United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

The goal: Enable justice information sharing and protect privacy

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

What is the rhinoceros in the information sharing living room?• Is it security?

• Is it quality of data?

• Is it privacy?

• Is it disclosure? OR is it ----

• All of the above

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

How do we go for the goal?

• You need privacy and information quality policies to guide your agency’s and organization information sharing efforts.

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Privacy and Information Quality Policies:• protect your agency and organization and make it easier to do what is

necessary --- share information;

• help your agency and organization prevent problems;

• are developed to address concerns and directly impact the whole community;

• succeed when someone champions the initiative;

• were developed for the most part when records were on paper – may not translate well in the electronic and digital age.

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Should you be concerned about developing or reviewing your agency’s privacy and

information quality policies?

Take the Quiz!

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Does your agency or organization control, disclose, or provide access to information to persons or agencies outside of your organization?

Does your agency’s information systems(s) contain data or information connected to or shared with other information systems or agencies?

Does your agency or organization collect, use, or provide access to “personally identifiable information” – information that can be linked to individuals?

Does your agency or organization have a stake in the accuracy of the information it manages?

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

If yes, what now?

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Privacy Technology Focus Group -November 2005-Phoenix, AZ

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

The challenge for focus group members:

• Identify the most important issues in privacy policy and technology.

• Narrow the focus to areas that can be addressed within the given timeframe.

• Outline tangible, targeted technology solutions.• Develop specific recommendations for action.

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

The focus areas of the group:

• Access and Authentication

• Data Aggregation and Dissemination

• Identity Theft

• Personal Safety and Protection

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Global Security Working Group

(GSWG)

Global Privacy and Information Quality

Working Group(GPIQWG)

Global Infrastructure/Standards

Working Group(GISWG)

What happens next?

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

• Develop standard elements/components for (access the authentication) interoperability. (Recommendation 1)

• Define technical requirements associated with the Federal Identity (ID) Management and Service-Oriented Architecture (SOA). (Recommendation 2)

• Create a matrix defining roles and associated services as a model to develop business rules and standards related to data content and messaging architecture. (Recommendation 5)

Global Security Working Group(GSWG)

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

• Prepare a policy paper on data anonymization and its value for privacy protection. (Recommendation 8)

• Develop a strategic plan for use of anonymization in justice, public safety, and homeland security efforts to protect privacy while enhancing information sharing. (Recommendation 9)

• Request that the Global Justice Information Sharing Initiative support development of standards for audit functions. (Recommendation 10)

Global Privacy and Information Quality Working Group

(GPIQWG)

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

• Determine mechanisms to ensure persistence of metadata throughout transfer, aggregation, and dissemination of data.

Global Infrastructure/Standards Working Group

(GISWG)

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Global Technical Privacy Task Team

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

Deliverables for the (GSWG) Technical Privacy Task Team

• Propose actual metadata standards, as required.

• Propose any required business rules, and attempt to simplify privacy business rules across the JRA (Justice Reference Architecture) services.

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

What about that rhinoceros in Information Sharing’s living room?

• Inappropriate disclosure of data raises many concerns:– Legal jeopardy– Privacy infringement– Compromise of operational

confidentiality, and– Public policy repercussions

United StatesDepartment of Justice

www.it.ojp.gov/globalwww.it.ojp.gov/global

One solution – Cascading Disclosure Control Language - CDCL