Washington shines a spotlight on privacy

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By Sara Friedman
 

Connecting state and local government leaders

By Sara Friedman

|

Washington state Chief Privacy Officer Alex Alben is helping agencies become more sensitive to privacy concerns surrounding state residents' personal information.

Washington state Chief Privacy Officer Alex Alben is encouraged by growing public interest in data privacy and is working with agencies to more responsibly manage the data they collect on residents. Alben spoke with GCN about his efforts to educate state agencies on improving privacy practices.

Alben’s answers have been edited for length and clarity.

How does Washington protect the privacy of residents' data?

Over 40 states including Washington have some sort of data breach notification law, but we have specific laws that deal with certain data types.  For example, last year the state legislature passed two laws that covered biometric identifiers, which is your DNA, fingerprint or voiceprint. 

The legislature thought it was important to get ahead of the curve with this kind of data since it is so valuable and personal.  We have one law that governs what state agencies can do with biometrics, and we have another that is a consumer protection law, which sets out a framework for what companies can do with biometric identifiers.

How are you educating agencies around data protection issues?

One of our initiatives is to promote the concept of data minimization.  Many states across the country still collect lots of information about their residents thinking that information might come in handy one day.  Now, we live in an age where it is very easy to collect information and store it.  As a result, it is critical that we shift our mentality and only collect the kind of data that we need to in order to provide a specific service or transaction for a customer or resident.  It is a big shift because it means that we will collect a little less data, but it will be much easier to manage that data.  Data minimization isn’t unique to us, but it is a core privacy principle that we are trying to distill throughout the state.

What tools have you developed to help agencies manage privacy?

When I came into the office in 2015, it became apparent that I could give talks to different agencies, but we needed to create some tools to help them realize their goals.  The first tool that we developed was a privacy modeling app.  Many people dealing with data didn’t know what the laws were, if any, that applied to that data. Therefore we put together a web-based application that calls on a database of state and federal laws that pertain to privacy.

This tool enables a user to look up a specific concept or use case and find the ways that privacy laws apply.  For example, if you wanted to use a Social Security number and publish it somehow, the application would tell you what the state and federal laws applied to Social Security numbers and if there were restrictions based on the laws that exist in the state of Washington and the U.S. 

The tool establishes a baseline understanding of privacy laws for agencies building an application or a new service.  In regards to specific kinds of data like health care data, our state health care agencies know the federal HIPAA law very well, so this application isn’t designed for someone who has that expertise.  But for the person or programmer who wants to understand if there are laws that apply to certain kinds of data, privacy modeling can be a useful tool.

The next application that we are launching is privacy checklist.  I can advocate privacy best practices in talks, but it is not specifically helpful when an agency or local government is trying to adopt these practices with respect to certain aspects of data.  For example, there are various ways to do data sharing.  You can hand someone a hard drive or you can make them sign an agreement on how long the data is going to be used and kept. 

This application generates a checklist of best practices that is specific to the user query. When someone types "data minimization" into the search bar, it will give the user multiple checklists that have to do with data minimization. The overall goal is to put the tools in the hands of the users to let them manage the details when it comes to privacy.

When will the privacy checklist to go live?

We are doing a beta test first of the checklist, and I would expect the beta test to roll out in an about a month. We are working with an outside developer in Seattle on both of these projects.  We received funding from the Hewlett Foundation, which has  a cyber initiative and the work that we are doing fits under that initiative.

How do you see data protection standards evolving?

People move across borders and their data moves across borders.  A lot of our data is processed by computers and databases all of over the world.  It begs the question of whether we need an international standard for data as opposed to trying to fit this under little boxes of where the person happens to be at the time.  Thirty years from now, we are going to think that it is silly to have local laws governing data.

Will the European Union's General Data Protection Regulation protecting the privacy of EU citizens affect your office's operations?

It is hard to envision scenarios where an American state would monitor behavior inside the EU, but if it did then it would be subject to GDPR. We are educating agencies what GDPR does. 

Part of the role of our office is to educate consumers.  We also work with the legislature on creating new laws that will protect the data of Washington residents. There is a growing realization that people don’t have much control over the data collected about them.  This has come to bear in the Equifax breach and recent Facebook controversy.  We are finding that people are very upset about how their data is being used without their consent. 

GDPR is going to raise the bar for data protection.  First, it will happen in Europe, but we do see some American companies saying that they will apply the GDPR principles across the globe even to their users in the U.S.  I find that kind of thing very encouraging because it means that Americans will enjoy more data protections.  This will also increase pressure on Congress and state legislatures to improve data protection for American citizens.

NEXT STORY: Uncrackable encryption could be on the horizon

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.