The IT Law Wiki


National Research Council, Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment (2008) (full-text).


This report outlined ways to evaluate the effectiveness and privacy protections of data-mining systems at U.S. Federal agencies with counterterrorism responsibilities. In its report, NRC recommended that agencies establish a systematic process — such as the framework that it proposed — to evaluate their policies and programs.

NRC’s proposed framework addressed five key elements: (1) ensuring organizational competence, (2) evaluating the effectiveness of systems throughout their life cycles, (3) evaluating the privacy protections of systems throughout their life cycles, (4) obtaining executive review and authorization, and (5) providing appropriate transparency and external oversight throughout a system’s life cycle.