Justice Example – Errors in the recording of a defendant’s record may adversely affect: court decisions, restitution and treatment options, and if a juvenile, can also transfer into adult records, if applicable.Good privacy policies address the quality of the information the entity handles through information quality processes and policies, such as:Data quality reviewsProcedures for error correctionProcess for error reporting to agencies that originate and receive information
The Global Justice Information Sharing Initiative – or Global- serves as a Federal Advisory Committee (FAC) and advises the U.S. Attorney General on justice information sharing and integration initiatives. Global is a “group of groups,” representing more than 32 independent organizations, of law enforcement, judicial, correctional, and related bodies. Its mission is the efficient sharing of data among justice entities, which is at the very heart of modern public safety and law enforcement.GAC’s efforts have a direct impact on the work of more than 1.2 million justice professionals.Global was created to:support the broad scale exchange of pertinent justice and public safety information. promote standards-based electronic information exchange provide the justice community with timely, accurate, complete, and accessible information in a secure and trusted environment.The GAC facilitates working groups/councils/task teams consisting of GAC members and SMEs to develop solutions to timely justice issues: intelligence, infrastructure, standards, security, business solutions, privacy, and information technology.
The Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Information Sharing Initiatives—or PIA Guide—was developed to assist practitioners in examining the privacy implications of their information systems and information sharing collaborations. Completing a PIA will help practitioners identify vulnerabilities that need to be addressed in privacy protection policies and procedures.Privacy policies emerge as a result of the analysis performed during the PIA process.
Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities—or the Privacy Guide: Is a practical resource for SLT justice practitioners. Provides well-rounded instruction for the planning, education, development, and implementation of agency privacy protections to protect the justice agency, the individual, and the public. It educates readers on foundational privacy concepts. Helps clarify an agency’s information exchanges. Provides guidance on how to perform a legal analysis. Includes policy drafting tools, such as a policy template (described next), a glossary, legal citations, and sample policies.Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities—or the SLT Policy Development Template: Is contained in the Privacy Guide describe above. Is a tool designed specifically to walk policy authors through each step of the policy language drafting process. The policy language (or “provisions”) suggested are grouped according to policy concepts, each representing a fundamental component of a comprehensive policy. Sample language is also provided for each recommended provision.
An implementation “focused” deliverable which includes:“Do I Need a Privacy Officer Function” discussion with real-world examples,Alternatives for smaller agencies that cannot establish a full-time privacy officer,Suggested qualifications for privacy officers,Recommended responsibilities, andA listing of available education/awareness products and training resources.The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or Line Officer Video—is an 8-minute roll call video to educate line officers on the privacy issues they may confront
Good information quality is the cornerstone for sound agency decision making and inspires trust in both the justice system and the law enforcement entities that use information.In addition to Global’s Privacy Resources, Global also developed an information quality series which follows a similar sequential approach: raise awareness, perform an assessment, and policy and program development—these resources are:Information Quality: The Foundation for Justice Decision Making9 Elements of an Information Quality ProgramInformation Quality Self-Assessment ToolInformation Quality Program GuideAn overview flyer is available on the resource table here today.
The second is the Chicago Crime Prevention and Information Center, part of the Chicago Police Department. On March 11, 2011 CPIC’s policy also received full approval that the policy was in compliance with federal requirements.
You need leadership to make this happen & you need buy-in from users of the system. You also need to have a person tasked with getting the policy done! Finally, you need to engage in ongoing training and awareness efforts and you need to constantly review policies to make sure they account for new systems, laws and technologies.
Traditional legacy application: all user authentication and authorization logic is hard-wired inside and must be maintained inside. Audit logs are silo’ed – one per application.
First milestone is external user authentication. Treat identity credentialing and authenticating as a service that all of the applications in the information-sharing enterprise can share. This can take several forms. For example, the 4-state Connect project created a federation, meaning that each information-sharing partner maintains its own user tables and then passes those credentials to the other partners. In Orange County, California, user tables are maintained centrally, and then each application in the County pings that Identity Manager. Identity management tools are widely available. Are you familiar with the use of Active Directory in Illinois?
Second milestone is external authorization:
Icjia c abernathy_dgraskibgoggins_130124
United States Department of JusticeTopics• Privacy overview• Global privacy resources• Illinois privacy resources• Global success stories• Keys to success• Technical privacy case studies and success stories 2
United States Department of JusticePrivacy OverviewWhat is privacy?• Privacy refers to individuals’ interests in preventing the inappropriate collection, storage, use, and release of personally identifiable information• Privacy, as it relates to information sharing, concerns information whose confidentiality is enforceable by law or social norms 3
United States Department of JusticePrivacy Overview Civil Liberties Are Civil Rights AreThe fundamental individual rights or The rights and privileges of citizenship andfreedoms, such as the freedom of equal protection that the state isspeech, press, assembly, and religion, the constitutionally bound to guarantee allright to due process and a fair trial, as well citizens regardless of race, religion, sex, oras the right to privacy and other other characteristics unrelated to thelimitations on the power of the worth of the individualgovernment to restrain or dictate theactions of individualsInvolve restrictions on government Civil rights involve positive or affirmative government action Together, they are the legal protections that safeguard individual freedom and ensure equal treatment under the law! 4
United States Department of JusticeFrom Privacy to Information Quality• The collection and sharing of poor quality information raises serious privacy concerns because the two concepts are inherently linked• Quality information plays an extremely important role in the protection of the privacy rights of individuals• Through cross-collaboration among local, state, tribal, and federal justice entities, information is shared to form the records that underlie justice decision-making• As cross-collaboration increases, it is imperative that justice entities address the quality of the information shared 10
United States Department of JusticeFrom Privacy to Information QualityHow Can You Develop and Implement Privacy and Information Quality Policies and Procedures? 11
United States Department of JusticeGlobal Privacy Resources
United States Department of JusticeGlobal Justice Information Sharing Initiative—or “Global”• Federal advisory body to nation’s chief law enforcement officer, the U.S. Attorney General (AG)• Supported by the Bureau of Justice Assistance (BJA) and the Office of Justice Programs (OJP), U.S. Department of Justice (DOJ)• Representatives from across the justice landscape, affecting the work of more than 1.2 million justice professionals• Global’s Advisory Committee (GAC) working groups, councils, and task teams are formed around timely justice issues: – Intelligence – Infrastructure, standards, security – Business solutions – Privacy and information quality 13
United States Department of JusticeGlobal Privacy Resources Booklet• A road map to help justice entities navigate the diverse privacy resources available today• Structured to help determine which products to use when and for what purpose• Products are grouped according to their use at each step of a Privacy Program Cycle• All Global Privacy Resources are available online at www.it.ojp.gov/privacy 14
United States Department of JusticeGlobal Privacy Resources• Step 1. Educate and Raise Awareness – Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development – 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy 15
United States Department of JusticeGlobal Privacy Resources• Step 2. Assess Agency Privacy Risks – Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (or “PIA Guide”) 16
United States Department of JusticeGlobal Privacy Resources• Step 4. Perform a Policy Evaluation – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 18
United States Department of JusticeGlobal Privacy Resources• Step 5. Implement and Train – Coming Soon! Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training – The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety DVD—or “Line Officer Video” 19
United States Department of JusticeGlobal Privacy Resources• Step 6. Conduct an Annual Review – Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities: Policy Review Checklist 21
United StatesGlobal’s Information Quality Department of Justice(IQ) Series – Information Quality: The Foundation for Justice Decision Making – 9 Elements of an Information Quality Program – Information Quality Self-Assessment Tool – Information Quality Program Guide – Available online at www.it.ojp.gov/IQ_Resources 22
United States Department of JusticeIllinois Privacy Resources• Where do I look for existing privacy policies? – Employee handbooks – Concept of operations manuals – Standard operating procedures – Security manuals – Memoranda of understanding – User agreements – State and federal statutes 23
United States Department of JusticeIllinois Privacy Resources Excerpt from IIJIS’ Mission: “Through integrated justice information sharing we will enhance the safety, security, and quality of life in Illinois; improve the quality of justice, the effectiveness of programs, and the efficiency of operations; and ensure informed decision-making, while protecting privacy and confidentiality of information” Strategic Issue 3: Serve justice, public safety, and homeland security needs while protecting privacy, preventing unauthorized disclosures of information, and allowing appropriate public access 26
United States Department of JusticeGlobal Success Stories
United States Department of JusticeGlobal Success StoriesConnect South Dakota—NGA Privacy TA Effort “Using Global Resources, such as the SLT Policy Development Template, wewere able to ‘Connect South Dakota’ (Connect SD) law enforcement in astatewide data exchange project, while ensuring the privacy rights and civilliberties of the citizens we serve. Upon completion of the Connect SD privacypolicy, it was important to ensure our officers were trained on privacyprotections. To accomplish this goal, we utilized Global’s line officer trainingvideo and First Amendment-protected event resources” —Bryan Gortmaker, Director South Dakota Division of Criminal Investigation 30
United States Department of JusticeGlobal Success StoriesCONNECT Consortium—NGA Privacy TA Effort“For several years, the Alabama Criminal Justice Information Center (ACJIC) has been involved ina multi-state initiative—called CONNECT—which has served as a proof-of-concept for sharing richcriminal justice information across state lines. Since its inception, the CONNECT leadership hasrecognized the importance of adopting a strong privacy and civil liberties policy to govern usage ofCONNECT. Thanks to the Global SLT Policy Development Template and the Global Privacy ImpactAssessment Guide, CONNECT was able to craft a model policy to meet the needs of the memberstates (Alabama, Kansas, Nebraska and Wyoming). Despite the fact that each state has its ownset of governing laws and policies concerning the sharing of criminal justice information, theGlobal templates were robust enough to allow for the creation of a single policy to governCONNECT usage” —Maury Mitchell, Director, Alabama Criminal Justice Information Center 31
United States Department of JusticeGlobal Success Stories• Hawaii Integrated Justice Information Sharing (HIJIS) Program—NGA Privacy TA Effort• Indiana Data Exchange (IDEx)• 77 DHS Designated Fusion Centers and 15 Regional Nodes 32
United States Department of JusticeKeys to Success• Executive sponsorship• Input from stakeholders• Designation of privacy officer• Ongoing training and review 34
United States Department of JusticeBenefits of External Authentication• From a user’s perspective, single sign-on• From a technologist’s perspective, application no longer contains user sign-on logic, and user tables are managed elsewhere• From the enterprise’s perspective, trusted, shared standards for identity proofing and provisioning and deprovisioning users 38
United States Department of JusticeBenefits of External Authentication• From a user’s perspective, not much impact• From a technologist’s perspective, application no longer contains authorization logic• From the enterprise’s perspective, policy experts now manage access-control policies, revised policies are implemented immediately across the suite of applications, and compliance tools can be implemented on audit data 40
United States Department of JusticeLearn More: TechnicalPrivacyTraining.org• Executive briefing video• Interactive primer (seven 15-minute modules)• Readiness assessment (with case studies, surveys, and tailored recommendations for next steps)• Implementation Guide (for your developers, with XACML lessons and a virtual machine)• Resources• Request for technical assistance 41