Government Agency Resources

Home » Privacy » Government Agency Resources

Privacy Principles iconPrivacy principles


Washington State Agency Privacy Principles: The government performs a variety of functions that require personal information. Public agencies have an obligation to handle personal information about Washington residents responsibly and in a fair and transparent way. The purpose of this document is to articulate fundamental privacy principles to guide agency practices and establish public trust.

Privacy basics training for state employees

Washington State’s Office of Privacy and Data Protection (OPDP) is excited to announce its launch of the Privacy Basics for Washington State Employees training course.

The training is intended to be a privacy primer for all employees to understand what privacy is, why it’s important and how it is distinct from cybersecurity.

The course has three parts:

  • Intro to Privacy: An overview on personal Information, data categorization, and privacy harms and violations.
  • Privacy in the State of Washington: This covers privacy laws and policies, and state agency Privacy Principles.
  • Privacy in Practice: A deeper dive into agency and employee responsibilities, and privacy best practices.

OPDP Presentations

The state Office of Privacy and Data Protection holds regular presentations and training sessions. Please check back regularly for new webinars.

2022 Presentations (Archived video)

2021 Presentations (Archived video)

2020 Presentations (Archived video)

Additional Resources

  • Data Sharing Agreement Implementation Guidance: This guidance was created as one piece of a privacy and cybersecurity best practices report required by ESSB 5432 (2021). It is intended to help agencies successfully implement appropriate data sharing agreements to protect confidential information.
    1. Sample DSA for defined extract or system access: This sample DSA is one example of a data sharing agreement tailored for use when the sharing involves system access or a pre-defined extract that can be described in detail.
    2. Sample DSA for multiparty relationship with broad sharing: This sample is one example of a DSA tailored for use when there are several parties involved, and the nature of the sharing makes it infeasible to document each data transmission with specificity in the contract.
  • Sample data share template: The Office of Cybersecurity, in collaboration with our office and the state Office of the Attorney General will create a report on model data share terms and best practices later this year. Until then, agencies can use the Sample Data Share Template our office put together. The template can be modified for agency use. For additional information on the bill, please watch our webinar that we hosted with the Office of Cybersecurity on June 24, 2021. (Please also see the webinar slide deck)
  • Data Request Template: This form can be used to gather information about external requests for confidential information.  The form helps vet requests and ensure alignment with the Washington State Agency Privacy Principles and an agency’s mission. It is a valuable tool that can also be used to support broader data governance priorities.
  • 2021 Local Government Privacy Assessment Survey: The state Office of Privacy and Data Protection is asking local governments to fill out our voluntary privacy assessment survey to help us measure privacy maturity and needs across different levels of local jurisdictions. The responses will be used to help develop resources and training where they are most needed. The goal is to establish a common understanding of current practices, not to measure compliance with specific laws or standards. We appreciate your taking the time to respond to the survey, and helping to protect the privacy of Washingtonians. Please feel free to send any questions to
  • State and Local Government Breach Assessment Form: Use this form to determine whether an incident is a breach that requires notification. Any unauthorized use or disclosure of Personal Information may be a breach that requires notification under the Washington state data breach notification law (RCW 42.56.590). The factors in the assessment help with the breach determination.
  • Categorizing data for a state agency: Under the Office of the Chief Information Officer policy 141.10 (Securing Information Technology Assets), state agencies must classify data into categories based on the sensitivity of the data. This checklist helps Agencies determine what type of data they are collecting and the proper handling of that data.
  • Minimizing data collection: Today, many organizations believe that the more data you have the more valuable it is. However, the over collection of personal information can dramatically increase the potential harm to individuals in case of a data breach. In addition, collecting unnecessary or indirect information that is loosely tied to a purpose is increasingly viewed as exceeding the scope of consent.
  • Privacy by design: Privacy by Design is a concept that privacy measures and considerations are made throughout the entire process/ product development lifecycle. This approach helps to design more secure systems because privacy mechanisms are baked into the process as opposed to layered on top of a finished product built without privacy in mind.
  • Agency GDPR checklist: While it is most likely state agencies will not come under GDPR scrutiny, it is still important to know the risks and how to avoid them. This checklist provides some quick points for state agencies to consider related to the European General Data Protection Regulation (GDPR).

NGA Cybersecurity Policy Academy (Washington State Report)