SEARCH Lends Expertise to Two NGA Policy Academies

  Back  See more recent articles

SEARCH staff provided expertise and perspectives on identity theft and privacy policy development at two recent Policy Academy meetings convened by the National Governors Association (NGA) Center for Best Practices.

ID Theft Policy Academy
The first was the Policy Academy on Combating Identity Theft, held August 20-21, 2009, in Washington, D.C.

Funded by the National Institute of Justice (NIJ), U.S. Department of Justice, the identity theft Policy Academy convened representatives of law enforcement, public safety, financial, institutions, and the governor's offices of four states: Maryland, Michigan, Minnesota, and Ohio.

The goal of the academy is to begin to help states identify the scope of the issue, and develop policies and a strategic plan to more effectively combat identity theft, fraud, and identity-related crimes in general through the improved collection and use of information related to these crimes.

According to the NGA, "states will have the opportunity to consider strategies for improving how crime reports are collected from victims, how information is shared among law enforcement agencies and how disparate information across jurisdictions is aggregated and analyzed."

Kelly Peters Harbitter
At the invitation of the NGA, SEARCH Deputy Executive Director Kelly Peters Harbitter discussed criminal identity theft and a report SEARCH produced in 2005 on this issue, the Report of the BJS/SEARCH National Focus Group on Identity Theft Victimization and Criminal Record Repository Operations.

The NGA plans to hold follow-on identity theft workshops in each state.

Privacy Policy Academy
SEARCH's commitment to privacy policy development continued when staff participated in a two-day Policy Academy on Privacy Policy Development for Justice Information Sharing Programs, held August 24-25, 2009, in Washington, D.C.

NGA established the academy to help states develop or expand privacy policies for their integrated justice information sharing systems and strategies. Following a national solicitation, three projects were selected for NGA funding and assistance to support policy development (these are in the states of Alabama, Hawaii, and Illinois; Alabama's initiative includes participation by the states of Nebraska, Kansas, and Wyoming). The NGA meeting in Washington kicked off the policy development effort. This project is being supported by the Bureau of Justice Assistance, U.S. Department of Justice.

"A key objective of the Academy is to help these states create a seamless system to share justice information across agencies while adhering to privacy protections," said John Thomasian, director of the NGA Center for Best Practices. "The NGA Center will share the lessons learned from this effort with other states so they can apply certain aspects for their own privacy policy development."

The primary objective of a privacy policy is to publicly demonstrate how an agency intends to abide by existing laws while handling personally identifiable information (PII). Privacy policies should address how a justice entity intends to deal with gaps or vulnerabilities in existing laws.

SEARCH staff is providing technical assistance to the endeavor, in part by participating as faculty. At the privacy policy development Policy Academy, Deputy Executive Director Kelly Peters Harbitter discussed the Justice Information Exchange Model (JIEM®), which can be used to map an integrated IT system's information exchange points, including those involving the transmission and sharing of PII.

Such information, including name, address, identifying numbers, educational or medical history, physical characteristics and other data elements, can be used to uniquely identify an individual. The use of JIEM® to identify key points in an integrated information system during which PII is exchanged can greatly inform the privacy policy development process. She also discussed the Global Justice Information Sharing Initiative's Privacy Technical Framework and the enforcement of privacy rules through technology.

Eric Johnson
Also presenting at the academy was SEARCH Justice Information Services Specialist Eric Johnson, who provided information on the privacy impact assessment guide and tool  developed by SEARCH in association with BJA, and which figures prominently in the policy development efforts.

Both Peters and Johnson also participated in academy working sessions during which participating states identified policy development goals and devised timelines for achieving those goals.

The projects being funded through NGA are:
  • The Consortium for the Exchange of Criminal Justice Technology (CONNECT), which will begin with the exchange of driver's license data between the Alabama Criminal Justice Information Center, the Kansas Justice Information System, the Nebraska Crime Commission and the Wyoming Division of Criminal Investigation. CONNECT's "proof of concept" phase is nearing completion and members are seeking to provide data to sworn law enforcement personnel in each state. (Data is currently maintained on staging servers and available only to a handful of technical personnel in the participating states.)
  • Privacy policy development for the Hawaii Integrated Justice Information Sharing (HIJIS) initiative, which seeks to establish statewide information sharing that enables real-time access and automated data exchange throughout Hawaii's justice and public safety enterprises.
  • The development of a privacy policy section of the Illinois Integrated Justice Information System's (IIJIS) Scenario for Information Sharing in Illinois. A Privacy Policy Subcommittee of the IIJIS Implementation Board will address the lack of uniform rules that impacts officer safety information, Social Security Numbers, fingerprints, DNA profiles, medical information, expunged and sealed records, warrants and other data.

Based on information shared at the academy, NGA staff will refine goals and timelines for the participating projects, with policy development activities slated to begin in September 2009 and run through early 2010. A second academy will be convened then to review work products and to provide final comments and input.

The final privacy policies produced through the academy are to be provided by NGA as examples to the other states.