Overview
Many view privacy as another compliance exercise. In reality, digital privacy is about building trust in our responsible use of information. Governments and residents should understand what data are collected, how they are used, what controls are in place, and how residents can engage to create responsive community services.
Problem
Residents may reject technology when it isn’t aligned with their priorities — like sensor-laden sidewalks in Toronto, San Diego’s “smart” streetlights, and automated license plate readers across California. Invasive data collection has a history of harm, since it’s been used to segregate communities, justify racial policing, and deport undocumented families.
When local governments don’t partner with residents before collecting data, they risk justified public backlash. Governments are responsible for the outcomes of technology, not the intentions.
Solution
A commitment to digital privacy can turn the introduction of a new technology from combative (“why are you installing cameras?”) to collaborative (”I want you to put cameras there to increase safety”).
This requires setting principles, developing a policy that aligns privacy practices with community values, and then implementing that policy through organization controls such as procurement and project management. It also demands periodic improvements to policy and operational structure.
Context
Starting a digital privacy practice at your organization begins with:
- Establishing a risk-tiered privacy review
- Engaging residents on technology, data, and privacy
- Providing privacy education to agency staff
Establish a privacy program
Agencies should review every technology and data initiative from a privacy perspective. Appoint a dedicated owner — a privacy officer — who is part of the review process for all technology purchases and uses. Cities like San José and Seattle house their privacy programs under their technology departments in part because of their nexus with procurement, city operations, and policies.
The privacy officer will need to work closely with:
- Legal: to meet compliance and to incorporate privacy requirements into contracts
- Purchasing: to incorporate privacy requirements into purchases
- Technology: to ensure technical controls are implemented effectively
The privacy officer should also provide agency-wide education so everyone can identify what personal information is and knows who to go to for guidance (the privacy officer).
The privacy officer should be familiar with state and federal privacy laws and comfortable with data analytics. Critically, digital privacy succeeds when the organization sees the privacy officer as a productive partner in navigating legitimate issues to enable innovation.
Tier your privacy reviews by risk
Privacy reviews take time, so it is essential to quickly triage projects based on risk.
- Low privacy risk: involves no personal information or only personal information that is already public. This includes most standard equipment (printers, laptops), fully anonymous surveys, and using public data. Requires no further review.
- Medium privacy risk: involves identifiable information not traditionally kept hidden (e.g., name, email, phone number) to provide targeted government services desired by the data owner. Notice is provided at time of collection and often requires written consent. Requires a brief internal review.
- High privacy risk: involves identifiable information traditionally kept hidden (e.g., Social Security number, credit card number) that may provide targeted services or punitive services. Notice may not be provided upon collection or provided in a limited format. Requires a thorough review, a written protocol, and potentially public engagement.
Key questions to include in your review:
- What data is collected?
- Do residents know their data is collected? How do they consent?
- How is the data being used?
- Who has access to the data?
Engage residents on technology and privacy
For technology with high privacy risk and high civic benefit, a privacy-first approach to explaining the technology can build resident confidence and create a collaborative environment for responsible innovation.
The main topics to engage residents on include:
- Their day-to-day concerns, so the agency can identify the technology that can address them
- Their willingness to share their data for services
- “No-gos”: activities that are against a community’s values
It is important to engage online, in-person, and virtually. Typically this includes a webpage with a feedback form, in-person discussions and surveys, and webinars. Focus in-person engagement on underserved neighborhoods in the languages they speak.
Mantras
- Privacy is about building trust
- Privacy enables equitable innovation
Checklist
- Start with principles true for your community.
- Translate those principles into policy, with controls at purchasing and budgeting.
- Prioritize initiatives worth a review based on their privacy risk tier (low, medium, high).
- Maintain a supportive review process that adds value to agency initiatives.
- Team with residents for the effort to be the most impactful and meaningful.
- Teach agency-wide privacy fundamentals and provide targeted education for frequent users of personal information.
Questions to ask
- How can we reach the residents who might be most upset with or affected by the technology?
- How can we invest minutes today to prevent a major privacy incident later?
- How can we store less personal information and get the same job done?
- How can we communicate why our agency collects data?
Learn more
- Privacy procurement review form for mid-risk projects, City of San José83
- Data Usage Protocols for high-risk projects, City of San José84
- Dismantling the “Black Opticon”: Privacy, Race, Equity, and Online Data-Protection Reform, Anita L. Allen85
- Core Values, Ethics, Spectrum — The 3 Pillars of Public Participation, International Association of Public Participation86
