gt bay area dgs 2014 presentation personally identifiable information - cagle, hofer, domingo
DESCRIPTION
Government Technology Bay Area DGS 2014 Presentation - Personally Identifiable InformationBy Cagle, Hofer and DomingoTRANSCRIPT
M A T T C A G L E
B R I A N H O F E R
R E N E E D O M I N G O
PII 101Everything you wanted to know but were afraid
to ask
• (a) The term "personally identifiable information" meansindividually identifiable information about an individual consumer… First and last name, Physical address, Email address, Telephone number, SSN, etc.
• California Online Privacy Protection Act - Cal. Bus. & Prof. Code Sec. 22577
• “any information that identifies, relates to, describes, or is capable• of being associated with, a particular individual, including, but not
Limited to… his/her name, signature, social security number, physicalCharacteristics or description…insurance policy number, education, employment,
employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health
insurance information….. • CA Data Breach Law - Cal. Civil Code Sec. 1798.80
What is PII?
Unique identifiers
• “A unique identifier or Internet Protocol address, when that identifier or address is used to identify, relate to, describe, or be associated with a particular user or book, in whole or in partial form.”
• CA Reader Privacy Act - Cal. Civil Code Sec. 1798.90
Location data
Biometric Information
Why This Matters: The California Constitution
•Art. 1, Sec. 1. All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty…and pursuing and obtaining safety, happiness, and privacy.
•“The proliferation of government snooping and data collecting is threatening to destroy our traditional freedoms….
Computerization of records makes it possible to create “cradle-to-grave” profiles on every American.”
1972 Voter Pamphlet, Proposition 11
•“Fundamental to our privacy is the ability to control circulation of personal information.” 1972 Voter Pamphlet, Proposition 11
TRANSPARENCYOVERSIGHT
ACCOUNTABILITY
Government Programs/Projects that utilize or may utilize PII must provide for:
WHY THERE IS CONCERN REGARDING PERSONALLY
IDENTIFIABLE INFORMATION BY COMMUNITY GROUPS ?
PII 101- A Community Leader’s View
• In July 2013, the Oakland City Council voted to authorize funding and build-out of the Domain Awareness Center.
• Oakland has no city-wide privacy policy, nor data retention guidelines in place
• As a condition precedent to activation of the DAC, the Council required implementation of a privacy and data retention policy.
City of Oakland, CA Domain Awareness Center (DAC) Project
• A group of civil liberties minded community members formed Oakland Privacy Working Group in response to the July 2013 City Council vote.
• In partnership with groups like the ACLU and EFF, they successfully raised awareness about the inherent risks in the project to both the community at-large and the City Council itself.
• On March 4, 2014, the City Council voted to create a citizens commission charged with drafting the DAC Privacy and Data Retention Policy.
• Opponents of the DAC project including Oakland Privacy Working Group, ACLU, and EFF, were appointed to the committee.
• As a result of this collaborative process in partnership with the DAC Staff, the committee has created certain provisions and will request Council approval
The Do’s and Don’ts from a Local Government Perspective
T H E R E W A S N E V E R A N Y P L A N F O R T H E O A K L A N D D A C T O C O L L E C T P I I I N F O R M A T I O N
• T H E T E R M " P E R S O N A L L Y I D E N T I F I A B L E I N F O R M A T I O N " M E A N S
I N D I V I D U A L L Y I D E N T I F I A B L E I N F O R M A T I O N A B O U T A N I N D I V I D U A L C O N S U M E R …
F I R S T A N D L A S T N A M E , P H Y S I C A L A D D R E S S , E M A I L A D D R E S S , T E L E P H O N E N U M B E R , S S N , E T C
Do’s
If you are the First.....Involve the Community and any Subject Matter Groups Early
Ensure a High Level Transparency, Oversight and Accountability
Do Educate the Leadership, Public and Community
Be Willing to Listen and to Compromise
Build Trust
OVER CONCEPTUALIZE
UNDERESTIMATE
DISCOUNT YOUR TIMING
Don’ts
Informed Public Debate About How Surveillance Technology Relates to Community Members’ Information
Informed Decisions by Local Leaders
Privacy and Retention Policies for All Surveillance Technologies
Ongoing Oversight & Accountability of Its Use
PII 101 Recommended Process to ensure Success
which =Transparency, Oversight, & Accountability