Resolution 15625CITY OF ALAMEDA RESOLUTION NO. 15625
ESTABLISHINGING A PRIVACY POLICY, DATA MANAGEMENT
POLICY AND PROHIBITING THE USE OF FACE RECOGNITION
TECHNOLOGY
WHEREAS, the Council of the City of Alameda finds and determines that:
A. The City Council of Alameda has an obligation to maintain the public's trust in how
the City collects, manages, and uses the public's personal data and the City
Council is committed to protecting the integrity of all personal data.
B. Data is a key asset in meeting the demands of a 21st century government, proper
data management can add value to the work of the City, but to deliver better
outcomes, data must be proactively managed and maintained much like the City's
capital and financial assets.
C. The use of face recognition technology has the potential to be intrusive and
impactful on residents, workers and visitors privacy in the community, resulting in
the need to clearly state the City's position on the use of this kind of technology.
NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF
ALAMEDA AS FOLLOWS:
Section 1. The City of Alameda Privacy Principles are attached as Exhibit A.
Section 2. The City of Alameda Data Management Policy is attached as Exhibit B.
Section 3. The Prohibition on Use of Face Recognition Technology is attached as Exhibit
C.
Section 4. This Resolution is effective immediately upon its approval.
Exhibit A
CITY OF ALAMEDA PRIVACY PRINCIPLES
Overview
Alameda is a diverse city with a history of active civic participation on issues of
privacy and surveillance. As we evolve, it is imperative that we learn from both
the positive and negative aspects of our past to build our future. Progress at the
expense of personal privacy and safety is unacceptable. We recognize the need
to protect the privacy of all Alameda residents as city services incorporate
emerging technologies.
Privacy is a fundamental human right, a California state right, and instrumental to
the safety, health, and security of all Alameda residents, and access by all
Alameda residents to city services. The residents of Alameda have a right,
regardless of the source or purpose, to know how their personal data collected
by the City is being used. We seek to safeguard the privacy of every Alameda
resident in order to promote fairness and protect civil liberties across all of
Alameda's diverse communities. In all situations, we pledge to handle personal
information in a manner that builds trust and preserves privacy and safety of all
Alameda residents. The following Privacy Principles guide our actions.
2. Design And Use Equitable Privacy Practices
Community safety and access to city services should not come at the expense of
the right to privacy. We aim to avert inequities by collecting information in ways
that do not discriminate against any resident of Alameda or any Alameda
community. When possible, we will offer clearly communicated alternatives to the
collection of personal information at the time of collection.
3. Limit Collection And Retention Of Personal Information
We believe that we should collect and store personal information only when and
for as long as is justified to directly serve the specific purpose for which it is
collected, such as to protect the safety, health, or security of Alameda residents
or access by Alameda residents to city services. We will continue our practice of
reaching out to Alameda residents for their views on the information we collect
and how we use it. We also will look for new opportunities for outreach.
4. Manage Personal Information With Diligence
The personal information of Alameda residents should be treated with respect.
We will handle all personal information in our custody with care, regardless of
how or by whom it was collected. To maintain the security of our systems, we will
review and regularly update software and applications that interact with personal
information of Alameda residents. Further, we recognize that deletion,
encryption, minimization, and anonymization can reduce misuse of personal
information. We aim to make effective use of these tools and practices.
Additionally, we will combine personal information gathered from different
departments only when we must.
5. Extend Privacy Protections To Our Relationships With Third Parties
Our responsibility to protect the privacy of Alameda residents extends to our work
with vendors and partners. Accordingly, we share personal information with third
parties only when necessary to provide city services, and only when doing so is
consistent with these Principles. We will only share data without disclosing the
recipient when it is required by the law.
6. Safeguard Individual Privacy In Public Records Disclosures
Open government and respect for privacy go hand -in -hand. Providing relevant
information to interested parties about our services and governance is essential
to democratic participation and civic engagement. We will protect the individual
privacy interests of Alameda residents and the City's information security
interests while still preserving the fundamental objective of the California Public
Records Act to encourage transparency.
7. Be Transparent and Open
The right of Alameda residents to privacy is furthered by the ability to access and
understand explanations of why and how we collect, use, manage, and share
personal information. To that end, we aim to communicate these explanations to
Alameda communities in plain, accessible language on the City of Alameda
website. We also aim to communicate this information at a time when it is
relevant and useful.
8. Be Accountable To Alameda Residents
Trust in our stewardship of personal information requires that we collect and
manage personal information appropriately, and that we create opportunities for
active public participation. We aim to publicly review and discuss departmental
requests to acquire and use technology that can be used for surveillance
purposes. We encourage Alameda residents to share their concerns and views
about any system or department that collects and uses their personal
information, or has the potential to do so. We also encourage Alameda residents
to share their views on our adherence with these Principles.
Exhibit B
DATA MANAGEMENT POLICY FOR THE CITY OF ALAMEDA
1. Purpose and Scope
The purpose of this data management policy is to create guidelines under which
the City of Alameda ("City") can proactively store, manage, and use data. Data is
a key asset in meeting the demands of a 21st century government, and proper
data management can add value to the work of the City in order to deliver better
outcomes. The City collects personal information from the public to assist in
providing important services such as recreation programs, recycling and waste
management, street and landscaping services, permitting, and water delivery
The City is committed to protecting the privacy and integrity of public personal
data and seeks to strike a fair balance between gathering information that will
assist the City in better providing services and protecting the public's privacy,
while also complying with the State Public Records Act and the City's Sunshine
Ordinance. This data management policy seeks to explain how and why
information is collected from the public and how that information is stored,
managed and used by the City.
This policy applies to all information resources operated by the City and its
departments. Elected and appointed officials, employees, consultants, and
vendors working on behalf of the City are required to comply with this policy. This
policy does not apply to information collected by the City for public safety
purposes. Due to the individualized and serious nature of emergency response
efforts, a variety of personal information may be collected by first responders and
other personnel as needed. Such data collection, use, and disclosure practices
are subject to separate policies and fall outside the scope of this policy.
2. Data Collection
The City collects different kinds of data from the public to assist in conducting
City operations. This information is collected in person, over the phone, through
social media, the City's website, electronic communications, and by paper.
Below are some examples of the types of information the City collects and how it
is collected.
i. Website Information
The City collects a range of personal information.
"Personal information" is information about a person that is readily
identifiable to the person. Personal information includes such things as
name, birthdate, address, phone number, social security number, and
driver's license number. Personal information also includes financial
and /or payment card information, for example, bank account information,
credit or debit card numbers, or other billing information, that a person
may provide to sign up or pay for City services.
Cookies are pieces of information generated by the City's web server and
stored (temporarily) on the end user's computer to facilitate the current
website visit. In the event a cookie is used, its use will be transient in
nature and will apply only to the website visit in progress. Generally, if a
person chooses to, the person may disable cookies through browser
settings. (For example, in Google Chrome, under settings, privacy and
security, content settings, a person may elect not to allow sites to save
and read cookie data and /or block third -party cookies; a person may also
choose to see all cookies.) Disabling cookies, however, may mean that
the person is unable to use certain features of the City's website.
The City does not generally use cookies or other tracking technology to
track its users across websites or over time, nor does it permit third -party
ad networks or other companies to track users on the City's website.
The City generally collects no personal information about visitors to the
City's website unless it is voluntarily provided by sending an email,
participating in a survey, completing an online form, or engaging in an
online transaction. Certain user - specific features of the web site may not
be accessible without providing personal information.
A person's browsing, reading pages, or downloading information on the
City website means certain information will be collected, aggregated and
used for analytical and statistical purposes to help better manage the site.
When a page on the site is visited, information may be automatically
collected and stored through the use of cookies and other similar tracking
technologies. Examples of the information that may be collected and
stored are:
• The Internet domain and Internet Protocol (IP) address from which
the City's website is accessed;
The type of browser and operating system used to access the City's
website;
The date, time and duration of the visit, as well as the general
geographic location of the device from which the visit is made;
Derived demographic information;
The web pages and/or services accessed during the visit, as well
as any applications used and forms data; and,
The address of the other website through which the City website
was linked
If during a visit to the website, a person participates in a survey, sends an
e-mail, participates in a City hosted web-based discussion, registers an
account, participates in online commerce, or performs some other
transaction online, personal information will be collected including:
• Information provided while participating in a City hosted web-based
discussion;
• Information volunteered in response to a survey;
• Information provided through an online form for any other purpose;
• Information submitted when participating in an online transaction
with the City; and
• Information provided when registering an account.
• The information collected is not limited to text characters and may
include location, audio, video, and graphic information formats the
person sends to the City.
In order to provide online transaction capabilities, the name, address
and payment information (if applicable) that a person provides when
using the City's website may be collected and processed to complete
an online transaction and for record-keeping for such activities as
billing, permits, licenses and other business-related purposes. Every
effort is made to protect any sensitive personal information the person
provides online. For online payment transactions, the City uses a third-
party payment processor that has in place industry-standard data
security protocols to ensure that the payment transactions will be
conducted securely. If City personnel take payment information, it is
generally used only for the transaction at hand and is not kept, stored,
or used for any other purpose. The City does not store credit card
information on any of its servers and will not disclose credit card
information to any third-party except as necessary to complete an
online transaction or as required by law.
If the website is accessed through a mobile device, certain information
about that device is collected. Messages sent from certain mobile
devices contain unique identifiers about the physical location of such
devices. Mobile devices also typically transmit caller ID data when
used to transmit a telephone call or text message. Depending on the
device and its settings, this information includes but is not limited to
geolocation data, unique device identifiers and other information about
the type of device, wireless provider, date and time of transaction,
browser type, browser language and other transactional information.
Paper forms
City departments may collect information on paper forms as part of
providing a government service or community engagement. When
possible, forms will note what information is required to obtain a
government service or participate in a government function, what
information is optional, and if there are options for opting out of certain
data uses, such as follow -up communications not directly related to the
service being requested. City personnel will handle and store paper forms
containing personal information using methods intended to ensure the
security of the personal information to the extent allowable under the
Public Records Act and the City's Sunshine Ordinance.
iii. Telephone calls
Individuals may contact the City via phone such as when calling a City
department or staff member directly. The phone system automatically logs
the phone number and other characteristics of calls to and from City
numbers, such as call duration and the extension in the City that received
or made a call. It is not possible to opt -out of this collection. With the
exception of certain public safety emergency notifications, the City will not
use a phone number to initiate a call without express prior consent.
Email communications
When a person sends an email to a City email address, such as
sample @alamedaca.gov, personal information that may be contained in
the email message will be automatically logged including the sender
information, the IP address, routing information, and email address. It is
not possible to opt -out of this collection. In some cases, when the City
sends an email to a user, it may contain beacons, which help the City
track which emails have been opened and which links are clicked by our
recipients.
3. Data Usage
The City uses collected data to provide services, protect the public's safety, meet
the City's mission obligations, and determine the best use of City resources. The
City aims to collect only as much information as is necessary to perform these
functions and to limit information use to the purpose stated at the time of
collection and to protect and improve City services.
The City may use information collected to better understand community needs
and improve the efficiency, effectiveness, and equity of the City's service
delivery. When performing research, the City will attempt to de-identify data,
either performing analysis at an aggregate level or removing data elements
containing personal information that are not necessary for analysis.
The City may use this information to contact and to respond to requests. With the
exception of certain public safety emergency notifications, the City will not use a
phone number to initiate a call or SMS text message without express prior
consent.
Personal information provided may be used to place people on email lists used to
generate emails to inform residents and others about City initiatives, programs,
and events that may be of interest. Any email received as a result of being
placed on such a list will provide the option to opt out of receiving future emails
from that list.
The City will not sell personal identifiable information (P11) to third parties, will not
profit from sharing P11 with third parties, will not provide P11 to governmental
agancies unless required to do so by law, and will not sell aggregated
anonymized data to third parties for marketing or commercial uses. If a person's
information must be shared with third parties who provide services for the City,
such person must be made aware through an opt in option and that the third
party will be, through its contract with the City, held to the same privacy
standards as the City, Le., the third party will be contractually prohibited from
sharing the information with others.
4. Data Retention
Public records created or received by the City will be retained for legal or
operational purposes according to applicable laws. The City, however, will only
retain personally identifiable information when it is necessary to the activity for
which it is being collected. As a governmental entity, much of the information that
the City collects is considered a public record regardless of format or where it is
stored. The City maintains a records retention schedule indicating the standard
time periods for retention of identified categories of records. A copy of the City's
current records retention schedule is maintained by the City.
Exhibit C
Prohibition on Use of Face Recognition Technology
1. Definition:
"Face Recognition Technology" means an automated or semi - automated
process that assists in identifying or verifying an individual based on an
individual's face.
"Personal Communication Device" means a cellular telephone, a personal digital
assistant, a wireless capable tablet or similar wireless two -way communications
and /or portable Internet accessing device, that has not been modified beyond
stock manufacturer capabilities, whether procured or subsidized by a City entity
or personally owned, that is used in the regular course of conducting City
business.
2. Operative language:
No City staff shall obtain, retain, access, or use any Face Recognition Technology
nor any information obtained from Face Recognition Technology, except for
accessing a Personal Communication Device that has been assigned to a particular
staff person. City staffs inadvertent or unintentional receipt, access to, or use of any
information obtained from Face Recognition Technology shall not be a violation of
this section, provided that:
a. City staff did not request or solicit its receipt, access to, or use of such
information; and
b. All copies of such information are promptly destroyed upon discovery of
the information, and the information is not used for any purpose; or
c. The information is evidence relating to the investigation of a crime.
Except for information that is evidence relating to the investigation of a crime,
City staff shall log such receipt, access to, or use of any such information, and
provide an annual written informational report to the City Council describing such
use(s). The report shall identify measures taken by the City to prevent the further
transmission or use of any information inadvertently or unintentionally obtained
through the use of Facial Recognition Technology.
I, the undersigned, hereby certify that the foregoing Resolution was duly and
regularly adopted and passed by the Council of the City of Alameda in a regular meeting
assembled on the 17th day of December 2019, by the following vote to wit:
AYES: Councilmembers Daysog, Knox White, Oddie, Vella and
Mayor Ezzy Ashcraft — 5.
NOES: None.
ABSENT: None.
ABSTENTIONS: None.
IN WITNESS, WHEREOF, I have hereunto set my hand and affixed the official
seal of said City this 18th day of December 2019.
Lara Weisiger, City Clerk
City of Alameda
Approved as to form:
Yibin Shen,-City Attorney
City of Alameda