What You Need to Know About Privacy, Civil Rights, and Civil Liberties Protections for Courts

Are your court personnel, procedures, and the personally identifiable information (PII) you exchange through court processes adequately covered by a privacy, civil rights, and civil liberties policy?  If not, privacy resources are available to help you develop and implement privacy protections.

Hon. Anthony Capizzi
Judge, Montgomery County Juvenile Court, Ohio

Why Does Your Court Need a Privacy Policy?

“Privacy” refers to individuals’ interests in preventing the inappropriate collection, use, and release of personally identifiable information (PII). A comprehensive privacy policy also addresses civil rights and liberties, which safeguard individual freedom and ensure equal treatment under the law. Thus, a privacy policy is a published statement that articulates clearly your court’s legal requirements and policies for gathering and sharing PII in a manner that protects privacy, civil rights, and civil liberties.

What you need to know

It is important to emphasize that not having a privacy policy can result in negative consequences for all concerned, such as tarnishing an individual’s reputation or causing personal or financial harm; prohibiting courts’ abilities to receive and share the information they need to conduct business; causing lawsuits; paying settlements or judgments; and losing public support and confidence.

Data and PII are among the most important tools judges use to fight crime and administer justice in their courtrooms. Having an accurate and complete picture of the case before me is not only crucial but absolutely necessary to make decisions and judgments in my everyday work as a juvenile court judge. Successful outcomes for the youth and families in my courtroom are predicated upon all of the stakeholders having appropriate access to accurate, timely information. These stakeholders include human-services caseworkers, treatment providers, law enforcement officials, schools, and health-care providers. A well-rounded privacy policy balances the need for this information with guidance on how to access and handle it in a way that protects the privacy, civil rights, and civil liberties of defendants, victims, and the community. It is also essential to train court personnel on the substance of the privacy policy and the issues that may arise in the gathering and handling of PII. Adhering to a good privacy policy is a vital expression of the court’s most fundamental duty: to uphold the Constitution.

If one surveyed the types of data submitted to courts every day and mapped that information to the applicable federal and state privacy laws, the complexity of regulation would seem overwhelming. Case files can contain highly sensitive information regarding finances, physical and mental health, substance abuse, and education, among other data. These files may affect the recovery of a struggling combat veteran, the civil liberties of a criminal defendant, or the survival of a domestic-violence victim. If protected information is erroneously disclosed, the stakes can be very high. Conversely, if vital information is not shared with court partners, then mutual objectives of protecting the community from crime, promoting compliance with the law, and maintaining transparency and accountability of public programs cannot be achieved. Ultimately, judicial officers and court staff need clear, up-to-date guidance about what information they can share, with whom, and under what conditions—key concepts that should be addressed in a well-drafted, comprehensive privacy policy.

What Resources Can Assist You?

A suite of privacy resources is already available, not only for courts but also for all areas of justice. These have been developed by the U.S. Department of Justice’s (DOJ) Global Justice Information Sharing Initiative (Global) and are specifically designed to support courts in all areas of privacy protections.

DOJ’s Global (www.it.ojp.gov/global) serves as a federal advisory committee advising the U.S. attorney general on justice-information-sharing-and-integration initiatives. Global develops resources to support justice entities in their efforts to develop and implement privacy, civil rights, and civil liberties protections. As a member of the National Council of Juvenile and Family Court Judges Board (one of 30 independent organizations making up Global’s advisory committee), I serve as the chair of Global’s Privacy and Information Quality Working Group. I have had the opportunity to apply the experiences of an elected juvenile court judge, who hears both dependency and delinquency cases that involve highly sensitive (and therefore regulated) information, to the development of many of the Global privacy resources described in this article.

The working group is a cross-functional, multidisciplinary body composed of state, local, tribal, and federal justice and privacy professionals covering critical topics such as intelligence, biometrics, information quality, privacy, civil rights, and civil liberties. In addition to expertise from practitioners from all areas of justice, Global’s privacy products were field-tested in courts, thereby providing a proven suite of products for developing and implementing privacy protections.

Global recognizes that state, local and tribal justice entities, including courts, come in all sizes with a variety of roles and varying degrees of resources. The following illustrates the flexible suite of products designed for every stage of an entity’s privacy program cycle:

  1. Educate and Raise Awareness
  2. Assess Agency Privacy Risks
  3. Develop the Privacy Policy
  4. Perform a Policy Evaluation
  5. Implement and Train
  6. Conduct an Annual Review
What you need to know

Stage 1: Educate and Raise Awareness

Court leaders and their information-sharing partners can benefit from awareness and information primers that familiarize them with the importance of having privacy, civil rights, and civil liberties protections. Securing executive-level commitment to the collaborative development of a privacy policy is an essential first step.

The Executive Summary for Justice Decision Makers: Privacy, Civil Rights, and Civil Liberties

Program Development primer is an awareness resource for justice executives, as well as an informational tool for training personnel. This easy-to-read flyer makes the case for privacy policy development and underscores the importance of promoting privacy protections within justice entities. It includes information on basic privacy concepts and steps to establish privacy protections through a privacy program cycle.

7 Steps to a Privacy, Civil Rights, and Civil Liberties Policy is designed for both justice executives and agency personnel, providing an overview of the seven practical tasks associated with the preparation, drafting, and implementation of privacy protections. It also includes an overview of the core concepts an entity should address in a privacy policy.

Stage 2: Assess Privacy Risks

A privacy impact assessment is a structured approach for internally investigating court information systems and information-sharing activities for understanding and documenting the potential risks should data be accessed or handled inappropriately.

A completed assessment provides leaders with the facts they need to address vulnerabilities (for example, the likelihood of inappropriate disclosure and the magnitude of harm from such a disclosure).

Global’s Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities provides a framework for assessing the privacy implications of information systems and information-sharing collaborations to enable the development and implementation of privacy policies. Privacy policies emerge as a result of the analysis performed during the PIA process.

Stage 3: Develop the Privacy Policy

Once a court has identified the data collection, storage, or sharing activities that pose the greatest privacy risks, the following Global resources offer practical guidance for developing a privacy policy.

The Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities is a practical, hands-on tool that provides sensible guidance for articulating privacy obligations in a manner that protects the justice agency, the individual, and the public. This guide provides a well-rounded approach to the planning, education, development, and implementation of privacy protections. Drafting tools, such as a model policy template (described next), a glossary, and federal legal citations, are included.

The Privacy, Civil Rights, and Civil Liberties Policy Development Template for State, Local, and Tribal Justice Entities assists agencies in drafting a privacy policy. Each section represents a fundamental component of a comprehensive policy that includes baseline provisions on information collection, information quality, collation and analysis, merging, access and disclosure, redress, security, retention and destruction, accountability and enforcement, and training, along with sample language for each provision. The suggested provisions should be incorporated into the agency’s general operational policies.

What you need to knowStage 4: Perform a Policy Evaluation

Stakeholders will benefit from evaluating the draft policy language to ensure that it adequately addresses the concepts of a comprehensive privacy policy. The following policy-evaluation tool can help court policy authors answer such questions as, “Have we omitted anything from the privacy policy?”

The Policy Review Checklist is a companion piece to the policy development template. This checklist serves as a self-assessment tool to evaluate whether the provisions contained within draft privacy policies have met all the core concepts recommended in the template. It can also be used during a periodic or annual policy review.

Stage 5: Implement and Train

Meeting the privacy educational needs of court personnel and the cultural needs of the community is essential. A substantial collection of implementation and training resources is available through the Global Privacy Resources Web portal, www.it.ojp.gov/privacy (including DVDs, self-paced training, and workshop opportunities).

These resources address three areas: the conversion of privacy policies into system language, the liaison of justice entities with the communities they serve, and the training of personnel.

Stage 6: Conduct an Annual Review

“There is nothing permanent except change,” said Heraclitus, and his ancient aphorism is certainly true in privacy protections. Justice regulatory environments and business processes are continually evolving. For this reason, a court should review privacy policies annually to ensure that appropriate changes are made in response to applicable laws, technology, the purposes and uses of the information systems, and public expectations. This will ensure that systems and individuals comply with the most current protections established in the court privacy policy.

The Policy Review Checklist is a helpful tool for this purpose.

Call to Action

All of the resources described in this article are available online at www.it.ojp.gov/privacy. Privacy technical assistance is also available in a wide variety of formats. To request privacy technical assistance or hard copies of Global Privacy Resources, please submit requests to global@iir.com.

Sharing PII to improve case management is achievable for courts. Courts are highly encouraged to use these valuable resources to ensure that privacy, civil rights, and civil liberties protections are in place for the information in their justice systems. Such protections will reduce risks to public safety, reduce legal liability of justice entities, and uphold a justice entity’s reputation—they are “the right thing to do.”