Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

Module N° 4 – ICAO SSP framework
Privacy policy development efforts Presentation to the National Governors Association Center for Best Practices October 23, 2006.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
1 Nevada Offense Code (NOC) Governance Model Presented by Scott Sosebee and Julie Butler Department of Public Safety and Administrative Office of the Courts.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Data Protection.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Department of Transportation Support Services Branch ODOT Procurement Office Intergovernmental Agreements 455 Airport Rd. SE, Bldg K Salem, OR
 Main Benefit: › The main benefit that is occurred by introducing a new system to work with or instead of the old system, is the forms of cost saving.
Developing Privacy and Security Standards Allen Briskin Allen Briskin
Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.
Understanding Boards Building Connections: Community Leadership Program.
IS Audit Function Knowledge
Quality evaluation and improvement for Internal Audit
Privacy and Data Protection Issues for UCLA Christine Borgman, Professor Information Studies.
Global Justice Information Sharing Initiative. Overview The Global Justice Information Sharing Initiative (Global) operates under.
Purpose of the Standards
Corporate Ethics Compliance *
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Spring Semester 2009 IT Policy and Technology: Japan and Global IT Environment 世界のなかの日本としての IT 政策と技術 Jun Murai Masaaki Sato Jun Takei May 21, Privacy.
Privacy: Understanding the Needs, Policy, and Approach Innovations in Justice: Information Sharing Strategies and Best Practices BJA Regional Information.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Global Privacy and Information Quality Working Group.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
1 International Symposium on National Databank Systems Auckland, May 2004 DNA DATABANKS: SOME PRIVACY CONSIDERATIONS Blair Stewart Assistant Privacy Commissioner.
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Environmental Management System Definitions
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Roadmap For An Effective Compliance And Ethics Program The Top Ten Things the Board Must Know [Name of Presenter] [Title] [Date]
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Compliance Audit Subcommittee Reporting Work Plan Copenhagen, Denmark 6th of May 2010.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
Information Sharing for Integrated Care A 5 Step Blueprint.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Nassau Association of School Technologists
Surveillance around the world
Wyoming Statutes §§ through
Privacy principles Individual written policies
Issues of personal data protection in scientific research
Session 2: Institutional arrangements for energy statistics
Internal and Governmental Financial Auditing and Operational Auditing
Principles of Administrative Law <Instructor Name>
General Data Protection Regulation
APP entities (organisations)
G.D.P.R General Data Protection Regulations
Other Assurance Services
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
Privacy and Information Quality
Presentation transcript:

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 1 A Couple of Observations

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 2 “Widespread reliance on computers to store and convey information generates, along with manifold benefits, new possibilities of error, due to both computer malfunctions and operator mistakes… Computerization greatly amplifies an error’s effect, and correspondingly intensifies the need for prompt correction; for inaccurate data can infect not only one agency, but the many agencies that share access to the database.” Justice Ginsburg, U.S. Supreme Court, noted in Arizona v. Evans that….

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 3 The bulk of the criminal justice information maintained in the U.S. is maintained at the State and local level; Therefore most, but not all, of the legislation on governing this information is found at the State level.

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 4 Fair Information Practices

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Individual Participation Principle. An individual should have the right: a)to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; b)to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Individual Participation Principle. An individual should have the right: c)to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and d)to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above. The Eight Fair Information Practices (OECD Guidelines on the Protection of Privacy)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 14 Failing to address privacy in the planning and design of a information sharing system risks project failure: Threatens public support for your agency Political support for what you are trying to accomplish Financial support Operational ability Owen’s 9 th Privacy Principle

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 15 PRIVACY POLICY DEVELOPMENT

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 16 Global Privacy and Information Quality Working Group (GPIQWG)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 17 Global Privacy and Information Quality Working Group (GPIQWG)

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 18 Step One: GOVERNANCE Step Two: PLANNING Step Three:PROCESS Step Four:PRODUCT Step Five:IMPLEMENTATION

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 19 Governance – Planning Stage PROJECT CHAMPION OR SPONSOR RESOURCES Empower with Authority TEAM FORMATION Advocate & Defend FINAL TEAM LEADER & MEMBERS IDENTIFY TEAM LEADER BUILD TEAM & STAKEHOLDERS

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 20 Privacy Policy Development Templates (From Privacy, Civil Rights, and Civil Liberties, Policy Templates for Justice Information Systems) The privacy policy development templates suggest language for drafting a policy or inter-agency agreement. In order to select the correct template or combination of templates, the agency must first identify the type of information sharing system covered by the privacy policy.

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 21 Privacy Policy Development Templates What type of information sharing system will be covered by the privacy policy? □ Incident or event-based records management system (RMS) □ Case management system (CMS) □ Integrated criminal justice information system (IJIS or CJIS) □ Criminal history record information system (CHRI) □ Criminal intelligence gathering system (CIS) □ Justice information sharing network

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 22 Privacy Policy Development Templates Which of the following best describes the privacy effort involved? □ LOCAL SYSTEMS □ STATEWIDE SYSTEMS □ STATEWIDE NETWORK INTEGRATING LOCAL SYSTEMS □ REGIONAL INFORMATION SHARING SYSTEMS □ AD HOC SYSTEMS

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 23 Process Stage UNDERSTANDING INFORMATION EXCHANGES Collection Dissemination & Access Use Maintenance & Retention

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 24 ANALYZING THE LEGAL REQUIREMENTS Focus Sources of Legal Authority Principles –FIP Perform Information Analysis Process Stage

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 25 Process Stage IDENTIFY CRITICAL ISSUES & POLICY GAPS Laws & Policies Team Privacy Concerns Build from Existing Laws & Policies

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 26 Product Stage VISION & SCOPE Team Members Organizational Structure & Policy Outline REVISED DRAFT POLICY DRAFT SHARE Stakeholders Constituents

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 27 PROJECT TEAM Implementation Stage Formal Adoption of Privacy Policy GOVERNING BOARD PUBLICATION OUTREACH TRAINING Ongoing Evaluation & Monitoring Legislative Efforts Revisions

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 28 Depending upon the need, the privacy policy will consist of one or more of the following policy three templates: TEMPLATE A – Privacy and civil rights protections for inclusion in enabling legislation or authorization for the justice information system This enabling authority would be included in the statute, ordinance, resolution, executive order or other document that authorizes or creates the entity overseeing the information system. Alan Carlson’s Privacy Policy Development Templates

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 29 Alan Carlson’s Privacy Policy Development Templates TEMPLATE B – A basic privacy and civil rights protection policy template covering day-to-day operation of the justice information system This basic system operation would be included in a general policy applicable to the system, or it would provide the central provisions of a stand-alone policy covering protection of privacy, civil rights and civil liberties.

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 30 TEMPLATE C – Privacy and civil rights protections for an inter- agency agreement between agencies participating in an information sharing network or system. Alan Carlson’s Privacy Policy Development Templates

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 31 ADDITIONAL RESOURCES

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 32 ADDITIONAL RESOURCES

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 33 Homeland Security Publications: Privacy Threshold Analysis Privacy Impact Assessments- Official Guidance (2006) Privacy Impact Assessments for various industries

 2004 SEARCH, The National Consortium for Justice Information and Statistics | 34

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.