• The principles affirm that the city values privacy as “an inherent human right” and that it commits to “fully evaluating risks to your privacy” before collecting, using or sharing residents’ information. The city will “collect only what we need” to deliver and improve services and comply with the law. It will be “open and transparent” about the information it collects, why it collects that information and how it is used. It will “give you control over your data,” providing residents with the information necessary to make informed decisions about data sharing; and visibility into data the city has already collected. It will “share only what we need,” and anonymize most information before sharing it outside the city. Business partners and vendors who receive or collect PII from the city or on its behalf will be held to privacy agreements. San Jose will also “design for privacy and security,” integrating privacy and security into its designs, systems and processes — and committing to updating its tech and processes to safeguard information.
City Hall’s timeline calls for filling one position to work on the policy, then drafting the policy over roughly three to six months — potentially seeking City Council approval in late summer or early fall 2020. Once the policy is in place, Beckel told Techwire the city will “start iterating through our privacy impact assessments” to better understand its effects on city processes and technology.
“It’s important to maintain people’s trust in the city and so we have to implement privacy in our people, process and systems the right way; and that will come from the privacy impact assessment and then it will require a real effort and change within the city,” Beckel said.