Developing Effective Policies to Govern the Use of Technology in Law Enforcement

by: David J. Roberts, Senior Program Manager, IACP Technology Center Modern technology has become a crucial element in the daily lives of people all around the world and, in many respects, it is improving our quality of life. In healthcare, technology is helping doctors diagnose diseases earlier in their patients. For law enforcement, technology is playing a critical role in the daily work of officers in the field, equipping them with enforcement and investigative tools that can make them safer, better informed, and more efficient and effective. Technologies used by law enforcement systems like automated license plate recognition (ALPR), in-car and body-worn cameras, facial recognition applications, and video surveillance systems are enhancing the way police officers do their jobs. The expanding use of technology, however, also presents challenges for law enforcement executives. Sheriffs and chiefs must define specific business objectives for technologies, ensure their officers are properly trained and their agencies have comprehensive policies governing deployment and use of technologies and the information it provides. These policies also function to ensure effective and sustainable implementation, to establish transparency of operation, and to reassure the public their privacy rights and civil liberties are recognized and protected. In an effort to help law enforcement executives address these challenges, the International Association of Chiefs of Police (IACP) released its Technology Policy Framework earlier this year. The Framework provides nine universal principles that policing executives should consider in developing effective policies for technologies that can, or have the potential to monitor, capture, store, transmit and/or share data.

1. Specification of Use—Define the purpose, objectives, and requirements for implementing specific technologies, and identify the types of data captured, stored, generated, or otherwise produced.
2. Policies and Procedures—Educate personnel and enforce policies and procedures governing the adoption, deployment, and use of technologies and the data they provide.
3. Privacy and Data Quality—Assess privacy risks and recognize the privacy interests of all persons; articulate privacy protections in agency policies; and regularly review and evaluate technology deployment, access, use, data sharing, and privacy policies to ensure data quality and compliance with local, state, and federal laws, constitutional mandates, policies, and practice.
4. Data Minimization and Limitation—Recognize that only those technologies and only those data that are strictly needed to accomplish the specific objectives approved by the agency will be deployed, and only for so long as they demonstrate continuing value and alignment with applicable constitutional, legislative, regulatory, judicial, and policy mandates.
5. Performance Evaluation—Regularly monitor and evaluate the performance and value of technologies to determine whether continued deployment and use are warranted on operational, tactical, and technical grounds.
6. Transparency and Notice—Employ open and public communication and decision making regarding the adoption, deployment, use, and access to technologies, the data they provide, and the policies governing their use.
7. Security—Develop and implement technical, operational, and policy tools and resources to establish and ensure appropriate security of technologies (including networks and infrastructure) and the data they provide to safeguard against risks of loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
8. Data Retention, Access and Use—Have a policy that clearly articulates data collection, retention, access, and use practices that are aligned with their strategic and tactical objectives; and ensure that data are retained in conformance with local, state, and/or federal statute/law or retention policies, and only as long as the data have a demonstrable, practical value.
9. Auditing and Accountability—Hold sworn and civilian employees, contractors, subcontractors, and volunteers accountable for complying with agency, state, and federal policies surrounding the deployment and use of technologies and the data they provide.

The intent of the Framework is to provide best practices for developing sound policies that govern the deployment and use of technologies used by law enforcement professionals. Agencies don’t have to start from a blank piece of paper when developing a technology policy. The universal principles provide structural guidance for the development of specific agency policies and operating procedures that comport with established constitutional, legal, and ethical mandates and standards. The Technology Policy Framework also recommends specific components that should be addressed in agency policies, and the IACP provides model policies, policy guidance, and assistance to agencies in the development of specific technology policies through the National Law Enforcement Policy Center. If agencies have any questions implementing the universal principles or other aspects of the Framework into their new or existing technology policies, please feel free to contact me for general assistance. We will also be discussing the IACP Technology Policy Framework during the 2014 Law Enforcement Information Management (LEIM) Conference and the IT Summit, which begins next Monday, May 19, in Atlanta, GA. More information regarding the conference, including registration links can be found here: www.theiacp.org/LEIM-Conference. To contact David J. Roberts, Senior Program Manager, IACP Technology Center, email roberts@theiacp.org. If you are interested in submitting the work of your organization or jurisdiction for consideration to be featured in a future TTA Today blog post or to obtain information related to a particular topic area, please email us at BJANTTAC@ojp.usdoj.gov.