|1. Policy Development||2. Policy Implementation||3. Operations|
||5. Oversight||6. Redress|
|7. Outreach||8. Coordination||9. SME|
Under the Homeland Security Grant Program Requirements your fusion center is required to conduct a compliance review using the Privacy, Civil Rights, and Civil Liberties Compliance Verification for the Intelligence Enterprise (51pp | 4kb | PDF). In addition to an annual compliance review, you should conduct an annual audit on P/CRCL issues.
A compliance review measures the capacity of your fusion center in P/CRCL issues whereas an audit measures your fusion center's actual record on implementing your P/CRCL Policy. Both of these documents will assist in finding and filling gaps in P/CRCL protections and improving your program.
Data Quality, Security, and Labels
Data quality ( 16pp | 447kb | PDF) and security is fundamentally important to make good justice decisions. Undertaking the self-assessment tool (1p | 447kb | PDF) and utilizing Global's Information Quality Program Guide (130pp | 16.5mb | PDF), a primer for developing a strong information quality program (4pp | 1mb | PDF), your fusion center can ensure that information is appropriately handled.
Communicating with individuals involved in data security will provide you with a better understanding of whether data security measures can be tightened. As part of your initial onboarding you should consider meeting, and coordinating with various individuals whose responsibility overlaps with the P/CRCL function.
Your fusion center's P/CRCL Policy, its governance structure, or your state will enumerate the required actions in the event of a breach in data security. Your fusion center or state may have additional requirements or guidance on data breach procedures.
To obtain some background on the issue, you may consider reviewing the DHS Privacy Incident Handling Guidance, (88pp | 628kb | PDF) which informs DHS employees of their obligation and establishes procedures defining how they must respond to a privacy incident.
Accountability and Oversight
In addition, the Government Accountability Office (GAO) has issued several reports on data breach notification procedures that may help inform whether your fusion center's policies and procedures are sufficient.
- Lessons Learned about Data Breach Notification (GAO-07-65, April 2007)(78pp | 521kb | PDF)
- Preventing and Responding to Improper Disclosures of Personal Information (GAO-06-833T, June 2006)(27pp | 195kb | PDF)
- Privacy Act Exemptions and Exceptions to the Prohibition Against Disclosing without Consent of the Individual(77pp | 780kb | PDF)
Finally, DOJ and DHS have partnered to provide a Technical Assistance Program and Services (2pp | 2.7mb | PDF). This program links fusion centers together to share information on specific topics (48pp | 2.5mb | PDF) such as how to conduct an audit, integrating Fire, Health Security, and CIKR, and Privacy Training.