Last week, Future of Privacy Forum (FPF) submitted comments regarding the National Coordination Office for Networking and Information Technology Research and Development’s (NITRD) Request for Comment on the Draft Smart Cities and Communities Federal Strategic Plan, published in the Federal Register on January 9, 2017.
FPF commended NITRD for its forward-looking guidance and the acknowledgement that privacy will play a key role in promoting trust in smart cities and communities. FPF believes the guidance and its emphasis on privacy is an important first step in building that trust.
The path forward for city/community innovation in both the U.S. and globally lies through data and knowledge-sharing, best practices, and collaboration. Federal support to advance secure, privacy-preserving data sharing is critical to achieving this goal. There are several key domains that are ripe for Federal support and should be considered for NITRD’s next steps: 1) de-identification resources, training, and expertise; 2) privacy risk assessment frameworks; and 3) formation of a network of privacy leaders for smart cities/communities.
One of the greatest risks of sharing government datasets or opening them to the public is the possibility that individuals may be re-identified or singled out from those datasets, revealing data about them that could be embarrassing, damaging or even life threatening. Governments and scholars have recently begun to tackle the difficult question of publishing and de-identifying record-level government data. For example, the City of San Francisco published the first iteration of an “Open Data Release Toolkit” in 2016. FPF and the City of Seattle are currently developing an “Open Data Risk Assessment” in collaboration with a community advisory board and local academics, to be published in July 2017.
Current Privacy Impact Assessments (PIA) practice includes detailed frameworks to help privacy professionals understand and quantify privacy risks. However, traditional private sector PIAs do not necessarily account for the unique risks created by smart city/community projects. Decision-makers must also assess, prioritize, and to the extent possible, quantify a project’s benefits in order to understand whether assuming the risk is ethical, fair, legitimate and cost-effective. Federally-supported guidance or convenings to help city/community leaders assess the sensitivity of particular data points would further strengthen city/communities’ ability to collect, use, share, and dispose of data in a consistent and privacy-preserving manner.
Currently, many local governments and officials lack the institutional resources and knowledge to assess and manage the range of privacy risks that might arise from the use of smart city/community technologies and services. Federal support for a network of city/community privacy leaders and a central repository of common tools, terminology, and training would enable privacy-preserving systems to scale across application areas and geographic boundaries.
The Draft Smart Cities and Communities Federal Strategic Plan is a productive first step in establishing a consistent path forward for smart city/community innovation. FPF looks forward to remaining engaged as the guidance evolves.