Geared toward the justice practitioner charged with developing or revising an agency's privacy and civil liberties policy, the Privacy and Civil Liberties Policy Development Guide and Implementation Templates is a practical, hands-on resource that supports analysis of privacy and civil liberties protection requirements for information sharing environments. Its purpose is to provide guidance for developing agency policy that will articulate agency privacy and civil liberties obligations and support information sharing, as well as protect privacy and information quality interests. Basic guidance and information are provided for each step of the policy development process with resource lists and Web links to more in-depth information on specific subjects.
The Guide begins by providing an overview and definition of a privacy and civil liberties policy, then progresses through planning, developing a project team, and drafting guidance statements (for example, vision, mission, and values statements, as well as goals and objectives). Using this document is the next logical step for those justice entities that are ready to move beyond awareness into the actual policy. The Guide identifies certain common issues to be addressed and suggests approaches for issue resolution. It walks a project team through the steps of determining what specific information a justice entity collects, uses, and disseminates during the course of routine justice operations and assists in the identification of what laws control the collection and sharing of that information.
The authors of this Guide assume the following:
- The justice system entity has, at best, a strategic plan but, at a minimum, has a mission statement and guiding principles.
- The privacy and civil liberties policy development process cannot be successfully completed by one individual but should use others, such as a project team or borrowed resources, to assist in the policy development.
- There exists (or can be generated) high-level interest and support among the agency's senior managers in developing a privacy and civil liberties policy.
- There is or will be specifically assigned responsibility for the development of the privacy and civil liberties policy.
- An information sharing system includes not only the mechanism for sharing information (whether electronic, paper, or verbal) but also the governing policies, procedures, and customs.
- There are probably few, if any, clearly identified resources allocated specifically for privacy and civil liberties policy development.
What Is Privacy?
The term "privacy" refers to individuals’ interests in preventing the inappropriate collection, use, and release of personally identifiable information. Privacy interests include privacy of personal behavior, privacy of personal communications, and privacy of personal data.
Other definitions of privacy include the capacity to be physically alone (solitude); to be free from physical interference, threat, or unwanted touching (assault, battery); or to avoid being seen or overheard in particular contexts.
What Is Personally Identifiable Information?
Personally identifiable information is one or more pieces of information that when considered together or when considered in the context of how it is presented or how it is gathered is sufficient to specify a unique individual. The pieces of information can be personal characteristics, a unique set of numbers or characters assigned to a specific individual, descriptions of events or points in time, and descriptions of locations or places.
What Are Civil Liberties?
Civil liberties are fundamental individual rights or freedoms, such as freedom of speech, press, assembly, or religion; the right to due process, to fair trial, and to privacy; and other limitations on the power of the government to restrain or dictate the actions of individuals. They are the freedoms that are guaranteed by the Bill of Rights—the first ten Amendments to the Constitution of the United States. Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference. Generally, the term “civil rights” involves positive (or affirmative) government action, while the term “civil liberties” involves restrictions on government.
What Is a Privacy and Civil Liberties Policy?
A privacy and civil liberties policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information that it gathers and uses in the normal course of business. The policy should include information relating to the processes of information collection, analysis, maintenance, dissemination, access, expungement, and disposition.
Privacy and civil liberties policies relate to the role of government and how government agencies conduct themselves. Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference in the conduct of their lives. The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy determinations that enable gathering and sharing of information to occur in a manner that protects personal privacy and civil liberties interests. A well-developed and implemented privacy and civil liberties policy uses justice entity resources wisely and effectively; protects the agency, the individual, and the public; and contributes to public trust and confidence that the justice system understands its role and promotes the rule of law.
Privacy, Information Quality, and Security
While privacy is related to and overlaps with information quality and security, each also has distinctly different issues that must be addressed and that may require separate and distinct solutions. As such, these topics merit separate attention and are addressed in related Global products.
Privacy and Security
A privacy and civil liberties policy is different from a security policy. A security policy alone may not adequately address the protection of personally identifiable information or the requirements of a privacy and civil liberties policy in their entirety. The Global Security Working Group (GSWG) has developed Applying Security Practices to Justice Information Sharing to address security practices.
Privacy and Information Quality
This Guide addresses the development of privacy and civil liberties policies to ensure proper gathering and sharing of accurate personally identifiable information. Justice entities must recognize that despite the implementation of an effective policy, damage and harm can still occur if the underlying information is deficient in quality.
Information quality can be defined as the accuracy and validity of the actual content of the data, data structure, and database/data repository design. The elements of information quality are accuracy, completeness, currency, reliability, and context/meaning. Refer to the Guide, Section 10: "Preface to Information Quality," for an overview of the privacy and information quality interplay and a list of useful resources.
Information Quality Guidance
An agency must address the intersection of information quality and security with privacy. DOJ's Global Privacy and Information Quality Working Group (GPIQWG) plans to develop and make available additional information quality resources in an ongoing commitment to improve the quality of information law enforcement and public safety officials rely on every day. The first resource in this series, entitled Information Quality: The Foundation for Justice Decision Making, is currently available and is described in Section 10.4.1.
Privacy Executive Overview
Geared toward the justice executive to engender awareness about privacy and civil liberties policy development, Privacy, Civil Liberties, and Information Quality Policy Development for the Justice Decision Maker is a high-level, easy-to-read booklet that makes the case for privacy and civil liberties policy development and underscores the imperativeness of leadership in promoting privacy and civil liberties issues within justice agencies. Developed by the Global Privacy and Information Quality Working Group (GPIQWG) and supported by the U.S. Department of Justice's (DOJ) Office of Justice Programs (OJP), this paper is an excellent primer and educational tool that applies settled privacy principles to justice information sharing systems, addresses applicable legal mandates, and makes recommendations on best practices to ensure privacy, civil liberties, and information quality protection.
Recognizing the need for tiered privacy policy-related material, GPIQWG members produced the two documents, Privacy and Civil Liberties Policy Development Guide and Implementation Templates and Privacy, Civil Liberties, and Information Quality Policy Development for the Justice Decision Maker, as companion resources that can be used in tandem or separately, depending on the audience.