New York City’s Privacy Protocols and Why They Matter (Contributed)

Laura Negrón, the city’s chief privacy officer, explains how the task of balancing information privacy protection with responsible data sharing can lead to better services for the individuals and families that need them.

City government has a responsibility to safeguard the personal information of employees, officials and members of the public that is collected and maintained by its agencies, while also fulfilling its mandate to provide important city services and resources. Especially with advances in technology, the increasing volume of electronic transactions involving this information calls for robust privacy protection and data security practices to guard against the unauthorized access, fraud, theft and other misuse of such information. 

That is why New York City has taken bold steps to protect the private information of the people we employ and serve. On Data Privacy Day, Jan. 28, 2019, as the city's first chief privacy officer, I issued comprehensive, citywide privacy protection protocols that strive to balance information privacy protection with the importance of responsible data-sharing to deliver services to the individuals and families who need them.  

The New York City is the largest municipal government in the United States to advance a comprehensive information privacy protection framework, which includes the mayor’s appointment of a chief privacy officer (CPO), and the establishment of the Mayor’s Office of Information Privacy, which I oversee. As CPO, it was my mandate under local laws 245 and 247 of 2017 to develop and adopt the new privacy protection protocols, in partnership with city agencies and legal minds with privacy expertise in the city. I have also welcomed input from good government groups and thought leaders in the field. These new privacy protocols matter for a number of reasons:

1. They articulate a clear set of privacy principles for the city.

The city’s first privacy principles include accountability, maintaining public trust, exercising responsible data governance and stewardship, maintaining data quality, integrity, and accuracy and implementing appropriate security safeguards. These principles should be considered whenever an agency is making a decision that involves personally identifiable information. 

2. They take into account existing data privacy and security best practices and guidelines.

My team meets regularly with representatives from the Department of Information Technology and Telecommunications, Cyber Command and the Mayor’s Office of the Chief Technology Officer to discuss best practices in data security and privacy protection, and stay on top of evolving technological resources, legal issues and challenges. This matters because technology, data, privacy and security are all intertwined — to discuss privacy in isolation of technology would give an incomplete and unclear portrait of how data is used and protected throughout New York City today.

3. They acknowledge significant work ahead.

These protocols are not static — they will be reviewed and revised as needed to stay current with changing needs and practices in this evolving area. The next legislated agency reporting cycle on privacy practices will occur in 2020, and I will continue to welcome feedback from the public, agencies and other stakeholders throughout the city. Just as data and technology shift over time, so must our privacy practices.

My role, my office, and these new protocols reflect our city’s commitment to safeguarding the privacy of New Yorkers’ personal information. Our goals are bold yet achievable, and extremely important. Cities and residents benefit when individuals can seek important government services with the confidence that their personal information will be protected.  

Now is the time for cities to lead by example to responsibly protect the personally identifying information entrusted to them. I encourage any privacy experts throughout the country to engage with my team and me to share ideas and experiences.