Washington state is tackling a privacy conundrum that other states are facing — the desire to create best practices for privacy without knowing quite where to start.
“Everyone wants to do privacy best practices, but they don’t know how to do it in practice,” Alben said. “That led me to think of developing a resource that can serve as a starting point for developing best practices.”
The tool, known as Privacy Checklist, will be housed on Washington’s Office of Privacy and Data Protection website. It will feature a prominent search bar in which topics can be searched, or users can click on one of the 35 topic checklist areas –– ranging from preventing location tracking to risk assessment when a cybersecurity breach occurs.
Once on the topic page, users will be asked to check off the tasks as they are completed. The information provided in the list is not specific to state law, but rather a broad-brush approach to privacy.
For example, when a breach occurs, the checklist offers ways to tell if the pilfered personal information was considered low-, medium- or high-risk.
Other checkup lists, such as the phishing scams list, will offer tips on how to avoid falling for phishing attacks. For example, one checkoff box reads: “Be skeptical of ‘free trials.’ Callers may ask that you provide your payment information and cancel if you don’t like the free trial, but instead exploit the information and disappear.”
Targeted users of the checkup lists include state, city and county government agencies that collect citizen data or work with it, as well as nonprofits and institutions, Alben said, noting that small businesses and other organizations that process and control personal data may be interested in using the tool.
He noted that the state of Washington has roughly 40 to 50 state agencies and while large agencies such as the one for health and human services may not use the checkup tool for its sensitive HIPAA (Health Insurance Portability and Accountability Act) information, it may use the checkup list for its non-core areas such as best practices to avoid phishing scams.
The checkup list could also be used by other states, because the information is not specific to any one state.
“We hope that the other states will leverage the information in this app,” Alben said.
The Privacy Checklist beta is currently slated to run approximately three months and Alben plans to put the app onto GitHub once it is fully baked and ready to go.
If Privacy Checklist garners as much attention as Alben’s Privacy Modeling app, which identified privacy laws relevant to government services and products, it could result in thousands of unique visitors to the app, he said.