4. Compliance

1. Policy Development 2. Policy Implementation 3. Operations
4. Compliance
5. Oversight 6. Redress
7. Outreach 8. Coordination 9. SME
  10. Training  

Compliance Review

Under the Homeland Security Grant Program Requirements your fusion center is required to conduct a compliance review using the Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise (51pp | 4kb | PDF). In addition to an annual compliance review, you should conduct an annual audit on P/CRCL issues.

A compliance review measures the capacity of your fusion center in P/CRCL issues whereas an audit measures your fusion center's actual record on implementing your P/CRCL Policy. Both of these documents will assist in finding and filling gaps in P/CRCL protections and improving your program.

Data Quality, Security, and Labels

Data quality ( 16pp | 447kb | PDF) and security is fundamentally important to make good justice decisions. Undertaking the self-assessment tool (1p | 447kb | PDF) and utilizing Global's Information Quality Program Guide (130pp | 16.5mb | PDF), a primer for developing a strong information quality program (4pp | 1mb | PDF), your fusion center can ensure that information is appropriately handled.

Communicating with individuals involved in data security will provide you with a better understanding of whether data security measures can be tightened. As part of your initial onboarding you should consider meeting, and coordinating with various individuals whose responsibility overlaps with the P/CRCL function.

Data Breach

Your fusion center's P/CRCL Policy, its governance structure, or your state will enumerate the required actions in the event of a breach in data security. Your fusion center or state may have additional requirements or guidance on data breach procedures.

To obtain some background on the issue, you may consider reviewing the DHS Privacy Incident Handling Guidance, (88pp | 628kb | PDF) which informs DHS employees of their obligation and establishes procedures defining how they must respond to a privacy incident.

Accountability and Oversight

In addition, the Government Accountability Office (GAO) has issued several reports on data breach notification procedures that may help inform whether your fusion center's policies and procedures are sufficient.

Finally, DOJ and DHS have partnered to provide a Technical Assistance Program and Services (2pp | 2.7mb | PDF). This program links fusion centers together to share information on specific topics (48pp | 2.5mb | PDF) such as how to conduct an audit, integrating Fire, Health Security, and CIKR, and Privacy Training.

Source: The DHS Office for Civil Rights and Civil Liberties and the DHS Privacy Office.
Last date page updated: 08/13/13 (CRCL)

Back to Home