What privacy-by-design principles should CJ agencies implement when deploying new technology?

Embedding privacy-by-design means building protections into the system from the ground up and updating them as technology changes. For a CJ agency, this includes limiting what is collected (data minimization), restricting how data is used to only stated purposes (purpose limitation), carefully controlling who can access data (access controls), keeping records of who did what with data (audit trails), and regularly evaluating privacy risks as the system evolves (privacy impact assessments). The combination in the correct answer ensures ongoing accountability, minimizes data exposure, and provides a structured way to identify and mitigate privacy risks before deployment and over the system’s life cycle. The other options fail because they promote data hoarding or unrestricted access, rely only on external checks with no internal safeguards, or omit ongoing risk assessment, all of which undermine privacy protections.