Document Sample
Privacy_Policy_for_Justice_Decisionmaker Powered By Docstoc
               E   N T OF
                                             Privacy, Civil Liberties, and

                                       Information Quality Policy Development
                                            for the Justice Decision Maker

                                                •	 In today’s information sharing            and other personnel responsible
                    Highlights                     environment, well-developed               for information management. The
                                                   privacy, civil liberties, and             team must have the power to both
                                                   information quality policies help         develop and analyze a plan and
•	 Since 9/11, virtually all agree that
                                                   an agency prevent problems.               then implement that plan. The plan
   enhanced justice information
                                                   Failure to develop, implement, and        must include input and review from
   exchange is critical. While
                                                   maintain such dynamic policies can        interested and/or affected persons
   pursuing a broadscale sharing
                                                   result in:                                outside of the agency.
   capability, decision makers within
   the justice and public safety                   ¤ Harm to individuals.
                                                   ¤ Public criticism.                    •	 Processes developed when most
   communities must vigorously                     ¤ Lawsuits and liability.                 records were on paper may not
   protect our constitutional privacy              ¤ Inconsistent actions within             translate well in the electronic and
   rights and civil liberties and ensure             agencies.                               digital age. A privacy, civil liberties,
   information quality and accuracy. In            ¤ Proliferation of agency databases
                                                                                             and information quality policy
   short: you need privacy, civil rights,            with inaccurate data.
                                                                                             development-and-review effort
   and information quality policies to             Each agency should evaluate and           will promote and facilitate modern
   guide your agency’s information                 strengthen privacy, civil liberties,      information management and
   sharing	efforts.	Difficult?	Yes.	               and information quality policies          help you remain in control of your
   Insurmountable?	No.	Many	good	                  to make them more relevant to             agency’s technologies.
   resources already exist to help                 twenty-first	century	technology.
   justice and public safety leaders                                                      •	 The process promoted here does
   make the best possible policy                •	 The	personally	identifiable	              not require you to “start from
   decisions for their information                 information maintained by agencies        scratch.” There are historical
   sharing practices. This document                —if handled inappropriately—can           and increasingly accepted “Fair
   serves as an additional tool.                   cause problems for those affected.        Information Principles” to guide
                                                   In worst cases, personal safety is        your agency’s efforts.
•	 Privacy, civil liberties, and                   jeopardized. These issues affect
   information quality policies protect            the whole justice community,           •	 This document introduces the
   your agency and make it easier                  including law enforcement,                framework for a systematic
   to do what is necessary—share                   prosecution, defense, courts,             consideration of privacy, civil
   information. Focus on these                     parole, probation, corrections,           liberties, and information quality
   policies will (1) strengthen public             and victim services, as well as           policies and practices within your
   confidence	in	your	agency’s	ability	            members of the public having              agency. A companion Privacy and
   to handle information appropriately,            contact with the justice system.          Civil Liberties Policy Development
   (2) strengthen support for your                                                           Guide and Implementation
   agency’s information management              •	 Success of policy improvement             Templates has been designed by
   efforts through developing                      efforts depends on appointing a           the U.S. Department of Justice’s
   technologies, and (3) ultimately                high-level member of your agency          (DOJ) Global Justice Information
   promote effective and responsible               to champion the initiative. That          Sharing Initiative (Global) Privacy
   sharing of information that                     person should assemble a policy           and Information Quality Working
   supports those fundamental                      development-and-review team of            Group to assist your team in
   concepts of the justice system we               agency stakeholders, including            its efforts to develop or revise
   embrace as Americans.                           managers, legal staff, system             agency privacy, civil liberties, and
                                                   operators, technical support staff,       information quality policies.

    Foreword: What’s in This for Me?

          ou would be hard-pressed to
          find	an	opposing	view:	justice	
          and public safety leaders—
          indeed, the American public—
want justice-related entities to do
a better job of sharing information
to promote the well-being of our
citizens and local neighborhoods and
to protect homeland security. With
the	continually	advancing	field	of	
technology, the technical capability to
solve information sharing challenges
now exists. If you can access your              Since 1998, the Bureau of Justice
bank account as easily in Duluth,               Assistance (BJA), DOJ, has supported
Minnesota,	as	you	can	in	Tokyo,	                a group of your peers to tackle these
Japan,	surely	an	officer	in	one	county	         exact concerns. DOJ’s Global Advisory
can share sex offender data with                Committee (GAC) addresses timely
a parole worker in the neighboring              justice-related information sharing
town. But justice leaders know all too          issues, such as questions of privacy
well the unfortunate truth—sharing              and information quality. What follows,
information is not a given. While               developed by the Global Privacy and
pursuing a critical, broadscale                 Information Quality Working Group, is a
justice information sharing capability,         sound	first	step	in	this	area:	a	blueprint	
decision makers must simultaneously             for initiating and completing a process
vigorously protect citizens’                    to ensure that your agency develops
constitutional rights. In short, privacy,       and maintains essential privacy, civil
civil liberties, and information quality        liberties, and information quality policies
policies are needed to guide agency             involving the collection, use, and
information sharing efforts. We may             dissemination of information. Additional
want our justice leaders to exchange            resources that address the range
information, but we want that sharing           of justice and public safety leaders’
to be appropriate, we want that                 information sharing challenges and
information to be accurate, and we              opportunities are included in “Global
demand safeguards be in place to                Resources for the Justice Decision
protect individual rights.                      Maker,”	concluding	this	document.

Many	good	resources	and	guidelines	
have been created to assist justice
leaders in making the best business
decisions for information sharing.

      Introduction                          protection are increasingly important.
                                            Additionally, information created or
Should you be concerned about               compiled by your agency must be
developing or reviewing your agency’s       accurate or it is of little value. When
privacy, civil liberties, and information   you share information with another
quality	policies?	Ask	yourself:             entity, there is the implicit expectation
                                            that the data you provide is accurate
1. Does my agency control,                  and that there are steps to ensure
   disclose, or provide access              information quality; likewise, you
   to information to persons                expect the same from other agencies
   or agencies outside of my                when receiving information. Promoting
   organization?                            information quality by internal
                                            safeguards and procedures helps to
2. Does my agency’s information             ensure the accuracy of the information
   system(s) contain data or                you handle.
   information connected to or
   shared with other information            Unless effective privacy, civil liberties,
   systems or agencies?                     and information quality safeguards           in that they relate to access to
                                            are being utilized at every level            records	instead	of	defining	privacy	
3. Does my agency collect, use, or
                                            of your agency’s information and             protections.2
   provide access to “personally
                                            data-handling operation, you may
   identifiable information”
                                            be exposing yourself and others to
   (information that identifies                                                          Using computers to share databases
                                            unacceptable risks from inaccurate
   individuals by reason of the                                                          and cross-reference digital information
                                            information or problems caused by
   content)?                                                                             has heightened privacy and information
                                            failing to honor essential protection
                                                                                         quality	concerns.	Yet,	as	a	practical	
4. Does my agency have a stake in           expectations. When agencies
                                                                                         matter, privacy, civil liberties, and
   the accuracy of the information          collectively maintain appropriate
                                                                                         information quality policies and
   it manages?                              levels of attention to privacy, civil
                                                                                         procedures affect every aspect of an
                                            liberties, and information quality, the
A “yes” to any of the above questions                                                    agency’s work, not just technology
                                            sharing of information is facilitated in a
suggests that your agency should                                                         and operations. These concerns
                                            responsible and effective manner.
make it a priority to review privacy,                                                    involve agency policy aspects, legal
civil liberties, and information quality                                                 considerations, public relations, and
                                            Having a “security policy” related to        interagency relationships. It is essential
practices. Government policymakers          data or information is not enough.
and agency heads must take action to                                                     that agency leaders demonstrate an
                                            Security policies alone do not               appreciation of the importance of these
cause that review to occur.                 adequately address the privacy, civil        issues	by	appointing	an	influential	
                                            liberties, and information quality issues    member of agency management to
Increasingly, the sharing of information    contemplated in this discussion.
is key to agency success in the                                                          champion the policy development
                                            Although privacy and security                initiatives proposed herein. Because
twenty-first	century.		The	ease	of	         both relate to handling data and
sharing information promoted by new                                                      adoption of a privacy and civil liberties
                                            information—and are both essential to        policy may require a change in an
technologies and the vital importance       justice-related information sharing1—
of ensuring that information is                                                          agency’s procedures, it may require a
                                            they have different implications and         corresponding shift in agency “mind-
accurate make the case for privacy,         considerations. “Security” relates to
civil liberties, and information quality                                                 set.” The involvement of a high-level
                                            how an organization protects                 member of the administration will help
policies that are essential to any          information during and after collection.
agency’s information operations.                                                         ensure that the necessary changes are
                                            “Privacy” addresses why and how              accepted and implemented.
With the growth in the assimilation,        information is collected, handled,
utilization, and sharing of personally      and disclosed and is concerned
identifiable information—information                                                     As a justice or public safety leader,
                                            with providing reasonable quality
that can be linked to individuals—that                                                   if you are still unsure about the
                                            control regarding that information.
has come with modern technologies,                                                       fundamental importance of privacy,
                                            Considering the breadth of the issue,
effective measures to ensure                                                             civil liberties, and information quality
                                            some existing “privacy policies”
appropriate levels of privacy                                                            safeguards, picture your agency in the
                                            may fail to address these concerns
                                                                                         following scenarios.
                                             within the law enforcement system,
  Case Studies: Are                          he was unable to reverse—or even
                                             stem—the continuing damage caused
                                                                                         Moving From
Privacy, Civil Liberties,                    by the mistake. The false information     Concept to Action
                                             was contained in data sold to private
   and Information                           information vendors that was, in turn,    The case for maintaining effective
  Quality an Issue?                          distributed nationally. There was no
                                             way to trace all disseminations of the
                                                                                       policies related to privacy, civil
                                                                                       liberties, and information quality has
In December 2002, former U.S. Drug           erroneous information. At any time, the   been	made.	Now,	how	should	an	
Enforcement Administration agent             erroneous information can resurface       agency	respond?	By	ensuring	that	it	
Emilio Calatayud was sentenced to            to falsely attribute this man with a      has in place appropriate and relevant
prison	and	fined	on	charges	related	to	      criminal history record.                  policies addressing the management
his use of protected law enforcement                                                   of information. The following is a
computer systems and databases.               Ensuring the accuracy of data your       blueprint for agency action.
He obtained information from these            agency creates, compiles, and
protected systems, which he then              distributes is crucial. Failure to do    Start Right: Assign the Task to
provided to a Los Angeles private             so can have severe impact on the
                                              lives of innocent people.
                                                                                          an Influential Member—
investigation	firm	in	return	for	at	least	
$22,500 in secret payments.                                                            The development of privacy policies
                                             Recently, the Texas Department of         must be assigned to someone with
 Ensuring that those within your             Public Safety proposed incorporating      the ability to “stick to the task” and
 agency honor privacy restrictions is        facial recognition biometrics into its    remain focused on what needs to be
 essential. They cannot honor that           driver’s license photograph database      done. Unless the person assigned this
 which is not clearly defined and            to help stop the issuance of licenses     task is recognized as having a high
 articulated.                                to those using deception or fraud.        level	of	authority,	it	may	be	difficult	
                                             The proposal passed with little debate    to obtain acceptance of the efforts
A private investigator hired by an           in the Texas Senate but came to           made. This project manager should
obsessed fan was able to obtain              an abrupt halt in the Texas House         be a person who has the power to
the	address	of	television	and	film	          of Representatives. Privacy-related       enlist the assistance of others within
star Rebecca Schaeffer through her           concerns about the use of new             the organization to undertake the
California motor vehicle records. The        technology, raised by the American        analysis and implement the efforts
fan used this information to stalk and       Civil Liberties Union (ACLU) and          needed to systematically develop the
to kill Schaeffer. The Driver’s Privacy      others, led to a lopsided defeat of the   policies and procedures. The project
Protection Act (Public Law 103-322)          proposal. Concerns about what the         manager should be a person who can
was passed in 1994 in reaction to            system “might” do overshadowed the        directly report to chief policymakers
this stalking death, enhancing the           value of what it was intended to do.      and chief administrators, while at the
privacy protections for driver’s license                                               same time holding others accountable
information.                                                                           for their efforts, in order to ensure
                                              Ensuring that controls are in place
                                                                                       that the project remains on task. The
                                              for how information is used in your
 Having good information quality,                                                      project manager must be able to build
                                              agency will assist your agency
 civil liberties, and privacy controls                                                 an effective project team to make
                                              in justifying new initiatives and
 in place will help to reduce the                                                      the effort successful in a reasonable
                                              answering concerns about potential
 possibility of agency criticism and                                                   length of time.
                                              abuses of information.
 can help defer criticisms when they
 occur.                                      These case studies highlight the
                                             importance of addressing privacy
An Ohio man’s social security number         concerns when collecting, using, and
was accidentally associated with             disseminating personally identifiable
another individual’s criminal history        information. Privacy and information
record. After losing his job, home,          quality are issues that must be
and family, the man became aware of          addressed within every agency in the
the mistake within a law enforcement         criminal justice system.
information system. While the man
was able to have the data corrected

                                           or death for victims of domestic
  Have a Good Foundation:                  violence and other crimes.
  Establish a Project Team—
                                           Once the policy objectives
A project team should include              are developed, the agency’s
stakeholders from within the agency        top policy leaders (e.g., key
who are affected by privacy, civil         legislators, executive branch
liberties, and information quality         heads, court administrators, or
issues. A typical team will include        chief judges/justices) should be
technical staff familiar with system       given an opportunity to endorse
development and operation; those who       the objectives. With this agency
use the system(s) regularly in their       buy-in of broad objectives and
work; agency legal staff; persons able     goals, actual policy development
to craft policy language in a manner       or revision can begin. Decisions           oppose, or support your policy
consistent with agency formats and         should reasonably balance                  efforts may help you identify and
expectations; and others having a          efforts to protect individual rights       address issues more effectively.
key role in the agency’s collection,       against the overall public safety          Involvement in the process
maintenance, use, dissemination, and       mission of the agency and justice          that leads to a sense of policy
retention of information.                  system. The risks inherent in any          “ownership” promotes the overall
                                           determination should be carefully          integrity of the initiative.
  Use a Systematic Approach:               evaluated and considered.
     Begin the Efforts—                                                            • Identify Applicable Laws and
                                         • Capitalize Upon the Value of              Regulations: An essential early
• Recognize the Stakes:                    External Input: An important               task	is	the	review	and	identification	
   Implementation of new                   early step in the development or           of all relevant privacy laws and
   technologies may promote                revision efforts is to seek outside        regulations. Every agency should
   cost	savings	and	efficiency	yet	        input from legislators, community          be mindful of legal and regulatory
   still prompt privacy concerns           advocates, victims’ advocates,             obligations or restrictions
   and objections. Unaddressed             media representatives, privacy             applicable to agency operations.
   privacy issues can overwhelm            advocates, commercial information          Privacy impact assessments may
   the	arguments	of	benefits	and	          services sector members,                   be required by law or regulation.
   cost savings in support of new          representatives of agencies with           Major	policy	issues—such	as	
   technologies. If policymakers and       whom you share information, and            those related to public access
   the public are not comfortable with     citizens or other interested parties.      to information, disclosure of
   an agency’s ability to responsibly      Broad stakeholder input will help          information solely at agency
   handle information, the concerns        define	the	focus	of	your	efforts,	         initiative, protection of sensitive
   and fears expressed by even a few       provide innovative ideas, and              or	confidential	information,	and	
   opponents can lead to rejection of      support	final	decisions	and	plans.	        public	notification	laws—need	to	
   sensible initiatives.                   You	should	invite	input	from	those	        be considered. Provisions of law or
                                           who will use the information your
• Define Broad Objectives and              agency maintains, as well as from
                                                                                      rule will need to be interpreted and
  Risks: Early in the process,             those who may be critical of your
                                                                                      applied to agency actions. This
   in considering the agency’s                                                        may	be	one	of	the	more	difficult	
                                           agency’s efforts.                          steps in the overall effort, since
   mission and the substance of its
   initial efforts, the team should        The input of these “outside                there are a myriad of laws and
   develop broad policy objectives         sources” can help the project team         regulations that affect information
   and determine the risks to both         obtain a balanced perspective              management and privacy. Some
   public safety and protection of         and become aware of areas or               states and other jurisdictions
   individual rights. Do not forget        concerns that might otherwise              now have chief privacy and civil
   to include analysis of victims’         be overlooked. Opposition to               liberties	officers	who	may	provide	
   issues	when	defining	risks.	Victim-     or support for initiatives can             assistance in these efforts.
   related information requires            come from unexpected places;            • Analyze Your Information
   careful privacy and civil liberties     therefore, including sources              Flow and Processes:3 Having
   policy consideration; violations of     in the information-gathering               a comprehensive understanding
   personal privacy may mean life          stage that are likely to criticize,        of	the	flow	of	information	and	

  information processes within your       2. Limit the collection of personal
  agency is essential. Creating “data        information to that required for the
                                             purposes intended. (“Collection
  and	information	flowcharts”	that	
                                             Limitation Principle”)
  identify key points when privacy
  issues are implicated will assist       3. Ensure data accuracy. (“Data
                                             Quality Principle”)
  in gaining that understanding.
  Determine when privacy, civil           4. Ensure appropriate limits
  liberties, or information quality          on agency use of personal
                                             information. (“Use Limitation
  issues are implicated by the               Principle”)
  collection, use, or dissemination                                                   training plan should take into
                                          5. Maintain	effective	security	over	
  of personal information. To the                                                     account the role and duties of
                                             personal information. (“Security
  extent possible, your agency               Safeguards Principle”)                   those	being	trained.	Methods	
  should create audit logs or trails                                                  of holding agency members
                                          6. Promote a general policy of
  to track what personal information                                                  accountable for abiding by the
                                             openness about agency practices
  is being accessed and by whom.             and policies regarding personal          policies	should	be	identified	and	
  When an agency shares or obtains           information. (“Openness Principle”)      incorporated into training. For
  information with others outside the                                                 example, unauthorized access to
                                          7. Allow individuals reasonable
  agency, a separate analysis of that        access and opportunity to correct        an agency’s data or information
  data	and	information	flow	should	          errors in their personal information     by an agency member may form
  be completed. Any comprehensive            held by the agency. (“Individual
                                             Participation Principle”)
                                                                                      the basis for internal discipline
  privacy and civil liberties or                                                      but may also constitute a criminal
  information quality policy must         8. Identify, train, and hold agency         violation of state law. The
  address	the	key	points	in	the	flow	        personnel accountable for
                                             adhering to agency information           ramifications	of	violations	should	
  of information.                                                                     be	clearly	identified	in	agency	
                                             quality and privacy policies.
• Apply “Fair Information                    (“Accountability Principle”)             training. Agency personnel should
  Principles” Guidelines: Any                                                         be routinely required to engage in
                                          Each agency must evaluate the
  review of privacy and information                                                   “refresher training.”
                                          applicability and appropriateness
  quality principles should consider      of these FIPs in the context of           • Test and Evaluate:        Finally,
  what are referred to as “Fair           its mission and responsibilities.           once implemented, the developed
  Information Principles,” or FIPs.       The FIPs provide a framework                policy should be tested to
  These eight basic FIPs were             for a systematic review of privacy          determine whether it truly results
  developed and formalized in the         and information quality policies            in the anticipated protections. A
  early 1980s to address issues           and practices. They help agency             programmed review of the results
  related to the commercial use and       leaders to understand which                 of the policy implementation,
  sharing	of	personally	identifiable	     information quality and privacy             including a planned feedback
  information. Although the FIP           protection efforts are important            mechanism, should be factored
  guidelines are over 20 years            and needed. However, the FIPs               into the policy itself. Each policy
  old and were developed in a             are guidelines, not absolutes. For          should be reviewed on a regular
  commercial context, they still          example, some agencies may                  basis to ensure it continues to
  constitute the basis upon which         need to ensure that articulation            address changes in the law, as
  sound information quality and           and policy implementation of the            well as current agency practices.
  privacy policies can be developed.      “Use Limitation Principle” do not           In addition, the review should
  Since the FIPs are well known and       unduly restrict the agency’s use            include analysis of technological
  widely accepted, outside interests      of information. The eight FIPs are          advancements that may enhance
  reviewing your policies are likely      summarized at the end of this               implementation of the policy. One
  to use them when providing input        document.                                   method of ensuring such review is
  or voicing criticism. The FIPs are                                                  to “sunset” the policy on a certain
  designed to:                          • Implement, Train, and Hold                  future date, requiring the policy to
                                          Accountable: The team should                be reviewed and renewed prior to
   1. Define	agency	purposes	for	
                                          develop a training plan that will
      information to help ensure                                                      its expiration.
      agency uses of information          reach all within the agency who will
      are appropriate. (“Purpose          be responsible for implementing
      Specification	Principle”)           or abiding by the policies. The

                                                                                               Fair Information Principles
Modern	information	management	realities	
demand that agencies develop and implement
                                                                                           1. Purpose Specification Principle
                                                                                               Identify the purposes for which all personal
comprehensive privacy, civil liberties, and
                                                                                               information is collected, and keep subsequent use of
information quality policies, incorporating good
                                                                                               the information in conformance with such purposes.
information	practices	and	design	principles.	Many	
agencies have few (if any) policies in place, while
others may be dealing with privacy, civil liberties, and                                   2. Collection Limitation Principle
information quality issues on a case-by-case basis. A                                          Review how personal information is collected to
systematic, developmental approach will ensure that                                            ensure it is collected lawfully and with appropriate
issues and concerns are addressed before individual                                            authority, and guard against the unnecessary, illegal,
harm occurs or practices become a matter of agency                                             or unauthorized compilation of personal information.
or administrator embarrassment, criticism, or liability.
                                                                                           3. Data Quality Principle
By initiating the development of comprehensive                                                 Implement safeguards to ensure information is
policies in a systematic manner, policymakers                                                  accurate, complete, and current, and provide
and chief administrators can help ensure that                                                  methods to correct information discovered to be
their operations reasonably and fairly address                                                                        	
                                                                                               deficient	or	erroneous.	
protection and information quality concerns. The
careful selection of a high-level project manager                                          4. Use Limitation Principle
and implementation of a balanced project team                                                  Limit use and disclosure of information to the
approach	will	significantly	enhance	the	opportunity	                                           purposes	stated	in	the	purpose	specification,	and	
for the effort to be successful. Use of generally                                              implement realistic and workable information-
recognized FIPs to structure the policy development                                            retention obligations.
will facilitate the overall effort.
                                                                                           5. Security Safeguards Principle
To assist those assigned the responsibility of                                                 Assess the risk of loss or unauthorized access to
implementing the approach suggested here, a                                                    information in your systems, and ensure ongoing
Privacy and Civil Liberties Policy Development                                                 use conforms to use limitations.
Guide and Implementation Templates has
been developed to better outline the process and
provide access to supplementary resources. These                                           6. Openness Principle
additional tools facilitate actual policy development                                          Provide reasonable notice about how information
and the review of these efforts. The Guide is                                                  is collected, maintained, and disseminated by your
designed to help those in charge handle their                                                  agency, and describe how the public can access
important	privacy-related	activities	efficiently	and	                                          information as allowed by law or policy.
effectively. For more information, refer to http://it.ojp.
gov/documents/Privacy_Guide_Final.pdf.                                                     7. Individual Participation Principle
                                                                                               Allow affected individuals access to information
                                   Footnotes                                                   related to them in a manner consistent with the
1 DOJ’s Global Advisory Committee has formed working groups to handle both                     agency mission and when such access would
information sharing “security” and “privacy” issues. Please see “Global Resources for
the Justice Decision Maker” at the end of this document for further information.               otherwise not compromise an investigation, case,
2 Many agencies have what is labeled a “privacy policy.” In reality, many of these
                                                                                               court proceeding, or agency purpose and mission.
policies simply address the process by which outside entities obtain information from
the agency under the federal Freedom of Information Act or the local “public records
access” equivalent. While having a policy that defines information disclosure under
applicable public records law is an aspect of a systematic approach to privacy and
                                                                                           8. Accountability Principle
data management, such a policy does not address the issues and concerns that are
the focus here. Such a policy is a step in the right direction but does not complete the
                                                                                               Have a formal means of oversight to ensure the
journey.                                                                                       privacy and information quality policies and the
3 SEARCH, The National Consortium for Justice Information and Statistics                       design principles contained therein are being
(with funding from the Bureau of Justice Assistance) has done extensive work with
the Justice Information Exchange Model (JIEM) Project to facilitate the charting of            honored by agency personnel.
your information flow. Information about the JIEM Project, including project documents
and training opportunities, is available at

             Global Resources for the Justice Decision Maker
                                                                                          •	 The Global Justice Extensible Markup
     About Global
                                                                                             Language (XML) Data Model (Global JXDM)—
     The U.S. Department of Justice’s (DOJ) Global Justice                                   What	began	in	March	2001	as	a	reconciliation	of	
     Information Sharing Initiative (Global) serves as a                                     data	definitions	evolved	into	a	broad	endeavor	
     Federal Advisory Committee to the U.S. Attorney                                         to	develop	an	XML-based	framework	to	enable	
     General on critical justice information sharing                                         the entire justice and public safety community
     initiatives. Global promotes standards-based electronic                                 to effectively share information at all levels of
     information exchange to provide justice and public                                      government—laying the foundation for local, state,
     safety communities with timely, accurate, complete,                                     tribal, and federal justice interoperability.
     and accessible information in a secure and trusted
     environment. Global is administered by the                                           •       Applying Security Practices to Justice
     U.S.	Department	of	Justice,	Office	of	Justice	                                               Information Sharing is	a	field	compendium	of	
     Programs, Bureau of Justice Assistance.                                                      current best practices and successful models for
                                                                                                  justice-related information technology (IT) security.
     Since 1998, DOJ’s Global Advisory Committee                                                  The publication covers key IT security topics from
     (GAC or “Committee”) has concentrated its diverse                                            detection and recovery to prevention and support.
     expertise on challenges to and opportunities for                                     •	 The Justice Standards Clearinghouse for
     justice	and	public	safety	data	exchange.	Members	                                       Information Sharing is a Web-based standards
     of this Federal Advisory Committee actively pursue                                      clearinghouse promoting a central resource of
     broadscale information sharing, communicating their                                     information	sharing	standards	and	specifications	
     recommendations directly to the nation’s leading                                        that have been developed and/or implemented
     justice	official—the	U.S.	Attorney	General.		                                           across the nation.

     Being intimately acquainted with practitioners’                                      •	 The OJP IT Initiatives/Global Justice
     demands, GAC representatives are particularly                                           Information Sharing Initiative Web site is a
     gratified	to	support	the	development	and	distribution	                                  comprehensive “one-stop shop” developed for
     of	resources	for	those	in	the	field—they,	too,	are	                                     interested justice and public safety practitioners
     producers, consumers, and administrators of the same                                    at all levels of government and all stages of the
     crucial justice-related data.                                                           information sharing process. In addition to housing
                                                                                             the resources outlined above, topics include:
     Privacy, Civil Liberties, and Information Quality                                            ¤ GAC publications, minutes, presentations, and
     concerns compose one objective of Global’s                                                     announcements.
                                                                                                  ¤ Featured information sharing initiatives and
     overarching mission. Intelligence, Infrastructure/                                             organizations.
     Standards, and Security solutions are also necessary                                         ¤ Computer system information exchange processes.
     to drive justice information sharing forward. To that                                        ¤ New	policy	and	technology	developments.
     end, GAC’s advice and counsel have yielded the                                               ¤ Model	information	sharing	systems.
     following	resources	to	help	justice	officials	make	the	                                      ¤ Information sharing “lessons learned.”
                                                                                                  ¤ Promising practices.
     best business decisions possible:                                                            ¤ Peer-to-peer networking.
                                                                                                  ¤ Events calendar.
     •	 The National Criminal Intelligence Sharing Plan                                           ¤ Latest justice IT news.
        (Plan) provides a cohesive vision and practical
                                                                                          For updates and access to all above resources,
        solutions to improve law enforcement’s ability to
                                                                                          visit To speak with someone
        detect	threats	and	protect	communities.	The	office	
                                                                                          about DOJ’s Global Initiative or GAC events—including
        of the U.S. Attorney General has endorsed the Plan
                                                                                          biannual GAC meetings open to the public—or obtain
        and is committed to making the resources available
                                                                                          hard copy documents, please call Global staff at
        to carry out its goals.
                                                                                          (850) 385-0600, extension 285.

                                        This project was supported by Grant No. 2005-NC-BX-K164 awarded by the Bureau of Justice Assistance, in collaboration
rev. 02/08                              with the U.S. Department of Justice’s Global Justice Information Sharing Initiative. The Bureau of Justice Assistance is a
                                        component of the Office of Justice Programs, which also includes the Bureau of Justice Statistics, the National Institute of Justice,

                                        the Office of Juvenile Justice and Delinquency Prevention, and the Office for Victims of Crime. Points of view or opinions in this
                                        document are those of the author and do not represent the official position or policies of the U.S. Department of Justice.