This brief document lists seven steps that highlight the privacy policy development process, noting references to corresponding sections of the Privacy Guide for each step, and provides a list of core concepts that should be addressed in a privacy policy document.
The seven steps listed in this document highlight the key developmental achievements for establishing a privacy policy, including preparation, drafting, and policy implementation. Each step includes Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (Privacy Guide) section references and a bullet pointed list with more details on the achievement of each step. The seven steps are: understanding fundamental concepts; assembling the project team; establishing a charter; understanding information exchanges; performing the legal analysis; writing the privacy policy; and implementing the privacy policy. The document also lists 15 recommended core concepts to be addressed in a privacy policy. These include: purpose statement; policy applicability and legal compliance; governance and oversight; definitions; information; acquiring and receiving information; information quality assurance; collation and analysis; merging records; sharing and dissemination; redress; security safeguards; information retention and destruction; accountability and enforcement; and training.