The state of Washington's Office of Privacy and Data Protection has launched a "privacy modeling" web app, which allows government agencies aiming to initiate various programs and products to find relevant state and federal privacy laws and, ostensibly, make smart choices based on those parameters.
Sometime this week, said Washington Chief Privacy Officer Alex Alben, the office will release the app's source code on GitHub so other state agencies can adopt their own versions.
The way it works is pretty simple: A program manager selects from 31 types of personally identifiable information he or she may be using or hoping to use (Social Security number? Financial information? Video-tape rental data?). Then the program manager is asked to choose from seven different fields specifying how they might use that PII (Are you going to share the data? Publish it? Simply provide services with it?). The results yield the various state and federal laws which may apply given the product or service concerned, and a dashboard displays a red, yellow, or green light, indicating either that the agency should be legally safe collecting and handling the data in the given context or, in the case of a red light, that collecting or using data in the specified way would violate law x, y, or z.
The idea is that it's straight-forward and easy to use, so the program manager need not be someone with technical expertise to effectively use it. The app does not, however, aim to supplant legal advice.
"It's not a lawyer in a box, it's not a privacy expert in a box. We were trying to solve this problem of scale," Alben said. Across Washington's 50 government agencies, there simply aren't the resources to put a privacy agency in every one. So the question behind the app was, "How do we answer people's questions and put them on the road to designing products and services with privacy in mind?"
The app, then, is meant to be a starting place. It's also meant to simply promote an awareness of privacy by design, Alben said. It's not mandatory that agencies use it, but, "We are offering it as a tool that can supplement your product design."
The app was built with a grant from the William and Flora Hewlett Foundation as part of its Cyber Initiative. It took about six months to build, and a team of legal advisors, privacy lawyers, and developers collaborated on it.
While the app is obviously built on a database of state and federal laws applicable to Washington's state agencies, in releasing the source code Alben hopes other states and organizations are able develop a database of the laws that apply to them.
"The product is sort of simple. It's a search engine with a filter, and the database is simple. It's an excel spreadsheet," Alben said. "The time, and I hope value, we added was we did go and look at these laws and interpret when certain elements of these laws were triggered."
He added he'd be willing to spend time with other states interesting in using Washington's source code to build a similar tool for their own state agencies.
After a couple months in beta, Alben is pleased with the app's performance.
"The tool works really well," he said. "It does what it says it does. It's a very stable web application."
What's been interesting, he said, is the way agencies are using it so far:
"Some agencies have told us, 'We love to use this all the time' because they just want a rudimentary understanding of the kinds of things they can do with the personal information they collect. Others have said, 'I don't want to use this because my lawyer will get mad at me.' I think for those people the answer is: The tool is what it is. It doesn't pretend to do legal reasoning, yet it does provide value if an organization wants to use one of these 31 types of personal information in the ways that can be discovered through privacy modeling."
photo credit: Pierre-Marie BROU Key on Board via photopin (license)
2 Comments
If you want to comment on this post, you need to login.