Policy Guidance and Standards related to the work of Fusion Centers
This section draws upon materials from a number of sources, including the DOJ's Global Initiative and the Information Sharing Environment (ISE), to provide a single point of access to much of the key guidance for fusion centers in the areas of privacy, civil rights, and civil liberties.
National Criminal Intelligence Sharing Plan (56 pp. PDF) – The plan, published in October 2003 and revised in June 2005, is designed by the Department of Justice (DOJ) Global Justice Information Sharing Initiative (Global), as a model intelligence sharing plan for law enforcement agencies at all levels that "respects individuals' privacy and civil rights."
- It includes specific recommendations for protecting privacy and civil liberties, such as implementing privacy standards set forth in 28 CFR Part 23 for federally funded criminal intelligence systems. More on 28 CFR Part 23.
- Ten Simple Steps To Become Part of the National Criminal Intelligence Sharing Plan (1 pp. PDF). See step # 4 on privacy matters. From the DOJ Office of Justice Programs' on-line Justice Information Sharing Document Library.
Global has listed twenty National Criminal Intelligence Sharing Plan links at its "Resource Library" that may be of value to those dealing with the Sharing Plan.
Fusion Center Guidelines, Developing and Sharing Information and Intelligence in a New Era (August 2006) (104 pp. PDF) – "Comprehensive set of guidelines for local and state agencies in relation to the collection, analysis, and dissemination of terrorism-related intelligence in the context of fusion centers." The Guidelines were created by the U.S. Department of Homeland Security (DHS) and the DOJ, with support from the Global Initiative, to address the intersection of law enforcement intelligence, public safety, and the private sector.
- A Supplement to the Fusion Center Guidelines: Baseline Capabilities for State and Major Urban Area Fusion Centers (September 2008) (72 pp. PDF) – includes a gap analysis between Guideline 8 and the ISE Privacy Guidelines. The Federal Privacy Guidelines Committee's State/Local/Tribal Working Group (SLTWG) began with the existing guidance found in the Fusion Center Guidelines, specifically Guideline 8, and identified "where the guidance to the fusion centers did not include the requirements of the ISE Privacy Guidelines." This gap analysis provides "detailed operational guidance that assists fusion centers in formulating their ISE privacy policies." The Supplement also notes that in many cases, "the privacy baseline capabilities exceed the requirements of the ISE Privacy Guidelines, because fusion centers address information types and activities that extend beyond the scope of the ISE." (See page 6.)
- The "Information Privacy Protections" section begins at page 27 of the Supplement.
- The "Information Privacy Protections" section begins at page 27 of the Supplement.
- A companion document to the Baseline Capabilities for State and Major Urban Area Fusion Centers is the Common Competencies for State, Local, and Tribal Intelligence Analysts (June, 2010) (31 pp. PDF). It identifies common analytic competencies that should be exhibited by fusion center analysts to effectively perform their duties. Among the preferred skill behavioral indicators under "Sharing Information and Collaborating" is: "Applying legal, privacy and security guidelines, restrictions, and operational privacy and security practices to information sharing, storage, and analysis."
Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and TribalJustice Entities (April 2012) (194 pp. PDF) – Developed by DOJ's Global Justice Information Sharing Initiative (Global) Privacy and Information Quality Working Group (GPIQWG) for those working in the "justice system," the guide provides detailed, practical guidance and sample language for developing privacy and civil liberties policies for State, local, and tribal governments. See further guidance on the development of fusion center privacy and civil liberties polices in the Baseline Capabilities guidance described above.
Development of Privacy and Civil Liberties Policies – Additional guidance and helpful resources from the Global Initiative are available to fusion centers and others for the development of State and local policies. (Source: December 2008 Information Booklet on key accomplishments.) Those resources include:
- Targeting Executives and Administrators – Using two executive primers, Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties Program Development (4 pp. PDF) and the 7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy (2 pp. PDF) agency administrators are made aware of the importance of having privacy and civil liberties policies within their agency and are provided with a high-level overview of the ten steps an agency should follow to develop a privacy and civil liberties policy."
- Reviewing Work Product - Once a draft policy is developed, the GPIQWG provides a Policy Development Checklist. (8 pp. PDF) to help determine whether the policy meets all of the recommendations contained within the Privacy Guide.
In addition to the checklist, the Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise (June, 2010) (52 pp. PDF) assists agencies in determining whether they are in compliance with applicable privacy-related policies, procedures, rules, and guidelines. The document includes a suggested methodology for conducting an audit-type review of an agency’s intelligence enterprise and identifies the high-liability areas of concern that should be included when performing the review. The document also contains a suggested list of questions to answer when conducting the compliance process but may not cover all laws, policies, and procedures that are applicable to a particular state or agency.
Implementing the ISE Privacy Guidelines. In order to participate in the Information Sharing Environment (ISE), the Intelligence Reform and Terrorism Prevention Act of 2004, as amended, requires Federal departments and agencies as well as non-Federal partners to implement protections "at least as comprehensive as" the ISE Privacy Guidelines. The ISE website has a page dedicated to materials related to privacy, civil rights and civil liberties, contains key ISE resources such as the ISE Privacy Guidelines, the Privacy Guidelines Implementation Workbook and the ISE Privacy Guidelines Implementation Manual, as well as a "frequently asked questions" link.
Implementing the Common Terrorism Information Sharing Standards (CTISS) – On October 31, 2007, the Information Sharing Environment (ISE) created the CTISS program to "enable the acquisition, access, retention, production, use, management, and sharing of terrorism information within the ISE" through two categories of standards: functional and technical. "The Exchange Protocols standards … [address] the way the information is to be shared across systems and networks... Examples of processes described by the standards may include... privacy..."
National Information Exchange Model (NIEM) is designed to develop, disseminate, and support enterprise-wide information sharing standards and processes across the whole of the justice, public safety, emergency and disaster management, intelligence, and homeland security enterprise at all levels and across all branches of government that will help link law enforcement agencies, fire departments and other critical information sources required by first responders (e.g., medical, environmental, and transportation personnel).
As stated in the "Introduction To The National Information Exchange Model" (February, 2007) (28 pp. PDF) the vision for NIEM is to be the "standard of choice for intergovernmental information exchange" to enhance the quality of governmental decision making, promoting accelerated information exchange design and development and achieving greater return on investment, reducing risk in development efforts by having common exchange standards, tools, processes and methodologies, and improving public safety and homeland security by enabling real-time, secure, enterprise-wide information sharing."
- Find out more about "Best of NEIM" (projects around the country using NIEM receiving special recognition) and training on NIEM.
In addition, Chapter 2 ("Understanding Contemporary Intelligence for Law Enforcement Organizations: Concepts and Definitions") includes a warning about liability for violation of civil rights in the use of National Security Information (NSI), pointing out that officer(s) and the chain of command could be liable under 42 USC 1983 for the mishandling of such information.