As municipal systems from transit to public health become ever-more data driven, cities have been attempting to sort out the privacy issues that come with collecting so much personal information. It’s no small task — “granular” data (i.e. raw and record-level information) is the most useful for policy and research purposes, but it also contains the most detailed personal information, which carries the most risk in the event of a breach.
Santa Clara County, home to Mountain View and San Jose, has announced the hiring of a chief privacy officer to oversee its more data-driven efforts. The position, filled by U.S. Army veteran and security expert Mike Shapiro, is a new one for the Silicon Valley county — and according to San Jose Inside, its a relatively new position in general. The county is reportedly one of the first in the country to hire a privacy specialist in a designated municipal role, though many cities have embraced chief data officers (CDOs) to oversee their numbers-driven programs.
Creating the office was “the logical next step” for the county, Santa Clara County Supervisor Joe Simitian said in a statement.
“Santa Clara County, as a government, collects sensitive and personal information, including health, financial, voting and criminal records,” he said. “With Mike Shapiro on board, I’m hopeful that we can become a national leader – in not only protecting that information from outside assault, but in handling it appropriately within the county.”
Some of the first projects Shapiro will tackle include privacy-related aspects of the county’s surveillance ordinance amendments, whistleblower confidentiality requirements, patient protections and data-sharing policies.
As Next City has covered, even many of the international frameworks that exist to protect individual privacy probably don’t go far enough. And while we imagine data breaches being most dangerous at the federal level, they could have potentially disastrous consequences on a municipal scale as well because of the kind of information cities are collecting. Take crime data around sexual assault, which can be a powerful tool for research and advocacy. If that data were breached and somehow made public, it could lead to victim re-identification.
So the creation of a chief privacy officer post does seem like a logical next step for cities and counties. Like the CDO position, it will probably spread.
Rachel Dovey is an award-winning freelance writer and former USC Annenberg fellow living at the northern tip of California’s Bay Area. She writes about infrastructure, water and climate change and has been published by Bust, Wired, Paste, SF Weekly, the East Bay Express and the North Bay Bohemian.