August 17, 2020
The Office of Privacy and Data Protection (OPDP) has several new initiatives underway including Washington State Agency Privacy Principles and a new state agency Privacy Assessment Survey.
We anticipate finalizing the privacy principles for agencies by this fall. The intent is to guide agency practices to maintain public trust. Many services provided by state government require the collection of personal information. Public agencies have an obligation to handle personal information about Washington residents responsibly, fairly and transparently.
The Privacy Assessment Survey was sent to agencies earlier this month. OPDP is required to conduct an annual privacy review under RCW 43.105.369. The review provides policymakers with a valuable snapshot of practices, progress and risks regarding the use and protection of personal information entrusted to state agencies by Washingtonians.
Agencies with questions about the survey should contact our office at privacy@ocio.wa.gov.
Our office will host two WebEx meetings (links will be sent out soon) for state agencies to walk-through and answer questions about the survey:
- Thursday, Aug. 20, 2020 10-11 a.m.
- Tuesday, Sept. 1, 2020 2-3 p.m.
OPDP also held its quarterly State Agency Privacy Forum in August to review the proposed data principles. Plus, we gave a presentation on the 42 CFR Part 2 changes that were enacted under the CARES Act.
Other news items that caught our attention in the past month include:
- Virginia became the first state to release an exposure notification app (link is external) based on the Apple/Google API.
- An incorrect match from a facial recognition algorithm (link is external) led Detroit police to arrest an innocent man.
- There’s uncertainty after the EU’s top court struck down Privacy Shield, (link is external) a data protection framework that allowed transatlantic data flows.
- The U.S. House Subcommittee on Antitrust explored the connection between antitrust and privacy during a hearing with testimony from the CEO’s of Google, Apple, Amazon, and Facebook (link is external).
Upcoming OPDP events:
Privacy Assessment walkthrough for state agencies on Aug. 20 and Sept.1. The Privacy Assessment is available for state agencies to complete on www.ocio.wa.gov/communications.
Webinar on Decoding Deidentification for Public Agencies: Removing or masking identifiable information can help agencies protect privacy, reduce risk and meet legal requirements. OPDP’s Privacy and Open Data Manager Matt King is presenting. Join us to learn about the basics of deidentification, including:
- Key concepts like deidentify, reidentify, pseudonymize, aggregate and nonpersonal.
- The legal basis for deidentification.
- Methods of deidentification.
- Practical considerations for public agencies.
I hope you enjoy the last few weeks of summer! I look forward to sharing updates and news from our office soon.
Katy Ruckle
State Chief Privacy Officer
