For the past few years, I have been hearing more and more from citizens of our state that they are concerned about the protection of their privacy. They are worried about government surveillance. They are concerned about the well-publicized events in which their personal information has been exposed as a result of successful attacks against the databases of insurance companies and retailers. People, in short, feel exposed and want to know what they can do to safeguard their personal information in a world where much of that information lives on computer networks.
Washington state government has always taken privacy seriously and we make a considerable investment in securing personal data that citizens provide to over 50 state agencies, ranging from the Department of Licensing to Fish & Wildlife. Citizens provide their personal info (including their names, contact information and other personal data) to state agencies so that our state government can supply specific services, such as providing a license or other benefit. We try to do this in the most efficient and accurate manner, publishing privacy policies that are specific to each agency or state program. Nevertheless, we can do more.
Just as Washington is a technology leader in so many important fields—ranging from software development to e-commerce—we strive to set an example of “best practices” when it comes to collecting and protecting the personal information you provide while dealing with state government.
Our state agencies already have an obligation to protect your confidential information and they must exercise a high level of care to protect any records that may contain your sensitive health, financial or other personally identifiable information. In 2015, I signed a new Data Breach Law strengthening notification requirements and imposing a 45 day deadline for citizens to be notified of a breach involving more than 500 Washington residents.
While this represents a positive step for consumers, I want to make sure that our state government is taking more proactive steps to protect the private data provided to us by citizens. In April, we hired one of the first statewide chief privacy officers in the country to help develop policy around privacy law, examine new technologies that affect the privacy of citizens, and help our state government address the new issues that confront institutions in a complex digital environment.
Public education is also an important component of privacy protection. Knowing more about the use of your personal information by state government will help you make better decisions about sharing this data. Knowing more about the way companies and social networks utilize your personal data will give you more control over your personal information. To that end, this Privacy Guide lists various resources for privacy protection sites and tools that are now available to you. We’ll also publish this information on our website: https://privacy.wa.gov.
In short, I believe that informed citizens will make the best choices about their personal data and that our government needs to be open and transparent in this regard. That’s why we are publishing this Privacy Guide and creating new initiatives to protect the personal data that we hold in trust for you.
Gov. Jay Inslee
This Privacy Guide is the first of its kind for the state of Washington. When you engage with state government, it’s likely that you provide personal information to a state agency or program in order to get a product or service, such as a driver’s license or health care benefit. Increasingly, people transact their business with the state via the Internet and entrust the security of their personal information to us. Like all modern institutions, we operate in a climate of digital information, data centers and cloud services. And practically every day we read headlines about cyber-attacks and the threat to personal privacy online.
However, we can do a better job informing you, as consumers of our services, of how to protect your personal information in an increasingly challenging online environment. You can apply the tools and articles referenced in this Privacy Guide to your activity on commercial websites, social networks and other sites that you access, whether on your personal computer or a mobile device. We believe that the best informed citizens will want to control their personal data and not expose themselves to data sharing and other practices that they do not intend to authorize. We also want to share what we know about “best practices” for safeguarding your information in the digital world.
This guide provides four kinds of information:
The online version of this guide can be found at: https://privacy.wa.gov. We intend to update this site frequently with current articles and other useful resources about privacy protection.
We hope that this guide and the accompanying online materials give you a fuller sense of both your privacy rights and our commitment to ensuring that state government does everything in its power to safeguard your personal information.
Alex Alben, Chief Privacy Officer
In order to protect your privacy, you may wish to use a variety of tools produced by private companies. When choosing privately made tools, it is safest to rely on established companies and research reviews from reputable websites. While the state of Washington does not endorse any such tools, the list below contains some that web users have found convenient, useful, and safe. In each case, alternate applications are available from other software makers, and you should choose the ones that best meet your needs. Type the bold phrases into any search engine to find a link to the tool you are looking for.
Every day brings new headlines warning us of data breaches and major “hacks” of networks that contain secure data, often including sensitive personal information. In the past year, the breaches at Target, Premera and the federal government’s Office of Personnel Management raised major issues about the methods both private companies and governmental organizations are using to secure data in a climate of cyber-attacks, often launched by well-educated and well-funded hackers operating overseas.
Some security experts warn that “assumption of breach” has become the new normal, where every data network will be compromised at some point. Citizens increasingly worry about the security of personal information they entrust to online entities. Yet, given the fact that so much of our interactions have moved online, consumers often have little choice but to “trust” a company or agency with their personal information.
Security is not an end in and of itself. In an economy where governments and corporations spend billions of dollars for network security, we should reflect and consider the values we are truly trying to safeguard—namely the personal privacy of individuals to conduct their lives without intrusion or unwanted exposure.
At the state government level, we’re keenly aware of our obligation to safeguard the information the citizens of Washington provide to us in order to avail themselves of state services. We’re also aware that we continue to operate in an atmosphere of cyber-attacks, where hackers try to penetrate and compromise our networks and data centers.
What’s the relationship between privacy and security and how can we maximize both in today’s environment?
With privacy as our core value, society should make the appropriate investment to secure and respect the personal information of private citizens.
New environments often require new strategies and we strive to meet the challenges posed by cyber-attacks in the digital age. To this end, we have begun to develop new strategies to maximize privacy protection across state government:
Data Minimization—a highly effective way to reduce the risk of data breach and any damage caused by breach is to collect only a minimal amount of data from citizens and to retain that data only as long as necessary to render a particular service.
Transparency—consumers need to make informed choices about the types of information they share online and state agencies must fully disclose their data sharing practices and be available to explain our policies and procedures relating to privacy.
Public Education—we want to provide the citizens of Washington with the tools and information they need to maximize their privacy protection. This Privacy Guide is an initial attempt to begin that education process.
Making the proper investments in both privacy and security is a work in progress as new challenges arise and new technologies are deployed across digital devices and networks. We welcome your thoughts on how to make these investments in the service of our core values, such as privacy. Visit us at https://privacy.wa.gov.
What type of information does the state of Washington collect when you visit a website or provide us with data to get a specific service? In general, when you visit a state agency website or a portal site such as Access Washington (http://access.wa.gov), non-identifying information is automatically collected. This information includes your IP address and the domain name of your internet service provider; the type of browser and operating system you use; and the pages or services you accessed at the site. This information is used to improve the content and services of the state’s websites.
There are times when you’ll be asked to provide personal information at a state site, including when you participate in a survey or perform some transaction online. Providing this information online is always voluntary. It may include your email address and the contents of email you send to the state, or information used in online transactions, and will be stored in accordance with Chapter 40.14 RCW, Preservation and Destruction of Public Records.
We use this information to perform services, respond to questions, and address issues you may identify, including suggestions to improve our website. We may also forward your email to another agency for appropriate action.
The state attempts to minimize the amount of data gathered whenever possible and collect what is deemed necessary and appropriate.
State data is like any other asset of state government - it belongs to the citizens. Some of that data is specific to a person, and needs to be protected rather than shared. But a lot of the data collected by state agencies is not private - it's public and publishable. Fish counts in the rivers; traffic on the roads; tax dollars spent on government; the population of a county -- these are all bits of data that the state collects and uses to keep key services and resources running smoothly. But much of this state data has a secondary use outside government that may be just as important to citizens: population data is also useful to scholars tracking economic development; traffic data can help people get home safer; fish data helps salmon stay off the endangered species list; and government spending data helps local companies win state contracts.
Since 1996 state agencies have been encouraged to make information available electronically where appropriate. Since 2010 it's been called "open data" and the state has supported a variety of common web portals for agencies that make it easier to publish data in a way that computers, newsletters and browsers can easily use. For example - https://data.wa.gov presents tabular data on a wide variety of topics; http://geography.wa.gov lets citizens explore state mapping data; http://fiscal.wa.gov shows where the public's money goes. Most agencies have their own "reports and data" section on their website. Cities and counties are also important contributors to open data - Seattle, Redmond, Spokane, and Tacoma each have their own open data sites. So do Pierce and King counties.
Here's a fairly complete census of local open data sites: http://us-city.census.okfn.org. We've been doing this for a number of years, and the availability of this data from the state has made a difference to a number of companies, nonprofits and researchers - helped them pivot to a new line of business, find the right place to expand operations, or understand government projects.
Though you won't find your personal data on state or city websites, you may be able to find government data that helps you accomplish your personal and professional goals. Think flexibly and take a look.
Washington state believes in sunshine! In 1972, the citizens of our state voted for Initiative 276, creating one of the most extensive public records laws in the country, ushering in an era of transparent government and allowing citizens to request public records relating to the operation of government agencies, political campaigns, lobbyists and public spending. These statutes, known as the Public Records Act, have been revised quite often over the past 40 plus years. If you want to look up specific information about the act, do a search for “RCW 42.56.”
Most activity by state government is covered by the Public Records Act. The law applies to governments at all levels in our state, including cities, towns, counties and special purpose districts. Our Public Records Act does not apply to the judicial branch of government. State legislative records are covered by the act. For a full list of public disclosure resources available to you, visit http://atg.wa.gov/open-government-resource-manual.
The definition of what constitutes a “public record” under the law is quite broad. For example, emails, text messages, photographs, video files, audio files as well as written records and correspondence all fall under the definition. (See RCW 42.56.010 for the complete definition.)
The law recognizes that there may be cases where the disclosure of a particular public record might be “highly offensive” to a reasonable person and therefore does not mandate disclosure if such a record is not “of legitimate concern to the public.” Otherwise, there is no privacy right under the Public Records Act.
In general, Washington enjoys the benefits of a robust Public Records Act and both local and state governments dedicate personnel to handling public records disclosure requests.
Personal information may be included and disclosed under the Public Records Act. However, there are eight specific exemptions for the following categories of personal information. Here is an edited excerpt from the statute listing the eight exemptions:
In 2015, the Legislature expanded the definition of exempt “personal information,” adding “financial information” as defined in RCW 9.35.005, including social security numbers. You can find the full provisions of the law at RCW 42.56.230.
Privacy has emerged as a leading topic in a technology industry that has traditionally been focused on systems, services and security. Those of us who manage information technology or “IT” organizations have come to realize that data lies at the heart of what we wish to protect. This is especially true for state government, where our agencies collect many types of data from citizens who need to receive services from the state.
The importance of privacy in the digital age cannot be underestimated. In fact, many of us believe that privacy represents the new frontier of human rights. Without privacy, what freedom does an individual have in our society?
My agency—Washington Technology Solutions—is responsible for crafting security and technology policy for our state. While our state agencies and programs already had articulated privacy policies for the treatment of citizens’ personally identifiable information, we thought it was important to go further and more deeply embed privacy into the way we do business in our agency. As a result, we recently instituted the following new initiatives designed to promote both privacy and security:
We know we must continue to adapt to a rapidly changing environment, which includes both new technologies and new types of attacks from hackers who wish to compromise the user data we collect and retain. To accomplish this, my office has put a premium on hiring talented people with experience in a broad range of industries. In addition, we embrace new methods and techniques for developing software and for organizing our service teams. We realize that in order to succeed in our mission to position Washington for the future, Washington Technology Solutions must attract individuals who bring diverse skill sets to solve complex problems.
We aim to promote best practices relating to both privacy and security for our state. We hope that this Privacy Guide and the associated website https://privacy.wa.gov represent a significant first step toward educating people in our state about our privacy policies and the ways that consumers can protect their privacy online.
CIO, Director of Washington Technology Solutions
Washington Technology Solutions (WaTech) is "the consolidated technology services agency" (RCW 43.105.006) charged with enabling public agencies to better serve the people of Washington State via technology. WaTech operates the state's core technology infrastructure--the central network and data center; supports enterprise applications; and, innovates services and practices through e-Government. The agency is also charged with preparing and leading the implementation of a strategic direction and enterprise architecture for state government IT. Additionally, WaTech houses the state’s chief privacy officer, the State Office of Cyber Security, and Washington OneNet.