Due to the current political climate at the federal level of government, municipal governments must take action to protect the personal data of their citizens. President Trump’s stated goal of deporting millions is to be achieved by moving Department of Homeland Security policy away from its policy of Priority Enforcement which focuses on deporting those convicted of crimes and re-establishing the Secure Communities program which allows for any person without valid immigration documentation to be subject to immediate deportation. This could change the way immigrants interact with their cities by causing them to avoid interacting with the state in any formal manner; avoiding school or work and preventing people from calling the police or fire department. This disruption in civic life should cause city agencies to take action to protect the data they hold regarding their residents. This policy could be the first of it’s kind in any government in the United States to enact the recommendations found in the Sunlight Foundation whitepaper, *Protecting Data, Protecting Resident*s.
Protecting Sensitive Data
Data pertaining to documentation status, national, or religious identity should not be collected unless absolutely necessary. If sensitive information is collected, the following recommendations can be used to protect data:
All forms asking for SSN, ITIN, nationality, or questions that could reveal non-English monolingual status should be limited. If collected, they should be stored in a way that prevents viewing of individual-level records.
Information should not be shared with less-protective third parties since US law offers less protection once data is removed from its original location.
Sensitive data should be encrypted to limit the potential for theft. Implementation of a differential privacy to protect sensitive data that needs to be collected. Enact data purge and data lifecycle policies pursuant to relevant CPRA statues. Reviewing participation/MOUs with Federal Agencies that may involve a transfer of sensitive data. Require that vendors do not transfer data to other agencies without the expressed written consent of the City.
Create an Inventory
Municipal departments should attempt to create a comprehensive picture of all of the ways that it shares information containing the status of individuals’ citizenship. Every department should inventory the ways it formally (via law or regulation) and informally (via phone or emailed request) provides access to the data it maintains. This should be built on top of the exciting SB 272 compliance dataset to review for sensitive information. These inventories should be publicly available so that citizens may know how their information is being shared. Policies limiting individual employee’s discretion on data-sharing should be created so that informal information sharing regarding an individual’s immigration status is not shared without specific legal cause to do so.
It is recommended that a municipal oversight body be created to oversee different departments’ data practices and advise on optimal data-sharing policy. A body consisting of both technology and legal experts would be best suited to determine the practicality or viability of any potential policy regarding data. This group would be responsible for determining compliance and oversight of any related policy.
The upcoming period presents unique challenges to municipal governments regarding their data-collection policies and practices. Following these guidelines will help city departments and agencies know they are doing all they can do to keep their cities, data, and residents safe.
Lack of financial services