2021 Local Government Privacy Assessment Survey
The state Office of Privacy and Data Protection is asking local governments to fill out our voluntary privacy assessment survey to help us measure privacy maturity and needs across different levels of local jurisdictions. The responses will be used to help develop resources and training where they are most needed. The goal is to establish a common understanding of current practices, not to measure compliance with specific laws or standards. We appreciate your taking the time to respond to the survey, and helping to protect the privacy of Washingtonians. Please feel free to send any questions to privacy@ocio.wa.gov.
Privacy principles:
Washington State Agency Privacy Principles
OPDP Presentations:
The state Office of Privacy and Data Protection holds regular presentations and training sessions. Please check back regularly for new webinars.
- Washington’s Data Breach Notification Law for State and Local Government (April 30, 2020)
- Washington’s Approach to Regulating Facial Recognition (May 28, 2020)
- Contact Tracing in Washington State (June 30, 2020)
- Decoding Deidentification for Public Agencies (August 27, 2020)
- Privacy Day presentation (Jan. 28, 2021)
- Privacy Assessment Survey Walkthrough (September 1, 2020)
- Keep Washington Working Act (Nov. 19, 2020)
- 2020 OPDP Reports (Dec. 17, 2020)
Additional Resources
- State and Local Government Breach Assessment Form: Use this form to determine whether an incident is a breach that requires notification. Any unauthorized use or disclosure of Personal Information may be a breach that requires notification under the Washington state data breach notification law (RCW 42.56.590). The factors in the assessment help with the breach determination.
- Categorizing data for a state agency: Under the Office of the Chief Information Officer policy 141.10 (Securing Information Technology Assets), state agencies must classify data into categories based on the sensitivity of the data. This checklist helps Agencies determine what type of data they are collecting and the proper handling of that data.
- Minimizing data collection: Today, many organizations believe that the more data you have the more valuable it is. However, the over collection of personal information can dramatically increase the potential harm to individuals in case of a data breach. In addition, collecting unnecessary or indirect information that is loosely tied to a purpose is increasingly viewed as exceeding the scope of consent.
- Privacy by design: Privacy by Design is a concept that privacy measures and considerations are made throughout the entire process/ product development lifecycle. This approach helps to design more secure systems because privacy mechanisms are baked into the process as opposed to layered on top of a finished product built without privacy in mind.
- Agency GDPR checklist: While it is most likely state agencies will not come under GDPR scrutiny, it is still important to know the risks and how to avoid them. This checklist provides some quick points for state agencies to consider related to the European General Data Protection Regulation (GDPR).
