Data Security and Storage Considerations for Law Enforcement
Many new technology-related tools have become available to law enforcement in the last ten years. Tools like drones, automatic license plate readers, facial recognition, robotics, data analysis by artificial intelligence, and many more technological advances now have policing applications. And with increased technology comes increased data that needs to be stored.
Traditional storage methods are ineffective with the large amount of data gathered by law enforcement daily. Storing this data presents unique challenges to ensure security and privacy while meeting investigative and court protocols. The collected data also requires planning for storage, user access, data sharing, retention, and destruction.
Security
The first part of security is identifying the data in the network and where the data will be stored. Differentiating between investigative data, personnel information, police records, case evidence, computer-aided-dispatch (CAD) data, body camera footage, and every other data type the agency stores needs to be documented. Once the systems are outlined, the network can be segmented and protected appropriately.
The security is determined through user access, data encryption, and internal firewalls. Once access is set, users are allowed access only to certain areas and are restricted from downloading or moving content. The security also extends to physical security, ensuring users lock their computers when not in use and isolating computers with sensitive data away from the public Internet. Using network monitoring to detect data breaches, suspicious activity, and other threats is also beneficial.
- Privacy - Understanding existing privacy laws and the more significant issues the 4th Constitutional Amendment covers is vital when planning a data network and storage. Proposed new rules and regulations arise annually at all levels of government, and case law continually changes, putting privacy concerns for data obtained by law enforcement. The privacy concerns extend to law enforcement employees, and consideration should be given to protecting their personal information and employee data.
- Protocol - Following all Federal, State, and local regulations, guidelines, and practices for data security and storage is imperative. The FBI’s Criminal Justice Information Services (CJIS) Security Policy is necessary for every justice agency. Information technology staff and contractors must be familiar with the latest security policy published by CJIS to ensure the security of the data shared and accessed through CJIS.
Storage
Technology improvements have made hardware much smaller, enabling data storage to remain somewhat compact compared to previous server sizes for locally stored data. However, using cloud-based storage systems can provide growth, redundancy in the correct network configuration, and the ability to adapt security protocols as technology changes.
Knowing best practices for the types of data and pertinent laws, policies, and security protocols, along with budget considerations, drives an agency’s data storage solution. Whether data is stored locally, in the cloud, or a mix of both, the network should be set to accommodate access, searching, data-sharing, retention, and destruction.
- Access – Determine which employees need access to the data and whether access at different levels is required. Using multi-factor authentication processes for user logins, tracking user activity, and requiring computers on the network without Internet access may be best for some applications, such as digital evidence repositories. Access should also include searching and setting system parameters for users looking for data.
- Sharing – Consider how you share your data now and how you hope to share access in the future. Questions like whether prosecutorial authorities should have access to view digital case evidence submitted by investigators or whether CAD, mapping, surveillance cameras, license plate readers, and lots of other types of data should be shared with other law enforcement or public safety agencies need to be addressed.
- Retention & Destruction – Knowing how long data must legally be retained is vital for all law enforcement agencies. And knowing when and how to destroy data is just as important. Data storage costs are based on the amount of data stored locally or in the cloud, so keeping up with data destruction guidelines is necessary to keep data storage to a minimum.
Planning
The security of law enforcement data should be reviewed at least monthly to ensure the system updates have been done regularly, installing software and hardware patches to keep security strong, and reviewing error logs should be done frequently and regularly. Data storage is a growing concern for law enforcement agencies and must be visited regularly.
The amount of data being stored versus destroyed/deleted needs to be reviewed at least annually – especially for budgeting the costs of storage growth. Reviewing updated laws, changes to rules from case law, and other regulatory information is needed to be sure the data storage complies with industry standards.
Understanding the challenges and risks inherent to law enforcement data security is ever-changing. The ability to digitally store large amounts of data more safely and securely allows agencies to analyze and search that data. Keeping large amounts of data requires planning, as does bringing together disparate systems onto the same network. But with forward-thinking and long-term planning, law enforcement agencies can determine the most secure storage solutions that will work best in the future.
Toni Rogers
Toni Rogers is a freelance writer and former manager of police support services, including communications, records, property and evidence, database and systems management, and building technology. She has a master’s degree in Criminal Justice with certification in Law Enforcement Administration and a master's degree in Digital Audience Strategies.
During her 18-year tenure in law enforcement, Toni was a certified Emergency Number Professional (ENP), earned a Law Enforcement Inspections and Auditing Certification, was certified as a Spillman Application Administrator (database and systems management for computer-aided dispatch and records management), and a certified communications training officer.
Toni now provides content marketing and writing through her company, Eclectic Pearls, LLC.