Privacy, Information Quality, Biometrics

GPIQWG Resources:


The following is a compilation of products and publications designed specifically for the justice community to address privacy, information quality, and biometrics as they relate to information sharing. These resources were developed for state, local, and tribal (SLT) justice entities by DOJ’s Global and its partners or through DOJ collaborations with other federal agencies. To view topic-focused products (privacy, information quality, or biometric resources), refer to the links provided above.

7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy

Designed for both justice executives and agency personnel, this document raises awareness and educates readers on the seven basic steps involved in the preparation for development of a privacy, civil rights, and civil liberties policy (as recommended in DOJ’s Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities).  Each step describes the practical tasks associated with preparing for, drafting, and implementing a privacy policy.  Also featured is an overview of the core concepts (or chapters) that an agency should address in the written provisions of a privacy policy (as recommended in DOJ’s Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities).   

9 Elements of an Information Quality Program

Developed for high-level, managerial, and administrative personnel within an organization, 9 Elements of an Information Quality Program provides a brief outline of the nine key steps that should be followed when developing and implementing an agency-wide information quality (IQ) program.

An Introduction to Familial DNA Searching for State, Local, and Tribal Justice Agencies: Issues for Consideration

This issue paper is the result of an intense collaboration among the privacy professionals of GPIQWG and esteemed biometric, DNA, and familial DNA searching subject-matter experts (SMEs) who generously contributed their time and expertise to its content and development. GPIQWG, on behalf of Global, developed this overview to support state, local, and tribal (SLT) justice entities that are performing or considering performing familial DNA searching with a primer on the science of familial DNA and its use in criminal investigations, key issues implicated by familial DNA searching, and guidance on balancing the interests of both law enforcement and public safety with the privacy rights, interests, and concerns of affected persons. 
 

Criminal Intelligence Sharing: Protecting Privacy, Civil Rights, and Civil Liberties

This training is designed to present effective information sharing tools, examine the principles of 28 CFR Part 23, and address the importance of privacy, civil rights, and civil liberties in the context of information sharing.  Its purpose is to enhance information sharing by clarifying the various rules and regulations to ensure that agencies are more confident as they collect and share information, particularly criminal intelligence information.  In addition, technical assistance can be provided through on-site system reviews, policy reviews, and other specialized problem resolution.  Training and technical assistance for this project are provided through funding from BJA, DOJ. 

Criminal Intelligence Systems Operating Policies (28 CFR Part 23) Online Training

Criminal intelligence plays a vital role in the safety and security of our country.  The Code of Federal Regulations, Title 28, Part 23—Criminal Intelligence Systems Operating Policies (or 28 CFR Part 23) was issued in 1980 to ensure the privacy and constitutional rights of individuals during the collection and exchange of criminal intelligence information, and it has since been an important part of the intelligence landscape.  28 CFR Part 23 is a guideline for law enforcement agencies that operate federally funded multijurisdictional criminal intelligence systems.  To facilitate greater understanding of 28 CFR Part 23, the Bureau of Justice Assistance, Office of Justice Programs, U.S. Department of Justice, developed the Criminal Intelligence Systems Operating Policies (28 CFR Part 23) online training, which focuses on the requirements of 28 CFR Part 23 and includes topics such as compliance, privacy, inquiry, and dissemination requirements; storage requirements; and review-and-purge requirements.  The online training is available at www.ncirc.gov or www.iir.com/Justice_Training/28cfr/default.aspx.

Developing CCJ/COSCA Guidelines for Public Access to Court Records: A National Project to Assist State Courts

The purpose of Developing CCJ/COSCA Guidelines for Public Access to Court Records: A National Project to Assist State Courts (October 18, 2002) is to assist and guide state or individual courts in drafting a policy on public access to court records.  Developed and published by the National Center for State Courts, this guidance addresses the concern that proper balance is maintained between public access, personal privacy, and public safety, while maintaining integrity and consistency across the judicial process.  A final project report, Public Access to Court Records: Implementing the CCJ/COSCA Guidelines - Final Project Report, was also published on October 15, 2005.

DHS/DOJ Privacy and Civil Liberties Web Portal

Through a joint effort among DHS, DOJ, and BJA, this collaborative Web portal, accessible at www.it.ojp.gov/PrivacyLiberty, provides access to a wide range of resources and training materials available in the Information Sharing Environment that address privacy and civil liberties protections, including many of the Global products described within this overview.  Although originally intended for fusion center use, these resources can be easily adapted by law enforcement, criminal justice, public safety, and homeland security communities nationwide.

Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development

This executive summary is an awareness resource for justice executives, as well as an informational tool to use for training.  The easy-to-read flyer is designed to engender awareness about the topic, make the case for privacy policy development, and underscore the importance of promoting privacy protections within justice agencies.  Included is information on basic privacy concepts; the intersection between privacy, security, and information quality; privacy risks; and steps to establish privacy protections through a privacy program cycle.  This paper applies settled privacy principles to justice information sharing systems and makes recommendations on best practices.

Fusion Center Privacy Policy Development – Privacy, Civil Rights, and Civil Liberties Policy Template

The Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template was developed in collaboration with the DHS/DOJ Fusion Process Technical Assistance Program and DOJ’s Global Privacy and Information Quality Working Group (GPIQWG).  This template assists fusion center personnel in developing a center privacy policy related to the information, intelligence, and suspicious activity report (SAR) information the center collects, receives, maintains, archives, accesses, and discloses to center personnel, governmental agencies, Information Sharing Environment (ISE) participants, and other participating criminal justice and public safety agencies, as well as to private contractors and the general public.  Provisions contained in this template will help centers comply with requirements of the DHS’ Homeland Security Grant Program Guidance, the ISE Privacy Guidelines, and the National Suspicious Activity Reporting (SAR) Initiative.

Global Information Quality Series: Improves the Quality of Justice Information Flyer

The U.S. Department of Justice’s (DOJ) Global Privacy and Information Quality Working Group (GPIQWG) has published an information quality (IQ) series that provides practical guidance on how to develop and implement an agencywide information quality program.  Using a progressive “step” approach, this series provides agencies with resources from beginning to end—from raising awareness of IQ to the evaluation of the agency’s information, ending with the implementation of an agencywide program.  

Global Privacy Policy Statement

Protecting individual privacy is a fundamental responsibility of justice agencies that collect and share personally identifiable information. Privacy policies articulate appropriate collection of and allowable uses for information, as well as, provide accountability for misuse. Comprehensive privacy policies serve as a fundamental lynchpin to developing a system of trust that allows agencies to share personally identifiable and other sensitive information. Though there is considerable need for states and local agencies to develop privacy policies, agencies have been slow to develop them, preferring to remain reactive rather than proactive. The Global Privacy Policy Statement was developed, on behalf of the U.S. Department of Justice (DOJ), as a joint effort between the Global Privacy and Information Quality Working Group (GPIQWG) and the Global Outreach Working Group (GOWG). This Global declaration makes a strong statement to encourage states and local agencies to develop privacy policies.  Furthermore, states are strongly encouraged to take a leadership role by providing assistance to local and tribal agencies in the development of statewide model privacy policies or policy development templates consistent with Federal and State law.

Global Privacy Resources Booklet

Thanks to the great work by the U.S. Department of Justice's (DOJ) Global, Global partners, and through DOJ collaborations with other federal agencies, there are a variety of privacy awareness, policy development, and implementation products available to the justice community today. To help these agencies know “which” privacy product(s) to use “when” and for “what purpose,” Global has published a roadmap for navigating through these resources in a Global Privacy Resources booklet. The road map graphically illustrates the stages an agency naturally goes through when embarking on such an endeavor, (such as education and awareness, self-assessment, policy development, technical implementation, and training). Each of these stages, together, comprises a Privacy Program Cycle. The Global Privacy Resources booklet graphically illustrates every stage of this cycle and guides agencies to the resources they need for each particular stage. Global recognizes that State, Local, and Tribal (SLT) justice entities come in all sizes, with a variety of roles and with varying degrees of available resources. The resources presented in this booklet are flexible and designed to meet a spectrum of privacy protection needs. In addition to this downloadable booklet, Global has also developed an online version of this information available at www.it.ojp.gov/privacy.

Guidance for Building Communities of Trust

This resource—developed by Robert Wasserman in collaboration with the Office of Community Oriented Policing Services (COPS), DOJ, and DHS—focuses on developing relationships of trust among law enforcement, fusion centers, and the communities they serve, particularly immigrant and minority communities, so that the challenges of crime control and prevention of terrorism can be addressed. Trust, transparency, and the protection of privacy, civil rights, and civil liberties are fundamental to effective crime control, and these principles must serve as the foundation for information and intelligence sharing efforts intended to support crime prevention and terrorism prevention activities. Through a series of facilitated sessions, the Building Communities of Trust (BCOT) effort convened privacy, civil rights, and civil liberties groups; community leaders; and law enforcement officials for an intensive dialogue. The program’s objective is to help communities understand how law enforcement is using information to protect neighborhoods and citizens, while at the same time educating law enforcement on the priorities and needs of residents and how various community members view law enforcement efforts.  The resulting guidance provides advice and recommendations on how to initiate and sustain trusting relationships that support meaningful sharing of information, responsiveness to community concerns and priorities, and the reporting of suspicious activities. Building and maintaining trusting relationships between communities and law enforcement to prevent acts of crime and terrorism is the overarching theme of this document. 

Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities

Understanding agency privacy risks is critical to the development of a privacy policy that establishes how an agency collects, maintains, and shares agency justice information. In this privacy impact assessment (PIA) resource, practitioners are provided a framework with which to examine the privacy implications of their information systems and information sharing collaborations so they can design and implement privacy policies to address vulnerabilities identified through the assessment process. Privacy policies emerge as a result of the analysis performed during the PIA process. In addition to an overview of the PIA process, this guide contains a template that leads policy developers through a series of appropriate PIA questions that evaluate the process through which personally identifiable information is collected, stored, protected, shared, and managed. The PIA questions are designed to reflect the same policy concepts as those recommended in the Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities further supporting privacy policy development.

Implementing Privacy Policy in Justice Information Sharing: A Technical Framework

This document was developed for technical practitioners to provide guidelines for supporting the electronic expression of a privacy policy and how to convert a privacy policy so that it is understandable to computers and software.  A technical framework provides approaches and alternatives to resolving technical and interoperability challenges in supporting a privacy policy through automation.  It outlines a sequence of steps for implementing a set of electronic privacy policy rules that can be readily implemented using existing information technology architectures, standards, and software tools.  An executive summary is also available at https://it.ojp.gov/documents/Privacy_policy_flyer.pdf.

Information Quality Program Guide

This Guide is intended to help justice managers develop an information quality program for their organizations and is designed to support managers who must analyze their justice entity’s information and determine what is needed to ensure good quality information. In support of that effort, the Guide features a step approach to the development and implementation of an agency-wide IQ program and includes a variety of resources and tools, as well as a framework for analyzing a justice entity’s business rules for information quality.

Information Quality Self-Assessment Tool

The purpose of this tool is to provide practitioners with guidance in evaluating the information quality of justice information reports associated with justice events by way of a self-administered worksheet, designed to provide practical, hands-on assistance to information systems personnel. Evaluating the quality of agency information is a mandatory step for any agency-wide IQ program.

Information Quality: The Foundation for Justice Decision Making

This document provides an overview of information quality; problems associated with it; and its framework, dimensions, and scenarios; it also explains what can be done to promote information quality within electronic data exchanges.

Information Sharing Environment Privacy Guidelines Implementation Support

In collaboration with the Bureau of Justice Assistance (BJA) and the Office of the Program Manager for the Information Sharing Environment (PM-ISE), this program provides support to assist federal agencies in the ongoing implementation of the Guidelines to Ensure That the Information Privacy and Other Legal Rights of Americans Are Protected in the Development and Use of the Information Sharing Environment (ISE Privacy Guidelines).  Privacy technical assistance is provided to federal agencies in the development of privacy policies that comply with the ISE Privacy Guidelines.  

Justice Information Privacy Guideline - Developing, Drafting and Assessing Privacy Policy for Justice Information Systems

Developed by the National Criminal Justice Association, this 2002 guide provides background information on the development and history of privacy policies, as well as specific tools for mapping information flows.

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, including Fair Information Principles (FIPs)

The eight Fair Information Principles (FIPs) contained within this Organization for Economic Cooperation and Development (OECD) document were developed around commercial transactions and the trans-border exchange of information.  However, they do provide a straight forward description of underlying privacy and information exchange principles and provide a simple framework for the legal analysis that needs to be done with regard to privacy in integrated justice systems.  Some of the individual principles may not apply in all instances of an integrated justice system.

The eight FIPs are:
  • Collection Limitation Principle
  • Data Quality Principle
  • Purpose Specification Principle
  • Use Limitation Principle
  • Security Safeguards Principle
  • Openness Principle
  • Individual Participation Principle, and
  • Accountability Principle

Online Repository of Fusion Center Privacy, Civil Rights, and Civil Liberties Protections Policies

This online repository (www.nfcausa.org) of fusion center privacy policies, hosted by the National Fusion Center Association, is a useful policy development resource for those agencies with an intelligence function.  Each policy posted on this site has met all of the criteria outlined in the Fusion Center Privacy Policy Development:  Privacy, Civil Rights, and Civil Liberties Policy Template (described earlier on this page) and has been determined by the DHS Privacy Office to be “at least as comprehensive as the Information Sharing Environment (ISE) Privacy Guidelines.”  These policies are the result of the joint DHS/DOJ Fusion Process Technical Assistance Program. 

Policy Review Checklist

The checklist is a companion piece to the Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template), contained in the Global Privacy Guide, and serves both as a self-assessment tool to assist privacy policy authors, project teams, and agency administrators in evaluating whether the provisions contained within their draft policy have met the core concepts recommended in the SLT Policy Development Template and as a useful resource for use during the annual policy review. Section references are provided that correlate checklist components with those in the SLT Policy Development Template. The checklist is structured according to the following key policy concepts: 

  • Policy applicability and legal compliance
  • Governance and oversight
  • Acquiring and receiving information
  • Information quality assurance
  • Sharing and dissemination
  • Redress
  • Security safeguards
  • Information retention and destruction
  • Accountability and enforcement 

Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise

This compliance verification document assists intelligence enterprises in complying with all applicable privacy, civil rights, and civil liberties protection laws, regulations, and policies.  As a “next step” for agencies that have completed and implemented protections established in the privacy policy, the checklist evaluates agency compliance with the policies and procedures and helps to uncover any gaps that may need to be addressed.  The checklist provides a suggested methodology for conducting the review of an agency’s intelligence enterprise and identifies the high-liability areas of concern that should be included when performing the review.  This resource is being used for ongoing peer-to-peer assessment at multiple fusion centers, and a best practices document resulting from the peer reviews is forthcoming. 

Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Privacy Guide)

This guide is a practical, hands-on tool for SLT justice practitioners charged with drafting the privacy policy, providing sensible guidance for articulating privacy obligations in a manner that protects the justice agency, the individual, and the public.  This guide provides a well-rounded approach to the planning, education, development, and implementation of agency privacy protections.  Also included are drafting tools, such as a policy template, a glossary, and legal citations.

Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (Policy Development Template)

The Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (SLT Policy Development Template) was developed to assist SLT agencies in drafting a privacy policy. The provisions suggested are intended to be incorporated into the agency’s general operational policies and day-to-day operations. Each section represents a fundamental component of a comprehensive policy that includes baseline provisions on information collection, information quality, collation and analysis, merging, access and disclosure, redress, security, retention and destruction, accountability and enforcement, and training. Sample language is included for each recommended provision.

Privacy and Information Quality Risks: Justice Agency Use of Biometrics

This awareness primer is intended for administrators and policymakers who have the responsibility for overseeing the use of biometric technology. These individuals may be unaware of the major privacy and information quality issues that can arise at different points in the collection and use of information derived from biometric tools or how best to implement policies and procedures to avoid such risks. A highlight of this primer is the inclusion of two useful quick reference charts (or frameworks)—one for privacy and one for information quality. These charts are designed to allow an agency considering biometric procedures to quickly gauge whether there is or will be a privacy or information quality risk and to determine where that risk falls within a spectrum—low to high—not just at the point of collection but throughout the entire agency biometric process.   Additionally, the primer makes the case for privacy and information quality policies and procedures in the collection, sharing, and storage of biometrics; provides a synopsis of biometric technologies and their use in the justice system; summarizes biometric privacy and information quality issues; includes illustrative scenarios of biometric use; and contains guidance and a listing of resources for addressing these complex issues. 

Privacy Technology Focus Group: Executive Summary

This document summarizes the detailed final report and recommendations of the Privacy Technology Focus Group.

Privacy Technology Focus Group: Final Report and Recommendations

This Privacy Technology Focus Group (Focus Group) was chartered to examine the use and exchange of personally identifiable information (PII) in the context of justice information systems and in the dissemination and aggregation of justice and public safety data. Working teams addressed the following subject matters: Access and Authentication, Data Aggregation and Dissemination, Identity Theft, and Personal Safety and Protection. The charter for this first Focus Group meeting was to provide BJA with specific recommendations for action that leverage technology in support of privacy policy; the Final Report and Recommendations fulfills that charter.

Suspicious Activity Reporting Line Officer Training CD

This SAR CD was developed through a joint effort of BJA, DOJ, and the International Association of Chiefs of Police (IACP) to educate law enforcement line officers not only on what kinds of suspicious behaviors are associated with pre-incident terrorism activities and how to document and report suspicious activity but also on how to ensure the protection of privacy, civil rights, and civil liberties when documenting SAR information.  The CD also provides information about the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) requirement that NSI sites have privacy policies in place prior to NSI participation. 

The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety

This short video was developed as a training tool to educate viewers, particularly line officers during roll call, on the privacy and civil liberties issues they may confront in their everyday work.  The video also addresses the liabilities associated with the failure to adhere to sound policy and practice.    This short overview reviews and proactively emphasizes the role line officers have in the ongoing protection of citizens’ and community members’ privacy, civil rights, civil liberties, and other associated rights in the course of officers’ daily activities and calls for service. 

U.S. Department of Justice's (DOJs) Privacy Impact Assessment (PIA)

Privacy Impact Assessments (“PIAs”) are required by Section 208 of the E-Government Act for all Federal government agencies that develop or procure new information technology involving the collection, maintenance, or dissemination of personally identifiable information or that make substantial changes to existing information technology that manages personally identifiable information. A PIA is an analysis of how personally identifiable information is collected, stored, protected, shared, and managed.