1 / 33

Data: Access and Related Confidentiality/Privacy Issues

Data: Access and Related Confidentiality/Privacy Issues. National Chemical Control Symposium June 10 – 11, 2008. Presentation Overview. Basic Privacy Concepts Privacy Policies Key Privacy and Civil Liberties Initiatives Policy Development Process 28 CFR Part 23

Patman
Download Presentation

Data: Access and Related Confidentiality/Privacy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data: Access and Related Confidentiality/Privacy Issues National Chemical Control Symposium June 10 – 11, 2008

  2. Presentation Overview Basic Privacy Concepts Privacy Policies Key Privacy and Civil Liberties Initiatives Policy Development Process 28 CFR Part 23 Discussion of Privacy Issues

  3. What Is Personally Identifiable Information? • Personally identifiable information is one or more pieces of information that when considered together or when considered in the context of how it is presented or how it is gathered is sufficient to specify a unique individual

  4. What Is Privacy? • The term “privacy” refers to individuals’ interests in preventing the inappropriate collection, use, and release of personally identifiable information • Privacy interests include privacy of personal behavior, privacy of personal communications, and privacy of personal data

  5. What Are Civil Liberties? • Civil liberties are fundamental individual rights or freedoms, such as freedom of speech, press, assembly, or religion; the right to due process, to fair trial, and to privacy; and other limitations on the power of the government to restrain or dictate the actions of individuals • Civil liberties are the freedoms that are guaranteed by the Bill of Rightsthe first ten Amendmentsto the Constitution of the United States • Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference

  6. What Are Civil Rights? • Civil rights involve positive (or affirmative) government action, while civil liberties involve restrictions on government • The term civil rights is used to imply that the state has a role in ensuring all citizens have equal protection under the law and equal opportunity to exercise the privileges of citizenship regardless of race, religion, gender, or other characteristics unrelated to the worth of the individual • Civil rights are, therefore, obligations imposed upon government to affirmatively promote equality • Civil rights are the rights to personal liberty guaranteed to all U.S. citizens by the Thirteenth and Fourteenth Amendments and by acts of Congress

  7. Basic Concepts • Privacy, civil rights, and civil liberties concerns arise when • Collecting information • Keeping information • Linking or merging information from several databases • Analyzing information • Disclosing or sharing information • Destroying information

  8. Privacy and Civil Rights Policies Why Do We Need Them? • What can happen if privacy is not protected? • Loss of funding and resources • Loss of means and methods • Loss of public support and confidence (tips, leads, and citizen cooperation could cease) • Getting sued and paying settlements or judgments • Getting shut down (MATRIX, TIA)

  9. Privacy and Civil Rights Policies Why Do We Need Them? Justice Dept. Database Stirs Privacy Fears The Washington Post • The scale and contents of the proposed database raise immediate privacy and civil rights concerns, in part because tens of thousands of local police officers could gain access to personal details about people who have not been arrested or charged with crimes • Loss of public support for law enforcement activities

  10. Privacy and Civil Liberties Policy Overview • What is a Privacy and Civil Liberties Policy? • A privacy and civil liberties policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information that it gathers and uses in the normal course of business. The policy should include information relating to the process of information collection, analysis, maintenance, dissemination, access, expungement, and disposition

  11. Privacy and Civil LibertiesPolicy Overview (continued) • What is the Purpose of a Privacy and Civil Liberties Policy? • The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy determinations that enable gathering and sharing of information to occur in a manner that protects personal privacy interests • A well-developed and implemented privacy and civil liberties policy protects the agency, the individual, and the public; and contributes to public trust and confidence that the justice system understands its role and promotes the rule of law

  12. Privacy and Civil LibertiesPolicy Overview (continued) • Intersection between Privacy and Security • Security refers to the information system controls that protect personally identifiable information through reasonable safeguards against risk of loss, unauthorized access, modification, use, destruction, or disclosure • A security policy alone may not adequately address the protection of personally identifiable information or the requirements of a privacy and civil liberties policy in their entirety • An effective privacy and civil liberties policy should describe how security is implemented within the information system to protect personally identifiable information. Similarly, a security policy should address information classification, protection, and periodic review to ensure information is being stewarded in accordance with an organization’s privacy and civil liberties policy

  13. Privacy and Civil Liberties Policies Why Do We Need Them? • The objective is to protect • Privacy • Civil rights • Civil liberties • While promoting • Public safety • Individual safety • When fighting crime and terrorism

  14. Key Privacy and Civil Liberties Initiatives • U.S. Department of Justice’s (DOJ) Global Justice Information Sharing Initiative (Global) published a guide for state and local justice agencies when developing a privacy and civil liberties policy, entitled Privacy and Civil Liberties Policy Development Guide and Implementation Templates • This guide and templates have been used by numerous agencies and organizations throughout the country to develop privacy and civil liberties policies, including most recently the U.S. Department of Defense

  15. Key Privacy and Civil Liberties Initiatives • Privacy and Civil Liberties Officials from DOJ and the Office of the Director of National Intelligence (ODNI) began development of federal agency requirements for the Information Sharing Environment (ISE) • The ISE was established to develop policy for the sharing of terrorism-related information in a manner consistent with national security and with applicable legal standards relating to privacy and civil liberties • The ISE Privacy Guidelines, including many of the concepts presented in Global’s privacy guide, were developed for federal agencies to follow when developing a privacy and civil liberties policy

  16. Privacy Technical Assistance • Fusion center privacy template: The joint DHS/DOJ Fusion Technical Assistance Program and Services, with input from the ISE Privacy Guidelines Committee (PGC) State, Local, and Tribal (SLT) Working Group, the ISE PGC Training and Outreach Working Group, and Global, developed a training workbook for fusion centers to follow when drafting their privacy and civil liberties policies: Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template • Fusion Centers have received technical assistance and have drafted or are currently drafting their privacy and civil liberties policies

  17. Privacy Technical Assistance • Three pilot states were selected to receive privacy technical assistance • Arizona—currently receiving TA • Texas—TA currently scheduled • North Dakota—TA scheduled to follow Texas • Based on the success of the training workbook, Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template, DOJ and Global have drafted a state-focused version that is currently being vetted and revised

  18. Key Privacy and Civil Liberties Initiatives • The SEARCH Group is has developed a model privacy impact assessment template, Guide to Conducting Privacy Impact Assessments for State and Local Information Sharing Initiatives, that is currently undergoing a vetting process in the field prior to release • A privacy impact assessment is a series of questions that evaluate the processes through which personally identifiable information is collected, stored, protected, shared, and managed by an electronic information system or online collection application

  19. Key Privacy and Civil Liberties Initiatives • DOJ’s Privacy Office, DHS’s Privacy Office, and DHS’s Office of Civil Rights and Liberties are combining efforts with GPIQWG to deliver a suite of products and services (to be Web accessible at www.it.ojp.gov) to benefit fusion centers, as well as state, local, and tribal entities • Privacy 101 training—the Privacy TA Providers, in partnership with DHS, are currently outlining content areas for the development of interactive privacy training. This will be provided to fusion centers and state agencies for use in training personnel on the importance of privacy and the provisions contained within an agency privacy policy

  20. Privacy and Civil Liberties TemplatesWhy Were Templates Developed? • Provide an organized approach to the critical issues • Make explicit the rules governing the collection and use of information • Clarify when and how information will be shared or distributed • Articulate the expectations regarding conduct of agency personnel

  21. Privacy and Civil Liberties Policy Process • “A step-by-step guide on team effort to develop and articulate a privacy and civil liberties policy”

  22. Ten Steps to a Privacy and Civil Liberties Policy • DOJ’s Global Privacy and Information Quality Working Group has recently completed an executive primer, Ten Steps to a Privacy and Civil Liberties Policy, that breaks down the privacy and civil liberties policy development process into ten readily understood steps • This document can be used both as a companion to GPIQWG’s Privacy and Civil Liberties Policy Development Guide and Implementation Templates and also as an overview that can be generalized to any privacy and civil liberties policy development process • Ten Steps to a Privacy and Civil Liberties Policy was approved at the April 2008 Global Advisory Committee (GAC) meeting and published thereafter for the field

  23. Ten Steps to a Privacy and Civil Liberties Policy • Identify necessary resources to develop and implement a privacy and civil liberties policy • Identify stakeholders

  24. Ten Steps to a Privacy and Civil Liberties Policy • Develop guidance statements • Develop a project charter

  25. Ten Steps to a Privacy and Civil Liberties Policy • Perform necessary analyses • Information flow • Legal analyses • Gaps • Draft the policy

  26. Ten Steps to a Privacy and Civil Liberties Policy • Vet the policy during development • Formal adoption of the policy • Rollout necessary outreach and training • Ensure Accountability

  27. 28 CFR part 23 • Implementing standards for operating federal funded multijurisdictional criminal intelligence systems • Developed to protect the constutional and privacy rights of individuals

  28. 28 CFR part 23 • Provides guidance in five primary areas: • Submission and entry of criminal intelligence information • Security • Inquiry • Dissemination • Review and purge

  29. 28 CFR Part 23 • An intelligence system shall only collect information on an individual “if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity.” (28 CFR 23.20(a)) • Information in intelligence system may only be disseminated “where there is a need to know and a right to know the information in the performance of a law enforcement activity. (28 CFR 23.20(e))

  30. Transparency and Accountability • Existence of privacy and civil rights policy • Policy available for inspection • Enforcement mechanisms

  31. Privacy and Civil Liberties PolicyResources • Places to find assistance • Global Initiative—generally • http://www.it.ojp.gov/index.jsp • Global Privacy and Information Quality Work Group • http://www.it.ojp.gov/topic.jsp?topic_id=55 • Privacy Policy and Civil Liberties Policy Development Guide and Implementation Templates • http://it.ojp.gov/privacy206/ or • https://it.ojp.gov/documents/Privacy_Guide_Final.pdf

  32. Privacy and Civil Rights PoliciesResources • Other sources of information • U.S. Department of Homeland Security Privacy Office • http://www.dhs.gov/xinfoshare/publications/editorial_0514.shtm • U.S. Department of Justice Privacy and Civil Liberties Office • http://www.usdoj.gov/pclo/ • Information Sharing Environment Privacy Guidelines • http://www.ise.gov

  33. Discussion

More Related