Washington State Chief Privacy Officer Decodes Laws

Alex Alben, Washington state’s chief privacy officer (CPO), is helping private citizens, government agencies, and small businesses in the state better understand privacy laws and how to protect privacy when using and sharing sensitive information.

Last year Washington’s Gov. Jay Inslee created the role of chief privacy officer within the Office of the Chief Information Officer. Technology business veteran Alex Alben was hired to fill the role. In April 2016 the state Legislature created the Office of Privacy and Data Protection (OPDP). Alben now heads the new office. In an interview with 21st Century State and Local, Alben discussed how Washington is on the cutting edge of creating usable materials for the people of Washington State–and how he hopes other states will adopt his resources.

(Photo: Washington's Office of Privacy and Data Protection)
(Photo: Washington’s OPDP)

“Part of our mission as a larger agency is to create technology to help meet challenges in policy,” Alben said.

Before the creation of his role, Alben explained that privacy laws and regulations were being discussed across state agencies; however, there was little collaboration and agencies were working independently.

“The new role allows us to make a better effort to coordinate what’s happening across state agencies, it also allows us to socialize best practices very quickly,”Alben said. “When a new technology comes down the pike, it’s a great time for me to get involved to at least screen the technology for privacy issues for lawmakers.”

Alben has worked on two main projects since becoming CPO. The first is an online privacy guide designed to help citizens protect their identity online. It offers advice and product recommendations to keep identities secure.

“This is a basic website for citizens who want to learn about privacy issues and best practices to protect their privacy online,” Alben said. “Consumers don’t view state government in isolation, it’s very important to have citizens that can protect their own identities.”

While this product can be used by any age group, the office designed the product with older generations in mind.

“The target audience for what we’re doing in the state is older people who aren’t as familiar with technology and who look to the state as their resource,” Alben explained.

Alben’s team has also developed a one-of-a-kind resource for state agencies and local businesses. The resource, dubbed Privacy Modeling, helps agencies and business that use citizen data determine whether they are violating any Federal, state, or local privacy laws. The product is still in beta testing and Alben and his team are seeking feedback from users.

Alben said the product is necessary because “many project owners in government don’t always think of privacy first. They think of their mission first when they set out to do something involving citizen data.”

“The time to think about privacy is upfront. The time to be most effective about protecting data is when you are designing a service,” Alben said.

The Privacy Modeling tool is “trying to give a road map on how to design a privacy-respectful product,” he explained.

The tool is simple and easy to use, with a fairly basic interface–an intentional decision on Alben’s part. The website provides legal disclaimers, a user guide, and the actual tool itself.

Users are first asked to select what type of data they are trying to use in their product or service.

(Image: OPDP) Beta Mode
(Image: OPDP) Beta Mode

Then users select what type of citizen information the product or service will use. Of note, the image below only shows a sampling of the options available in the tool. There are too many to capture in a single image.

washington PII

Next, the tool prompts users to select how they will use the information.

(Image: OPDP) Beta Mode
(Image: OPDP) Beta Mode

Finally, the tool provides results. The first image shows what happens if the tool doesn’t find any privacy laws prohibiting what the user is attempting to do. The second image demonstrates what happens when relevant laws are found–it provides the relevant law prohibiting the activity.

(Image: OPDP) Beta Mode
(Image: OPDP) Beta Mode
(Image: OPDP) Beta Mode
(Image: OPDP) Beta Mode

Alben noted that the product is still in beta and that changes will happen in the next version. For instance, he would like to remove the word “Allowed” from the results page. He noted that “allowed” doesn’t accurately describe what is happening. What the tool does is scan privacy laws to determine if there is anything on the books prohibiting what the service or product is going to do. However, it can’t determine if something is actually legal, only if there is a law directly prohibiting or limiting the activity.

After the product comes out of beta, Alben’s office intends to open up the tool for other states and agencies.

“We will publish the code to the tool and the back end,” he said. “We do want to open this up to other states and would welcome other states and entities to use this program.”

As government is becoming more digital and more citizen data is collected than ever before, states and local governments need to be mindful as to how they use data to protect citizens’ identities.

“In the best of all worlds, people will use this tool as a starting point for their efforts to protect privacy,” Alben said.

Kate DeNardi
About Kate DeNardi
Kate DeNardi is 21st Century State & Local's Assistant Copy & Production Editor, covering Cybersecurity, Education, Homeland Security, Veterans Affairs
No Comments

    Leave a Reply