverse privacy resources available today• Structured to help determine which products to use when and for what purpose• Products are grouped according to their use at each step of a Privacy Program Cycle• All Global Privacy Resources are available online at www.it.ojp.gov/privacy 14
    15. 15. United States Department of JusticeGlobal Privacy Resources• Step 1. Educate and Raise Awareness – Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development – 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy 15
    16. 16. United States Department of JusticeGlobal Privacy Resources• Step 2. Assess Agency Privacy Risks – Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (or “PIA Guide”) 16
    17. 17. United States Department of JusticeGlobal Privacy Resources• Step 3. Develop the Privacy Policy – Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Global Privacy Guide) – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template) 17
    18. 18. United States Department of JusticeGlobal Privacy Resources• Step 4. Perform a Policy Evaluation – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 18
    19. 19. United States Department of JusticeGlobal Privacy Resources• Step 5. Implement and Train – Coming Soon! Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training – The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or “Line Officer Video” 19
    20. 20. United States Department of JusticeGlobal Privacy Resources• Step 5. Implement and Train – Implementing Privacy Policy in Justice Information Sharing: A Technical Framework – Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise – Recommendations for First Amendment- Protected Events for State and Local Law Enforcement Agencies (and reference card) – Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training 20
    21. 21. United States Department of JusticeGlobal Privacy Resources• Step 6. Conduct an Annual Review – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 21
    22. 22. United StatesGlobal’s Information Quality Department of Justice(IQ) Series – Information Quality: The Foundation for Justice Decision Making – 9 Elements of an Information Quality Program – Information Quality Self-Assessment Tool – Information Quality Program Guide – Available online at www.it.ojp.gov/IQ_Resources 22
    23. 23. United States Department of JusticeIllinois Privacy Resources• Where do I look for existing privacy policies? – Employee handbooks – Concept of operations manuals – Standard operating procedures – Security manuals – Memoranda of understanding – User agreements – State and federal statutes 23
    24. 24. United States Department of JusticeIllinois Privacy Resources• Local examples of privacy standards and recommendations:• IIJIS’ Privacy Policy Guidance, www.icjia.state.il.us/iijis/• Illinois State Police Academy curriculum 24
    25. 25. United States Department of JusticeIllinois Privacy Resources IIJIS Privacy Policy Subcommittee’s charge: “Developing policies to ensure that the enhanced sharing of justice information made possible through advancing information technologies is carried out in accordance with Illinois law and its citizens’ reasonable expectation of privacy” 25
    26. 26. United States Department of JusticeIllinois Privacy Resources Excerpt from IIJIS’ Mission: “Through integrated justice information sharing we will enhance the safety, security, and quality of life in Illinois; improve the quality of justice, the effectiveness of programs, and the efficiency of operations; and ensure informed decision-making, while protecting privacy and confidentiality of information” Strategic Issue 3: Serve justice, public safety, and homeland security needs while protecting privacy, preventing unauthorized disclosures of information, and allowing appropriate public access 26
    27. 27. United States Department of JusticeIllinois Privacy Resources• July 27, 2010—Illinois Statewide Terrorism Intelligence Center, Illinois State Police, successfully finalized its comprehensive privacy policy, fully meeting all ISE Privacy Guidelines and DHS standards 27
    28. 28. United States Department of JusticeIllinois Privacy Resources• March 11, 2011—Chicago Crime Prevention and Information Center, Chicago Police Department, finalized a comprehensive privacy policy that fully met the Information Sharing Environment (ISE) Privacy Guidelines and federal standards set by the U.S. Department of Homeland Security (DHS) 28
    29. 29. United States Department of JusticeGlobal Success Stories
    30. 30. United States Department of JusticeGlobal Success StoriesConnect South Dakota—NGA Privacy TA Effort “Using Global Resources, such as the SLT Policy Development Template, wewere able to ‘Connect South Dakota’ (Connect SD) law enforcement in astatewide data exchange project, while ensuring the privacy rights and civilliberties of the citizens we serve. Upon completion of the Connect SD privacypolicy, it was important to ensure our officers were trained on privacyprotections. To accomplish this goal, we utilized Global’s line officer trainingvideo and First Amendment-protected event resources” —Bryan Gortmaker, Director South Dakota Division of Criminal Investigation 30
    31. 31. United States Department of JusticeGlobal Success StoriesCONNECT Consortium—NGA Privacy TA Effort“For several years, the Alabama Criminal Justice Information Center (ACJIC) has been involved ina multi-state initiative—called CONNECT—which has served as a proof-of-concept for sharing richcriminal justice information across state lines. Since its inception, the CONNECT leadership hasrecognized the importance of adopting a strong privacy and civil liberties policy to govern usage ofCONNECT. Thanks to the Global SLT Policy Development Template and the Global Privacy ImpactAssessment Guide, CONNECT was able to craft a model policy to meet the needs of the memberstates (Alabama, Kansas, Nebraska and Wyoming). Despite the fact that each state has its ownset of governing laws and policies concerning the sharing of criminal justice information, theGlobal templates were robust enough to allow for the creation of a single policy to governCONNECT usage” —Maury Mitchell, Director, Alabama Criminal Justice Information Center 31
    32. 32. United States Department of JusticeGlobal Success Stories• Hawaii Integrated Justice Information Sharing (HIJIS) Program—NGA Privacy TA Effort• Indiana Data Exchange (IDEx)• 77 DHS Designated Fusion Centers and 15 Regional Nodes 32
    33. 33. United States Department of JusticeGlobal Success StoriesAlabama Fusion Center “DOJ’s OJP Web site pertaining to Global Privacy Resources, www.it.ojp.gov/privacy, isan amazing resource and I highly recommend it to anyone that wants to learn moreabout privacy, civil rights, and civil liberties. The site is designed to help with allaspects of the Privacy Program Cycle, including providing all the materials necessaryto develop a comprehensive privacy policy or to evaluate an existing policy. As arelatively new Fusion Center Director, privacy was one of the first areas that I focusedon and this site provided all the materials necessary to help create ourprogram. Thanks to the DOJ subject matter experts who developed this site!” —Joe B. Davis, Ph.D., Director, Alabama Fusion Center 33
    34. 34. United States Department of JusticeKeys to Success• Executive sponsorship• Input from stakeholders• Designation of privacy officer• Ongoing training and review 34
    35. 35. United States Department of JusticeTechnical Privacy: Resources and SuccessStories• Business drivers for technical privacy enforcement: – From user’s perspective, too many user IDs and rules to manage – From technologist’s perspective, too many users and rule changes to manage – From enterprise’s perspective, policy experts cannot manage policy’s implementation in applications and cannot reasonably audit for compliance• Solution: Global’s Privacy Policy Technical Framework 35
    36. 36. United StatesDepartment of Justice 36
    37. 37. United StatesDepartment of Justice 37
    38. 38. United States Department of JusticeBenefits of External Authentication• From a user’s perspective, single sign-on• From a technologist’s perspective, application no longer contains user sign-on logic, and user tables are managed elsewhere• From the enterprise’s perspective, trusted, shared standards for identity proofing and provisioning and deprovisioning users 38
    39. 39. United StatesDepartment of Justice 39
    40. 40. United States Department of JusticeBenefits of External Authentication• From a user’s perspective, not much impact• From a technologist’s perspective, application no longer contains authorization logic• From the enterprise’s perspective, policy experts now manage access-control policies, revised policies are implemented immediately across the suite of applications, and compliance tools can be implemented on audit data 40
    41. 41. United States Department of JusticeLearn More: TechnicalPrivacyTraining.org• Executive briefing video• Interactive primer (seven 15-minute modules)• Readiness assessment (with case studies, surveys, and tailored recommendations for next steps)• Implementation Guide (for your developers, with XACML lessons and a virtual machine)• Resources• Request for technical assistance 41
    42. 42. United States Department of JusticeQuestions?

    ×