MENU
JUMP TO
Policy Guidance and Standards related to the work of Fusion Centers
This section draws upon materials from a number of sources, including the DOJ's Global Initiative and the Information Sharing Environment (ISE), to provide a single point of access to much of the key guidance for fusion centers in the areas of privacy, civil rights and civil liberties. This website also contains a section dedicated to general issues on fusion centers and intelligence sharing.
National Criminal Intelligence Sharing Plan (56 pp. PDF) – Published in October 2003 and revised in June 2005 by the Department of Justice (DOJ) Global Justice Information Sharing Initiative (Global), the plan is designed, among other things, as a model intelligence sharing plan that "respects individuals' privacy and civil rights" for law enforcement agencies at all levels.
- It includes specific recommendations for protecting privacy and civil liberties, such as implementing privacy standards set forth in 28 CFR Part 23 for federally funded criminal intelligence systems. More on 28 CFR Part 23.
- Ten Simple Steps To Become Part of the National Criminal Intelligence Sharing Plan (1 pp. PDF). See step # 4 on privacy matters. From the DOJ Office of Justice Programs' on-line Justice Information Sharing Document Library.
Global has listed twenty National Criminal Intelligence Sharing Plan links at its "Resource Library" that may be of value to those dealing with the Sharing Plan.
Fusion Center Guidelines, Developing and Sharing Information and Intelligence in a New Era (August 2006) (104 pp. PDF) – "Comprehensive set of guidelines for local and state agencies in relation to the collection, analysis, and dissemination of terrorism-related intelligence in the context of fusion centers." The Guidelines were created by the U.S. Department of Homeland Security (DHS) and the DOJ and supported by the Global Initiative. The Guidelines address the intersection of law enforcement intelligence, public safety, and the private sector.
An Executive Summary of the Guidelines (August 2006) (8 pp. PDF) provides a quick overview of their scope and purpose. Additional background on the origin and development of the Guidelines can be found in materials from the DOJ and the Information Sharing Environment (ISE). The ISE page also notes the relationship between federal funding and the Baseline Capabilities Supplement (see below) to the Fusion Center Guidelines. As of April 2011, "all 71 fusion centers now have an approved privacy policy" that meet the ISE guidelines.
- Guideline 8, "Develop, publish, and adhere to a privacy and civil liberties policy" (page 41-42 of the Guidelines), states that there is a need to ensure that constitutional rights, civil liberties, civil rights, and privacy are protected throughout the intelligence process. It recommends that any fusion center should consider implementing the "Fair Information Practices" used as a baseline for privacy protection worldwide. The Guideline summarizes the eight principles that make up the Fair Information Practices and lists several issues to consider when drafting a privacy policy.
- A Supplement to the Fusion Center Guidelines: Baseline Capabilities for State and Major Urban Area Fusion Centers (September 2008) (72 pp. PDF) – includes a gap analysis between Guideline 8 and the ISE Privacy Guidelines. The Federal Privacy Guidelines Committee's State/Local/Tribal Working Group (SLTWG) began with the existing guidance found in the Fusion Center Guidelines, specifically Guideline 8, and identified "where the guidance to the fusion centers did not include the requirements of the ISE Privacy Guidelines." This gap analysis provides "detailed operational guidance that assists fusion centers in formulating their ISE privacy policies." The Supplement also notes that in many cases, "the privacy baseline capabilities exceed the requirements of the ISE Privacy Guidelines, because fusion centers address information types and activities that extend beyond the scope of the ISE." (See page 6.)
- The "Information Privacy Protections" section begins at page 27 of the Supplement.
- A companion document to the Baseline Capabilities for State and Major Urban Area Fusion Centers is the Common Competencies for State, Local, and Tribal Intelligence Analysts (June, 2010) (31 pp. PDF). It identifies common analytic competencies that should be exhibited by fusion center analysts to effectively perform their duties. Among the preferred skill behavioral indicators under "Sharing Information and Collaborating" is: "Applying legal, privacy and security guidelines, restrictions, and operational privacy and security practices to information sharing, storage, and analysis."
Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and TribalJustice Entities (April 2012) (194 pp. PDF) – Developed by DOJ's Global Justice Information Sharing Initiative (Global) Privacy and Information Quality Working Group (GPIQWG) for those working in the "justice system." Provides detailed, practical guidance and sample language for developing privacy and civil liberties policies for State, local, and tribal governments. See further guidance on the development of fusion center privacy and civil liberties polices in the Baseline Capabilities guidance described above.
Development of Privacy and Civil Liberties Policies – Additional guidance and helpful resources from the Global Initiative are available to fusion centers and others for the development of State and local policies. (Source: December 2008 Information Booklet on key accomplishments.) Those resources include:
- Targeting Executives and Administrators – Using two executive primers, Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development (4 pp. PDF) and the 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy (2 pp. PDF) agency administrators are made aware of the importance of having privacy and civil liberties policies within their agency and are provided with a high-level overview of the ten steps an agency should follow to develop a privacy and civil liberties policy."
- Drafting The Policy –
Once an agency administrator decides the agency should have a privacy policy, one or more individuals will be tasked with drafting the policy. The Global Privacy Information Quality Working Group (GPIQWG) developed the Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities, which includes in Appendix C.1 a policy development template titled Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities (Also available as an individual 71 pp. PDF). These resources are practical, hands-on tools for the justice practitioner charged with drafting the privacy policy. They provide sensible guidance for articulating privacy obligations in a manner that protects the justice agency, the individual, and the public. Also included are recommendations on implementation and training." Also see the Implementing Privacy Policy in Justice Information Sharing: A Technical Framework (October, 2007) (103 pp. Word doc.).
- Reviewing Work Product - Once a draft policy is developed, the GPIQWG provides a Policy Development Checklist. (8 pp. PDF) to help determine whether the policy meets all of the recommendations contained within the Privacy Guide.
In addition to the checklist, the Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise (June, 2010) (52 pp. PDF) assists agencies in determining whether they are in compliance with applicable privacy-related policies, procedures, rules, and guidelines. The document includes a suggested methodology for conducting an audit-type review of an agency’s intelligence enterprise and identifies the high-liability areas of concern that should be included when performing the review. The document also contains a suggested list of questions to answer when conducting the compliance process but may not cover all laws, policies, and procedures that are applicable to a particular state or agency.
Implementing the ISE Privacy Guidelines. In order to participate in the Information Sharing Environment (ISE), the Intelligence Reform and Terrorism Prevention Act of 2004, as amended, requires Federal departments and agencies as well as non-Federal partners to implement protections "at least as comprehensive as" the ISE Privacy Guidelines. The ISE website has a page dedicated to materials related to privacy, civil rights and civil liberties, contains key ISE resources such as the ISE Privacy Guidelines, the Privacy Guidelines Implementation Workbook and the ISE Privacy Guidelines Implementation Manual, as well as a "frequently asked questions" link.
Implementing the Common Terrorism Information Sharing Standards (CTISS) – On October 31, 2007, the Information Sharing Environment (ISE) created the CTISS program to "enable the acquisition, access, retention, production, use, management, and sharing of terrorism information within the ISE" through two categories of standards: functional and technical. "The Exchange Protocols standards … [address] the way the information is to be shared across systems and networks... Examples of processes described by the standards may include... privacy..."
In January 2008 the first of functional standards was issued. The ISE - Suspicious Activity Reporting (SAR) Functional Standard was updated in May 2009 (36 pp. PDF). The standard is intended to support the sharing of suspicious activity and incidents with a potential nexus to terrorism between federal and local entities, while respecting legal and privacy rights. The ISE website offers background on these standards including the Program Manual, a fact sheet and technical artifacts and guidance.
In January, 2010 a comprehensive report summarizing a collaborative effort of twelve state and major urban area fusion centers in implementing SAR reporting was published. The report, Final Report: Information Sharing Environment (ISE) – Suspicious Activity Reporting (SAR) Evaluation Environment" (155 pp. PDF) details the "…all-crimes approach to gathering, processing, reporting, and sharing of suspicious activity based upon behaviors identified to be reasonably indicative of preoperational planning related to terrorism or other criminal activity." It provides an overview of the five key factors and selected lessons learned, as well as making recommendations relating to the gathering, processing, and sharing of terrorism-related suspicious activity.
National Information Exchange Model (NIEM) is designed to develop, disseminate, and support enterprise-wide information sharing standards and processes across the whole of the justice, public safety, emergency and disaster management, intelligence, and homeland security enterprise at all levels and across all branches of government that will help link law enforcement agencies, fire departments and other critical information sources required by first responders (e.g., medical, environmental, and transportation personnel). The National Information Exchange Model (NIEM) is a common vocabulary that enables efficient information exchange across public and private organizations.
- Find out more about "Best of NIEM" (projects around the country using NIEM receiving special recognition) and training on NIEM.
Protecting Civil Rights: A Leadership Guide for State, Local, and Tribal Law Enforcement (September 2006) (276 pp. PDF) – Practical summary of in-depth guidance developed by the International Association of Chiefs of Police for State and local law enforcement regarding the protection of civil rights in the post-9/11 era. As stated in the report’s Executive Summary: "Law enforcement leaders can and must demonstrate a fundamental and complete allegiance to civil rights protections in a coordinated manner using multiple approaches. They must clearly convey a simultaneous commitment to effective law enforcement and civil rights protection; they must codify this commitment in their agency’s mission statements; they must ensure that their department’s polices are clear, sound, and consistent with civil rights guarantees; they must train and supervise officers in manners that are consistent with this commitment; and they must respond to alleged civil rights violations with vigilance and with fair and decisive action. As law enforcement leaders succeed in these regards and make these efforts transparent to the public, they validate the core premise that civil rights protection is not only an ethical and legal imperative but a practical imperative as well. Protecting civil rights is good for police, good for the community, and essential for maintaining the partnerships that must exist between the two."
Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement (Second Edition, 2009) (496 pp. PDF) – Written by David L. Carter, Ph.D., of the School of Criminal Justice at Michigan State University, the Guide is "directed primarily toward state, local, and tribal law enforcement agencies of all sizes that need to reinvigorate their intelligence function." It is designed to assist the manager or officer who is tasked with creating an intelligence function and provides "ideas, definitions, concepts, policies, and resources" for that purpose. See Chapter 7, "Civil Rights and Privacy in the Law Enforcement Intelligence Process."
In addition, Chapter 2 ("Understanding Contemporary Intelligence for Law Enforcement Organizations: Concepts and Definitions") includes a warning about liability for violation of civil rights in the use of National Security Information (NSI), pointing out that officer(s) and the chain of command could be liable under 42 USC 1983 for the mishandling of such information.
Source: Page created by the DHS/Office for Civil Rights and Civil Liberties and the DHS/Privacy Office in cooperation with the DOJ, Office of Justice Programs.