Privacy and Information Quality

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

FIP Implementation: Illinois CHRI Repository. Fair Information Practices 1)Purpose Specification 2)Collection Limitation 3)Use Limitation 4)Data Quality.
Overview of the Privacy Act
Confidentiality and HIPAA
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Data Ownership Responsibilities & Procedures
PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,
6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.
The Islamic University of Gaza
FERPA 2008 New regulations enact updates from over a decade of interpretations.
Access to School Records. Policy 2.9 Access to School Records Each school board is required to provide access to school records in accordance with the.
4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.
The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.
Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters Air Force FOIA Exemptions Brief Della Macias HAF/IMII.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.
REPORT OF THE BJS/SEARCH NATIONAL TASK FORCE ON PRIVACY, TECHNOLOGY AND CRIMINAL JUSTICE INFORMATION May 31, 2000 Washington, DC Presented by Robert R.
PRIVACY ACT EXEMPTIONS presented by Samuel P. Jenkins, Director, for Privacy Defense Privacy and Civil Liberties Office (DPCLO) May 2010.
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
Navigating the Justice System. 4-1  Describe the seven phases of the criminal justice process.  Identify at least two key victims’ rights in each phase.
SEARCH, The National Consortium for Justice Information and Statistics Melissa Nee Government Affairs Specialist SEARCH Overview Briefing.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
1 Office of the Information Commissioner of Canada September 28, 2010 Balancing Openness and the Public Interest In Protecting Information Vanessa R. Brinkmann.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Jim Loter Director of Information Technology
Denise Chrysler, JD Director, Mid-States Region
Nassau Association of School Technologists
Surveillance around the world
Police Governance – Providing Value to Your Community Board Training - May 27, 2015 Fred Kaustinen OAPSB.
Learning Objectives Describe the seven phases of the criminal justice process. Identify at least two key victims’ rights in each phase of the criminal.
When to share and not to share information
Privacy Education Session CMHA-WECB/CCHC Volunteers/Students
Wyoming Statutes §§ through
Issues of personal data protection in scientific research
Obligations of Educational Agencies: Parents’ Bill of Rights
Principles of Administrative Law <Instructor Name>
Information Governance and Data Privacy: A World of Risk
Dissemination Workshop for African countries on the Implementation of International Recommendations for Distributive Trade Statistics May 2008,
Research Ethics Matthew Billington
Data Protection & Freedom of Information- An Introduction
FOIA, Privacy & Records Management Conference 2009
Internal control - the IA perspective
G.D.P.R General Data Protection Regulations
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
PROTECTION OF PRIVACY IN AN EMPLOYMENT RELATIONSHIP
On data accessibility and confidentiality……..
Freedom of Information Act
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Fingerprint Based Criminal History Records
Delegation of Authority & Management by Objectives
Navigating the Justice System
The Privacy Act of 1974: An Introduction September 2010
Student Data Privacy: National Trends and Wyoming’s Role
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Privacy and Information Quality SEARCH Membership Group Meeting January 27-30, 2005 Francis X. (Paco ) Aumand III Vermont Department of Public Safety Division of Criminal Justice Services

Objective of Breakout Session In today's integrated justice environment is there a need to be concerned with the use and dissemination of personal identifying information? This breakout session will discuss what privacy is, explain why the protection of personal identifying information is important, and describe some of the fundamental components of privacy policy.

Privacy - How do we define it? “Privacy is the power to selectively reveal oneself to the world.” Many definitions Privacy is the ability of a person to control the availability of information about and exposure of himself or herself. It is related to being able to function in society anonymously. Privacy – the right to be free of unnecessary public scrutiny or to be let alone. Privacy of personal data (information privacy) is described as when, how, and to what extent you share personal information about yourself. Information privacy involves the right to control one’s personal information and the ability to determine if and how that information should be obtained and used.

Privacy The appropriate use of personal identifying information under the circumstances. What is appropriate will depend on the context, law and the individual’s expectation. International Association of Privacy Professional's definition. Fundamental to this definition is the right of the individual to control the collection, use and disclosure of personal information. Within an integrated justice system this right is balanced against the public's right to know and the public’s security interests

Right to Privacy The possible right to be left alone, in the absence of some “reasonable” public interest in a person’s activities. It is within the context of the right to privacy that we begin to see the governmental right to use personal identifying information.

Therefore, the law allows for the use of personal identifying information for arrest information and it has long been deemed to be in the public’s interest to collect, use and disseminate arrest and conviction personal identifying information.

Personal Identifying Information Personal identifying information is one or more pieces of information when considered together, or combined with other information, and when considered in the context of how it is presented or how it is gathered, is sufficient to specify a unique individual.

“Information Privacy relates to one’s personal information.” It is important to note that privacy policy relates to the collection, use and dissemination of personal identifying information NOT INCIDENT OR EVENT INFORMATION when no personal data is used. Again a central component of information privacy is the ability of an individual to control the use of information about him or herself. Information Privacy also is used to refer to standards for the collection, maintenance, use and disclosure of personally identifiable information

Criminal History Intelligence Systems CAD/RMS Stove pipe systems that have there own unique statutes that control the collection, use and dissemination of the information. Criminal History Intelligence Systems CAD/RMS

“Garbage In, Garbage Out” NO

“Garbage In, Gospel Out”

Eight Privacy Design Principles Purpose Specification Collection Limitation Data Quality Use Limitation Security Safeguards Openness Individual Participation Accountability Privacy Principles The following eight privacy design principles provide a framework for developing privacy policy for a justice information system and for identifying technology requirements: 1. Purpose Specification. This principle requires identification of the purpose for which personal information is collected—in writing and not later than the time of data collection. The personal information collected should be pertinent to the stated purposes for which it will be used. 2. Collection Limitation. Agencies are to carefully review how they collect personal information to avoid collecting such data unnecessarily. Personal information should be obtained by lawful and fair means. 3. Data Quality. This principle mandates that agencies verify the accuracy, completeness, and currency of personal information. 4. Use Limitation. Personal information is not to be used or disclosed for purposes other than those specified in accordance with principle 1 above, except with the consent of the data subject, by authority of law, for the safety of the community, or pursuant to a public access policy. 5. Security Safeguards. Agencies must assess the risk of loss or unauthorized access to personal information in their systems. Reasonable safeguards against risks should protect personal information against loss or unauthorized access, destruction, use modification, or disclosure. 6. Openness. The principle requires agencies to provide notice about how they collect, maintain, and disseminate information. Openness also includes public access to establish the existence of personal data and to the data pursuant to an official public access policy. 7. Individual Participation. Agencies are to allow affected individuals to access their personal information. 8. Accountability. Agencies must have a means to oversee and enforce the other seven privacy design principles.

The right to privacy balanced against the administration of justice, protecting the public and the public’s right to know continues to provide a framework for fair information practices in the U.S. Balancing privacy with competing interests has also been widely accepted as a means of accounting for privacy concerns.

Privacy Policy Mapping data flows Determining data sensitivity Using a policy design template

Mapping Data Flows Mapping involves preparing a flowchart depicting each stage of the justice process and determining what information is collected, accessed, used, and disclosed at those stages. For example, initial stages of criminal justice processing might be charted as arrest, detention (yes/no), referral of case to prosecutor’s office (yes/no), and so on. What data items are collected at each stage—name, address, charge, etc.? Might some of those data elements change subsequently—such as a police charge being changed by the prosecutor but disposed of in court by a plea to another charge? Do the data represent personally identifiable information? Information flow maps may already exist, prepared when an information system was designed, although not from a privacy perspective. Those maps provide a good foundation on which to construct data flowcharts for privacy policy purposes.

Determining Data Sensitivity Red-light Information, not disseminated outside the holding agency. Yellow-light Information. It is not always available to other agencies or the public. Data elements noted on the flowchart may be grouped according to their sensitivity, which helps determine to whom the information may be disclosed and when. Use of a traffic-light metaphor to denote sensitivity categories may prove effective: Red-light Information. It is generally not disseminated outside the holding agency or is released within the justice system under strict conditions or in very limited circumstances. Examples of nondisclosed information may be court-sealed records, criminal intelligence information, and information pertaining to ongoing investigations. Yellow-light Information. It is not always available to other agencies or the public. But it may be released after a balancing of justice agency interests or agency review of a specific request for an authorized purpose (e.g., an individual’s request to see his or her own information) or a nonjustice organization’s or individual’s request for an authorized purpose. Examples include personally identifiable justice record information between agencies, public requests for criminal records checks for noncriminal justice purposes (e.g., employment background checks), juvenile records requests, and criminal history information (where permitted by state law). Green-light Information. It is available, by law or tradition, to justice agencies or people or organizations upon general request. Some of this publicly available information is related to the justice process—crime statistics, agency operational data, and the like—or is related to people, cases, and events. Despite green-light information being the most freely accessible information, its disclosure should still be weighed against individual privacy interests and public safety considerations. Green-light Information. It is available, by law or tradition, to justice agencies or people or organizations upon general request.

Privacy Policy Template Purpose Statement. This broad statement describes the justice agency’s mandate, the need for information sharing, the privacy interests the agency seeks to protect, and the need for public access. What is the purpose of your information system? Does your collection procedures mirror your purpose?

. Purpose The Law Enforcement N-DEx will be an incident- or event-based information-sharing system for local, state, tribal, and federal law enforcement agencies, which securely collects and processes crime data in support of investigations, crime analysis, law enforcement administration, strategic/tactical operations, and national security responsibilities.

Privacy Policy Template Privacy Policy Scope. This sets out the framework of interests to be protected and how the policy will be enforced.

Privacy Policy Template Verification, Maintenance, and Correction of Information. The agency spells out how it ensures data quality. What methods are in place to ensure quality? Does the system perform internal verification of information? Does the system require other sources to verify the accuracy of the information?

Privacy Policy Template Access Statement. The statement identifies the classification of information and which justice agencies have access to it, as well as identifies who may gain access to information under the “publicly accessible category.” Who are your justice partners? Who is the public?

Privacy Policy Template Access Method. The method-of-access statement should reflect the agency’s best attempt to deliver “yellow or green” information to other justice agencies and the public. What information does your agency have? In what form is it in? Are there laws that sets limits on public access to this data?

Privacy policy helps to protect the integrity of the investigative process. And the integrity of our information systems. Privacy Policy Criticism related to Privacy Concerns

Resources http://www.ncja.org/pdf/privacyguideline.pdf Report of the National Task Force on Privacy, Technology and Criminal Justice Information http://it.ojp.gov/documents/200411_global_privacy_document.pdf http://it.ojp.gov/topic.jsp?topic_id=42

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.