You are on page 1of 20

MATT CAGLE

BRI AN HOFER
RENEE DOMI NGO
PII 101
Everything you wanted to know but were afraid
to ask
• (a) The term "personally identifiable information" means
individually identifiable information about an individual consumer…
First and last name, Physical address, Email address, Telephone number, SSN, etc.
• California Online Privacy Protection Act - Cal. Bus. & Prof. Code Sec.
22577
• “any information that identifies, relates to, describes, or is capable
• of being associated with, a particular individual, including, but not
Limited to… his/her name, signature, social security number, physical
Characteristics or description…insurance policy number, education, employment,
employment history, bank account number, credit card number, debit card
number, or any other financial information, medical information, or health
insurance information…..
• CA Data Breach Law - Cal. Civil Code Sec. 1798.80
What is PII?
Unique identifiers
• “A unique identifier or Internet Protocol address, when that
identifier or address is used to identify, relate to, describe, or be
associated with a particular user or book, in whole or in partial
form.”
• CA Reader Privacy Act - Cal. Civil Code Sec. 1798.90
Location data
Biometric
Information
Why This Matters: The California Constitution
•Art. 1, Sec. 1. All people are by nature free and independent and have
inalienable rights. Among these are enjoying and defending life and
liberty…and pursuing and obtaining safety, happiness, and privacy.
•“The proliferation of government snooping and data collecting is
threatening to destroy our traditional freedoms….
Computerization of records makes it possible to create “cradle-
to-grave” profiles on every American.”
1972 Voter Pamphlet, Proposition 11
•“Fundamental to our privacy is the ability to control circulation
of personal information.” 1972 Voter Pamphlet, Proposition 11
TRANSPARENCY
OVERSIGHT
ACCOUNTABILITY
Government Programs/Projects that
utilize or may utilize PII must provide for:
WHY THERE IS CONCERN
REGARDING PERSONALLY
IDENTIFIABLE INFORMATION
BY COMMUNITY GROUPS?
PII 101- A Community Leader’s View
• In July 2013, the Oakland City Council voted to authorize
funding and build-out of the Domain Awareness Center.
• Oakland has no city-wide privacy policy, nor data
retention guidelines in place
• As a condition precedent to activation of the DAC, the
Council required implementation of a privacy and data
retention policy.
City of Oakland, CA
Domain Awareness Center (DAC) Project
• A group of civil liberties minded community members
formed Oakland Privacy Working Group in response to the
July 2013 City Council vote.
• In partnership with groups like the ACLU and EFF, they
successfully raised awareness about the inherent risks in the
project to both the community at-large and the City Council
itself.
• On March 4, 2014, the City Council voted to create a citizens
commission charged with drafting the DAC Privacy and Data
Retention Policy.
• Opponents of the DAC project including Oakland Privacy
Working Group, ACLU, and EFF, were appointed to the
committee.
• As a result of this collaborative process in partnership with the
DAC Staff, the committee has created certain provisions and will
request Council approval
The Do’s and Don’ts from a Local
Government Perspective
THERE WAS NEVER ANY PLAN FOR THE OAKLAND DAC TO
COLLECT PI I I NFORMATI ON
• THE TERM " PERSONALLY I DENTI FI ABLE I NFORMATI ON"
MEANS
I NDI VI DUALLY I DENTI FI ABLE I NFORMATI ON ABOUT AN
I NDI VI DUAL CONSUMER…
FI RST AND LAST NAME, PHYSI CAL ADDRESS, EMAI L
ADDRESS, TELEPHONE NUMBER, SSN, ETC
Do’s
 If you are the First.....Involve the Community and any Subject Matter
Groups Early
 Ensure a High Level Transparency, Oversight and Accountability
 Do Educate the Leadership, Public and Community
 Be Willing to Listen and to Compromise
 Build Trust
OVER CONCEPTUALIZE
UNDERESTIMATE
DISCOUNT YOUR TIMING
Don’ts
Informed Public Debate About How Surveillance Technology Relates to
Community Members’ Information
Informed Decisions by Local Leaders
Privacy and Retention Policies for All Surveillance Technologies
Ongoing Oversight & Accountability of Its Use
PII 101
Recommended Process to ensure Success
which =Transparency, Oversight, & Accountability