data access and related confidentiality privacy issues
Download
Skip this Video
Download Presentation
Data: Access and Related Confidentiality/Privacy Issues

Loading in 2 Seconds...

play fullscreen
1 / 33

nd Related Confidentiality/Privacy Issues - PowerPoint PPT Presentation


  • 277 Views
  • Uploaded on

Data: Access and Related Confidentiality/Privacy Issues. National Chemical Control Symposium June 10 – 11, 2008. Presentation Overview. Basic Privacy Concepts Privacy Policies Key Privacy and Civil Liberties Initiatives Policy Development Process 28 CFR Part 23

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'nd Related Confidentiality/Privacy Issues' - Patman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
data access and related confidentiality privacy issues

Data: Access and Related Confidentiality/Privacy Issues

National Chemical Control Symposium

June 10 – 11, 2008

presentation overview

Presentation Overview

Basic Privacy Concepts

Privacy Policies

Key Privacy and Civil Liberties Initiatives

Policy Development Process

28 CFR Part 23

Discussion of Privacy Issues

what is personally identifiable information
What Is Personally Identifiable Information?
  • Personally identifiable information is one or more pieces of information that when considered together or when considered in the context of how it is presented or how it is gathered is sufficient to specify a unique individual
what is privacy
What Is Privacy?
  • The term “privacy” refers to individuals’ interests in preventing the inappropriate collection, use, and release of personally identifiable information
  • Privacy interests include privacy of personal behavior, privacy of personal communications, and privacy of personal data
what are civil liberties
What Are Civil Liberties?
  • Civil liberties are fundamental individual rights or freedoms, such as freedom of speech, press, assembly, or religion; the right to due process, to fair trial, and to privacy; and other limitations on the power of the government to restrain or dictate the actions of individuals
  • Civil liberties are the freedoms that are guaranteed by the Bill of Rightsthe first ten Amendmentsto the Constitution of the United States
  • Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference
what are civil rights
What Are Civil Rights?
  • Civil rights involve positive (or affirmative) government action, while civil liberties involve restrictions on government
  • The term civil rights is used to imply that the state has a role in ensuring all citizens have equal protection under the law and equal opportunity to exercise the privileges of citizenship regardless of race, religion, gender, or other characteristics unrelated to the worth of the individual
  • Civil rights are, therefore, obligations imposed upon government to affirmatively promote equality
  • Civil rights are the rights to personal liberty guaranteed to all U.S. citizens by the Thirteenth and Fourteenth Amendments and by acts of Congress
basic concepts
Basic Concepts
  • Privacy, civil rights, and civil liberties concerns arise when
    • Collecting information
    • Keeping information
    • Linking or merging information from several databases
    • Analyzing information
    • Disclosing or sharing information
    • Destroying information
privacy and civil rights policies why do we need them
Privacy and Civil Rights Policies Why Do We Need Them?
  • What can happen if privacy is not protected?
    • Loss of funding and resources
    • Loss of means and methods
    • Loss of public support and confidence (tips, leads, and citizen cooperation could cease)
    • Getting sued and paying settlements or judgments
    • Getting shut down (MATRIX, TIA)
privacy and civil rights policies why do we need them9
Privacy and Civil Rights Policies Why Do We Need Them?

Justice Dept. Database Stirs Privacy Fears

The Washington Post

  • The scale and contents of the proposed database raise immediate privacy and civil rights concerns, in part because tens of thousands of local police officers could gain access to personal details about people who have not been arrested or charged with crimes
  • Loss of public support for law enforcement activities
privacy and civil liberties policy overview
Privacy and Civil Liberties Policy Overview
  • What is a Privacy and Civil Liberties Policy?
    • A privacy and civil liberties policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information that it gathers and uses in the normal course of business. The policy should include information relating to the process of information collection, analysis, maintenance, dissemination, access, expungement, and disposition
privacy and civil liberties policy overview continued
Privacy and Civil LibertiesPolicy Overview (continued)
  • What is the Purpose of a Privacy and Civil Liberties Policy?
    • The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy determinations that enable gathering and sharing of information to occur in a manner that protects personal privacy interests
    • A well-developed and implemented privacy and civil liberties policy protects the agency, the individual, and the public; and contributes to public trust and confidence that the justice system understands its role and promotes the rule of law
privacy and civil liberties policy overview continued12
Privacy and Civil LibertiesPolicy Overview (continued)
  • Intersection between Privacy and Security
    • Security refers to the information system controls that protect personally identifiable information through reasonable safeguards against risk of loss, unauthorized access, modification, use, destruction, or disclosure
    • A security policy alone may not adequately address the protection of personally identifiable information or the requirements of a privacy and civil liberties policy in their entirety
    • An effective privacy and civil liberties policy should describe how security is implemented within the information system to protect personally identifiable information. Similarly, a security policy should address information classification, protection, and periodic review to ensure information is being stewarded in accordance with an organization’s privacy and civil liberties policy
privacy and civil liberties policies why do we need them
Privacy and Civil Liberties Policies Why Do We Need Them?
  • The objective is to protect
    • Privacy
    • Civil rights
    • Civil liberties
  • While promoting
    • Public safety
    • Individual safety
  • When fighting crime and terrorism
key privacy and civil liberties initiatives
Key Privacy and Civil Liberties Initiatives
  • U.S. Department of Justice’s (DOJ) Global Justice Information Sharing Initiative (Global) published a guide for state and local justice agencies when developing a privacy and civil liberties policy, entitled Privacy and Civil Liberties Policy Development Guide and Implementation Templates
    • This guide and templates have been used by numerous agencies and organizations throughout the country to develop privacy and civil liberties policies, including most recently the U.S. Department of Defense
key privacy and civil liberties initiatives15
Key Privacy and Civil Liberties Initiatives
  • Privacy and Civil Liberties Officials from DOJ and the Office of the Director of National Intelligence (ODNI) began development of federal agency requirements for the Information Sharing Environment (ISE)
    • The ISE was established to develop policy for the sharing of terrorism-related information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties
    • The ISE Privacy Guidelines, including many of the concepts presented in Global’s privacy guide, were developed for federal agencies to follow when developing a privacy and civil liberties policy
privacy technical assistance
Privacy Technical Assistance
  • Fusion center privacy template: The joint DHS/DOJ Fusion Technical Assistance Program and Services, with input from the ISE Privacy Guidelines Committee (PGC) State, Local, and Tribal (SLT) Working Group, the ISE PGC Training and Outreach Working Group, and Global, developed a training workbook for fusion centers to follow when drafting their privacy and civil liberties policies: Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template
  • Fusion Centers have received technical assistance and have drafted or are currently drafting their privacy and civil liberties policies
privacy technical assistance17
Privacy Technical Assistance
  • Three pilot states were selected to receive privacy technical assistance
    • Arizona—currently receiving TA
    • Texas—TA currently scheduled
    • North Dakota—TA scheduled to follow Texas
  • Based on the success of the training workbook, Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template, DOJ and Global have drafted a state-focused version that is currently being vetted and revised
key privacy and civil liberties initiatives18
Key Privacy and Civil Liberties Initiatives
  • The SEARCH Group is has developed a model privacy impact assessment template, Guide to Conducting Privacy Impact Assessments for State and Local Information Sharing Initiatives, that is currently undergoing a vetting process in the field prior to release
  • A privacy impact assessment is a series of questions that evaluate the processes through which personally identifiable information is collected, stored, protected, shared, and managed by an electronic information system or online collection application
key privacy and civil liberties initiatives19
Key Privacy and Civil Liberties Initiatives
  • DOJ’s Privacy Office, DHS’s Privacy Office, and DHS’s Office of Civil Rights and Liberties are combining efforts with GPIQWG to deliver a suite of products and services (to be Web accessible at www.it.ojp.gov) to benefit fusion centers, as well as state, local, and tribal entities
    • Privacy 101 training—the Privacy TA Providers, in partnership with DHS, are currently outlining content areas for the development of interactive privacy training. This will be provided to fusion centers and state agencies for use in training personnel on the importance of privacy and the provisions contained within an agency privacy policy
privacy and civil liberties templates why were templates developed
Privacy and Civil Liberties TemplatesWhy Were Templates Developed?
  • Provide an organized approach to the critical issues
  • Make explicit the rules governing the collection and use of information
  • Clarify when and how information will be shared or distributed
  • Articulate the expectations regarding conduct of agency personnel
privacy and civil liberties policy process
Privacy and Civil Liberties Policy Process
  • “A step-by-step guide on team effort to develop and articulate a privacy and civil liberties policy”
ten steps to a privacy and civil liberties policy
Ten Steps to a Privacy and Civil Liberties Policy
  • DOJ’s Global Privacy and Information Quality Working Group has recently completed an executive primer, Ten Steps to a Privacy and Civil Liberties Policy, that breaks down the privacy and civil liberties policy development process into ten readily understood steps
  • This document can be used both as a companion to GPIQWG’s Privacy and Civil Liberties Policy Development Guide and Implementation Templates and also as an overview that can be generalized to any privacy and civil liberties policy development process
  • Ten Steps to a Privacy and Civil Liberties Policy was approved at the April 2008 Global Advisory Committee (GAC) meeting and published thereafter for the field
ten steps to a privacy and civil liberties policy23
Ten Steps to a Privacy and Civil Liberties Policy
  • Identify necessary resources to develop and implement a privacy and civil liberties policy
  • Identify stakeholders
ten steps to a privacy and civil liberties policy24
Ten Steps to a Privacy and Civil Liberties Policy
  • Develop guidance statements
  • Develop a project charter
ten steps to a privacy and civil liberties policy25
Ten Steps to a Privacy and Civil Liberties Policy
  • Perform necessary analyses
    • Information flow
    • Legal analyses
    • Gaps
  • Draft the policy
ten steps to a privacy and civil liberties policy26
Ten Steps to a Privacy and Civil Liberties Policy
  • Vet the policy during development
  • Formal adoption of the policy
  • Rollout necessary outreach and training
  • Ensure Accountability
28 cfr part 23
28 CFR part 23
  • Implementing standards for operating federal funded multijurisdictional criminal intelligence systems
  • Developed to protect the constutional and privacy rights of individuals
28 cfr part 2328
28 CFR part 23
  • Provides guidance in five primary areas:
    • Submission and entry of criminal intelligence information
    • Security
    • Inquiry
    • Dissemination
    • Review and purge
28 cfr part 2329
28 CFR Part 23
  • An intelligence system shall only collect information on an individual “if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity.” (28 CFR 23.20(a))
  • Information in intelligence system may only be disseminated “where there is a need to know and a right to know the information in the performance of a law enforcement activity. (28 CFR 23.20(e))
transparency and accountability
Transparency and Accountability
  • Existence of privacy and civil rights policy
  • Policy available for inspection
  • Enforcement mechanisms
privacy and civil liberties policy resources
Privacy and Civil Liberties PolicyResources
  • Places to find assistance
    • Global Initiative—generally
      • http://www.it.ojp.gov/index.jsp
    • Global Privacy and Information Quality Work Group
      • http://www.it.ojp.gov/topic.jsp?topic_id=55
    • Privacy Policy and Civil Liberties Policy Development Guide and Implementation Templates
      • http://it.ojp.gov/privacy206/ or
      • https://it.ojp.gov/documents/Privacy_Guide_Final.pdf
privacy and civil rights policies resources
Privacy and Civil Rights PoliciesResources
  • Other sources of information
    • U.S. Department of Homeland Security Privacy Office
      • http://www.dhs.gov/xinfoshare/publications/editorial_0514.shtm
    • U.S. Department of Justice Privacy and Civil Liberties Office
      • http://www.usdoj.gov/pclo/
    • Information Sharing Environment Privacy Guidelines
      • http://www.ise.gov
ad