Ad Hoc Advisory Committee on Privacy and Data Retention
June 12 th , 2014 Hearing Room 4 1 Frank H. Ogawa Plaza, 2 nd Floor 6:00 PM
Meeting Notes-There was no Quorum so these notes are purely for review purposes. 1. 6:00pm Call to Order and determination of quorum There was no quorum, attendees included: Jesper Jurcenoks (chair), Rick Johnson, Matt Cagle, Aestetix, Phil Wolff, and Nadia Kayyali. 2. 6:03pm Approval of amended Minutes from May 1 and May 8 Meetings. May 8 th minutes included discussion on Brown Act. Those changes are not showing up on the minutes. 3. 6:05pm Approval of Minutes from May 22 Meeting. May 22 nd minutes: item 3, the ACLU letter was not attached, Item 5: EFF issues, the motion was by Linda, not Brian. 4. 6:15pm Comments on Narrative for 'Purpose of the DAC' Purpose of the DAC: the statement written by Jon Wactor was reviewed. - Phil says that the purposes listed are really broad - Look at the color coded document under #3 to come up with the draft that Jon came up with - Phil says there is language here that doesnt add value or isnt in compliance with law. - Jesper says that the original intent of the city was to ride on the coat tails of the port for more than the scope approved - They mean data when they say information - When does the EOC get activated? - It doesnt mention the core values in there - Other police agencies is a point of concern - Look at the Purpose on each of the PPT presentations given by city staff for some guidance. They are on the wiki - Seems like a law enforcement purpose, not a privacy group purpose - Everyone only wants 24 hours in the DAC according to Fire, Police and the Port - Broaden the mission statement: allow them to trigger response and then also protect constitutional rights and other constraints 5. 6:25pm Status on outstanding Data Requests by Joe DeVries Joe DeVries indicated a lot of information came in that day and/or was on its way. He would try to compile all of it and send out as soon as possible with a goal of three business days after the meeting (similar to the minutes). He also noted he will be asking Joanne McNabb from the Attorney Generals Office to come to speak soon. No other speakers lined up yet. 6. 6:35pm Review submitted input to Policy Strategies and suggest further strategies. (Updated Policy Draft Attached) Jesper noted some colors have changed since the last meeting. DAC isnt a department; it is just part of existing departments and the EOC. The EOC is not 24 hours while DAC is. Data sharing is an important area to cover thoroughly EOC rep: Kathy Eide: Activation is an incident in which multiple agencies, etc. work together. EOC is simply about resource coordination. There are no 911 calls coming in there. It is a central hub for people to provide resource requests. If the city cant handle it, then it is sent to another resource area. EOC is all about resources and mutual aide.
The EOC could contain up to 100 people at the maximum point of activation. It often may take time to get staff there since, during an emergency, people are coming from all over the Bay Area. Kathy Eide will send us a presentation of the EOC. She encourages folks to check out FEMA resources as well.
Several Members asked if they can they get a tour of the EOC? Kathy Eide indicated that no one is allowed in the center without the proper clearances. The members asked where are the EOC security policies coming from especially related to background checks. It was noted that access is granted by EOC director. Level 3 security clearance is important. Is there a process they can go through to be provided clearance to the EOC, the committee members would like the policy on this and they would also like to get clearance as well. The members also want a glossary of all commonly used City acronyms.
7. 7:00pm Prioritization and selection of subjects for sub-committees: Citywide privacy policy outside of the DAC [can they do that?] Do other cities have all encompassing privacy policies? Nadia stated that Berkeley has some but not all encompassing. There might not be any cities that have general privacy policies They often are interested in law enforcement only. Subcommittee tasks would be done by: Prioritization: will do later including adding another committee: map of the territory and organizing all the data; construct a clear description of what is the DAC and how it operates especially as it relates to public info and info about people. Phil and Nadia will likely be on that committee [not officially made yet because there is no quorum] Data sharing: they want info that is still outstanding, Nadia noted she wants her PRA info faster and will ask Joe to help with that. They want to see the mutual aide and data sharing agreements but Jesper said that he doesnt need to see that in order to write this into the DAC o Draft Answer to the Privacy Officer Tasks as defined May 8: Recommendation for a City Privacy officer. What does a privacy officer do in Silicon Valley companies? What would the functions of a Privacy officer be in a setting like the City of Oakland? Are those functions covered today by other functions in the City of Oakland? What would be the benefits to consolidate these functions in a single person? Would such benefits outweigh the added cost. Additional Question to be answered: Can the Privacy Officer function be addressed by a Standing Privacy committee? Who would be on such a committee and how would it be assembled? o Citywide Privacy policy Should the City have a Privacy policy for other areas than the DAC? If Yes - can the entire city be covered by a single policy or do we need a different structure? (Privacy policy framework?) o Draft Adaption of Electronic Frontier Foundations 6 Principles to a Municipal Setting o Draft Wording on Prevention of Abuse o Draft Wording on Data Minimization o Draft Wording on Data Sharing Agreements o Draft Wording on Metrics o Draft Wording on Transparency 8. 7:30pm Pick Top 3 Subjects for sub-committees and appointment of members, and set deliverables for next meeting.
Data sharing: there are differing opinions on whether or not the city wants to share the data. They are interested in reporting of who data was shared with. Nadia does not want to be part of the group that helps put the data into city language. She will focus on the language discussing data cleaning up. Jesper will update the list of things that Joe is supposed to update. Asethetix went to a conference in DC which was mostly focused on DC and federal government and he saw that the government was really broken out east. He was proud of Oakland and our progress on this. Take our ad hoc group as a point of pride that we are doing the right thing.
Jesper says that Oakland is a good place to make an example. Nadia doesnt think that is possible but is excited to try.
Legal technical question: is there an email on server question and length of keeping it? Is there a different requirement for video? 6 months is the requirement if there is no incident. It is a state requirement.
Law generally says that records held by the city must be kept for 2 years. Attorney will look at other regulations that say that some things can be kept for less time than that. Phil will follow up.