Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Information Quality

Published bySri Kurniawan Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy and Information Quality"— Presentation transcript:

1 Privacy and Information Quality
SEARCH Membership Group Meeting January 27-30, Francis X. (Paco ) Aumand III Vermont Department of Public Safety Division of Criminal Justice Services

2 Objective of Breakout Session
In today's integrated justice environment is there a need to be concerned with the use and dissemination of personal identifying information? This breakout session will discuss what privacy is, explain why the protection of personal identifying information is important, and describe some of the fundamental components of privacy policy.

3 Privacy - How do we define it?
“Privacy is the power to selectively reveal oneself to the world.” Many definitions Privacy is the ability of a person to control the availability of information about and exposure of himself or herself. It is related to being able to function in society anonymously. Privacy – the right to be free of unnecessary public scrutiny or to be let alone. Privacy of personal data (information privacy) is described as when, how, and to what extent you share personal information about yourself. Information privacy involves the right to control one’s personal information and the ability to determine if and how that information should be obtained and used.

4 Privacy The appropriate use of personal identifying information under the circumstances. What is appropriate will depend on the context, law and the individual’s expectation. International Association of Privacy Professional's definition. Fundamental to this definition is the right of the individual to control the collection, use and disclosure of personal information. Within an integrated justice system this right is balanced against the public's right to know and the public’s security interests

5 Right to Privacy The possible right to be left alone, in the absence of some “reasonable” public interest in a person’s activities. It is within the context of the right to privacy that we begin to see the governmental right to use personal identifying information.

6 Therefore, the law allows for the use of personal identifying information for arrest information and it has long been deemed to be in the public’s interest to collect, use and disseminate arrest and conviction personal identifying information.

7 Personal Identifying Information
Personal identifying information is one or more pieces of information when considered together, or combined with other information, and when considered in the context of how it is presented or how it is gathered, is sufficient to specify a unique individual.

8 “Information Privacy relates to one’s personal information.”
It is important to note that privacy policy relates to the collection, use and dissemination of personal identifying information NOT INCIDENT OR EVENT INFORMATION when no personal data is used. Again a central component of information privacy is the ability of an individual to control the use of information about him or herself. Information Privacy also is used to refer to standards for the collection, maintenance, use and disclosure of personally identifiable information

9 Criminal History Intelligence Systems CAD/RMS
Stove pipe systems that have there own unique statutes that control the collection, use and dissemination of the information. Criminal History Intelligence Systems CAD/RMS

10 “Garbage In, Garbage Out”
NO

11 “Garbage In, Gospel Out”

12 Eight Privacy Design Principles
Purpose Specification Collection Limitation Data Quality Use Limitation Security Safeguards Openness Individual Participation Accountability Privacy Principles The following eight privacy design principles provide a framework for developing privacy policy for a justice information system and for identifying technology requirements: 1. Purpose Specification. This principle requires identification of the purpose for which personal information is collected—in writing and not later than the time of data collection. The personal information collected should be pertinent to the stated purposes for which it will be used. 2. Collection Limitation. Agencies are to carefully review how they collect personal information to avoid collecting such data unnecessarily. Personal information should be obtained by lawful and fair means. 3. Data Quality. This principle mandates that agencies verify the accuracy, completeness, and currency of personal information. 4. Use Limitation. Personal information is not to be used or disclosed for purposes other than those specified in accordance with principle 1 above, except with the consent of the data subject, by authority of law, for the safety of the community, or pursuant to a public access policy. 5. Security Safeguards. Agencies must assess the risk of loss or unauthorized access to personal information in their systems. Reasonable safeguards against risks should protect personal information against loss or unauthorized access, destruction, use modification, or disclosure. 6. Openness. The principle requires agencies to provide notice about how they collect, maintain, and disseminate information. Openness also includes public access to establish the existence of personal data and to the data pursuant to an official public access policy. 7. Individual Participation. Agencies are to allow affected individuals to access their personal information. 8. Accountability. Agencies must have a means to oversee and enforce the other seven privacy design principles.

13 The right to privacy balanced against the administration of justice, protecting the public and the public’s right to know continues to provide a framework for fair information practices in the U.S. Balancing privacy with competing interests has also been widely accepted as a means of accounting for privacy concerns.

14 Privacy Policy Mapping data flows Determining data sensitivity Using a policy design template

15 Mapping Data Flows Mapping involves preparing a flowchart depicting each stage of the justice process and determining what information is collected, accessed, used, and disclosed at those stages. For example, initial stages of criminal justice processing might be charted as arrest, detention (yes/no), referral of case to prosecutor’s office (yes/no), and so on. What data items are collected at each stage—name, address, charge, etc.? Might some of those data elements change subsequently—such as a police charge being changed by the prosecutor but disposed of in court by a plea to another charge? Do the data represent personally identifiable information? Information flow maps may already exist, prepared when an information system was designed, although not from a privacy perspective. Those maps provide a good foundation on which to construct data flowcharts for privacy policy purposes.

16 Determining Data Sensitivity
Red-light Information, not disseminated outside the holding agency. Yellow-light Information. It is not always available to other agencies or the public. Data elements noted on the flowchart may be grouped according to their sensitivity, which helps determine to whom the information may be disclosed and when. Use of a traffic-light metaphor to denote sensitivity categories may prove effective: Red-light Information. It is generally not disseminated outside the holding agency or is released within the justice system under strict conditions or in very limited circumstances. Examples of nondisclosed information may be court-sealed records, criminal intelligence information, and information pertaining to ongoing investigations. Yellow-light Information. It is not always available to other agencies or the public. But it may be released after a balancing of justice agency interests or agency review of a specific request for an authorized purpose (e.g., an individual’s request to see his or her own information) or a nonjustice organization’s or individual’s request for an authorized purpose. Examples include personally identifiable justice record information between agencies, public requests for criminal records checks for noncriminal justice purposes (e.g., employment background checks), juvenile records requests, and criminal history information (where permitted by state law). Green-light Information. It is available, by law or tradition, to justice agencies or people or organizations upon general request. Some of this publicly available information is related to the justice process—crime statistics, agency operational data, and the like—or is related to people, cases, and events. Despite green-light information being the most freely accessible information, its disclosure should still be weighed against individual privacy interests and public safety considerations. Green-light Information. It is available, by law or tradition, to justice agencies or people or organizations upon general request.

17 Privacy Policy Template
Purpose Statement. This broad statement describes the justice agency’s mandate, the need for information sharing, the privacy interests the agency seeks to protect, and the need for public access. What is the purpose of your information system? Does your collection procedures mirror your purpose?

18 . Purpose The Law Enforcement N-DEx will be an incident- or event-based information-sharing system for local, state, tribal, and federal law enforcement agencies, which securely collects and processes crime data in support of investigations, crime analysis, law enforcement administration, strategic/tactical operations, and national security responsibilities.

19 Privacy Policy Template
Privacy Policy Scope. This sets out the framework of interests to be protected and how the policy will be enforced.

20 Privacy Policy Template
Verification, Maintenance, and Correction of Information. The agency spells out how it ensures data quality. What methods are in place to ensure quality? Does the system perform internal verification of information? Does the system require other sources to verify the accuracy of the information?

21 Privacy Policy Template
Access Statement. The statement identifies the classification of information and which justice agencies have access to it, as well as identifies who may gain access to information under the “publicly accessible category.” Who are your justice partners? Who is the public?

22 Privacy Policy Template
Access Method. The method-of-access statement should reflect the agency’s best attempt to deliver “yellow or green” information to other justice agencies and the public. What information does your agency have? In what form is it in? Are there laws that sets limits on public access to this data?

23 Privacy policy helps to protect the integrity of the investigative process. And the integrity of our information systems. Privacy Policy Criticism related to Privacy Concerns

24 Resources http://www.ncja.org/pdf/privacyguideline.pdf
Report of the National Task Force on Privacy, Technology and Criminal Justice Information

Download ppt "Privacy and Information Quality"

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
FIP Implementation: Illinois CHRI Repository. Fair Information Practices 1)Purpose Specification 2)Collection Limitation 3)Use Limitation 4)Data Quality.

FIP Implementation: Illinois CHRI Repository. Fair Information Practices 1)Purpose Specification 2)Collection Limitation 3)Use Limitation 4)Data Quality.
Overview of the Privacy Act

Overview of the Privacy Act
Confidentiality and HIPAA

Confidentiality and HIPAA
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,

PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,
6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.

6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.
The Islamic University of Gaza

The Islamic University of Gaza
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
Access to School Records. Policy 2.9 Access to School Records Each school board is required to provide access to school records in accordance with the.

Access to School Records. Policy 2.9 Access to School Records Each school board is required to provide access to school records in accordance with the.
4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.

4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.
The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.

The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.
Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.

Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters Air Force FOIA Exemptions Brief Della Macias HAF/IMII.

Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters Air Force FOIA Exemptions Brief Della Macias HAF/IMII.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.

NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Similar presentations

Ads by Google