U.S. flag

An official website of the United States government, Department of Justice.

Establishing a Privacy Officer Function Within a Justice or Public Safety Entity: Recommended Responsibilities and Training

Date Published
June 2014
12 pages
Publication Series

A privacy policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information and other personal, sensitive information it seeks or receives and uses in the normal course of business.  A privacy policy protects the agency, the individual, and the public; and contributes to public trust and confidence that the justice system understands its role and promotes the rule of law.  While a privacy policy is a positive and proactive step toward mitigating privacy risks and preventing violations, the policy alone is not a guarantee.  To adequately ensure that personnel and PII the justice agency collects are managed in compliance with the agency’s privacy policy, responsibility needs to be assigned for the oversight and execution of these tasks.  This role is traditionally performed by a privacy officer—a person (or persons) whose job responsibility is to manage and monitor compliance with privacy laws and the agency's privacy policy, respond to public access and corrections requests or complaints, ensure that agency personnel receive appropriate training, and enforce adherence to the provisions of the policy.

Establishing a Privacy Officer Function Within a Justice or Public Safety Entity:  Recommended Responsibilities and Training introduces useful guidance for justice and public safety agencies wanting to create a privacy officer function within their entities.  It provides informative answers to common questions asked about establishing this privacy-related role and includes a discussion on whether the agency needs a full- or part-time role, or if the agency might benefit from a shared/team approach or designation within a parent agency.  Real-world examples are included to demonstrate the justice community’s trend toward adopting this critical function, further emphasizing the field’s growing commitment to protecting privacy.  Also available are suggested privacy officer qualifications, as well as a comprehensive list of generally-accepted responsibilities for the position.  Finally, a resource section features a variety of general, educational/awareness, privacy impact assessment, and privacy policy development products, as well as tools for policy, analytic product, information quality, and privacy compliance evaluations.  In addition, a training section highlights a variety of privacy training resources, including online videos.  

Having guidance on how to establish a privacy officer role within a justice or public safety agency, regardless of the type or size of agency, is extremely valuable both to those agencies that already have privacy officers, as well as to those in the process of developing their privacy policies or instituting privacy protections within their agencies.

Date Published: June 17, 2014