Proposal for Seattle
On February 23, 2015, Seattle’s City Council unanimously approved a resolution to provide a framework for dealing with current and future technologies that impact privacy. The reso adopted six privacy principles to guide the City in collecting and using information from the public. The Council also established an August 2015 reporting deadline for City departments to create a “Privacy Toolkit.”
See the approved Privacy Principles here.
See the Seattle Privacy Initiative is available here.
Seattle Privacy Coalition’s 2014 Proposal
Beginning in 2013, with the appearance of drones purchased by Seattle Police Department at a city council meeting, and the appearance of surveillance cameras and mesh network nodes along Seattle’s waterfront from Alki to Golden Gardens, privacy activists in Seattle began to organize to call for local action to counter the undiscussed deployment of data-gathering technologies by local government, and unexamined partnerships with agencies in other levels of government, ranging from Department of Homeland security to Washington State Patrol.
We presented Seattle City council with evidence that without a consistent, transparent, and defensible process for evaluating privacy impacts of new programs and purchases, the City was wasting time and taxpayer money purchasing and implementing privacy-impacting equipment and then taking it down or turning it off after public outcry. Examples:
- Surveillance cameras that the City installed and then removed from Cal Anderson Park ($145,800)
- Mesh network (estimated annual maintenance cost of $350,000)
- 28 unusable surveillance cameras along Seattle waterfront (purchase and installation $5 million)
We recommended that the City of Seattle constitute an executive-level Chief Privacy Officer who has strategic oversight of a documented, repeatable, and transparent Privacy Impact Assessment and review process.
We proposed the following:
Step 1: Empanel a volunteer advisory board to research and draft an inventory of existing privacy issues and concerns, and to draft a job description for a Chief Privacy Officer (CPO).
Step 2: Create a full-time Chief Privacy Officer position to design, implement, and manage a Privacy Impact Assessment (PIA) process. The CPO role covers responsibility for privacy across the city, acting as a single POC for citizens and staff on privacy matters, and using the volunteer oversight board as a resource. There should be 1-3 fulltime staff members to support that CPO position.
The CPO’s role would cover both privacy protection and information access. For privacy, the CPO will identify privacy issues and organize public discussion of them. For information access, the CPO acts as a dotted-line supervisor/resource for all full-time employees responsible for freedom of information requests and ensures the privacy of requestors.
Priorities would be the relationship with the technology office, police department, smart meter program, benefits programs, and transit system. Some deliverables for year 1 should include: inventory City privacy issues, establish Privacy Impact Assessment policy strategy, conduct a privacy risk assessment for the City, and issue a white paper / strategy document.
So far, the city’s privacy initiatives have closely aligned with the intent, if not the precise process, we recommended. We are reviewing each step of the way and generally calling for more regulation and definition of relationships with other agencies, storage policies, and clear explanations of how policy will be enforced and what the consequences will be for violating it.
A brief survey of applicable jurisdictional research is presented below. Ontario, Canada, has province-wide municipal privacy legislation and was chosen because it is publicly available and has several cities similar in size to Seattle.
Ontario has 444 municipalities. Each has responsibility for complying with the Municipal Freedom of Information and Protection of Privacy Act, which covers privacy and access to information (PDR) request processes. Larger municipalities, e.g. Toronto, with a population of 4 million, have 5 fulltime employee roles covering privacy and access issues.
Seattle’s Mirror City: Hamilton, Ontario
The City of Hamilton in Ontario has a population of about 600,000, similar to the City of Seattle. Both cities list over 200 city services on their websites. Hamilton has two FTE privacy and access employees; PIAs are done as needed by external consultants (at a cost of $30-$50k). The office relies on a hub and spoke federated model, leveraging access to information contacts across the municipality and a train-the-trainer model for yearly privacy training to reach all staff. Incidents and audits are managed centrally.
Concrete Tools: Privacy Impact Assessments (PIA)
PIAs are mandatory reviews done to assess the impact to an individual’s privacy by a given program, project, service, or initiative. They apply across governments in Canada, Australia and the UK. Throughout the early 2000s, costs of PIAs were increasing, done by external consultants at a range of $25k through $100k.
In response, the Ontario Government created an internal fee-for-service cost-recovery center under the Chief Privacy Officer. The mandate of the center was to conduct PIAs across the 600 provincial government programs that collect, use and/or disclose PI. Staffed by three FTEs (two analysts and a senior analyst), the center was cost recovery by the end of year two, charging back $100/hour internally plus costs (travel). Each FTE was assigned multiple PIAs, most ranging from 4-8 weeks until completion with larger projects (e.g., over 500 business processes to evaluate) lasting up to 12 weeks. For smaller PIAs, lasting four weeks, the total cost was usually $6-$8k. The most complex PIA completed over a five-year period involved a 10-year transportation modernization program at a cost of $25k.
 Ministry of Municipal Affairs and Housing, http://www.mah.gov.on.ca/Page1591.aspx
 Ministry of Government Services, http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90m56_e.htm.
 Interview with the City of Hamilton City Clerk, 7/10/14.
 City Lights, City of Seattle, http://www.seattle.gov/light/ami/privacy.asp.
The original Seattle Privacy Coalition proposal was authored by Jan Bultmann, Lee Colleton, Tracy Ann Kosa, Phil Mocek, David Robinson, Adam Shostack, and Christopher Sheats.