• Home

  • Documents

  • United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A...
13
United States Department of Justice www.it.ojp.gov/global Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg, Chair, Global Technical Privacy Task Team and Dr. Alan Harbitter, IJIS Institute 10/31/2007

United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

Embed Size (px)

Citation preview

Page 1: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Implementing Privacy Policy in Justice Information Sharing:

A Technical Framework

John Ruegg, Chair, Global Technical Privacy Task Teamand

Dr. Alan Harbitter, IJIS Institute

10/31/2007

Page 2: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Topics• Approach Overview• Privacy Policy Technical Framework and

Components• Applying the Framework to a Simple Use Case• Implementing the Framework• Task Progress Summary

Page 3: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Underlying Principles and Assumptions• Do not invent new technology• Focus on the domain-specific components required for

interoperability (e.g., standards, specific metadata)• For now, focus on access rather than collection• Assume that there is a written policy in place• Briefly, we are going to

– Identify technologies to translate written privacy policy in machine-readable form

– Define the pieces necessary to link justice information systems to that policy

Page 4: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

Technical Framework

Audittrail

Environmentalconditions

Written policy

Obligations

Actions: release, modify, access, delete, …

Response

message

Content metadata

Electronic policy

statements (dynamic, federated)

PEP

PDP

Request

message

Identitycredentials

PEP: Policy Enforcement PointPDP: Policy Decision Point

Page 5: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Example Electronic Privacy Policy Rule

• Specific to justice applications– Allow (oc) law enforcement ORIs (uc) to perform

Updates (a) on criminal history records (dc) under the condition where the ORI is the record owner (c) for criminal history reporting (p) requiring logging of actions (o)

uc: User categoriesa: Actionsdc: Data categoriesc: Conditionsp: Purposeso: ObligationsOc: Outcome

Page 6: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

Simple Use Case: A Cross-Jurisdictional Traffic Stop

Page 7: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Implementation Cost Considerations• Balance cost, risk, and complexity

– Human MOU with no technical implementation standards

– Low-hanging fruit such as encryption of portable media (memory sticks, laptops, etc.)

– Larger investment and support required for fine-grained than for coarse-grained authorization

Page 8: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

It’s Not All Technology • Training and outreach• Legal research of laws governing privacy and disclosure

requirements• Establishment of information stewards and policy decision makers

– Confidentiality of personal information– Appropriate Use Practices– Appropriate dissemination policy– Physical security measures– Procedural measures– Policy on portable devices/media – Separation of security administration roles

Page 9: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Global Tech Privacy Team Status Update • First draft report delivery—June 2007• Global Working Groups, GESC, and IJIS reviews—

July/August 2007 • Final draft—executive review and ready for release

in fall 2007• Follow-up and next steps—currently under

consideration by GAC GESC: Global Executive Steering CommitteeIJIS: Integrated Justice Information System Institute

Page 10: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Next Steps• Action items and assignments

– Privacy Policy Pilot Projects • Global Security Working Group (GSWG)• Global Privacy Information Quality Working Group (GPIQWG)

– Continued integration with Justice Reference Architecture (JRA)

• Global Infrastructure Standards Working Group (GISWG)

– Mature metadata and integrate with NIEM/GJXDM/GFIPM

• XML Structure Task Force (XSTF)

Page 11: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Recommendations• Adopt the Privacy Policy Technical Framework• Adopt the common set of standards and metadata

that are specific to the justice domain and aligned with current initiatives

• Develop a transition strategy for moving to enterprise electronic policy services

Page 12: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Questions?

Page 13: United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

GAC Recommendations1. Adopt Implementing Privacy Policy in Justice

Information Sharing: A Technical Framework2. Recommend as resource Implementing Privacy

Policy in Justice Information Sharing: A Technical Framework Executive Summary Flyer

3. Recommend as resource Global Federated Identity and Privilege Management Executive Summary Flyer


Privacy · Web view“Privacy Schmrivacy?” Drafting Privacy Policy in an Integrated Justice Environment (and why it’s important) by Wil Nagel Wil Nagel holds a Bachelor of Science

Privacy · Web view“Privacy Schmrivacy?” Drafting Privacy Policy in an Integrated Justice Environment (and why it’s important) by Wil Nagel Wil Nagel holds a Bachelor of Science

Documents
May 31, 2000 INSIGHT INSIGHT BEYOND BEYOND MEASURE MEASURE Prepared for: PRIVACY, TECHNOLOGY AND CRIMINAL JUSTICE INFORMATION Public Attitudes Toward

May 31, 2000 INSIGHT INSIGHT BEYOND BEYOND MEASURE MEASURE Prepared for: PRIVACY, TECHNOLOGY AND CRIMINAL JUSTICE INFORMATION Public Attitudes Toward

Documents
Establishing a Privacy Officer Function Within a Justice ... · role, since a privacy officer can play a proactive role in helping to prevent privacy-related problems and avoid further

Establishing a Privacy Officer Function Within a Justice ... · role, since a privacy officer can play a proactive role in helping to prevent privacy-related problems and avoid further

Documents
United States Department of Justice The goal : Enable justice information sharing and protect privacy

United States Department of Justice The goal : Enable justice information sharing and protect privacy

Documents
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice

Documents
Private Law, Public Justice: Another Look at Privacy

Private Law, Public Justice: Another Look at Privacy

Documents
Privacy And and Data Protection Issues Related …ec.europa.eu/justice/article-29/documentation/opinion... · “broad assessment of privacy threats” associated to the use of drones,

Privacy And and Data Protection Issues Related …ec.europa.eu/justice/article-29/documentation/opinion... · “broad assessment of privacy threats” associated to the use of drones,

Documents
DOCUMENT RESUXE ED 256 049 (l7 674 Ruegg, Rosalie T.(l7 674 AUTHOR Ruegg, Rosalie T. TITLE Economic Evaluation of Building Desi40, Construction, Operation and Maintenance. Seminar

DOCUMENT RESUXE ED 256 049 (l7 674 Ruegg, Rosalie T.(l7 674 AUTHOR Ruegg, Rosalie T. TITLE Economic Evaluation of Building Desi40, Construction, Operation and Maintenance. Seminar

Documents
The Value—and Limits—of Distributive Justice in Information Privacy Justice-Centered Approach... · 2018. 5. 1. · justice in information privacy. Information privacy is as much

The Value—and Limits—of Distributive Justice in Information Privacy Justice-Centered Approach... · 2018. 5. 1. · justice in information privacy. Information privacy is as much

Documents
ARIZONA PLAN for the - National Criminal Justice …ARIZONA PLAN for the SECURITY AND PRIVACY of CRIMINAL HISTORY RECORD INFORMATION Approved September 8, 1977 Arizona State Justice

ARIZONA PLAN for the - National Criminal Justice …ARIZONA PLAN for the SECURITY AND PRIVACY of CRIMINAL HISTORY RECORD INFORMATION Approved September 8, 1977 Arizona State Justice

Documents
Do the First Amendment and Social Justice Exist in Con ict ... · legislation, including criminal justice reform, immigration rights, LGBTQ rights, privacy and surveillance, voting

Do the First Amendment and Social Justice Exist in Con ict ... · legislation, including criminal justice reform, immigration rights, LGBTQ rights, privacy and surveillance, voting

Documents
Privacy Certificate and Confidentiality Requirements of ......U.S. Department of Justice Office of Justice Programs . National Institute of Justice . Washington, D.C. 20531 . PRIVACY

Privacy Certificate and Confidentiality Requirements of ......U.S. Department of Justice Office of Justice Programs . National Institute of Justice . Washington, D.C. 20531 . PRIVACY

Documents
United States Department of Justice Global Privacy and Information Quality Working Group Chairman Carl Wicklund

United States Department of Justice Global Privacy and Information Quality Working Group Chairman Carl Wicklund

Documents
DEPARTMENT OF JUSTICE Privacy Act of 1974 ... JUSTICE/OIG-006, facilitates OIG’s performance of this statutory responsibility by maintained records as part of a data analytics (DA)

DEPARTMENT OF JUSTICE Privacy Act of 1974 ... JUSTICE/OIG-006, facilitates OIG’s performance of this statutory responsibility by maintained records as part of a data analytics (DA)

Documents
Privacy engineering, CyLab privacy by design, privacy

Privacy engineering, CyLab privacy by design, privacy

Documents
The Politics of Privacy in the Criminal Justice System

The Politics of Privacy in the Criminal Justice System

Documents
Privacy, Civil Rights, and Civil Liberties Policy ... Privacy... · Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities

Privacy, Civil Rights, and Civil Liberties Policy ... Privacy... · Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities

Documents
NEW SOUTH WALES LAW REFORM COMMISSION’S OPEN JUSTICE ... · justice, the rights of victims and witnesses, privacy, confidentiality, public safety, the right to a fair trial, national

NEW SOUTH WALES LAW REFORM COMMISSION’S OPEN JUSTICE ... · justice, the rights of victims and witnesses, privacy, confidentiality, public safety, the right to a fair trial, national

Documents
DEPARTMENT OF JUSTICE, Defendant. AMERICAN … THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ELECTRONIC PRIVACY INFORMATION CENTER, Plaintiff, V. DEPARTMENT OF JUSTICE,

DEPARTMENT OF JUSTICE, Defendant. AMERICAN … THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ELECTRONIC PRIVACY INFORMATION CENTER, Plaintiff, V. DEPARTMENT OF JUSTICE,

Documents
The Data Privacy Act and the National Privacy Commission’s ...ateneolawjournal.com/Media/uploads/bf08448c6c2e1c744ea87966b4f53d56.pdf · See Justice K.S. Puttaswamy (Retd) v. Union

The Data Privacy Act and the National Privacy Commission’s ...ateneolawjournal.com/Media/uploads/bf08448c6c2e1c744ea87966b4f53d56.pdf · See Justice K.S. Puttaswamy (Retd) v. Union

Documents
Ruegg Catalogo Info Etechn e

Ruegg Catalogo Info Etechn e

Documents
Henri Ruegg and Mart´ı Ruiz-Altaba - arXiv

Henri Ruegg and Mart´ı Ruiz-Altaba - arXiv

Documents
The goal : Enable justice information sharing and protect privacy

The goal : Enable justice information sharing and protect privacy

Documents
Sharing Information to Improve Outcomes and Protect Privacy in the Juvenile Justice System

Sharing Information to Improve Outcomes and Protect Privacy in the Juvenile Justice System

Documents
Criminal Justice Information Policy - Privacy and Juvenile Justice … · 2012-01-20 · Legal and Social Records 0 0 • Segregation of Juvenile and Adult Records ... ACCESS AND

Criminal Justice Information Policy - Privacy and Juvenile Justice … · 2012-01-20 · Legal and Social Records 0 0 • Segregation of Juvenile and Adult Records ... ACCESS AND

Documents
Leveraging UBL for Developing Justice XML (GJXDM) Reference Documents John Ruegg County of Los Angeles Information Systems Advisory Body GJXDM User Conference

Leveraging UBL for Developing Justice XML (GJXDM) Reference Documents John Ruegg County of Los Angeles Information Systems Advisory Body GJXDM User Conference

Documents
Privacy: Understanding the Needs, Policy, and Approach Innovations in Justice: Information Sharing Strategies and Best Practices BJA Regional Information

Privacy: Understanding the Needs, Policy, and Approach Innovations in Justice: Information Sharing Strategies and Best Practices BJA Regional Information

Documents
GEOLOCATION TECHNOLOGY AND PRIVACY TECHNOLOGY AND PRIVACY HEARING ... KING-6430 with DISTILLER VerDate Nov 24 2008 09:40 Feb 16, ... In that case, Justice Alito

GEOLOCATION TECHNOLOGY AND PRIVACY TECHNOLOGY AND PRIVACY HEARING ... KING-6430 with DISTILLER VerDate Nov 24 2008 09:40 Feb 16, ... In that case, Justice Alito

Documents
United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February

United States Department of Justice Privacy for Practitioners—Real Case Studies Illustrating Privacy Policy Development and Impact Assessment February

Documents
RUEGG The Jonangpas.pdf

RUEGG The Jonangpas.pdf

Documents