Link to the home page.
Print from PDF version
Wireless Security Practices PDF Document
 

Security Disciplines for Objective 2: Prevention

2-6. Public Access, Privacy, and Confidentiality

Description

Public access denotes the extent to which the public and the news media representing the public are able to view and copy information collected and used by a criminal justice entity. It includes not only whether a particular piece of information is available to the public but also when, where, and how access is provided. The principal public access issue today is the extent to which information is made available electronically, especially on the Internet. In the past, much information—for instance, court files—has been public as a matter of law but private as a matter of practice due to the difficulty of accessing it. Only those who are intimately familiar with the operations of the entities know how to obtain the information. When court and other criminal justice entity data is placed on the Internet or otherwise made available electronically, information that was protected by its “practical obscurity” becomes readily, cheaply, and practically available to the public and to the news media. Disclosure of certain information can be life-threatening to the subject: for example, victims of domestic violence (when the victim is at risk if the abuser locates the victim) or a criminal informant (if the criminals with whom the informant is associated learn of the informant's status).

Confidentiality is the assurance that information is shared only among authorized users. The sensitivity classification level of the information should determine its confidentiality and, hence, the appropriate safeguards.

Privacy requires confidentiality mechanisms. Privacy applies to when, how, whom, and to what extent personal information is shared. There exists no explicit federal constitutional right to privacy. However, privacy rights have been articulated in federal and state case law and statutes governing the areas of medical, financial, educational, and consumer data.

Personal information may be linked to an individual at the time of release or subsequently linked through analysis. It may be accessed or released inappropriately, causing possible loss of employment, diminished social status, or other highly adverse consequences. Personal information may include:

  • Race, national or ethnic origin, religion, age, gender, sexual orientation, or marital or family status.
  • Education, medical, psychiatric, psychological, criminal, financial, family, or employment history.
  • Any identifying number, symbol, or other particular assigned to the individual.
  • Name, address, telephone number, fingerprint or voiceprint, photograph, blood type, or DNA.

Purpose

Criminal justice entities have historically dealt with and instituted policies concerning access to the information they collect in the course of their work. For instance, the National Crime Information Center (NCIC) has had privacy and security policies in effect for over thirty years. However, the ubiquity of electronic data and electronic documents, their exchange among criminal justice agencies, and their increasing availability over the Internet have caused the public, legislators, and criminal justice entities themselves to reexamine their historic practices. Entities are deciding that certain “public” information should no longer be public or should be made public only through traditional, paper-oriented processes. Further, concerns about public access, privacy, and confidentiality of their data create reluctance on the part of some criminal justice entity leaders to enter into information sharing arrangements. Consequently, it is critically important in today’s environment for every entity to review and restate its own public access, privacy, and confidentiality policies and for information sharing agreements to include formal understandings regarding these matters.

Principles

  • The public possesses statutory, First Amendment, and common-law rights to access most justice information.
  • Justice agencies use information to protect society at large. The way in which a justice agency uses personal information in the administration of justice is crucial to the protection of society and can result in life-or-death consequences. Confidentiality is required during open investigations to preserve information sources, prevent interference with the enforcement proceedings, ensure a fair trial, prevent disclosure of investigative techniques and procedures, and preserve life and safety.
  • An individual’s right to privacy has been articulated in state and federal case law and statutes governing the areas of medical, financial, educational, and consumer data.
  • Conflicting interests must be weighed between the data subject, justice system, and the public, including the media and commercial sector.

Policies

Best Practices

Public Access—Public access has changed with the development of technology. Privacy issues for public access include:

  • Should the information be made public at all? Keep in mind the possibility of lawsuits for inappropriate release or for not releasing information, as well as the need to release data necessary for public safety. Also, once data is made public, it is forever public and beyond the control of the disseminating agency. Corrections and updates might be impossible to circulate. Each justice component must have some public access method.
  • At what point should justice information be made public? For example, information should remain closed during an investigation but be made public during the trial.
  • How long should it be accessible? Should there be a record that the deleted record once existed?
  • What is the fiscal cost of making the information public? Ideally, it should be disclosed using all access methods (in person, telephone, or Internet). Should fees be charged to recoup the cost, or would the charges be so high that they unreasonably limit access to the information? A privacy plan must be implemented that protects the privacy of the information yet allows the agency to still protect society at large. A plan is necessary to ensure standardized implementation and enforcement of privacy.

Privacy Principles—The first step in implementing a privacy plan is to develop a privacy policy. Those developing privacy policies should look at all applicable laws, regulations, and policies already in effect. More often than not, legislative action may be needed to put the policy in place. There are eight principles to be included in the privacy policy that enforce privacy of personal information while allowing the agency to perform its vital function:

  • Purpose Specification—Document the purpose for which personal information is collected no later than the time of data collection. Design technology to allow access restrictions to outside parties.
  • Collection Limitation—Collect personal information by lawful and fair means, and try to collect only pertinent data. Where applicable, obtain the subject’s consent. Design the technology to not require unnecessary data.
  • Data Quality—Personal information collected must be accurate, complete, and current. Public access to inaccurate data may be worse than no access at all. If the subject has access to the data, allow them to verify the data. If the subject does not have access, set up other means for verification, such as passive data analysis, including cross-referencing that identifies anomalies. Require logging whenever the data is accessed or modified, recording the changes by whom, when, and for what reason, to ensure accountability. Try to include tags for confirmed or unconfirmed and accurate or inaccurate.
  • Use Limitation—Personal information is to be used solely for the purposes specified, except with the consent of the data subject, by authority of law, for the safety of the community, or pursuant to a public access policy. Use limitation is generally applicable to disclosure outside the justice system but may also apply between agencies if disclosure is not mandated by law. The policy should also consider possible secondary or third-party usage of the information. An audit trail should be incorporated into the technology to enable a use assessment.
  • Security Safeguards—Protect personal information with reasonable safeguards against risk of loss or unauthorized access, modification, use, destruction, or disclosure. A risk assessment should be performed, with security modifications made as necessary. Also, an information classification review should be done periodically to ensure data is being safeguarded at the proper security level. The system should log all attempts to alter information or attack the system.
  • Openness—Provide notice to the data subject about how the personal information is collected, maintained, and disseminated. Provide notice to the public of the existence of personal data and access to data in accordance with a public access policy. Openness includes public access to the management practices of the data, except where it directly relates to an investigation, a pending or open case, or safety concerns and other factors that a government determines as necessary exceptions. The technology system must log all transactions on an individual’s file and allow for independent oversight for accountability purposes.
  • Individual Participation—Allow affected individuals to access their personal information, except where it would compromise an investigation, case, or court proceeding. Subjects should be able to:
    • Obtain confirmation that the agency has their data.
    • Obtain data relating to themselves within a reasonable time, at a charge (if any) that is not excessive, in a reasonable manner, and in a form that is readily intelligible.
    • Be given reasons if an access request is denied.
    • Challenge a denial and, if successful, have the data erased, rectified, completed, or amended.
    • Provide an annotation to data when an organization decides to not amend the information as requested.
    The technology must be designed to create copies of the personal information and to amend or annotate information subject to disagreement over accuracy. The system must also have the capacity to notify third parties, in a timely manner, that have either provided or received incorrect information.
  • Accountability—Oversee and enforce the other seven privacy principles. An individual must be designated as the information steward responsible for establishing regular security audits, privacy impact assessments, and privacy audits. The steward should have a procedure in place for challenges to the system and should ensure that timely, fair responses are made to inquiries. He is also responsible for training staff on privacy protection requirements.

    A privacy plan requires cooperation between each agency accessing the data. Sharing personal information becomes even more difficult because agencies have different functions and differing statutes and regulations. What one agency considers sensitive may be open to the public in another agency. For instance, information from closed-record states becomes publicly available once it is shared with an open-record state. Compiling public data from several different agencies may also yield obviously confidential information.

    Current systems range from paper-driven to the highly automated. Also, many of the current systems were developed without proper thought to privacy concerns. This can result in having to manage unintended privacy issues and having to retool the system—both of which can be quite expensive. The ideal is to address privacy during the planning stages of information system design.

    Each agency should classify the information they create and maintain with an appropriate confidentiality level (see Section 2-4, Data Classification). Procedures should be documented stating when and where this information may be disclosed to the public or other agencies. Disclosure should be determined by the type of information and the context in which it is shared. For example, local security procedures should be classified at least at Level 3. Each agency must also review the privacy and public access policies of the agencies with which it exchanges information. To ease the transfer of data, the agencies should adopt the same terms, data entry fields, data definitions, and data structures.

    The information steward for each agency should perform a Privacy Impact Assessment that has three components:
    • A map of the information flow. Each justice agency should map the flow of the information it maintains. The map must include each data element in the justice record. At each mapped decision point, it should indicate the type of received information, the purpose for which it may be used, whether it is personally identifiable, and when and to whom it may be disclosed.
    • A privacy analysis of the information flow, indicating adherence to the privacy policy.
    • An assessment of the issues uncovered in the analysis and options to mitigate privacy risks.
    After each agency has performed its Privacy Impact Assessment, a second assessment should be completed on the entire integrated information sharing system for the information exchanged between agencies.

References