tom clarke vp, research & technology national center for state courts
TRANSCRIPT
![Page 1: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/1.jpg)
Juvenile Records: Courts, Access, and Technological Enforcement
Tom ClarkeVP, Research & Technology
National Center for State Courts
![Page 2: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/2.jpg)
Historical RecapCourts have focused on ad hoc policies within
local trusted networks for sharing data with other agencies.
Courts have based their public access policies on the CCJ/COSCA Guidelines published in 2002.
Many states restrict public access to juvenile data, but there is no overall consensus.
Many states have been forced to consider access by social agencies for the first time only when actual exchanges were recently proposed.
![Page 3: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/3.jpg)
Abuse & Neglect Access Policies2 states presume open access in all juvenile
cases.14 states presume open access, with judicial
discretion to close cases.
10 states presume closed access, with judicial discretion to open cases.
6 states presume closed access, with some exceptions.
21 states presumed closed access--period.
![Page 4: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/4.jpg)
Delinquency Access Policies35 states permit or require open access with
some age and offense restrictions.
15 states have closed access.
There are lots of special conditions and details about access that vary across states.
![Page 5: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/5.jpg)
Traditional Technical ApproachTwo strategies are typically used for
enforcement:Bilateral MOU’s between local agencies for
policies.Application-embedded access rules for
enforcement.At best, application rules enforce coarse (less
granular) access policies using broad role definitions.
At worst, lists of personnel in roles are not kept up to date, allowing inappropriate access.
The policy focus was on public access, either at the courthouse or online.
![Page 6: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/6.jpg)
Emerging Problems in Data SharingJustice and social agencies are sharing more
data of all kinds than ever before.Justice and social agencies are sharing more
data outside their local trusted networks.Privacy and access rules are often complex
and detailed.Privacy and access rules often require
analysis of context and purpose for use.Manual training is often insufficient to ensure
proper enforcement of complex business rules.
![Page 7: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/7.jpg)
New SolutionsThe national justice community has established
best practices for creating access and privacy rules for sharing information between government agencies.Global Justice Information Sharing Committee (GAC)Privacy Products: impact analysis, policy templates,
technical enforcement modelsOther government communities and private
industry are working on similar technical approaches.
The emphasis is on privacy protection, based on the Fair Information Practices or FIPs.
![Page 8: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/8.jpg)
Built on Open StandardsData Content: National Information
Exchange Model or NIEM (earlier the GJXDM)
Messaging: Justice Reference Architecture or JRAVarious open web services technical standards
Security: Global Federated Identity and Privilege Management or GFIPM
Privacy: Based on NIEM, JRA and GFIPM, adds XACML capability
![Page 9: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/9.jpg)
New Technical ApproachEstablish policies with as much granularity as
needed:Subject attributesPurpose attributesContext attributesResource attributesObligation attributes
Attributes are metadata: data about data.Data types are “tagged” using standard codes
to facilitate appropriate automated rule enforcement.
![Page 10: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/10.jpg)
New Technical ApproachAdvanced technical methods are used to
establish “trust” across networks using open standards.
Organizations manage their own members and assert attributes about them to others.
Third party organizations provide rule identification, deconfliction, and enforcement capabilities:Policy Administration Points (PAP)Policy Decision Points (PDP)Policy Enforcement Points (PEP)
![Page 11: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/11.jpg)
Business AdvantagesOrganizations can automate enforcement of
complex and very granular (detailed) access and privacy rules.
Enforcement infrastructures can be reused in multiple contexts for multiple exchanges.
Rules can be changed without impacting the underlying agency applications.
Rules are enforced even when the data “travels” beyond the agencies or agency staff involved in the original exchange.
![Page 12: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/12.jpg)
Implementation IssuesThe technology is still relatively new (but most major
vendors now support the underlying technical standards in their off-the-shelf products).
State and federal HHS agencies have not participated in the communities developing the technical standards nor any of the implementation pilots.
The Healthcare community is just now beginning to implement some of the same automated privacy policy enforcement capabilities.
Establishing the initial privacy enforcement infrastructure is relatively expensive, but subsequent reuse is relatively inexpensive.
![Page 13: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/13.jpg)
New Supporting CapabilitiesThe federal HHS has just decided to use
NIEM for the data content of some exchanges.
A new family and Juvenile domain now exists in NIEM for juvenile content.
A NIEM-compliant data model for exchanges between courts and state HHS agencies now exists.
![Page 14: Tom Clarke VP, Research & Technology National Center for State Courts](https://reader036.vdocument.in/reader036/viewer/2022082820/56649e6a5503460f94b67c22/html5/thumbnails/14.jpg)
But How Real Is It?A court pilot project in Orange County,
California is testing these automated privacy enforcement capabilities right now and partnering with the California Administrative Office of the Courts on further uses.
Georgia and Alabama law enforcement agencies are piloting similar capabilities.
Corrections and probation/parole pilots will start later this year in jurisdictions to be determined.
To date, no HHS agency has participated and no juvenile data has been included in these pilots.