As digital technologies and data collection become more tightly integrated with daily life and business operations, managing the privacy implications can become overwhelming. What if you suspect you’ve been hacked? How can you ensure your organization’s data policies aren’t violating anyone’s privacy? And what, if anything, should you be doing about this GDPR thing that keeps popping up in the news?
Alex Alben, Washington state’s chief privacy officer, said his office’s forthcoming “Privacy Checklists” tool will answer all those questions. The tool will launch in beta as a starting point for individuals, businesses and governments that want an easy guide to the best data privacy practices available, Alben said.
“Our charter is to promote best practices throughout the state, which is not only state agencies but also local governments, as well,” he said. “And local governments sometimes don’t have any resources when it comes to implementing data management or policies.”
The tool will include about 40 searchable checklists across a range of common privacy topics and scenarios. There are simple checklists for things like turning off location tracking on a mobile device, and more complex guides for things like creating a data security plan or threat modeling.
With the fast pace of technological change, particularly in the software and data security fields, the tool is designed to provide a single source of trusted information for people and agencies that might not have the time or funding to compile their own privacy frameworks from scratch.
“We’re doing the legwork and also doing the research, because I don’t think it’s realistic to expect that the staff of an agency or a city department will know about either current privacy law or what are considered to buy best-of-breed policies,” Alben said. “And so we’ve done that work and tried to package it in a way that is super useful for them and super easy to identify.”
Checklists can be viewed online or downloaded as PDFs, with generalized best practices that can be applied in other states. The catalog is searchable and expected to grow as Alben’s office collects feedback and new content during the beta period.
The idea was prompted in part by talks with local business associations that wanted advice on meeting industry standards, Alben said. Through collaboration with the University of Washington’s Technology Law and Policy Clinic and the state Office of CyberSecurity , Alben said the collection of checklists represents the start of a mission to build a “community of best practices.”
Alben says the tool isn’t meant to be an end-all, but a starting point for collecting data and getting organized around and topic that is fast evolving in the face of new internet of things technologies, security threats, and data analytics.
Republican State Rep. Norma Smith, who wrote legislation expanding the powers of Alben’s office, said government’s data privacy concerns range from the federal government down to diking districts.
“You’ve got all of these folks for whom data collection has become an important part of their functionality and yet the risks that go with creating those depositories of data have clearly increased,” she told StateScoop. “We’ve seen that in situation after situation after situation of breach and compromise.”
Managing data privacy has been a challenge for government for decades, but has become of growing interest in recent months, particularly in light of the European Union’s new General Data Protection Regulation, which aims to give consumers in more than two dozen countries more control of the online personal data they give to companies. The policy may not directly affect U.S. government agencies, but the requirement’s wide reach across the private sector underscored a trend that has been advancing at a growing clip in the last five years.
“The big data economy has grown so rapidly that its capacity and capability has moved exponentially, light years ahead of government’s ability to keep up as it relates to changing the protocols that were implemented five, 10, 15 years ago,” Smith said.
The chief privacy officer role first started appearing in the private sector around 1999, and governments started instating their first dedicated privacy officials several years later to help manage the risks that had begun to emerge around a growing data economy. Ohio created one of the first statewide chief privacy officer roles in 2007 but the idea remained relatively unexplored in the public sector until fairly recently.
Today, as data programs mature in state government technology offices, leaders are finding that their data capabilities are expanding and the need for mature privacy policies is growing along with them. Arkansas just announced the hire of its first chief privacy officer earlier this month as the state prepares to move beyond the early inventory phases of its data efforts. New York City hired its first CPO this year, Seattle hired one last year , and with a heightened demand from the public for effective cybersecurity and data governance, these officials are being kept busy like never before.
Washington’s chief privacy officer says his role is more than just a way to manage a growing technology portfolio inside of government — there’s a broader social mission, too.
“I’m as concerned as the next person how my data is being used without my knowledge or without my consent,” Alben said. “But I’m not in the camp of ‘privacy is dead.’ I’m in the camp of ‘our privacy is under attack and we need to do something about it.'”