U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Privacy Policy Development Guide

NCJ Number
213968
Date Published
March 2006
Length
83 pages
Annotation
This document provides guidance for developing an agency privacy policy that complies with both privacy and information-sharing obligations.
Abstract
The guide first provides an overview and definition of a privacy policy. It is a written, published statement of the policy position of an organization regarding how it controls the personally identifiable information it collects and uses in the normal course of its business. The policy should include information on the processes of information collection, analysis, maintenance, dissemination, access, expungement, and disposition. The next section of the guide describes the roles and responsibilities of those who manage policy development. Suggestions are offered for identifying the "project champion" or sponsor, the justification for resource investment, identification of the project team leader, building the project team and stakeholder contacts, and team dynamics. The section on planning a privacy policy outlines how to develop a vision, mission, values statement, and goals and objectives, along with guidance on how to write the charter, which serves as a reference and resource throughout the process of developing a privacy policy. Steps in the process of developing a privacy policy include understanding information exchanges, analysis of legal requirements, and the identification of critical issues and policy gaps. Guidance for drafting the privacy policy addresses its vision and scope, the outline and organizational structure, writing the policy, and the dissemination of the draft policy for comment. The implementation of the privacy policy involves its formal adoption, its publication, its dissemination, training recommendations, and evaluating and monitoring. The concluding section discusses information quality. A resource listing for each section and a glossary of terms and definitions, appendixes A-C