Privacy and data protection priorities expand for cities

The wake of the Cambridge Analytical scandal and the Equifax breach have focused attention on how big companies manage and protect personal data, including international efforts to update legislative regulations on privacy and data protection in times of big data and artificial intelligence. The use of personal data for finding business opportunities has been a core principle for Internet-age companies.

As the amount of information has been growing at an exponential pace, more companies have been able to capitalize from the use of personal data and behavior patterns of users. Our modern world is abundant with production of data and information collected by many entities, from government organizations, schools, hospitals, companies and data brokers.

How cities can lead the road for protecting people’s data?

Cities want to be ‘smart,’ connected, and data-driven, but in doing this many are unwittingly engaging in large-scale surveillance of citizens. Without greater transparency or accountability around these operations, cities risk a collapse in public trust. This represents a challenge because city services rely on information from residents to deliver services and residents rely on cities to protect their information. With cognizant data management protocols, in the time of big data and advanced data analysis, cities and residents can engage in new relationships where digital protection is prioritized at the same time data is used to develop and evaluate the next generation of city services.

Local and regional government organizations have a responsibility to revise their data management protocols, so they do not inadvertently undermine official municipal policy. While municipal data may not be collected, kept or shared with the intention of endangering residents -- newly vulnerable on the basis of their documentation, religious, or national status -- data may nonetheless come to be used that way.

To protect the civil and privacy rights of their residents most effectively, local governments need to consider their formal data collection, retention, storage and sharing practices, as well as their vulnerability to unsanctioned data theft. Cities need to start by defining clear principles around privacy and data protection that serve as guidelines to develop policies and new government practices and structures that prepare us for a data-driven future.

This is the first entry in a series of post on these topics. Stay tuned to learn about outcomes from a Data and Privacy Work Session with the Portland City Council next.