A privacy and civil liberties policy is a written, published statement that articulates the policy position of an organization on how it handles the personally identifiable information that it gathers and uses in the normal course of business. The policy should include information relating to the processes of information collection, analysis, maintenance, dissemination, access, expungement, and disposition.
Privacy and civil liberties policies relate to the role of government and how government agencies conduct themselves. Civil liberties offer protection to individuals from improper government action and arbitrary governmental interference in the conduct of their lives. The purpose of a privacy and civil liberties policy is to articulate publicly that the agency will adhere to legal requirements and agency policy determinations that enable gathering and sharing of information to occur in a manner that protects personal privacy and civil liberties interests. A well-developed and implemented privacy and civil liberties policy uses justice entity resources wisely and effectively; protects the agency, the individual, and the public; and contributes to public trust and confidence that the justice system understands its role and promotes the rule of law.
A privacy and civil liberties policy is different from a security policy. A security policy alone may not adequately address the protection of personally identifiable information or the requirements of a privacy and civil liberties policy in their entirety.
The inherent value of a well-developed privacy and civil liberties policy for justice entities is that it protects the agency, the individual, and the public and promotes public trust in information sharing.