M A T T C A G L E

B R I A N H O F E R

R E N E E D O M I N G O

PII 101Everything you wanted to know but were afraid

to ask

• (a) The term "personally identifiable information" meansindividually identifiable information about an individual consumer… First and last name, Physical address, Email address, Telephone number, SSN, etc.

• California Online Privacy Protection Act - Cal. Bus. & Prof. Code Sec. 22577

• “any information that identifies, relates to, describes, or is capable• of being associated with, a particular individual, including, but not

Limited to… his/her name, signature, social security number, physicalCharacteristics or description…insurance policy number, education, employment,

employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health

insurance information….. • CA Data Breach Law - Cal. Civil Code Sec. 1798.80

What is PII?

Unique identifiers

• “A unique identifier or Internet Protocol address, when that identifier or address is used to identify, relate to, describe, or be associated with a particular user or book, in whole or in partial form.”

• CA Reader Privacy Act - Cal. Civil Code Sec. 1798.90

Location data

Biometric Information

Why This Matters: The California Constitution

•Art. 1, Sec. 1. All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty…and pursuing and obtaining safety, happiness, and privacy.

•“The proliferation of government snooping and data collecting is threatening to destroy our traditional freedoms….

Computerization of records makes it possible to create “cradle-to-grave” profiles on every American.”

1972 Voter Pamphlet, Proposition 11

•“Fundamental to our privacy is the ability to control circulation of personal information.” 1972 Voter Pamphlet, Proposition 11

TRANSPARENCYOVERSIGHT

ACCOUNTABILITY

Government Programs/Projects that utilize or may utilize PII must provide for:

WHY THERE IS CONCERN REGARDING PERSONALLY

IDENTIFIABLE INFORMATION BY COMMUNITY GROUPS ?

PII 101- A Community Leader’s View

• In July 2013, the Oakland City Council voted to authorize funding and build-out of the Domain Awareness Center.

• Oakland has no city-wide privacy policy, nor data retention guidelines in place

• As a condition precedent to activation of the DAC, the Council required implementation of a privacy and data retention policy.

City of Oakland, CA Domain Awareness Center (DAC) Project

• A group of civil liberties minded community members formed Oakland Privacy Working Group in response to the July 2013 City Council vote.

• In partnership with groups like the ACLU and EFF, they successfully raised awareness about the inherent risks in the project to both the community at-large and the City Council itself.

• On March 4, 2014, the City Council voted to create a citizens commission charged with drafting the DAC Privacy and Data Retention Policy.

• Opponents of the DAC project including Oakland Privacy Working Group, ACLU, and EFF, were appointed to the committee.

• As a result of this collaborative process in partnership with the DAC Staff, the committee has created certain provisions and will request Council approval

The Do’s and Don’ts from a Local Government Perspective

T H E R E W A S N E V E R A N Y P L A N F O R T H E O A K L A N D D A C T O C O L L E C T P I I I N F O R M A T I O N

• T H E T E R M " P E R S O N A L L Y I D E N T I F I A B L E I N F O R M A T I O N " M E A N S

I N D I V I D U A L L Y I D E N T I F I A B L E I N F O R M A T I O N A B O U T A N I N D I V I D U A L C O N S U M E R …

F I R S T A N D L A S T N A M E , P H Y S I C A L A D D R E S S , E M A I L A D D R E S S , T E L E P H O N E N U M B E R , S S N , E T C

Do’s

If you are the First.....Involve the Community and any Subject Matter Groups Early

Ensure a High Level Transparency, Oversight and Accountability

Do Educate the Leadership, Public and Community

Be Willing to Listen and to Compromise

Build Trust

OVER CONCEPTUALIZE

UNDERESTIMATE

DISCOUNT YOUR TIMING

Don’ts

Informed Public Debate About How Surveillance Technology Relates to Community Members’ Information

Informed Decisions by Local Leaders

Privacy and Retention Policies for All Surveillance Technologies

Ongoing Oversight & Accountability of Its Use

PII 101 Recommended Process to ensure Success

which =Transparency, Oversight, & Accountability