City of Phoenix
Maerowitz, a seasoned regulatory compliance expert, moved into the role of CPO last month after having served as the city’s data privacy manager for more than four years. Her direct responsibilities will include ensuring the city upholds high standards in handling the sensitive information of residents, employees and partners while navigating foreign and domestic privacy laws.
But rather than simply setting policies, Maerowitz told Government Technology she views her role as a cultural shift within Phoenix’s government, and that much of her work will be championing the significance of data privacy throughout the organization.
“Phoenix is the fifth largest city in the country; we’re huge,” she said via email. “Championing privacy across all 41 departments and offices and making 14,000 employees aware of the risks of privacy — and their part in creating a culture of secure and ethical data handling — is no small undertaking.”
She is beginning to address that challenge by building a solid foundation for privacy protection, starting with an assessment of the city’s existing privacy risks.
“We just wrapped up our most comprehensive citywide privacy risk assessment to date,” she said. “And understanding where we have the greatest privacy risk within the city is critical. It allows us to take a risk-based approach to our privacy strategy.”
With those findings in hand, the next step is partnering with the Information Technology Services Department to create a data inventory, the CPO said. Her agency will use that information to assess the privacy impact of what it has, and close any gaps it finds.
Maerowitz’s objectives for the city build on her experience implementing privacy programs globally. Before joining Phoenix in 2020, she worked as a data privacy attorney for Mitsubishi UFJ Financial Group (MUFG), a multinational financial group, where she helped establish privacy frameworks across more than 50 jurisdictions.
This background, she said, has been instrumental in shaping her approach to the city’s privacy strategy.
“Financial services is such a tightly regulated space, especially when they operate globally,” Maerowitz said. “They have mastered building privacy controls into the inception of any product, project, or process, understanding that it is essential to proactively mitigate risks before they even materialize. Breaches and regulatory fines are expensive. It’s much cheaper to build in the privacy controls than to retrofit them after a launch. I hope to implement the same approach at the city.”
Maerowitz said she aims to build a governance model that ensures compliance while maintaining operational efficiency. True efficiency, she said, hinges on public trust in city data management — so alongside strengthening privacy, she is also prioritizing transparency.
“I’m starting by publishing our Privacy Mission Statement and Values, our Privacy Program Charter, and updating our external-facing Privacy Policy,” she said. “Residents should know what we stand for, and how we plan to treat and safeguard their data when they trust us with it.”
And as cities increasingly leverage data for digital service innovation, Maerowitz emphasized that strong privacy leadership isn’t just important — it’s essential. She sees Phoenix’s new CPO role as a pivotal step toward shaping the future of public services.
“If I, together with the Information Technology Services Department’s leadership team, do our job well, the residents of Phoenix receive high-quality public services — with an ethical and trustworthy data steward,” she said.
Hitting a home run in any data strategy hinges on the needs and perspectives of those the agency serves because, as she said, “The measure of a successful privacy strategy is both earning and keeping the trust of our residents.”
