As the collection of data by city governments becomes increasingly comprehensive and complex, municipalities have begun to create privacy policies aimed at keeping citizen info safe. Among those undertaking these efforts, Seattle is often recognized as the leader.
Dating back to 2014, Seattle’s government has worked closely with its community to strike a balance between creating smart city initiatives and other work that collects data about what’s happening on its streets, and ensuring that residents don’t feel — for lack of a more elegant term — spied on. To this end, the local government there has taken many steps that other cities are yet to explore. Seattle is the rare city with a chief privacy officer, a set of guiding privacy principals adopted by its city council, a privacy advisory committee made up of both citizens and public servants, and a section of its website that ties it all together.
The city, however, is not content to rest on its past work and its well-earned reputation as a leader in the field. In fact, Ginger Armbruster, Seattle’s chief privacy officer (CPO), said recently that when city departments begin new projects or programs, she conducts an extensive review, and in the past six months or so she has evaluated several hundred programs. The city also has a champions network made up of one representative from each internal agency who brings the work back to their departments.
“Nobody’s really doing anything quite like this,” Armbruster said. “We have a four-person department dedicated to reviews. We’re ahead of the game a little bit.”
In September, Seattle’s city council also passed an ordinance requiring an audit of all the systems in the city that were considered to do surveillance, possessing the potential to track and monitor citizens’ behaviors without their knowledge. City staff determined 28 existing projects fall under this designation. The ordinance went on to outline a review process for these retroactive technologies, doing about one a month starting early this year. Armbruster said her expectation is the process will go faster than expected, as some existing projects are so similar that they can likely be bundled together. Although this is regularly done in the federal government, it’s likely a first-of-its kind undertaking for a city, and while Armbruster used the federal process as a model, she said the city has also added steps unique to Seattle.
David Doyle, Seattle’s open data program manager, said his department, like many similar agencies around the country, uses de-identification techniques to ensure all open data they release has been scrubbed of personally identifying information. The department is acutely aware, he said, that when one takes data sets from multiple sources they can create what’s known as a mosaic effect, where combinations of data sets together provide private information.
For Seattle, as for many other cities, the goal is to be as transparent about the open data work that’s being done as possible, ideally putting the community at ease and allaying any concerns. They also give smaller jurisdictions advice when asked.
“We’re looked upon as a leader, and we also know there are other cities doing incredible work,” Doyle said. “We leverage work they’ve done as well. San Francisco is one we often look to.”
As smart city tech with censors and other devices evolves, this type of work is likely to become increasingly common, with Seattle’s current policies likely proving foundational as American municipal governments establish standards for how to guard their citizens’ private info.