IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Privacy in the Balance

Can local government protect privacy and increase the use of smart technologies at the same time?

Seattle has a homeless problem and it’s getting worse. Since 2007, the city’s homeless population has risen 47 percent, according to the Seattle Times. Today, the city has more than 10,000 residents who don’t have permanent shelter, putting Seattle and King County near the top of the list for urban concentrations of homelessness. Not surprisingly, the situation has put pressure on the city to deliver help in the form of food and shelter, along with addiction and mental health services, while keeping an eye on crime and health problems at the many encampments that have taken root in some neighborhoods.

But to do that calls for using lots of data, some of which may be personal. The city wants to help its homeless population in a coordinated and effective way, which may also mean sharing data between agencies. How that can be done without impacting the privacy of individuals is a balancing act, one that Chief Privacy Officer Ginger Armbruster finds herself doing on a daily basis. “We need data to make sure we are meeting our goals, because we don’t have a lot of time. These people are in a crisis,” she said, regarding the urgency of the problem. Yet it takes time to ensure privacy.

Seattle has a history of putting privacy at the forefront of its policies, which can add complexity to a discussion on how best to deliver services to those who need them the most. “Privacy has strong support in Seattle,” said Armbruster. “It’s about collecting only the data we need, managing it, getting consent and giving users some control over its accuracy.” How Seattle balances its data needs and the growing clout of technology with privacy concerns is an issue for cities nationwide. The solutions aren’t simple, but some best practices are beginning to emerge.


A coordinated approach to homeless service delivery requires sharing data between agencies without jeopardizing individual privacy. (Photo:

More Technology, Less Privacy?

Homelessness isn’t the only issue Seattle is trying to tackle with data. The city wants to better serve its immigrant population. Then there’s the growth in smart city services, particularly around transportation. For urban areas in other parts of the country where crime is a problem, data in the form of surveillance cameras and videos is in demand from law enforcement agencies. Altogether, cities spent nearly $31 billion on IT in 2017, much of it going toward smart city efforts, the Internet of Things, open data and civic engagement, according to the Center for Digital Government.*

To manage all this data, cities increasingly rely on vendors who can host the services and store the data rather than build expensive data centers themselves. The trend has given cities opportunities to govern in new and better ways, as well as to roll out services that weren’t possible just a few years ago. Cities of all sizes can help drivers respond more quickly to traffic congestion problems, predict where the next crime hot spot will occur, track pollution problems and give citizens the kind of engagement that builds trust.

But some of the technologies that make all this possible collect data that worries privacy groups. The American Civil Liberties Union has been particularly vocal about the inherent privacy risks that today’s high-tech tools can trigger. That doesn’t surprise Peter Swire, who is a leading privacy and cyberlaw scholar, and currently a law professor at the Georgia Institute of Technology. “For smart cities, a huge range of applications involve personal data,” he said.

Cities are increasing their dependence on online services and cloud storage, which is cause for concern, according to Swire, who was the country’s first chief counselor for privacy in the U.S. Office of Management and Budget during President Bill Clinton’s administration. At the same time, cities are ramping up the number of applications that involve personal data. “You’ve got license plate information, body-worn cameras, facial recognition technology,” he said. “Cities are also proposing to build applications that use sensors, which can collect identifiable information.”

In another trend that worries privacy advocates, cities are allowing more third-party firms to provide services, such as e-scooters and bikes, as well as public Wi-Fi, some of which are advertised as free, but often require a person to download an app to their phone, which can identify the person’s location or capture other forms of personal information, in return for use of the service.

While it may sound like a service, the company’s business model could have more to do with collecting information about people than with the service itself, according to Armbruster. “Cities need to make principled decisions about the kind of data the company collects, how it is handled,” she said. “It’s our responsibility to our citizens to know what data these firms are collecting and we have to make a smart decision on whether to allow others to collect it.”

Two Game-Changing Privacy Laws

While privacy concerns in local government have been growing, two recent events have thrust the issue to the forefront. In May, the European Union began enforcing the privacy rule known as the General Data Protection Regulation or GDPR, which gives EU citizens control over their personally identifiable information.

Few local governments expect a significant, direct impact from GDPR, but the regulation has raised public (and internal government) awareness about personal privacy. However, GDPR does affect private online service firms, which have had to apply much more strict privacy guidelines to their operations than they have in the past. “It means that companies are learning to do privacy impact assessments and provide other protections required by GDPR,” said Swire. That’s going to raise expectations among citizens to receive the same level of privacy protections from local governments as they now receive from private online services.

In June, California passed a major privacy bill that allows consumers to ask companies what information they are collecting on them, why it was collected and which third party has received it; and they can demand that the information be deleted and not sold. Companies that have collected the information can charge a fee from users who opt out of sharing their data to collect any lost revenue, as long as it’s reasonably related to the value provided by the consumer’s data. With California taking the lead on strengthening privacy protection, other states are likely to follow, say experts.


Santa Clara County Chief Privacy Officer Mike Shapiro hopes to capitalize on his Silicon Valley location and start a center of excellence focused on privacy.

Enter the Local Chief Privacy Officer

Regardless of what happens at the state level, cities and urban counties are beginning to take steps to protect privacy at the local level. Seattle was the first city to hire a chief privacy officer (Armbruster is the second person to hold that position). In April, New York City Mayor Bill de Blasio appointed Laura Negrón as the city’s first chief privacy officer. She has been tasked with working across city agencies to promote new citywide protocols around the collection, disclosure and retention of personally identifiable information, as well as to centralize how policies and procedures regarding privacy are to be handled.

Few other local jurisdictions have hired CPOs so far, but in 2017 Santa Clara County, Calif., appointed Mike Shapiro as its first privacy officer, and one of the first to work for a county. Shapiro has an extensive background working on privacy issues in the private sector and consulting with federal and state agencies. The big issue facing local government, according to Shapiro, is the development of privacy policies that are consistent across a government at a time of rapid growth in data-driven projects.

“The challenge is how to take the large amounts of information we collect for constituents and serve them better while also protecting privacy rights and following the law,” he said.

Given Santa Clara County’s location in the heart of Silicon Valley, Shapiro believes the county can play a lead role in fashioning privacy policies and best practices that draw on the strengths of local high-tech firms, academia and government. He hopes to start a privacy center of excellence that will foster the kind of dialog that can balance privacy with digital commerce and good governance.

But Shapiro’s more immediate mission is to create privacy best practices within county government that balance the need to share information with the need to protect it. The county is in the early stages of developing big data sharing projects, so now is the time to build privacy into project management and work processes, not afterward.

To get the ball rolling, he has launched an awareness campaign to educate staff on the different kinds of privacy risks and then promote best practices. Part of the effort is understanding how departments perceive privacy, as well as learning what they do with the data they collect, how the data is shared and when it isn’t, why not. Sometimes an agency’s desire to protect privacy can thwart projects that can serve people, Shapiro explained. Having the right conversation with the right people can overcome roadblocks to data sharing that don’t compromise privacy rights.

In addition to training to raise awareness, governments like Santa Clara County and Seattle are following the lead of private companies and have begun to conduct privacy impact assessments on new projects. Impact assessments are required for federal IT systems, according to Swire. “The key is to have someone with privacy expertise examine important systems before they are deployed,” he said. “That would be a good practice for local governments.”

Swire also advises local governments to have standard contract clauses for IT procurements that provide privacy requirements. He cites California’s new law as a reason why local governments need to be more careful when it comes time for IT acquisitions, especially those that involve vendor access to data. “Cities should think carefully about it before they agree to let vendors sell citizen data,” he said.

Up the Pacific Coast in Seattle, Armbruster’s role as the city’s CPO has taken on greater significance. The fact that the city council passed a resolution that “privacy is a human right” is an indication of just how important privacy has become. She runs an office of four, which operates out of the city’s Department of Information Technology, and functions citywide, overseeing and managing privacy policies and procedures.

“From the beginning, it’s about education and bringing people along the journey to understand privacy,” said Armbruster. Her office has set up a network of privacy champions in every one of the city’s 33 departments. The champions attend regular meetings on privacy, act as a resource on the topic, and some are going through a certification program run by the International Association of Privacy Professionals. Finally, all city staff must participate in standard security and privacy training on an annual basis.

While some workers might grumble about the training process, Armbruster says it’s crucial to making privacy part of how workers think about information on a daily basis. “You have to build the awareness of privacy or it doesn’t make sense,” she said. “We do that by making the need for privacy relevant to individuals, so they are aware of the impact when privacy gets lost.”

Armbruster and other privacy experts emphasize the importance of making privacy an integral part of the process when it comes to program development and IT deployment. Having a review system that tries to catch privacy issues at the end of the process is a recipe for disaster. Instead, Seattle, Santa Clara County and a few other jurisdictions are learning how to build in privacy by design. “This is a very well-known concept, in which you build privacy into the organic process of building systems,” said Armbruster.

When it comes to technology itself, Armbruster keeps an eye on cloud services, although she feels that cloud providers are getting better at providing a service that builds in sound data protections. She also worries about shadow IT — those so-called “free” apps and storage services, such as DropBox, which employees will turn to because they are familiar with them outside of work. “People have to understand that free is not free,” she said. “In our position, it’s not ‘your’ data that is sitting in some third-party cloud storage service, it’s citizens’ data or the city’s data.”

Finding That Balance

As more local governments develop and launch smart city projects, it’s becoming increasingly clear that conversations and strategies around privacy need to start happening sooner rather than later. While today’s game-changing projects often involve sensors that collect data that may not identify individuals, too often cities are offered an on-ramp to smart city innovation from a third party that has data collection about individuals at the heart of its business plan.

Knowing an individual’s location has proven to be a gold mine for companies that market products and services. This year, marketing firms are expected to spend $20.7 billion on geo-targeted mobile ads and $32.4 billion by 2021, according to BIA Advisory Services.

In Seattle, Armbruster says companies approach the city regularly about a new service they would like to offer for free, but when questions are asked, it is soon clear that what they want is information about people “to feed that big marketing cloud in the sky,” she said. “Lots of ‘free’ apps aren’t free because they are collecting data about the individuals who use them.”

Local governments need to have serious conversations with vendors when it comes to smart city projects. Rather than say no and kill the project over privacy concerns, Armbruster advises city officials to talk with the department that might want to roll out the service in conjunction with a vendor and see whether the data it collects could be useful at the block level or census level, rather than at the individual level.

What it comes down to, according to Swire, who has studied the impact of technology on privacy for decades, is “that every smart city project needs a smart privacy plan as well.”

Correction: An earlier version of this article incorrectly identified the university where Peter Swire works. It is the Georgia Institute of Technology, not Georgia Tech University.

*The Center for Digital Government is part of e.Republic, Government Technology's parent company.

With more than 20 years of experience covering state and local government, Tod previously was the editor of Public CIO, e.Republic’s award-winning publication for information technology executives in the public sector. He is now a senior editor for Government Technology and a columnist at Governing magazine.