San Diego County Board of Supervisors' Meeting
Good afternoon. I am Beth Givens, director of the Privacy Rights Clearinghouse. We are a nonprofit consumer information and advocacy program based here in San Diego. I have a brief statement in the form of questions regarding the privacy implications of privatizing the County's information technology systems.
A great deal has been said and written about the management of technology under a privatized system. But little about the information itself.
The County holds a tremendous amount of personal information about its citizens. Property tax records, voting files, library records, the extensive data files of our social services including health and welfare data, birth, death, and marriage certificates, court documents, and so on.
The County is the steward of these precious resources - our personally identifiable information. Some of this information is public record - and proponents of privatizing the County's information technology systems have stated that access to these records will be improved by outsourcing these functions. (By the way, I think access can be improved under County management without having to privatize the information technology functions of the County. In fact, great strides have already been made.)
But let's set the issue of access aside for a moment and focus on confidential records. A great deal of the information held by the County is confidential - library records, for example, and the massive amounts of social services information collected by the County.
- Has the County looked at the pro's and con's of privatizing vis-à-vis privacy and confidentiality?
- Has the County conducted a privacy impact assessment, analyzing both the intended and unintended consequences of privatization -- much like environmental impact assessments are conducted?
- How will the County's stewardship of our personal information be assured and even improved if information technology systems are outsourced to private sector vendors?
- How will security of data be ensured?
- Under a privatized system, will there be sufficient sunshine on data handling practices? Who will be accountable if confidentiality is breached? How will steps be taken to expose the problem, repair the leak, correct the structural problem (which is likely to be at the policy level), and provide redress to the person or persons affected?
Accountability is the keyword here.
I urge you to consider these points in your deliberations. That concludes my comments. Thank you for your attention.