Agency training:
The state Office of Privacy and Data Protection holds regular training sessions. Please check back regularly for new webinars.
- Washington’s Data Breach Notification Law for State and Local Government (April 30, 2020)
- Washington’s Approach to Regulating Facial Recognition (May 28, 2020)
- Contact Tracing in Washington State (June 30, 2020)
Additional Resources
- State and Local Government Breach Assessment Form: Use this form to determine whether an incident is a breach that requires notification. Any unauthorized use or disclosure of Personal Information may be a breach that requires notification under the Washington state data breach notification law (RCW 42.56.590). The factors in the assessment help with the breach determination.
- Categorizing data for a state agency: Under the Office of the Chief Information Officer policy 141.10 (Securing Information Technology Assets), state agencies must classify data into categories based on the sensitivity of the data. This checklist helps Agencies determine what type of data they are collecting and the proper handling of that data.
- Minimizing data collection: Today, many organizations believe that the more data you have the more valuable it is. However, the over collection of personal information can dramatically increase the potential harm to individuals in case of a data breach. In addition, collecting unnecessary or indirect information that is loosely tied to a purpose is increasingly viewed as exceeding the scope of consent.
- Privacy by design: Privacy by Design is a concept that privacy measures and considerations are made throughout the entire process/ product development lifecycle. This approach helps to design more secure systems because privacy mechanisms are baked into the process as opposed to layered on top of a finished product built without privacy in mind.
- Agency GDPR checklist: While it is most likely state agencies will not come under GDPR scrutiny, it is still important to know the risks and how to avoid them. This checklist provides some quick points for state agencies to consider related to the European General Data Protection Regulation (GDPR).
